Remember those SMC combination cable modem and Wi-Fi routers used by Time Warner Cable that a blogger highlighted could be easily hackable? Well, they're still hackable. According to Wired News, despite Time Warner Cable's assurances that a resolution had already been deployed, the devices still appear to be at least partially vulnerable. A quick nmap port scan of a random Time Warner subnet by blogger David Chen found hundreds of marginally-secured devices that were still vulnerable. SMC says they have created a patch, but Chen insists the patch doesn't fix the problem entirely. Best bet? Ditch the hybrid SMC device, get a regular modem from Time Warner Cable, and go buy a real router.

A vulnerability in a Time Warner combination Wi-Fi router and cable modem could allow a hacker to remotely access the device's administrative menu over the internet, according to blogger David Chen. Time Warner Cable has confirmed the flaw, which impacts some 65,000 Time Warner Cable broadband users.

Comcast reached out to us today to note that they're employing a new strategy to help deal with customers they've identified as having trojan-infected PCs. According to Comcast, the company is going to start issuing alerts on subscriber PCs (see screenshot below) should the user be showing the telltale signs of botnet or spam relay infection.

Declan McCullagh has for years had a nasty habit of actually reading the laws Congress passes into law, which is frequently more than can be said of Congress itself. Last week, McCullagh wrote a piece for CNET exploring a new bill aimed at shoring up the nation's cybersecurity defenses.

It seems like only yesterday that the WEP wireless security standard became roughly the security equivalent of tissue paper. Now a team of Japanese researchers say they've found a way to break the WPA encryption system in about one minute. Highlighted at a Japanese conference this week, the attack expands on on a similar WPA attack disclosed last November, but does not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm. Given Wi-Fi-certified products have had to support WPA 2 since March of 2006, and the attack only works on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm -- protecting yourself shouldn't be rocket science, though you might want to pop by mom and dad's house.

Update: Glenn Fleishman has a excellent piece here that goes into the technical specifics of the attack in great detail.

According to the Associated Press, a major recent botnet cyber-attack on the U.S. and South Korean governments was drastically larger than originally believed, targeting the White House, the Pentagon, both the New York Stock Exchange and NASDAQ, the NSA, Department Of Homeland Security, the State Department -- and the Washington Post. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang organizations. Several websites, including the Treasury and Secret Service sites, were knocked completely offline for several days. The apparently unfazed Washington Post has additional detail.

Over the weekend a Channel Insider security blogger noticed a post on insecure.org by hackers claiming to have compromised T-Mobile's network security. According to the post, the hackers claim (with supporting posted code) to have obtained T-Mobile databases, "confidental" (sic) documents", scripts and financial data -- which they say they're selling to the highest bidder. In a statement, T-Mobile says they're "fully investigating the matter," and will contact T-Mobile users should the claims prove valid. Security analysts have spent the last 48 hours or so trying to determine whether the claim is a hoax.

U.S. Air Force Colonel Charlie Williamson complains to the BBC that the government has been "on the defensive" when it comes to cyber-warfare and fighting botnets.

Users in our security forum have discovered that advertisements delivered via the FoxNews.com website have been using popup malware to force-deliver artificial anti-virus malware onto the PCs of unsuspecting visitors (of which Fox has countless millions). One of our more skilled scambusters and "malvertising" gurus has further dissected (with photos) the exact scumware delivery mechanism at work here -- and notes that users don't even need to click on an ad banner at the website in order to get infected. The vsm_free_setup.exe forced download the ads are instituting originates from Russia or the Ukraine, and appears to involve a keylogger.

A new bit of nasty code named "psyb0t," is getting a lot of attention today for being the first botnet malware designed for Linux-embedded broadband equipment and routers. It's unfortunately not the first to target dumb users -- since it takes aim at routers (with SSH or telnet open on the WAN end) where the default username and password has not yet been changed, or was changed to something too simple. The SANS Internet Storm Center has some additional detail, as do the users in both our security and Linksys forums.

• Pelosi Asks Justice To Take Broader View Of Competitive Landscape [multichannel.com]
• The risks of a national broadband network [aardvark.co.nz]
• Congress re-mulls ban on wireless tax [theregister.co.uk]
• Google, Yahoo, Skype in survey that states obvious: Consumers expect unrestricted Internet access [reuters.com]
• Is it a bad idea for IBM to buy Sun? [cnet.com]
• Survey reveals woeful service from UK broadband big boys [pcpro.co.uk]
• In-Stat: 30% of subscribers will be 3G or 4G by 2013 [fiercewireless.com]
• Skype offers Mac users free Wi-Fi [yahoo.com]
• Choruss' Music Tax Plan: Bait-And-Switch [techdirt.com]
• Further Sony Ericsson Break-Up Rumours [cellular-news.com]
• AT&T to offer unsubsidized iPhone 3G with no commitment required? [engadget.com]
• Privacy watchdog barks for federal Gmail probe [theregister.co.uk]

In the first case of its kind, Pennsylvania resident Thomas Swingler faces federal criminal charges for allegedly selling hacked cable modems via CableHack.NET, according to Wired. The website sells "pre-modded" Motorola Surfboard modems for between $38 and $58, "that can be customized by the owner without a cable company's knowledge," claims Wired.

User KeysCapt writes in: "Researchers using 200 PlayStation 3's, a sophisticated attack on the ailing MD5 hash algorithm, and a slip-up by Verisign claim to have found a method of hacking any website, in the interest of improving web security. As a result Verisign says it's stopped using MD5, as of around noon Pacific time December 30.

The Sophos 2009 Security Threat Report (pdf) doesn't paint a particularly pretty picture of the United State's contributions to the world of malware. According to the report, the U.S. hosts 37% of the world's malware websites, and also leads the world in spam output at 17.5 percent. "Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious Web pages," Graham Cluley of Sophos tells the Tech Herald.

How time flies! It seems like only yesterday we were saying that the newly proposed Can Spam Act would do very little to actually stop spam, and would wind up making "legit" spam worse. It's now been five years since the Act's creation, and spam volume has seen a ten-fold increase. Network World looks back at the Act's creation and concludes that while it did help in a few high-profile busts, the Act to this day isn't taken seriously be spammers. Many experts still think that the Act should make e-mail pitches of any kind "opt-in," an idea gutted from the original law due to pressure from marketing lobbyists.

After recent hosting provider and scum hub McColo was shut down, scammers and spammers quickly scattered to differed hosts. The Srizbi botnet, whose control servers were hosted by McColo, was recently resurrected, finding a new home with Starline Web Services, based in the Estonian capital of Tallinn. However, the good (if not very uphill) fight continues, with Estonian ISP Linxtelecom taking Staline offline, and Srizbi control servers with it. That should help for about a day or two -- the rootkit that makes Srizbi hum uses an algorithm that periodically generates new domain names -- allowing the malware to receive new instructions.

Microsoft announced that they'd be discontinuing their OneCare security suite, a subscription service that includes anti-virus, anti-spyware and firewall functionality. Replacing OneCare will be a free service code-named "Morro" that will include protection from viruses, spyware, rootkits and trojans. According to a Microsoft press release, the new product will drop in the second half of 2009. While the release claims Microsoft is interested in increasing the protection rates in non-developed countries with less broadband, McAfee tells CNET that two years after its release, Microsoft's paid offering only managed to net a 2% market share. The OneCare blog has a FAQ for impacted subscribers.

User Kayrac writes in to note that to celebrate the fifteenth anniversary of Checkpoint Software, the company is offering, just for today, a free copy of their normally $20 ZoneAlarm Pro software package (download link here). Checkpoint Software purchased the popular Zone Alarm firewall back in 2003 for a cool $205 million, causing some consternation around these parts as to whether the product quality would decline. Whether that happened depends on who you ask (strange glitches do seem more common), but hey -- free is free. Perhaps it's time for our obligatory bi-yearly discussion about the best software firewalls in the comment section below.

Several readers write in to note that Arbor Networks has released their 2008 Worldwide Infrastructure Security Report, which picks the brains of roughly seventy engineers from tier 1 and 2 ISPs. Engineers were asked 90 questions about everything from backbone capacity to their workloads, and for the fourth straight year noted that the majority of their security resources and time are spent fighting DDoS attacks, which broke the 40Gbps threshold this year.

Roughly ten percent of the Internet's DNS servers are still vulnerable to a cache poisoning attack that was revealed months ago, according to a worldwide survey of public-facing Internet nameservers. "We estimate there's 11.9 million nameservers out there, and over 40% allow open recursion, so they accept queries from anyone," DNS expert Cricket Liu tells Computer World. "Of those, a quarter are not patched," he says. "So there's 1.3 million nameservers that are trivially vulnerable."