Slashdot Mirror
Domain: net-security.org
Stories and comments across the archive that link to net-security.org.
Stories · 444
-
Certificate Blunders May Mean the End For DigiNotar
Certificate Authority DigiNotar is having a rough time of it. dinscott writes with these words from Help Net Security: "After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates — i.e. certificates used to create digital signatures — issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA). Starting from yesterday, OPTA has terminated the accreditation of DigiNotar as a certificate provider for 'qualified' certificates. The revocation of this accreditation also makes DigiNotar unqualified to issue certificates under the PKIoverheid CA." -
Anti-Rootkit Security Beyond the OS
Orome1 writes "Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system. On that note, McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. Co-developed with Intel, it allows McAfee to develop hardware-assisted security products to take advantage of a 'deeper' security footprint. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity." -
New BIOS Exploiting Rootkit Discovered
First time accepted submitter mtemar writes with a Symantec analysis of an interesting new trojan/virus. From the article:"There are more and more known viruses that infect the MBR. Symantec Security Response has published a blog to demonstrate this trend last month. However, we seldom confront with one that infects the BIOS. One of them, the notorious CIH, appeared in 1999, which infected the computer BIOS and thus harmed a huge number of computers at that time. Recently, we met a new threat named Trojan.Mebromi that can add malicious components into Award BIOS which allows the threat to take control of the system even before MBR." -
Rogue SSL Certs Issued For CIA, MI6, Mossad
Orome1 writes with this excerpt from Help Net Security: "The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise — including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others." -
IE 9 Beats Other Browsers at Blocking Malicious Content
Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links." -
Compromised WordPress Blogs Poison Google Image Searches
Orome1 writes "Google Image Search has for some time been littered with images that lure users to compromised sites that serve as doorway pages to other malicious sites. Part of the problem is that these compromised sites often use the WordPress publishing platform, which is infamous for the great number of security bugs that make it such a preferred target. This fact has been proven once again by security researcher Denis Sinegubko, who has pinpointed 4,358 WordPress blogs hijacked by unknown attackers and pumped full of popular search keywords and images, which redirect users to sites that try to scare them into buying a fake AV solution." -
8GB of Data Stolen From Italian Cybercrime Unit
Orome1 writes "Evidence servers of the Italian National Anti-Cybercrime Center for the Protection of Critical Infrastructure (CNAIPIC) have been breached and some of their contents published by a group of hackers calling themselves 'Legion of Anonymous Doom,' who apparently got on board the AntiSec campaign. The group has made clear that its sitting on around eight GB of stolen data and that it plans to release it all." -
Japanese Man Arrested For Storing Malware
Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)." -
Google Warns Users About Active Malware Infection
dinscott writes "Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results. The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes." -
Spammers Prefer Compromised Accounts To Botnets
Orome1 writes "Spammers today favor compromised accounts for sending spam, gradually shifting distribution away from botnets, according to Commtouch. The changed tactic has emerged as spam levels dropped dramatically, following several high-profile botnet takedowns. Spammers are now using a combination of malware and phishing to compromise legitimate accounts and then using these accounts to send low-volume spam outbreaks." -
Anonymous Leaks New Batch of Data
Orome1 writes "Anonymous has made available for download another batch of data, including those belonging to the Zimbabwean government, Mosman Municipal Council, Universal Music Group Partners (umusic.com's usernames/passwords and other data), Viacom (internal mapping of Viacom and its servers) and Brazilian Government (dumps and passwords)." -
ICANN Domain Expansion Could Increase Phishing
Orome1 writes "The ICANN board gave final approval to what some are calling 'the most dramatic change to the Internet in four decades,' allowing the expansion of new TLDs. Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren't the only ones who are likely to try to snag these new top level domains. There's a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors." -
Trojan Goes After Bitcoins
Orome1 writes "Bitcoin has definitely caught the attention of criminals. Even though it has been calculated that the use of botnets for Bitcoin mining is still not quite as lucrative as renting them out for other purposes, targeting people who have them in their digital wallets is quite another matter. Symantec researchers have spotted in the wild a Trojan dedicated to this specific purpose. Named Infostealer.Coinbit, it searches for the Bitcoin wallet.dat file on the infected computer and sends it to the criminal(s)." -
The Most Common iPhone Passcodes
Orome1 writes "The problem of poor passwords is not confined to computer use, and that fact was illustrated by an app developer who has added code to capture user passcodes to one of its applications. 'Because Big Brother's [the app in question] passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes,' says Daniel Amitay. It turns out that of the 204,508 recorded passcodes, 15% were one of the most common ten." -
Cybersecurity and the Internet Economy
Orome1 writes "Global online transactions are currently estimated by industry analysts at $10 trillion annually. As Internet business grows, so has the threat of cybersecurity attacks. The U.S. Department of Commerce today released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector. Commerce Secretary Gary Locke said: 'By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft.'" -
RSA Admits SecurID Tokens Have Been Compromised
A few months ago, RSA Servers were hacked, and a few weeks ago Duped tokens were used to hack Lockheed-Martin. Well today Orome1 writes "RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman — one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process." -
RSA Admits SecurID Tokens Have Been Compromised
A few months ago, RSA Servers were hacked, and a few weeks ago Duped tokens were used to hack Lockheed-Martin. Well today Orome1 writes "RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman — one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process." -
35 Million Google Profiles Collected
Orome1 writes "If you are one of those individuals that made their own Google Profile, chances are that you knew and agreed to the fact that the information you included in it will be available for anyone who searches for it online. But, maybe you haven't thought about the possibility of this information being harvested and indexed in order to make mining of it easier. Whether you have or not, it is ultimately irrelevant — you have shared the information with Google, and it does not forbid the indexing of the list." -
Spammers Establish Fake URL-Shortening Services
Orome1 writes "Spammers are establishing their own fake URL-shortening services to perform URL redirection, according to Symantec. This new spamming activity has contributed to this month's increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March. Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's own Web site." -
AppleCare Reps Told To Skirt Malware Questions
Dominare writes with this bit from ZDnet: "'A confidential internal Apple document tells the company's front-line support people how to handle customers who call about malware infections: Don't confirm or deny that an infection exists, and whatever you do, don't try to remove it.' So basically, now that Macs have their own equivalent to XP Antivirus the best you can hope for is to be pointed at the store where you can buy something that may or may not fix your problem ... nice." -
Poisoned Google Image Searches Becoming a Problem
Orome1 writes "If you are a regular user of Google's image search, you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search results." -
Multiplatform Java Botnet Spotted In the Wild
It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though. -
Final Report: Pan-European Cyber Security Exercise
Orome1 writes "The EU's cyber security agency, ENISA, has issued its final report (PDF) on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010. The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash." -
Final Report: Pan-European Cyber Security Exercise
Orome1 writes "The EU's cyber security agency, ENISA, has issued its final report (PDF) on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010. The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash." -
French Hacker Arrested After Bragging On TV
Orome1 writes "A French hacker has effectually tied a noose around his own neck when he bragged about hacking into the systems of a big government contractor on national TV. He participated in a television program called Further investigation, and he said — and demonstrated — that he has gained access to computers belonging to the French Army and Thales Group, a French company that provides information systems and services for the aerospace, defense, and security markets. He was arrested 6 days after the program was aired. The police discovered on his computer a great number of compromised credit card and bank account data." -
Self-Wiping Hard Drives From Toshiba
Orome1 writes "Toshiba announced a family of self-encrypting hard disk drives engineered to automatically invalidate protected data when connected to an unknown host. Data invalidation attributes can be set for multiple data ranges, enabling targeted data in the drive to be rendered indecipherable by command, on power cycle, or on host authentication error." -
Interpol Wants a Global Identity Card System
Orome1 writes "The head of INTERPOL has emphasized the need for a globally verifiable electronic identity card (e-ID) system for migrant workers at an international forum on citizen ID projects, e-passports, and border control management. INTERPOL Secretary General Ronald K. Noble said: "At a time when global migration is reaching record levels, there is a need for governments to put in place systems at the national level that would permit the identity of migrants and their documents to be verified internationally via INTERPOL." Issuing migrant workers e-ID cards in a globally verifiable format will also reduce corruption and enable cardholders to be eligible for electronic remittance schemes that will foster greater economic development and prosperity in INTERPOL member countries." -
Epsilon Breach Affects JPMorgan Chase, Capital One
Orome1 writes "The recent Play.com breach has been tied to the attack that its marketing communications firm Silverpop — a company that services over 105 customers, among whom are Walgreens and McDonalds — suffered last December. But the latest breach will likely have the biggest impact, because marketing services provider Epsilon — the largest one in the world — has notified its customers of a breach that likely compromised all of their mailing lists. Among Epsilon's customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more." How many apology emails have you got so far today? -
Epsilon Breach Affects JPMorgan Chase, Capital One
Orome1 writes "The recent Play.com breach has been tied to the attack that its marketing communications firm Silverpop — a company that services over 105 customers, among whom are Walgreens and McDonalds — suffered last December. But the latest breach will likely have the biggest impact, because marketing services provider Epsilon — the largest one in the world — has notified its customers of a breach that likely compromised all of their mailing lists. Among Epsilon's customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more." How many apology emails have you got so far today? -
Epsilon Breach Affects JPMorgan Chase, Capital One
Orome1 writes "The recent Play.com breach has been tied to the attack that its marketing communications firm Silverpop — a company that services over 105 customers, among whom are Walgreens and McDonalds — suffered last December. But the latest breach will likely have the biggest impact, because marketing services provider Epsilon — the largest one in the world — has notified its customers of a breach that likely compromised all of their mailing lists. Among Epsilon's customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more." How many apology emails have you got so far today? -
Massive SQL Injection Attack Compromises 380K URLs
Orome1 writes "A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked. The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution." -
European Parliament Computer Network Breached
Orome1 writes "The computer network of the European Parliament has been targeted by a cyber attack that may or may not be linked to the attack against the European Commission and the External Action Service networks that took place a week ago. According to the Parliament's spokesmen, the attack was still ongoing yesterday morning and information technology services have put in place some security measures — such as blocking access to webmail." -
European Parliament Computer Network Breached
Orome1 writes "The computer network of the European Parliament has been targeted by a cyber attack that may or may not be linked to the attack against the European Commission and the External Action Service networks that took place a week ago. According to the Parliament's spokesmen, the attack was still ongoing yesterday morning and information technology services have put in place some security measures — such as blocking access to webmail." -
Google Extends SSL To Developer-Facing APIs
Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers." -
Google Extends SSL To Developer-Facing APIs
Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers." -
Google Extends SSL To Developer-Facing APIs
Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers." -
40th Anniversary of the Computer Virus
Orome1 writes "This year marks the 40th anniversary of Creeper, the world's first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proofs of concept, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models." -
Malware Declines, Trojans Dominate
Orome1 writes "According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. These figures have hardly changed with respect to the January data." -
Financial Malware Hijacks Online Banking Sessions
Orome1 writes "A new type of financial malware has the ability to hijack customers' online banking sessions in real time using their session ID tokens. The OddJob Trojan keeps sessions open after customers think they have 'logged off,' enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital — and online monetary — assets." -
10% of IT Pros Can Access Previous Jobs' Accounts
dinscott writes "According to a survey that examines how IT professionals and employees view the use of policies and technologies to manage and protect users' electronic identities, the sharing of work log-ins and passwords between co-workers is a regular occurrence. It's no wonder then that half of them are concerned about insider threats to network security in their company's current infrastructure! But one of the most surprising results shows that one in 10 IT professionals admit they have accounts from previous jobs, from which they can still access systems even though they've left the organization." -
On Retirement, Israeli General Takes Credit for Stuxnet Attacks
dinscott writes "Last month, The New York Times ran a story about Stuxnet having been developed by the Americans and the Israelis as a part of a joint project, but it was based on claims by confidential sources. It now seems that the information from these sources was correct. The Haaretz — Israel's oldest daily newspaper — reports on a surprising video that was played at a party organized for General Gabi Ashkenazi's last day on the job." -
The Notable Decline of Identity Fraud
Orome1 writes "In 2010 the number of identity fraud victims decreased by 28 percent to 8.1 million adults in the United States, three million fewer victims than the prior year. Total annual fraud decreased from $56 billion to $37 billion, the smallest amount in the eight years of the study. While overall fraud declined, consumer out-of-pocket costs rose significantly, mainly due to the types of fraud that were successfully perpetrated and an increase in "friendly fraud." The number of identity fraud incidents decreased by 28 percent over the past year, which brought them down to levels not seen since 2007. The mean fraud amount per victim declined from $4,991 in 2009 to $4,607." -
USB Autorun Attacks Against Linux
Orome1 writes "Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS — including the addition of features that can allow Autorun attacks. This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things. Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not." I've attached the video if you are curious. Skip the first 2 minutes if you don't care where the lost and found is. -
Facebook Private Info Increasingly Used In Court
Orome1 writes "Making the content of your Facebook account private can thwart the social network's plan to share as much information as possible with advertisers, but may not keep out lawyers looking for material that will contradict your statements in a court of law. US lawyers have been trying to gain permission to access the private parts of social network accounts for a while now, but it seems that only lately they have begun to be successful in their attempts. And this turn of events is another perfectly good reason to think twice about what you post online." -
Mark Zuckerberg's Facebook Page Hacked
dinscott writes "An unknown hacker broke into the 26-year-old internet celebrity's Facebook account and posted a bizarre message calling upon the firm to adopt a social cause. More than 1800 people 'liked' the update before Facebook took down their CEO's page. Facebook has made no public statement about how the hack occurred, possibly to save their CEO from embarrassment." -
PayPal Most Phished, Facebook Most Blocked
Orome1 writes "OpenDNS released statistics about which websites were commonly blocked — and which websites users were frequently given access to — in 2010. The report additionally details the companies online scammers targeted in 2010, as well as where the majority of phishing websites were hosted. Facebook is both one of the most blocked and the most allowed websites, reflecting the push/pull of allowing social sites in schools and the workplace. On the other hand, 45 percent of all phishing attempts made in 2010 were targeting PayPal." -
Cybercriminals Shifting Focus To Non-Windows OSes
Orome1 writes "In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the a new Cisco report. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in 'money muling,' and that users continue to fall prey to myriad forms of trust exploitation." -
Unsecured IP Cameras Accessible To Everyone
Orome1 writes "In the last couple of decades, we have become so accustomed to the idea that the public portion of our everyday life is watched and recorded — in stores, on the street, in institutions — that we often don't even notice the cameras anymore. Analog surveillance systems were difficult to hack into by people who lacked the adequate knowledge, but IP cameras — having their own IPs — can be quite easily physically located and their stream watched in real-time by anyone who has a modicum of computer knowledge and knows what to search for on Google." -
Mac OS X 10.6.6 Introduces App Store
Orome1 writes "Apple today released Mac OS X 10.6.6 which increases the stability, compatibility, and security of your Mac. What's also very important in this release is the introduction of the long-awaited Mac App Store with more than 1,000 free and paid apps." -
Mobile Users More Vulnerable To Phishing Attacks
Orome1 writes "Trusteer recently gained access to the log files of several web servers that were hosting phishing websites. Analyzing these log files provided visibility into how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used to access the website. As soon as a phishing website is broadcast through fraudulent email messages the first systems to visit it are typically mobile devices. Most fraudulent emails call for immediate action. For example, they usually claim that suspicious activity has been detected in the user's account and that immediate action is required. Most victims who fall for this ploy will visit the phishing site quickly."