Symantec: Stuxnet clues point to uranium enrichment target

Stuxnet looks for frequency converters that control motors in industrial control systems, Symantec says.

Symantec researchers have figured out a key mystery to the Stuxnet worm code that strongly suggests it was designed to sabotage a uranium enrichment facility.
The program targets systems that have a frequency converter, which is a type of device that controls the speed of a motor, Eric Chien, technical director of Symantec Security Response, told CNET today. The malware looks for converters from either a company in Finland or Tehran, Iran.
"Stuxnet is watching these devices on the target system that is infected and checking what frequency these things are running at," looking for a range of 800 hertz to 1200 Hz, he said. "If you look at applications out there in industrial control systems, there are a few that use or need frequency converters at that speed. The applications are very limited. Uranium enrichment is an example."
There had been speculation that Stuxnet was targeting an Iranian nuclear power plant. But power plants use uranium that has already been enriched and don't have the frequency converters Stuxnet seeks like those that control centrifuges, Chien said.
The new information from Symantec would seem to bolster speculation that Iran's Natanz uranium enrichment facility was a target. The worm spreads via holes in Windows and saves its payload for systems running specific industrial control software from Siemens.
Also on Symantec's short list of possible targets are facilities using computer numerical controlled equipment, commonly referred to as CNC equipment, such as drills used to cut metal, he said.
The Stuxnet code modifies programmable logic controllers in the frequency converter drives used to control the motors. It changes the frequencies of the converter, first to higher than 1400 Hz and then down to 2 Hz--speeding it up and then nearly halting it--before setting it at just over 1000 Hz, according to Chien.
"Basically, it is messing with the speed at which the motor runs, which could cause all kinds of things to happen," he said. "The quality of what is being produced would go down or not be able to be produced at all. For example, a facility wouldn't be able to enrich uranium properly."
It could also cause physical damage to the motor, Chien said. "We have confirmation that this industrial process automation system is essentially being sabotaged," he added.
Symantec was able to figure out what the malware does and exactly what systems it targets after getting a tip from a Dutch expert in the Profibus network protocol, which is used in these specific industrial control systems. The information had to do with the fact that the frequency drives all have a unique serial number, according to Chien. "We were able to pair up a couple of numbers we had with some devices and figured out they were frequency drives," he said.
"The real world implications [to Stuxnet] are pretty frightening," Chien said. "We're not talking about a credit card being stolen. We're talking about physical machines potentially causing damage in the real world. And clearly there are some geopolitical concerns, as well."
Chien has more detailed technical information in this blog post.

uTorrent 2.2.0 Build 23774

Ludvig Strigeus - 387KB (Freeware)

µTorrent is a small and incredibly popular BitTorrent client.
Micro-Sized Yet Feature Filled
Most of the features present in other BitTorrent clients are present in µTorrent, including bandwidth prioritization, scheduling, RSS auto-downloading and Mainline DHT (compatible with BitComet). Additionally, µTorrent supports the Protocol Encryption joint specification (compatible with Azureus 2.4.0.0 and above, BitComet 0.63 and above) and peer exchange.
Resource-Friendly
µTorrent was written with efficiency in mind. Unlike many torrent clients, it does not hog valuable system resources - typically using less than 6MB of memory, allowing you to use the computer as if it weren't there at all. Additionally, the program itself is contained within a single executable less than 220 KB in size.
Skinnable and Localized
Various icon, toolbar graphic and status icon replacements are available, and creating your own is very simple. µTorrent also has support for localization, and with a language file present, will automatically switch to your system language. If your language isn't available, you can easily add your own, or edit other existing translations to improve them!
Actively Developed and Improved
The developer puts in a lot of time working on features and making things more user-friendly. Releases only come out when they're ready, with no schedule pressures, so the few bugs that appear are quickly addressed and fixed.

click here for : download

How far did McDonald's-tied data breach ripple?

A data breach at e-mail database management firm Silverpop prompted McDonald's and at least one other Web site to warn subscribers, but it's unclear just how many companies are affected.
McDonald's told customers this week that in addition to e-mail addresses, other information may have been exposed such as name, postal address, and phone number. The data was managed by an unnamed company hired by its marketing partner, Arc Worldwide.
However, the company was revealed to be Silverpop in this ChicagoBusiness.com report, which quotes an FBI spokesman as saying that Silverpop has more than 100 customers and that the attack appears to have come from overseas. An FBI spokesman declined to provide comment to CNET today.
Meanwhile, artist community Web site DeviantArt sent an e-mail to its users saying that user names and birth dates, along with e-mail addresses, may have been swept up in a spam-related breach at its marketing e-mail provider Silverpop. "Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us," the e-mail said.
A Silverpop spokeswoman declined to identify any of its clients by name or say how many customers were affected by the compromise other than to say it was a "small percentage."
"It appears Silverpop was among several technology providers targeted as part of a broader cyberattack," Silverpop said in a statement. The spokeswoman would not elaborate, but a blog post by Silverpop Chief Executive Bill Nussey today would suggest the company wants to make it clear that they are not the only company that has suffered a breach.
"The media has recently been covering the security disclosures of several large brands," Nussey wrote. "It is important to clarify that several of these large brands have never been Silverpop customers. I'm hopeful it is clear that the disclosed attacks cover multiple companies in our space and we, as an industry, need to work together to protect the security of all of our customers."
Indeed, there have been several other attacks reported recently, including one involving 1.3 million user accounts at a blog empire and a large pharmaceutical retailer.
Walgreens had a breach that exposed customer e-mail addresses last week but a spokesman said he was confident that the incident was not related to any other public breaches, despite the fact that the company had a contract for promotional services with Arc Worldwide as of last year, according to this statement. The Walgreens compromise was unrelated to Arc Worldwide or Silverpop, Walgreens spokesman Michael Polzin told CNET today.
Walgreens warned customers in an e-mail on Friday that they might be targeted by phishing e-mails purporting to be from the company that ask for additional information like credit card information. Polzin declined to say how many customers were affected or how the e-mail addresses were compromised, but said only e-mail addresses were exposed. The company is working with the FBI on the investigation, he said.
Then there is the highly publicized breach of the Gawker blogging sites in which individuals calling themselves "Gnosis" got access to the company's Web site and back-end database and posted user names, passwords, e-mail addresses, and other sensitive Gawker communications to The Pirate Bay Bit Torrent site over the weekend.
Because so many people use the same password on multiple accounts, the breach puts those users' accounts on other sites at risk of hijack. After the Gawker breach, Twitter accounts were found to be used to send spam. To prevent any similar problems from happening, LinkedIn disabled passwords of users whose e-mail addresses were also used on Gawker, and Yahoo reportedly asked users to reset passwords, but did not say it was related to Gawker. (For more details on the Gawker incident read this FAQ.)


source : news.cnet.com

How Facebook saved some Gawker subscribers

The data breach at Gawker earlier this week had many people scrambling to figure out if their data had been exposed and resetting passwords on other sites just in case they had reused their password there.
The only Gawker subscribers who appeared to have been safe were those who logged in to the site using Login with Facebook (formerly called Facebook Connect), a single sign-on authentication service that lets you use one login for multiple sites as long as you have a Facebook account.

Basically, it works by allowing you to sign in to a Web site using your Facebook username and password. If your browser stores cookies, the site will automatically log you in every time you visit it.
There are similar single sign-on services, including OpenID, Microsoft Passport, and Twitter OAuth, which allows people to use apps without the apps storing the user password. But the popularity of Facebook has pushed its login service to be used on more than 2 million sites.
One hitch for the Gawker users was that people who didn't have Facebook accounts couldn't use the Login for Facebook option. Facebook addressed that with a new registration tool announced yesterday that allows Web sites to use Login for Facebook even if the subscriber doesn't have a Facebook account. The tool fills in the registration window with information for Facebook users who are logged in at the time. Non-Facebook users can sign up for the site manually.
For users who want convenience, single sign-on is a good option. Not only does it allow them to quickly access their favorite Web sites and services without having to remember more than one password, but Login for Facebook also allows them to easily share their Facebook information between the different sites and interact with their Facebook friends on the non-Facebook site.
Some people may not want their Facebook profile information to be shared with other sites. When they are signing up the first time via Login for Facebook a window explains exactly what information the site will access in the user's Facebook account.
For Web site owners, Login for Facebook and other single sign-in options relieve them of the burden of having to store and manage user passwords and do so securely. As Gawker learned, this is not an easy feat.
"Independent Web site developers can leverage an existing user database of a large service, like Facebook, and get access to the data the users have stored there," said Andrew Walls, research director at Gartner. "Reducing the number of places users store user names and passwords makes sense."
But there is the concern that such services are even more attractive targets for attackers and data thieves. The operator of the single sign-on service needs to be expert at defending the data or it will lose the confidence of its users, Walls said.
"Who do you trust more in terms of security performance? Do you trust Gawker or any Web site out there, or Facebook?" he asked rhetorically. "Many people [500 million users] have expressed trust in Facebook and its ability to secure personal information, so I think Facebook is well positioned to make the claim that at the moment they are more secure than most Web sites out there."
Security a la Facebook
Facebook has more than 150 people dedicated to security and spends "tens of millions of dollars" a year on securing the data and accounts of its users, a spokesman said. Every new engineer or engineering manager goes through a six-week "boot camp" in which they learn about how to do secure coding and get training in "defense against the dark arts."
Meanwhile, all code goes through a rigorous review process and uses specific techniques to prevent common cross-site scripting and cross-site request forgery attacks, according to the Facebook spokesman. Passwords are stored in a way that allows Facebook to authenticate users with passwords without actually storing the passwords using what is called "cryptographic hash functions."
"As an Internet company, we want people to deal with passwords as little as possible. The more you use a password the more opportunities for it to be compromised," Ryan McGeehan, manager of Facebook's security incident response team, told CNET. "On the system side, the Web site is not in the business of protecting user data. That burden is on us."
Another potential problem for Web sites is that an outage at Facebook could affect the ability for people to log in on the other sites using Login for Facebook. This is similar to how malware or outages with Twitter's automated feed can ripple out and affect other sites that integrate Twitter feeds directly onto their pages.
"Just like any Web site, Facebook occasionally experiences downtime, and this downtime may also result in Facebook Platform (including Login with Facebook) going down," a Facebook spokesman said. "We work hard to ensure that these instances are rare, and when they do happen, that they're fixed quickly."
Small mom-and-pop Web sites may be glad to outsource the authentication of users to Facebook, but other companies won't necessarily want to, especially if they are competing with the social-networking giant for eyeballs and loyalty. "The Googles and the Amazons would all love to become the identity broker for the Web," Walls said.
Single sign-on services are still at risk of being targets of phishing attacks, even more so because the passwords are the keys to so many sites. Facebook advises people to make sure that when they are signing up via Login for Facebook on a site that a window pops up in a new browser and that it includes a legitimate Facebook.com Web address. Otherwise, the user could fall prey to a scam that looks like a legitimate Login for Facebook implementation but is instead a ruse to steal log in information.
Because so many people re-use passwords and phishing attacks are ubiquitous, Gartner analyst John Pescatore says sites would be better off looking at authentication that doesn't rely on just passwords. One option is a two-step verification process like the one Google announced a few months ago that sends a security code to a user's smartphone to allow them to log in after providing a password.
"I think it would be a much better advance for the state of the Internet if we tried out alternatives to reusable passwords rather than just trying to find bigger and bigger places to store them," he said.

source : www.cnet.com

ASUS 1156 Overclocking Championship Concludes

Encourages devoted PC performance users from around the world to push their PCs beyond the limit

Fremont, CA (December 10, 2010) - The global eight week-long ASUS 1156 Overclocking Championship, which commenced September 20, has successfully wrapped up on November 21. Many overclockers from all around the world competed in weekly contests, striving to raise their respective country flags to the top. The championship proved great fun for all participating ASUS users, and many were able to win numerous valuable prizes. Championship Summary — ASUS 1156 Maximum QPI Link Frequency (Week 1) Competitors pushed their setups to reach the highest possible QPI speeds. All top ten contestants were able to reach QPI link frequencies higher than 5.5GHz, with first runner-up serpens13 of Iran achieving the best score with 5.7845GHz, which is also the new world record for this stage. The motherboard used was an ASUS TUF Series SABERTOOTH 55i.

Here are the rankings for week 1:

And a look at competitor karandiru’s CPU cooling setup using liquid nitrogen:

ASUS 1156 Lowest CPU Frequency (Week 2) The second week's competition was very unique, as it was an underclocking contest in which competitors strove for the lowest CPU frequencies attainable. Entrants worked on tweaking rather than pushing their extreme-cooling setups, and the stage ended with new records achieved for the lowest Intel Core architecture frequency. All top ten contestants were able to reach sub-300MHz speeds, while ExtremeOC from Iran achieved an unbeatable 134MHz clock using the ASUS Maximus III Formula motherboard.

These are the rankings for week 2:

Competitors used all kinds of exotic methods to achieve these low speeds. Second place holder Brian used a hair dryer to lower CPU frequencies on his ASUS Maximus III Gene motherboard:

ASUS 1156 Maximum Base Clock Frequency (Week 3) In the third week of competition, the objective was to reach the highest base clock frequency using the ASUS 1156 platform. The 300MHz threshold was easily passed using Intel P55 chipset-based ASUS motherboards starting from a factory default of 133MHz.

Check out the rankings for week 3:

Overclocker886's setup for the third week. He was able to break the Pentium G6950 world record on his ASUS Maximus III Formula motherboard:

ASUS 1156 Maximum Memory Speed (Week 4) In the fourth week, the limits of DDR3 RAM were pushed on the ASUS 1156 platform. The top five overclockers were able to exceed 3.1GHz DDR3 speeds on ASUS Maximus III Formula and Maximus III Extreme motherboards. The winning result was accomplished by mat from Austria. He was able to push his Corsair memory to an amazing 3.26GHz on the ASUS Maximus III Formula motherboard.

Rankings for week 4:

Second place holder Hiwa's 3GHz+ DDR3 system boot screen on the ASUS Maximus III Formula motherboard:

And a video showcasing this achievement: http://www.youtube.com/watch?v=rO58lIUbK0A&feature=player_embedded Competitor Aerou's setup for maximum memory frequency:

ASUS 1156 Maximum CPU Frequency (Week 5) The fifth week of the championship was lead by Austrian extreme overclocker mat. He was able to push his Intel Core i5 655K processor to 6.8222GHz using the ASUS Maximus III Formula motherboard. Second place performer serpens13 was only 18MHz behind, and by the end of the week all top five overclockers were able to break the 6.7GHz barrier.

Week 5 rankings:

Winner mat's setup for the maximum CPU frequency phase:

ASUS 1156 3DMark 2006 (Week 6) The challenge for the sixth week of the championship was Futuremark's 3DMark 2006. Contestants aimed for the highest score possible with their ASUS 1156 setups. The favorite graphics card during this stage proved to be the ASUS GTX480, and the top runners were able to reach over 1.1GHz GPU core frequencies to help break the 32K marks threshold quite easily. Hondacity from the US finished first for the week with 32346 marks.

Rankings for week 6:

ExtremeOC's iced GPU, cooled by liquid nitrogen:

ASUS 1156 3DMark 2001 Low Score (Week 7) This week was focused on getting the lowest 3DMark 2001 score possible on an ASUS 1156 setup. Competitors tried to lower their graphics performance as much as possible. In the end, Erdem Olkun aka sys_tweaker finished first with a startling 8 marks from the legendary 3DMark 2001 benchmark.

The top rankings for week 7:

Erdem Olkun aka sys_tweaker didn't exactly need a high-end setup to secure the top spot in this stage. He used an ASUS P7H55-M LX motherboard and great tweaking skills to reach the amazingly low score of 8 marks in 3DMark2001:

ASUS 1156 3DMark 2001 Professional Challenger (Week 8) The final week of the ASUS 1156 Championship was perfect for professional overclockers and tweakers. The aim was to reach the highest benchmarks with the greatest amount of overclocking. The only limitation for the week was keeping CPU frequencies below 6GHz. C-timi from Turkey came first this round by breaking the 100K marks milestone with his ASUS P7P55D Premium motherboard.

Rankings for the final week of competition:

First place holder c-timi's single-stage phase cooling on his ASUS ENGTX285 graphics card:

Results and Prizes for the ASUS 1156 Overclocking Championship

For more information and details, please visit www.asus1156.com

About ASUS ASUS, the world's top 3 consumer notebook vendor and the maker of the world's best selling and most award winning motherboards, is a leading enterprise in the new digital era. ASUS designs and manufactures products that perfectly meet the needs of today's digital home, office and person, with a broad portfolio that includes motherboards, graphics cards, displays, desktop PCs, notebooks, netbooks, servers, multimedia, wireless solutions, networking devices and mobile phones. Driven by innovation and committed to quality, ASUS won 3,268 awards in 2009, and is widely credited with revolutionizing the PC industry with the Eee PC™. With a global staff of more than ten thousand people and a world-class R&D team of 3,000 engineers, the company's revenue for 2009 was US$7.5 billion. ASUS Motherboards: No.1 in the World ASUS has attained its industry-leading position through innovation. As the bestselling and most award-winning global motherboard brand, the company has sold more than 420 million motherboards since its founding in 1989, and has pioneered numerous innovations that have become industry standards. Recent examples include the Xtreme Phase power design, Stack Cool 3+ PCB, anti-EMI shielding for safe operations, and the world's first Dual Intelligent Processors, which consists of the TPU (TurboV Processing Unit) performance optimization chip and the EPU (Energy Processing Unit), the industry's first real time PC power saving chip. The Dual Intelligent Processors achieve system-wide performance and energy optimization to increase output and moderate power consumption for a better, more cost-effective computing experience. With its decades of expertise and dedication to pushing the design envelope, ASUS is poised to continue leading the industry in motherboard performance, safety and reliability.

WikiLeaks fans should think before they botnet

There are several versions of the software that allow people to volunteer their computers to be used in pro-Wikileaks denial-of-service attacks.

 Do you support WikiLeaks? Are you mad at critics trying to snuff it out? Maybe you're thinking about joining the online protests aimed at shutting down the Web sites of its opponents. Don't.
A loosely organized group of vigilantes under the name Anonymous have turned the botnet guns of their Operation Payback campaign, which previously targeted antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The WikiLeaks fallout has hit a frenzy since the site began releasing diplomatic cables last month that have proved embarrassing for the U.S. government's diplomatic efforts.
The modern-day equivalent of walking the picket line with a sign is launching denial-of-service attacks against target Web sites in order to send a message and try to interfere with their business. But the electronic version is illegal.
"Participating in a botnet with the intention of shutting down a Web site violates the Computer Fraud and Abuse Act," said Jennifer Granick, a lawyer at Zwillinger Genetski who specializes in Internet law and hacking cases. "The thing people need to understand is that even if you have a political motive, it doesn't change the fact that the activity is unlawful."

"There may be strength in numbers...There's only so many people the police could go after. But that doesn't mean that they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."

--Jennifer Granick, attorney, Zwillinger Genetski

One person accused of being connected with the attacks has already been arrested. Police in the Netherlands arrested a 16-year-old hacker earlier this week. It's unclear what his role allegedly was.
Typical botnets are created by criminals who use viruses and other methods to sneak malware onto computers that then allows them to commandeer the machines for distributed denial-of-service (DOS) attacks without the computer owners knowing it. Hijacked computers are being used in the Operation Payback campaign, but the focus has been getting individuals to voluntarily join.
Thousands of people from around the world are downloading the LOIC (Low Orbit Ion Cannon) software so that their computer will attack the targets the Anonymous organizers specify. New versions of the DOS tool have emerged this week. There is a version for Linux and a Windows version that includes a "Hivemind" feature to connect to an Internet Relay Chat server and allow the organizers to control what site the computer targets.
There is even a JavaScript version that runs on any device, including smart phones. "The JavaScript one, you just point the browser at a site and say 'go,'" said Jose Nazario, senior manager of security research at Arbor Networks.
As many as 3,000 computers voluntarily participated in attacks earlier this week, and an estimated 30,000 others appeared to be hijacked, according to Sean-Paul Correll, a threat researcher at Panda Labs who has been following the attacks closely and communicating with Operation Payback organizers.
There's a snag, however, for the volunteer botnet protesters--their Internet Protocol (IP) addresses are not masked, so the attacks could ultimately be traced back to the computers launching them, experts say. Of course, it's up to the discretion of prosecutors as to whether or not individual botnet volunteers will be fingered by authorities.
"There may be strength in numbers," said Granick. "There's only so many people the police could go after. But that doesn't mean that they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."
Operation Payback is fending off DOS attacks that have scuttled its efforts. The servers being used to provide the infrastructure for Operation Payback have been taken offline intermittently. No one has taken responsibility for those attacks. "Right now it appears they are regrouping and strategizing for future attacks," said Correll. (Anonymous explains that its goal is to raise awareness not interfere with targets' critical infrastructure.)
Meanwhile, a separate campaign sprang up out of nowhere that could give WikiLeaks fans a more legal way of expressing their support for the cause. An online flyer for "Operation Leakspin" published by Boing Boing encourages people to find juicy bits in the leaked cables and spread them virally on the Internet in blog posts and YouTube videos and use unrelated tags that will ensure broad interest.
It's unclear who is behind Operation Leakspin. "There's no hierarchical structure (to the Anonymous collective), so when things happen, like their server infrastructure is under attack, people tend to want to take control of the campaign," Correll said.
"Even though thousands of people want to participate there doesn't seem to be a cohesive plan about what to do next," he said. "It's fizzling out."


source : news.cnet.com

FileZilla 3.3.5.1

FileZilla - 4.05MB (Open Source)
FileZilla Client is a fast and reliable cross-platform FTP, FTPS and SFTP client with lots of useful features and an intuitive graphical user interface.
Among others, the features of FileZilla include the following:

• Easy to use
• Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP)
• IPv6 support
• Available in many languages
• Supports resume and transfer of large files greater than 4GB
• Powerful Site Manager and transfer queue
• Bookmarks
• Drag & drop support
• Configurable transfer speed limits
• Filename filters
• Network configuration wizard
• Remote file editing
• Keep-alive
• HTTP/1.1, SOCKS5 and FTP-Proxy support
• Logging to file

          click here for : download

Beyond Keylogger 3.2

• Last Updated: 2010-12-07
• License: Shareware $69.95 Buy
• OS: Windows 7, Vista, 2003, XP, 2000, 98, NT

• Requirements: No special requirements
• Publisher: Relytec
• Homepage: http://www.relytec.com
• Total Downloads From 2008-01-01: 3,097
• Downloads of Last week: 2,070
• Download Beyond Keylogger for windows 7

Beyond Keylogger 3.2

 

click here for : download