Slashdot Mirror

← Back to Domains

Domain: securityweek.com

Stories and comments across the archive that link to securityweek.com.

Stories · 383

  1. Russia's New Secure Android Tablet Keeps Data From Google

    It · Android · · posted by timothy · from the da-ist-gut dept. · 127 comments
    wiredmikey writes "It seems Russia's defense ministry doesn't trust Google's tablet computers: a new Android device presented to a top Russian government official boasts encryption and works with software and a global positioning system made in Russia, the AFP reports. The OS has all the functional capabilities of an Android operating system but none of its hidden features that send users' private data to Google, addressing concerns that data stored by Google could slip into the hands of the US government and expose some of their most secret and sensitive communications. Two versions of the tablet will supposedly be made — one for consumers and one for defense needs."

  2. A Month After Grum Botnet Takedown, Spam Back To Previous Levels

    It · Botnet · · posted by timothy · from the it's-like-the-pollen-count dept. · 47 comments
    wiredmikey writes "It's been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes."

  3. Experts Develop 3rd-Party Patch For New Java Zero-Day

    Developers · Java · · posted by samzenpus · from the patch-it-up dept. · 154 comments
    tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."

  4. "Knitted" Wi-Fi Routers Create Failover Network For First Responders

    Science · Network · · posted by timothy · from the fire-department-do-you-read-me dept. · 97 comments
    wiredmikey writes "Wireless Internet routers used in homes and offices could be knitted together to provide a communications system for emergency responders if the mobile phone network fails, German scientists reported on Monday. In many countries, routers are so commonplace that they could be used by police and fire departments if cell towers and networks are down or overwhelmed by people caught up in an emergency, they say. This rich density means that an emergency network could piggyback on nearby routers, giving first responders access to the Internet and contact with their headquarters. The researchers suggest that routers incorporate an emergency 'switch' that responders can activate to set up a backup network, thus giving them a voice and data link through the Internet. This could be done quite easily without impeding users or intruding on their privacy, the study argues. Many routers already have a 'guest' mode, meaning a supplementary channel that allows visitors to use a home's Wi-Fi." This is a cool angle on mesh networking — reminds me of the emergency response capabilities of ham radio; if it sounds intriguing, remember that even sparse networks can make use of this kind of networking with the right antennas. Related: even without touching the hardware on your router, you can do some meshing around with Byzantium.

  5. "SMSZombie" Malware Infects 500,000 Android Users In China

    Yro · Android · · posted by samzenpus · from the new-threat-on-the-block dept. · 116 comments
    wiredmikey writes "Researchers have recently discovered a new sophisticated and resilient mobile threat targeting Android phones that is said to have infected about 500,000 devices, mainly in China. Called 'SMSZombie,' the malware is stubborn and hard to remove, but users outside of China have little to worry about with this latest discovery. The prime function of the mobile malware is to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China. The malware takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments to premium service providers, and can also remotely control the infected device. It has been spread via wallpaper apps that sport provocative titles and nude photos, and can only be removed using a lengthy process beyond the skills of a typical android user."

  6. Cyber Attack Knocks Offline Saudi Aramco

    Yro · Government · · posted by timothy · from the just-communicate-with-oil dept. · 67 comments
    wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."

  7. Cyber Attack Knocks Offline Saudi Aramco

    Yro · Government · · posted by timothy · from the just-communicate-with-oil dept. · 67 comments
    wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."

  8. Georgia Tech Launches "Titan" Malware Analysis System

    It · Ai · · posted by timothy · from the sir-it's-the-computer dept. · 37 comments
    wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."

  9. Google Fined $22.5M Over Safari Privacy Violation

    Tech · Google_Fb · · posted by samzenpus · from the pay-the-man dept. · 118 comments
    wiredmikey writes "The US Federal Trade Commission fined Google $22.5 million for violating the privacy of people who used rival Apple's Safari web browser even after pledging not to do so. The FTC said Google had agreed with the commission in October 2011 not to place tracking cookies on or deliver targeted ads to Safari users, but then went ahead and did so. 'For several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google's DoubleClick advertising network,' the FTC said in a statement. 'Google had previously told these users they would automatically be opted out of such tracking.' While Google agreed to the fine, it did NOT admit it had violated the earlier agreement."

  10. Zeus Trojan Hits Blackberry Devices

    Mobile · Blackberry · · posted by Soulskill · from the kick-'em-when-they're-down dept. · 37 comments
    wiredmikey writes "Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy have been found. Zitmo, which hit Android devices back in July 2011, refers to a version of the Zeus malware that specifically targets mobile devices. Denis Maslennikov, a security researcher at Kaspersky Lab, also identified a new Zitmo variant for Android using the same command and control (C&C) numbers as the BlackBerry versions. While previous Android variants have been primitive, the latest .apk dropper, which shows up as an app 'Zertifikat,' looks 'more similar to "classic" Zitmo,' he said. When executed, it displays a message in German that the installation was successful, along with an activation code. The Android sample also included a self-issued certificate that indicates it was developed less than a month ago."

  11. Microsoft Releases Attack Surface Analyzer Tool

    Developers · Microsoft · · posted by samzenpus · from the how-bad-is-bad dept. · 40 comments
    wiredmikey writes "Microsoft has released the public version of Attack Surface Analyzer, a tool designed to help software developers and independent software vendors assess the attack surface of an application or software platform. The tool was pushed out of beta with Version 1.0 released on Thursday. Since ASA doesn't require the original source code, managers and executives can also use the tool to determine how a new application or software being considered would affect the organization's overall security before deploying it. The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. A stand-alone wizard guides users through the scanning and analysis process and a command-line version is available for use with automated tools. Attack Surface Analyzer 1.0 can be downloaded from Microsoft here."

  12. The $1 Trillion Cybercrime Myth

    News · Stats · · posted by Soulskill · from the 72%-of-statistics-are-made-up dept. · 94 comments
    wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

  13. Cybersecurity Bill Fails Today In US Senate

    Yro · Privacy · · posted by samzenpus · from the still-a-bill-on-capitol-hill dept. · 72 comments
    wiredmikey writes "A development following the recently posted story Senate Cybersecurity Bill Stalled By Ridiculous Amendments — The Cybersecurity Act of 2012 failed to advance in the US Senate on Thursday. The measure was blocked amid opposition from an unusual coalition of civil libertarians — who feared it could allow too much government snooping — and conservatives who said it would create a new bureaucracy. The bill needed 60 votes in the 100-member Senate to advance under rules in the chamber, but got only 52. The failure came despite pleas from Obama and top US defense officials. The US Chamber of Commerce argued that the bill 'could actually impede US cybersecurity by shifting businesses' resources away from implementing robust and effective security measures and toward meeting government mandates.'"

  14. Senate Cybersecurity Bill Stalled By Ridiculous Amendments

    Politics · Government · · posted by Unknown · from the this-is-why-western-society-collapsed dept. · 233 comments
    wiredmikey writes "Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation (Cybersecurity Act of 2012) before Congress adjourns at the end of the week for its summer recess. Once all the amendments (over 70) have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess. As usual, the Democrats and Republicans have been unable to agree on which amendments will be considered, effectively stalling the bill. And most interesting, is that in typical U.S. political fashion, some of the amendments have nothing to with the topic on hand (cybersecurity): ... Sen. Frank Lautenberg has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal. And Sen. Mike Lee filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy. Sen. Michael Bennet and Tom Coburn filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Senate Minority Leader Mitch McConnell suggested an amendment to repeal the Affordable Care Act."

  15. Senate Cybersecurity Bill Stalled By Ridiculous Amendments

    Politics · Government · · posted by Unknown · from the this-is-why-western-society-collapsed dept. · 233 comments
    wiredmikey writes "Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation (Cybersecurity Act of 2012) before Congress adjourns at the end of the week for its summer recess. Once all the amendments (over 70) have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess. As usual, the Democrats and Republicans have been unable to agree on which amendments will be considered, effectively stalling the bill. And most interesting, is that in typical U.S. political fashion, some of the amendments have nothing to with the topic on hand (cybersecurity): ... Sen. Frank Lautenberg has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal. And Sen. Mike Lee filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy. Sen. Michael Bennet and Tom Coburn filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Senate Minority Leader Mitch McConnell suggested an amendment to repeal the Affordable Care Act."

  16. NSA Chief To Address Hackers At DEF CON

    News · Government · · posted by Unknown · from the and-then-arrest-them dept. · 136 comments
    wiredmikey writes "Later this week, the NSA's organizational leader and head of the U.S. Cyber Command – General Keith Alexander — will address an audience of hackers at DEF CON. News of General Alexander's talk at Def Con broke on Friday. Up until that point, the 12:00 Track 1 slot was kept secret, leaving attendees to the world's largest hacker conference to speculate. The buzz was that it would be something interesting – if only because this year is Def Con's 20th anniversary. General Alexander will be giving a talk titled 'Shared Values, Shared Responsibility,' which is outlined as a presentation that will focus on the shared core values between the hacker community and the government's cyber community. Namely, the vision of the Internet as a positive force, the fact that information increases value by sharing, the respect and protection of privacy and civil liberties, and the opposition to malicious and criminal behavior."

  17. Open Source Smart Meter Hacking Framework Released

    News · Hardhack · · posted by timothy · from the granular-snapshots dept. · 74 comments
    wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.

  18. Apple Yanks Privacy App From the App Store

    Apple · Ios · · posted by timothy · from the earwigs-in-the-glass-garden dept. · 136 comments
    wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

  19. Dutch Police Takedown C&Cs Used By Grum Botnet

    It · Botnet · · posted by timothy · from the why-so-grum? dept. · 45 comments
    wiredmikey writes "Dutch authorities have pulled the plug on two secondary servers used by the Grum botnet, a large botnet said to produce about 17% of the world's spam. According to researchers from FireEye, the backup C&C servers were located in the Netherlands, and once word of their existence was released, Dutch authorities quickly seized them. While any C&C server takedown is a win, the impact may be minimal, as the two primary servers are fully active, and the datacenters hosting them are unresponsive to fully documented abuse reports. That being said, FireEye's Atif Mushtaq noted that the botnet does has some weak spots, including the fact that Grum has no failback mechanism, has just a few IPs hardcoded into the binaries, and the botnet is divided into small segments, so even if some C&Cs are not taken down, part of botnet can still remain offline. The removal of the C&C servers shines light on how quickly some law enforcement agencies work, given that proof of their existence is just over a week old."

  20. NVIDIA Kills Online Store In Response To Hacker Claims

    It · Security · · posted by Soulskill · from the have-you-tried-updating-your-drivers dept. · 70 comments
    wiredmikey writes "Following a shutdown of its 'NVIDIA Developer Zone,' earlier this week after the online community for developers had been hacked, the graphics chip maker on Friday also shut down its online store. The group of hackers behind the attack, going by the handle of 'The Apollo Project,' made mention of the claimed compromise in its original post exhibiting its successful attack against the NVIDIA Developer Zone site. While the company has shut down the online store, it has not acknowledged that a successful attack has taken place. 'NVIDIA has suspended operation of the NVIDIA Gear Store (store.nvidia.com) as a precaution, following confirmed attacks on several of our other sites,' read a statement posted on the site posted. The claimed attackers wrote, 'We aren't acting extremely maliciously, we've used this database to target disgusting corporations who deserve to be brought to justice.. and we are getting there, slowly but surely.'"

  21. NVIDIA Kills Online Store In Response To Hacker Claims

    It · Security · · posted by Soulskill · from the have-you-tried-updating-your-drivers dept. · 70 comments
    wiredmikey writes "Following a shutdown of its 'NVIDIA Developer Zone,' earlier this week after the online community for developers had been hacked, the graphics chip maker on Friday also shut down its online store. The group of hackers behind the attack, going by the handle of 'The Apollo Project,' made mention of the claimed compromise in its original post exhibiting its successful attack against the NVIDIA Developer Zone site. While the company has shut down the online store, it has not acknowledged that a successful attack has taken place. 'NVIDIA has suspended operation of the NVIDIA Gear Store (store.nvidia.com) as a precaution, following confirmed attacks on several of our other sites,' read a statement posted on the site posted. The claimed attackers wrote, 'We aren't acting extremely maliciously, we've used this database to target disgusting corporations who deserve to be brought to justice.. and we are getting there, slowly but surely.'"

  22. Formspring Hacked - 420,000 Password Hashes Leaked

    News · Security · · posted by Unknown · from the sky-is-falling dept. · 68 comments
    wiredmikey writes with news of yet another business suffering a data breach. From the article: "Formspring, the Social Q&A portal ..., admitted to being breached on Tuesday. The compromise led to the loss of 420,000 passwords, forcing the site to reset all member passwords. Mirroring the recent LinkedIn breach, Formspring said that it was alerted to a forum post that contained 420,000 password hashes. Engineers shutdown the service and confirmed the passwords were indeed theirs. In less than a day, an investigation revealed that the attacker(s) had 'broken into one of our development servers and was able to use that access to extract account information from a production database' .... There have been no reported incidents of individual account compromise, but there were reports of Phishing by some users on Twitter attempting to capitalize on the incident."

  23. Crowd Sourced Malware Reverse Engineering Platform Launched

    News · Software · · posted by samzenpus · from the work-together dept. · 19 comments
    wiredmikey writes "Security startup CrowdStrike has launched CrowdRE, a free platform that allows security researchers and analysts to collaborate on malware reverse engineering. CrowdRE is adapting the collaborative model common in the developer world to make it possible to reverse engineer malicious code more quickly and efficiently. Collaborative reverse engineering can take two approaches, where all the analysts are working at the same time and sharing all the information instantly, or in a distributed manner, where different people work on different sections and share the results. This means multiple people can work on different parts simultaneously and the results can be combined to gain a full picture of the malware. Google is planning to add CrowdRE integration to BinNavi, a graph-based reverse engineering tool for malware analysis, and the plan is to integrate with other similar tools. Linux and Mac OS support is expected soon, as well."

  24. Blackhole Exploit Kit Gets an Upgrade

    It · Crime · · posted by timothy · from the so-dense-not-even-light-browsing-can-escape dept. · 43 comments
    wiredmikey writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of 'Paunch,' who continuously updates the browser exploit software, looks like it has just received another upgrade. The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain. Moreover, the kit's recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft's XML Core Services, which remains unpatched. Unfortunately, the changes prove once again that the criminal economy online is alive and well."

  25. Blackhole Exploit Kit Gets an Upgrade

    It · Crime · · posted by timothy · from the so-dense-not-even-light-browsing-can-escape dept. · 43 comments
    wiredmikey writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of 'Paunch,' who continuously updates the browser exploit software, looks like it has just received another upgrade. The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain. Moreover, the kit's recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft's XML Core Services, which remains unpatched. Unfortunately, the changes prove once again that the criminal economy online is alive and well."

  26. Serious Web Vulnerabilities Dropped In 2011

    It · Security · · posted by Soulskill · from the who-will-step-up-to-take-credit dept. · 34 comments
    wiredmikey writes "It's refreshing to see a security report from a security vendor that isn't all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten."

  27. Vulnerable SAP Deployments Make Prime Attack Targets

    Tech · Security · · posted by timothy · from the don't-be-such-a-sap dept. · 72 comments
    wiredmikey writes "Using a combination of TCP scans and Google, security researchers found that nearly a quarter of the organizations running vulnerable versions of SAP are tempting fate by leaving them exposed to the Internet. This discovery, researchers from ERPScan say, dispels the myth that SAP systems are only available from the internal network, leading to the misconception that they are protected by design. By March 2012, there were more than 2,000 security advisories published by SAP. Of those, about 7% (124) have publicly available PoC (proof-of-concept) exploit code available to the public. Many of the issues discovered are related to poor configuration or poor deployment planning. For example, 212 SAP Routers were found in Germany, which were created mainly to route access to internal SAP systems. Another issue with the vulnerable and exposed SAP installations is that many of them run on Windows NT, creating a twin set of risks for the organization, as they have to contend with a bad SAP deployment and unsupported OS that is full of security issues all by itself."

  28. Flame Malware Hijacks Windows Update

    It · Microsoft · · posted by timothy · from the trustworthy-computing-of-course dept. · 268 comments
    wiredmikey writes "As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how." And an anonymous reader adds a note that Flame's infrastructure is massive: "over 80 different C&C domains, pointed to over 18 IP addresses located in Switzerland, Germany, the Netherlands, Hong Kong, Poland, the UK, and other countries."

  29. Microsoft Certificate Was Used To Sign Flame Malware

    News · Microsoft · · posted by samzenpus · from the signing-dirty dept. · 194 comments
    wiredmikey writes "Microsoft disclosed that 'unauthorized digital certificates derived from a Microsoft Certificate Authority' were used to sign components of the recently discovered Flame malware. 'We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft,' Microsoft Security Response Center's Jonathan Ness wrote in a blog post. Microsoft is also warning that the same techniques could be leveraged by less sophisticated attackers to conduct more widespread attacks. In response to the discovery, Microsoft released a security advisory detailing steps that organizations should take in order block software signed by the unauthorized certificates, and also released an update to automatically protect customers. Also as part of its response effort, Microsoft said its Terminal Server Licensing Service no longer issues certificates that allow code to be signed."

  30. Backdoor Found In Hacked Version of Anti-Censorship Tool Simurgh

    Yro · Censorship · · posted by timothy · from the so-how-do-you-trust-the-assurances? dept. · 32 comments
    wiredmikey writes "Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that the malicious version isn't available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so."

  31. Backdoor Found In Hacked Version of Anti-Censorship Tool Simurgh

    Yro · Censorship · · posted by timothy · from the so-how-do-you-trust-the-assurances? dept. · 32 comments
    wiredmikey writes "Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that the malicious version isn't available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so."

  32. America's Cybersecurity Czar, Howard Schmidt, Steps Down

    Yro · Government · · posted by samzenpus · from the hit-the-road dept. · 52 comments
    wiredmikey writes "In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the nation's first cyber czar will retire at the end of the month. Schmidt, after just over two years of government service, said he would retire in order to spend more time with his family and to entertain teaching opportunities in the cyber field. Schmidt was at the reins when the White House introduced its international strategy for cyberspace, and also helped create the controversial National Strategy for Trusted Identities in Cyberspace, an initiative that would allow people to obtain a single credential as a one-time password (on a token or mobile device) to do business on the Internet. Schmidt will be replaced by Michael Daniel, currently the head of the White House budget office's intelligence branch."

  33. America's Cybersecurity Czar, Howard Schmidt, Steps Down

    Yro · Government · · posted by samzenpus · from the hit-the-road dept. · 52 comments
    wiredmikey writes "In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the nation's first cyber czar will retire at the end of the month. Schmidt, after just over two years of government service, said he would retire in order to spend more time with his family and to entertain teaching opportunities in the cyber field. Schmidt was at the reins when the White House introduced its international strategy for cyberspace, and also helped create the controversial National Strategy for Trusted Identities in Cyberspace, an initiative that would allow people to obtain a single credential as a one-time password (on a token or mobile device) to do business on the Internet. Schmidt will be replaced by Michael Daniel, currently the head of the White House budget office's intelligence branch."

  34. Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws

    News · Security · · posted by Soulskill · from the give-the-people-what-they-scream-about dept. · 90 comments
    wiredmikey writes with a followup to Thursday's news that Adobe was recommending paid software upgrades in lieu of fixing security holes in some of its applications. After receiving criticism for the security bulletin, Adobe changed its mind and announced that it's developing patches to fix the vulnerabilities. "Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."

  35. Apple Auto-Disables Old Flash Players In Mac OS X 10.7.4

    Apple · Security · · posted by timothy · from the for-your-own-good dept. · 155 comments
    wiredmikey writes "Just released, and coming in at 370 MB in size, the Mac OS X 10.7.4 update includes general OS fixes, and addresses more than 30 security vulnerabilities. But aside from typical security fixes, Apple has made an interesting move in an effort to protect users. Through this latest software update, Safari 5.1.7 will now automatically disable older — and typically more vulnerable — versions of the Adobe Flash player. While many software vendors would prefer OS makers to keep their hands off their software, the move appears to be welcomed by Adobe, which has constantly battled vulnerabilities in its widely installed Flash Player."

  36. DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks

    News · Security · · posted by Soulskill · from the what-could-possibly-go-wrong dept. · 114 comments
    wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."

  37. Recently Exposed PHP Hole's Official Fix Ineffective

    Developers · Bug · · posted by timothy · from the considered-busted dept. · 240 comments
    wiredmikey writes "On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition. 'When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution,' a CERT advisory explains. PHP developers pushed a fix for the flaw, resulting in the release of PHP 5.3.12 and 5.4.2, but as it turns out it didn't actually remove the vulnerability."

  38. Iran's Oil Industry Hit By Cyber Attacks

    News · Security · · posted by Unknown · from the causing-industrial-accidents-for-fun-and-profit dept. · 115 comments
    wiredmikey writes "Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack that hit multiple industry targets during the weekend. A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran's crude oil exports. In addition, computer systems at Iran's Oil Ministry and its national oil company were hit. There has been no word on the details of the malware found, but computer systems controlling several of Iran's oil facilities were disconnected from the Internet as a precaution. Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems."

  39. Iran's Oil Industry Hit By Cyber Attacks

    News · Security · · posted by Unknown · from the causing-industrial-accidents-for-fun-and-profit dept. · 115 comments
    wiredmikey writes "Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack that hit multiple industry targets during the weekend. A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran's crude oil exports. In addition, computer systems at Iran's Oil Ministry and its national oil company were hit. There has been no word on the details of the malware found, but computer systems controlling several of Iran's oil facilities were disconnected from the Internet as a precaution. Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems."

  40. HP Ships Switches With Malware Infected Flash Cards

    News · Hp · · posted by samzenpus · from the bad-switches dept. · 50 comments
    wiredmikey writes "HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in a computer could result in the system being compromised. According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory. This issue once again brings attention to the security of the electronics supply chain, which has been a hot topic as of late."

  41. SMS-Controlled Malware Hijacking Android Phones

    Mobile · Android · · posted by samzenpus · from the Taking-over dept. · 94 comments
    wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

  42. Waterboarding Whistleblower Indicted Under Espionage Act

    Yro · Government · · posted by Unknown · from the long-hoped-for-bullet-arrives dept. · 338 comments
    wiredmikey writes "A former CIA officer was indicted on Thursday for allegedly disclosing classified information to journalists. The restricted disclosure included the name of a covert officer and information related to the role a CIA employee played in classified operations. The indictment charges John Kiriakou with one count of violating the Intelligence Identities Protection Act for allegedly illegally disclosing the identity of a covert officer and with three counts of violating the Espionage Act for allegedly illegally disclosing national defense information to individuals not authorized to receive it. The count charging violation of the Intelligence Identities Protection Act, as well as each count of violating the Espionage Act, carries a maximum penalty of 10 years in prison, and making false statements carries a maximum prison term of five years. Each count carries a maximum fine of $250,000."

  43. Obama Administration Places $200 Million Bet On Big Data

    Hardware · Storage · · posted by samzenpus · from the always-bet-on-greenbacks dept. · 72 comments
    wiredmikey writes "As the Federal Government aims to make use of the massive volume of digital data being generated on a daily basis, the Obama Administration today announced a 'Big Data Research and Development Initiative' backed by more than $200 million in commitments to start. Through the new Big Data initiative and associated monetary investments, the Obama Administration promises to greatly improve the tools and techniques needed to access, organize, and glean discoveries from huge volumes of digital data. Interestingly, as part of a number of government announcements on big data today, The National Institutes of Health announced that the world's largest set of data on human genetic variation – produced by the international 1000 Genomes Project (At 200 terabytes so far) is now freely available on the Amazon Web Services (AWS) cloud. Additionally, the Department of Defense (DoD) said it would invest approximately $250 million annually across the Military Departments in a series of programs. 'We also want to challenge industry, research universities, and non-profits to join with the Administration to make the most of the opportunities created by Big Data,' Tom Kalil, Deputy Director for Policy at OSTP noted in a blog post. 'Clearly, the government can't do this on its own. We need what the President calls an 'all hands on deck' effort.'"

  44. Microsoft Leads Sting Operation Against Zeus Botnets

    It · Botnet · · posted by samzenpus · from the don't-bot-me-bro dept. · 114 comments
    wiredmikey writes "Microsoft, in what it called its 'most complex effort to disrupt botnets to date,' and in collaboration with partners from the financial services industry, has successfully taken down operations that fuel a number of botnets that make up the notorious Zeus family of malware. In what Microsoft is calling 'Operation b71,' Microsoft and its co-plaintiffs, escorted by U.S. Marshals, seized command and control (C&C) servers in two hosting locations on March 23 in Scranton, Pennsylvania and Lombard, Illinois. The move was to seize and preserve data and evidence from the botnets for the case. In addition to seizing the C&C servers, the group took down two IP addresses behind the Zeus command and control structure, and secured 800 domains that Microsoft is now monitoring and using to help identify computers infected by Zeus."

  45. Mystery of Duqu Programming Language Solved

    Developers · Programming · · posted by samzenpus · from the solving-a-mystery dept. · 97 comments
    wiredmikey writes "Earlier this month, researchers from Kaspersky Lab reached out to the security and programming community in an effort to help solve a mystery related to 'Duqu,' the Trojan often referred to as 'Son of Stuxnet,' which surfaced in October 2010. The mystery rested in a section of code written an unknown programming language and used in the Duqu Framework, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infected system. Less than two weeks later, Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called 'OO C' and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion."

  46. Microsoft: RDP Vulnerability Should Be Patched Immediately

    Tech · Cloud · · posted by Soulskill · from the barn-doors-and-horses dept. · 126 comments
    wiredmikey writes "Microsoft is urging organizations to apply the sole critical update in this month's Patch Tuesday release as soon as possible. The critical bulletin – one of six security bulletins issued as part of Tuesday's release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP). Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon's AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek. Besides the RDP bugs, this month's Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio."

  47. 'Honey Stick' Project Tracks Fate of Lost Smartphones

    Mobile · Handheld · · posted by Unknown · from the tweeting-as-strangers dept. · 222 comments
    wiredmikey writes with a quote from an article at Secury Week: "In order to get a look at what happens when a smartphone is lost, Symantec conducted an experiment, called the Honey Stick Project, where 50 fully-charged mobile devices were loaded with fake personal and corporate data and then dropped in publicly accessible spots in five different cities ...Tracking showed that 96-percent of the devices were accessed once found (PDF), and 70-percent of them were accessed for personal and business related applications and information. Less than half of the people who located the intentionally lost devices attempted to locate the owner. Interestingly enough, only two phones were left unaccounted for; the others were all found."

  48. Stratfor Breach Leads To Over $700k In Fraud

    News · Crime · · posted by Soulskill · from the send-them-a-bill dept. · 68 comments
    wiredmikey writes "It isn't often that after a data breach involving credit cards, the public is given information on the exact amount money lost by consumers as a result. Thanks to the FBI, however, we now have a better understanding of what 60,000 stolen credit cards translates to financially, as this data was included in their investigation notes while working the Stratfor case. The last time the public had something close to actual stats from the source, we learned that the TJX breach cost Visa $68 million in 2007, two years after the TJX network was compromised by Albert Gonzalez. Yet, those were Visa's estimates. Now, in the aftermath of the Stratfor breach, the FBI has attributed $700,000 worth of charge fraud to the 60,000 credit card records taken during the network compromise. AntiSec supporters walked away with 860,160 usernames and passwords, in addition to the credit card records."

  49. Ford Tests DIY Firmware Updates

    News · Security · · posted by Soulskill · from the what-could-possibly-go-wrong dept. · 164 comments
    wiredmikey writes "This month, Ford is borrowing something from the software industry: updates. With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft called SYNC, Ford has the need to update those vehicles — for both features and security reasons. But how do you update the software in thousands of cars? Traditionally, the automotive industry has resorted to automotive recalls. But now, Ford will be releasing thirty thousand USB sticks to Ford owners with the new SYNC infotainment system, although the update will also be available for online download. In preparing to update your car, Ford encourages users to have a unique USB for each Ford they own, and to have the USB drive empty and not password protected. In the future, updating our gadgets, large and small, will become routine. But for now, it's going to be really cumbersome and a little weird. Play this forward a bit. Image taking Patch Tuesday to a logical extreme, where you walk around your house or office to apply patches to many of the offline gadgets you own."

  50. Hackers Nab Unreleased Michael Jackson Tracks From Sony

    Entertainment · Music · · posted by samzenpus · from the take-a-look-at-yourself-and-then-make-a-change dept. · 192 comments
    wiredmikey writes "Sony once again has found itself in the news surrounding another hacking-related incident. This time around, the breach doesn't appear to involve any lost user data or customer accounts, but instead, some valuable property owned by the record company. Today, several British news outlets have reported that more than 50,000 music tracks have been illegally accessed and downloaded by hackers, including a large number from the late Michael Jackson. Sony bought the catalog from Jackson's estate for $250 million in 2010, giving the company distribution rights to the unreleased music. The attack reportedly occurred shortly after details of the massive PlayStation Network breach last April, but details were only revealed this past weekend."