Lunarsoft

Sony warned that hackers stole password, birthday and other data about users of its PlayStation Network that connected PlayStation 3 (PS3) consoles to online games, films and more. PlayStation Network and Qriocity streaming music service were turned off April 20 in the wake of an "external intrusion," according to Sony spokesman Patrick Seybold.

While the cyber attack was still being investigated, Sony said it believed that PlayStation Network and Qriocity service users' names, addresses, birthdates, passwords, and email addresses were swiped.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Sony said in an email message being sent out to PlayStation Network and Qriocity users.

"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."

Rootkits are the ultimate in stealthy malware, burying themselves so deep into your system that they're often very hard to spot. If you're unlucky enough to encounter one then your antivirus package might detect it, but there are no guarantees, and so it may be wise to equip your PC with a second line of defence in Kaspersky's TDSSKiller.

As the name suggests, TDSSKiller is designed to target a few, specific threats (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned). These can be very dangerous, though, so having another way to pick them up isn't going to hurt -- and the program can also detect hidden services, forged files, MBR changes and other suspicious signs that could indicate infection by a brand new rootkit.

TDSSKiller is very easy to use. There's no need to install anything, no jargon to master -- just launch the program, click "Start Scan" and wait. You won't even be doing that for long, because TDSSKiller checks only the most likely areas of infection, your services and drivers, and so returned its verdict in only 14 seconds on our test PC.

Of course this extreme speed could raise some questions about the program's thoroughness, and exactly how much it might miss. Certainly TDSSKiller isn't going to replace specialist antirootkit tools like GMER any time soon. It proved good enough to spot a malware sample on our test PC, though, and the very quick scan times mean you'll have no problems running it on a regular basis. (The program even supports command line options that might allow you to script its actions, running it at boot time or on other system events.)

It's important not to lose sight of the potential dangers involved in any kind of rootkit removal, though, even with tools as simple as this one: deleting or quarantining a driver can leave your PC disabled, perhaps unbootable. And so if TDSSKiller highlights a particular file, then head off to your favorite search engine to find out more about it before you take any action.

Privacy could be enhanced if data was allowed to fade, suggests research.

Dutch researcher Dr Harold van Heerde is looking into ways to gradually "degrade" the information that sites gather about visitors.

Slowly swapping details for more general information can help guard against accidental disclosure, he said.

I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting.

An announcement on the Unreal IRCd Forums states "This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."

On the surface, it might sound like one of those amateurish conclusions a blogger might reach after having just read the press release: Symantec, a software company now mainly known for security products, acquires some assets from a non-competitor in order to get that company's logo. But in the deal between Symantec and VeriSign announced yesterday, there is no mistaking the fact that the antivirus products maker acquired, among other things, the single asset that just last week VeriSign argued was the ticket to its own future stability: quite literally, its own logo.

Up until yesterday, its name was the VeriSign Trust Seal. A big part of VeriSign's business had been the licensing of that logo to "trusted" Web sites whose security services pass VeriSign's test. So when online shoppers see that pixelated checkmark inside the circle, they conclude the site they're shopping on is safe...and they'll buy more.

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

Microsoft has released an urgent hotfix for the Server service. This hotfix applies to Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.

"Consistent exploit code has been discovered in limited, targeted attacks, affecting Windows XP and Windows Server 2003. While this service is enabled by default on all affected platforms, exploitation is most likely on Microsoft Windows 2000, Windows XP, and Windows Server 2003. Default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of UAC that enforce additional levels of integrity. This protection is in place even if the UAC prompt is disabled. Even after authentication, ASLR and DEP enhancements will present obstacles to exploitation."

The hotfix is available on Windows Update for download and installation. This urgent fix requires you to restart your computer.

Link: Microsoft Security Bulletin