Flame Virus Scares Microsoft

Story first appeared on CNBC.

Discovery of the Flame virus that mainly affected computers in the Middle East, has prompted Microsoft Corp to strengthen the security of a Windows program that helps customers secure their PCs and update software.

The senior director of the Microsoft Security Response Center said in a blog post that the world's biggest software maker plans to boost security measures on the Windows Update software that is included with the operating system that runs the majority of the world's PCs.

Microsoft disclosed over the weekend that the hackers who built Flame exploited a flaw in Windows that allowed them to trick PCs into believing it was a legitimate piece of software from Microsoft. The software was then downloaded onto computers using the Microsoft Update feature.

News of the Flame virus surfaced a week ago when cyber security experts described it as one of the most sophisticated pieces of malicious software discovered to date. They are still investigating the virus, which they believe was released specifically to target computers in Iran and across the Middle East, similar to the Stuxnet worm that attacked Iran's nuclear program in 2010.

The security experts said Flame likely only infected several thousand computers and was targeted at entities that would be of interest to nations involved in espionage.

Microsoft said on its website on Sunday that it was releasing software to fix the bug using its Windows Update system. But security experts said machines infected with some advanced viruses may not benefit from that update because those viruses had disabled the Windows Update software.

That is partially what prompted the need to further boost the security of the Windows Update feature, they said.

If Microsoft is going to 'harden' the update feature, they must also prevent writers of malicious software from disabling the updating process on local computers.

Microsoft disclosed the plan to boost security of Windows Update late Monday on a Microsoft Security Response Center blog: http://blogs.technet.com/b/msrc/

Windows has said that it was taking the flaw in Windows seriously because the bug could be exploited by developers of less sophisticated viruses to launch more widespread attacks.

For information on website optimization or for the latest SEO News, visit the SEO Done Right blog.

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Electronics News, visit the Electronics America blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

Your PC May Be Infected

Story first appeared in USA Today.
Google will issue warnings to PC users infected with a type of malware that could completely shut them off from the Internet this summer.

According to a post on Google's official security blog, any PC user carrying the DNSChanger malware will see a warning when visiting a Google page that their computer is infected. It will also provide a link with details on how to remove the software.

As the security blog Krebs on Security points out, this is the same malware that threatens to shut off infected PC users from the Internet after July 9.

According to Krebs, DNSChanger disables antivirus software running on host computers and is often bundled with other, more potent infections.

As the Associated Press reported in April, the FBI corralled computers infected by the malware after hackers took control using an online advertising scam.

Computer owners worried about a potential malware infection can visit the website for the DNSChanger Working Group to detect and fix the problem.

Go to http://www.dcwg.org/ to detect, fix and protect your computer from this malware threat.

For more information on website optimization or for the latest SEO News, visit the SEO Done Right blog.

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Electronics News, visit the Electronics America blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

Boeing Hires Hackers to Secure the Fort

Story first appeared in the Los Angeles Times.

Most weekdays a pair of college buddies ride their bikes to a computer center and try to hack into computer security systems belonging to Boeing Co. Rather than having them arrested, Boeing is paying them to do it — a situation that the car-loving, video-gaming friends have pronounced "awesome."

For two years, the young engineers have worked side by side in a secluded unit where they design and thoroughly test ironclad security systems for the largest aerospace company in the world. Boeing's systems need to be capable of staving off hackers and keeping safe some of the nation's most prized intellectual property.

Like many of their colleagues in surrounding cubicles, the friends spend much of their days devising, revising and analyzing complicated security programs that they then use their well-honed skills to attempt to crack.

The pair from Cal Poly Pomona were hired after they aced a cyber-security competition held by Boeing in which the aerospace giant urged students to consider careers in cyber security and, of course, scouted for fresh talent.

As computer threats become more coordinated and complex, Boeing and other defense contractors are bolstering their cyber-security staffs. Increasingly they are turning to unlikely characters, students who had distinguished themselves more on simulated cyber battlefields than in classrooms. As long as there are computers, there will be somebody trying to attack them.

The damage from hackers to consumers is well known, but the potential for corporate sabotage is far greater, and the need for cyber sleuths like those at Boeing is huge and growing.

Corporate computers serve thousands of employees engaging in different tasks and require layer upon layer of sophisticated security protection.

Those workers need access to the Internet. Although that access enables employees to get the information they need to do their jobs, it also opens a door for hackers to sneak through.

It's not just monolithic corporations at risk. Even small businesses are liable for lost or stolen data. Visa recently stated that 95% of credit card thefts originate at small businesses. Such liability has driven demand for cyber-security expertise.

A generation ago, the brightest engineers in the aerospace industry were typically recruited from Ivy League universities and other prestigious institutions. Now defense contractors are broadening the hiring pool as they hunt for savvy young computer whizzes at local colleges.

Raytheon Co.'s president of intelligence information systems businesses said last year at a conference that her company's most impressive cyber-security hires have come from outside of traditional recruiting outlets.

One recruit was a man who didn't have a college education and didn't graduate from high school. He had a GED and worked at a pharmaceutical plant stuffing pills into bottles.

At night, he participated in online hacker competitions and outperformed others. That person would have not gotten through the normal Raytheon recruiting process.


The Boeing cyber unit is a 3,000-square-foot room with cream-colored walls and floor-to-ceiling windows on a far wall that lets the afternoon sun stream in on row after row of slate-gray cubicles. The work space is a mini-fort of sorts, with 6-foot walls on four sides and small video cameras mounted near the entrance that enable team members to see who is coming their way. It resembles the chaos of a college dorm room. Inside, a tangle of computer wires lies on the floor and papers are strewn about on desks, along with a half-eaten burrito or two.

The techs there enjoy a world full of colorful terms to describe lurking computer threats.

They try to stop "Trojan horses," which enable a hacker to gain access to computers when people click on dangerous links.

They try to squash "worms" that replicate, spread and corrupt computer files.

And they fight "logic bombs" that hide in computers and delete files at a specific time.

Cyber-security professionals have identified tens of thousands of threats aimed at Microsoft Windows programs over the years. If Windows vulnerabilities are found on Boeing's security system, the hackers are responsible for fixing it.


With cyber security risks, if one employee makes a mistake — forgetting to download a security update or clicking a suspicious link — hackers may get all the access they need to cause trouble.

For example, an employee may receive an email with an attachment that appears to be an Excel spreadsheet but in reality is malicious software. Once opened, the file can embed a virus that will record and send back key strokes or other data, such as credit card numbers.

Boeing's cyber-security workers need to know how to counter that attack so even if the virus is launched it will not infect the system. They determine whether the newest, most harmful viruses — which when activated may damage or delete files, cause erratic system behavior, display messages or even erase data — would work on the system.

Boeing's cyber-security team can spend weeks prodding the system on a platform they designed called "cyber range in a box" that simulates the Internet without actually going live on it. They comb through the security system, seeing whether there are new ways to inject harmful code that would change the database content or dump information like credit card numbers or passwords to a hacker.

In this controlled environment, the team can apply what they learn in real-world situations.

Once they find security lapses within the systems, they plug them.


For more organic SEO and web optimization related news, visit the SEO Done Right blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.