luni, 30 aprilie 2012

Anonymous Initiates Phase Two of Operation Against CISPA


Anonymous released a video which reveals the start of the second phase of Operation Defense, the op initiated by hacktivists as a form of protest against the Cyber Intelligence Sharing and Protection Act (CISPA).

If in the first phase supporters of the Anonymous movement were called to protest online, the second part of Operation Defense becomes more physical.

“We are calling upon the citizens of the United States to physically protest. This includes all the Occupy movement. Our rights are being taken away,” the hacktivists said.

The hackers admit that distributed denial-of-service (DDOS) attacks are not as effective as they were one year ago, mainly because the owners of websites have upgraded their servers to better withstand the large number of packets sent their way during such an operation.



Until now, the sites of companies such as Microsoft, IBM, AT&T, Boeing, Verizon, and the Financial Services Roundtable have been targeted with DDOS attacks.

Even though some of the attacks proved to be a success, it’s clear that they weren’t taken as a serious threat, CISPA successfully passing the vote of the US House of Representatives.

In the meantime, Mike Rogers, one of the initiators of the bill, came forward in an attempt to explain that the new cybersecurity law doesn’t target Americans, but the Chinese, who in the past years have been constantly stealing secrets from the US.

His words have provided little comfort to those who oppose the act so, starting tomorrow, May 1, physical demonstrations are programmed to take place throughout the United States.

Between May 1-5, AT&T headquarters and shops will be targeted, followed by IBM, Intel, Microsoft, Verizon Wireless, and Bank of America.

Starting with June 3, Chase Bank, Pepsi and Coca Cola, Target, Walmart, and CVS locations will be visited.

Here is the video Anonymous released to announce phase two of Operation Defense:




softpedia.com

Filipino Hackers Ignore Rulers, 14 Chinese Government Sites Defaced


Filipino officials urged the local Anonymous community to put an end to the cyberbattle with China, but their message fell on death ears as the hackers breached and defaced a number of 14 websites managed by the Chinese government.

“You may continue bullying our country’s waters but we will not tolerate you from intimidating our own cyber shores. Those defacements are just a mere response to what you have initially started. We are not trying to start anything. We are just trying to tell you that we do not want to be bullied in our own cyberspace too,” the hackers wrote.

According to NewsBytes, the reasons for which the breaches part of OpChinaDown were performed are still the same: supremacy over Spratlys and Scarborough Shoal.


Again, the rulers of the country are displeased with the actions of Anonymous Philippines, a spokesperson of the government publicly stating the disapproval for such operations, Ground Report informs.

“Vigilantism, however mushy, ultranationalist, or, sympathetic can only increase tensions. .It is understandble there is anger over the situation at Bajo de Masinloc, But we must be united and not do unilateral acts which only inflames tensions,” he explained.

At press time, all the affected Chinese government sites were taken offline, so we could not determine which ministries or departments had been defaced. However, most likely the targets were chosen randomly.

It seems that Anonymous benefits from the support of Pinoy citizens. A blogger who was among the first to report the attacks encouraged the hackers, who are fed up with being bullied around over the controversial regions.

At this point, we lost count of all the websites that were breached on both sides and unfortunately, the situation seems to escalate, despite the many warnings of the Philippines government.

softpedia.com

Cybercriminals Control Android TigerBot Via SMS


At the beginning of April, security researchers found that a number of shady Chinese Android stores were pushing apps that masked a piece of malware called TigerBot (ANDROIDOS_TIGERBOT.EVL).

Also known as Spyera, the malicious element was analyzed by Trend Micro experts. They discovered that the malware was controlled by its masters via SMS or phone calls, being capable of performing a number of tasks, including call recording and GPS tracking.

The list of commands accepted by TigerBot includes DEBUG, CHANGE_IAP, PROCESS_LIST_ADD, PROCESS_LIST_DELETE, ACTIVE, and DEACTIVE.

Let’s take a better look at these commands. First, DEBUG allows the cybercriminals to learn the names of the currently running processes, TigerBot’s configuration, and check the network status.


When the malware receives the CHANGE_IAP command, it connects to the network by changing the infected device’s Access Point Name. Depending on whether the action is successful or not, the attacker receives an SMS with the task’s status.

The codes for PROCESS_LIST_ADD and PROCESS_LIST_DELETE don’t seem to be complete, but the keywords are basically designed to manage processes. The processes added to the list are killed every 5 minutes.

The ACTIVE command, as you may suspect, activates TigerBot. When the string is sent, the malicious element sends an HTTP POST containing the phone’s IMEI, app key, timestamp and signature to the backend server.

In order to deactivate TigerBot, a phone call to *#[key] must be placed.

There is another list of SMS commands that can be sent to the malware. For instance, UPLOAD_NETWORKINFO returns GSM and CDMA location. SEND_MSG_TO_TARGET sends an SMS to a certain number with arbitrary content.

If the cybercrooks want to restart the device or take a screenshot, they can use commands such as RESTART_DEVICE and CAPTURE_IMAGE.

Android users who want to verify if a TigerBot infection is present can send a DEBUG command to the phone. To do this, simply take another phone, write "* *" in a text message and send it to the device you want to check. If a list of processes is returned, you are a victim.

softpedia.com

Experts Present Theoretical Dangers Behind Internet-Enabled Home Appliances


Security researchers from Norman put their imagination to good use and came up with four doomsday scenarios that could happen if Internet-enabled home appliances such as toasters, fridges, TVs, and alarm clocks would be somehow compromised by hackers.

While the theories seem a bit far-fetched, in a future where every single appliance will be connected to the Internet they might just come true.

It’s obvious that these days when researchers come up with new inventions and innovations they don’t put much thought into the security measures that should protect against misuse and online threats. A perfect example is wireless medical devices.

They’ve been around for quite a while, but only now, since experts have proved that they can be hacked into and altered with devastating effects, enhanced protection mechanisms are being taken into consideration.


So, let’s take a look at the toaster of the future, the one that we’ll be able to program directly from our computer, or from our phone. What if someone with an ill intent would hack into the programing system and set it to turn on and stay on for longer periods of time. Because of the heat, a fire could start.

When it comes to TV sets, it’s even more serious, because experts have already proved that they can be controlled via the Internet. Norman experts speak of brainwashing, but activists may argue that you don’t need to hack into a TV to alter someone’s belief system.

The temperatures of a refrigerator that’s web-enabled could be tampered with to make sure that the food stored inside it doesn’t last as long as it should. Fridges that store expiry dates could be programed to dupe their owners into believing that expired food is still good. In this case, food poisoning and dangerous bacteria comes to mind.

Finally, alarm clocks could be set to ring at random intervals to drive an individual crazy. Sort of like a Chinese water torture.

While it’s unlikely that these scenarios will occur in the near future, we have considered they were worth mentioning because the inventors of smart devices need to focus their efforts more on the security aspect of their creations.

There was a time when you could connect something to the Internet without worrying too much, but now, in the era in which online threats lurk at every corner, security must always be on top of the list.

softpedia.com

Fake Windows Antivirus Series Still Doing the Rounds


Not long ago we've presented a series of fake Windows antivirus programs designed to fool users into purchasing shady pieces of software that allegedly cleaned up infections that didn’t exist in the first place. Experts warn that new versions of the phony AV applications are making the rounds.

Until now, the fake antiviruses were named Process Director, No-Risk Agent, AntiHazard Center, Health Keeper, Guardian Angel, Software Keeper, Problems Stopper, and No-Risk Center.

The newer variants found by GFI researchers work in the same way, but their names have changed to Windows Care Taker, Efficiency Reservoir, Process Accelerator, Stability Maximizer, Cleaning Tools, Component Protector, Antibreaking System, Foolproof Protector, Crucial Scanner, Protection Unit, or simply Windows Antivirus.

While their names may have changed, and continue to change almost daily, the way they function remains mostly the same.


Once on a computer, the rogue pieces of software will alert the user that a number of threats that urgently need to be addressed are found on the system.

In reality, there aren’t any Trojan Downloaders, Monitors, Spoofers, Trojan-DDoSs and Worms, but the well-designed window that apparently scans the PC may trick some users into believing that they exist.

In order to get rid of the infections, victims are requested to purchase a cleaner that can apparently make everything go away. However, the cleaning application is just as phony as the antivirus programs, so in reality, internauts end up paying for an inexistent service.

Fortunately, GFI provides removal tools for each of these malicious elements. However, in some scenarios, the scareware is designed to block the installation of legitimate security solutions to ensure a higher rate of success.

In this situation, victims can turn to special apps offered by security firms, such as the VIPRE Rescue Disk from GFI, which removes the threat before the operating system starts.

softpedia.com

Phishing Emails Lure Santander Customers with Software Update Notice


An email allegedly coming from Santander Bank urges customers to upgrade their software. However, this is nothing more than a clever phishing scam that’s designed to steal online banking details.

The malicious email, provided by Hoax Slayer, reads:

Dear Valued Customer,

Santander Online Banking technical services department is carrying out a scheduled software upgrade to improve the quality of services for the bank's customers. Please upgrade immediately by clicking on this link below:

Secure Sign-In Access

Thank you for your prompt attention to this matter.
Regards,
Security Department


Internauts who fall for the plot and click on the link are taken to a webpage that tries to replicate the official Santander site. On this page, users will find a number of forms that request information such as personal ID, passcode, PIN, mobile phone number, landline number, date of birth, secret questions and their answers.


In the end, a message pops up, informing the victim that the verification has completed successfully. Unfortunately, at this point, all the data is safely stored in a database controlled by the cybercriminals.

The basic rule is the same and it will not change in the near future. Banks and other financial institutions never ask you via email to provide credit card numbers, passwords, PINs and other information that can be used for online shopping or transactions.

If you’ve reached the end of the phony verification and realize that you have been duped, or even days after you come to the conclusion that it was all a scam, the first thing you must do is call Santander and have them block all transactions until your credit card and online account can be changed.

The longer the time that passes since the information is submitted, the chances that the account is emptied increase, so in these situations time is of the essence. Of course, the ideal situation is the one in which users completely ignore such requests and delete the emails or report them to the bank.

softpedia.com

Iranian Science, Research and Technology Ministry Fends Off Cyberattack


Iran’s Ministry of Science, Research and Technology released a statement revealing that the organization had recently managed to protect its networks against a cyberattack.

According to Fars News, the ministry’s systems were targeted by hackers, but the countermeasures set in place by authorities proved to be effective.

“Despite the frequent efforts made by hackers, the cyber attack has failed to leave any impact on the data system,” read the statement issued by ministry officials.

The computer networks owned and operated by the county’s government are constantly attacked and the main suspects, as always, are considered to be the United States and Israel.

Another recent target was the Ministry of Petroleum whose representatives claim that a computer virus was used in an attempt to cause damage to hard drives. This attack also failed.


After the Stuxnet incident, which may have been part of a larger plot designed to disrupt the state’s nuclear program, Iran seems to have deployed enhanced mechanisms to protect its networks against their enemies.

The presence of Stuxnet has long been debated. If at first everyone believed that the main culprits were the United States and Israel, later, the finger was pointed even at Russia.

More recent reports showed that Iranian double agents working for Israel might have manually planted Stuxnet by using a memory stick.

It’s believed that the operation against Iran’s nuclear facilities is more than just about computer viruses. Some voices claimed that as part of the same campaign a number of nuclear scientists were assassinated.

It seems that this episode is far from being over. Just like the US constantly accuses China and Russia of launching state-funded cyberattacks against its infrastructures, Iran will continue to blame Israel and the United States.

softpedia.com

vineri, 27 aprilie 2012

More than 100000 Wireless Routers have Default Backdoor


Posted Image


A recently reported flaw that allowed an attacker to drastically reduce the number of attempts needed to guess the WPS PIN of a wireless router isn't necessary for some Arcadyan based routers anymore.
Last year it was exposed that the WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct.

The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.
Some 100,000 routers of type Speedport W921V, W504V and W723V are affected in Germany alone. What makes things worse is the fact that in order to exploit the backdoor, no button has to be pushed on the device itself and on some of the affected routers, the backdoor PIN ("12345670") is still working even after WPS has been disabled by the user. The only currently known remedy for those models is to disable Wi-Fi altogether. Since all Arcadyan routers share the same software platform, more models might be affected.

Last year, Tactical Network Solutions develop and released Reaver , which is a WPA attack tool that exploits a protocol design flaw in WiFi Protected Setup (WPS). Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP.

thehackernews

VMWare Source Code leaked by Anonymous Hackers Started By temp0gh, Apr 26 2012 01:25 PM


Posted Image


VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future. "The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," VMware said in a statement.
"Hardcore Charlie" - who claims to have downloaded some 300 Megabytes of VMWare source code.
Anonymous tweeted:

@AnonymousIRC: Oops, VMWare source leaked? Not good http://pastebin.com/JG?????w to Anonymous contributors. May the Pirate Bay always sail strong!
The leaked documents include what appear to be internal VMWare communications, pasted onto CEIEC letterhead and with official looking stamps. One email exchange, dated June 5, 2003 is from Jeffrey Sheldon to an internal VMWare listserv and has the subject "code review:untruncating segments.

Given the large number of service providers that run vSphere, security issues in ESX could potentially have a broad and widespread impact, according to security researchers. VMware says it is looking into the matter and will be canvassing its industry partners and developers in order to determine the source of the breach.

thehackernews.

New Flashback malware variant found in the wild


Posted Image


A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim. The new variant dubbed Flashback.S is actively being distributed in the wild, taking advantage of a Java vulnerability that Apple has already patched.
Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection. However, the researchers did not indicate what this new variant was specifically designed to do or how many computers might be infected.

At its height, the original Flashback, which was designed to grab passwords and other information from users through their web browser and other applications, was estimated to be infecting more than 600,000 Macs.
After analyzing 100,000 Macs running the firm's free anti-virus software program, Sophos discovered several Apple computers carrying Windows malware.
This is not the first time that Mac users have been hit by a Windows-style computer virus. Last year, security researchers discovered that a piece of malware, called Mac Defender, was aimed at Macs until Apple released a patch at the end of May 2011.


.thehackernews.

Doh! Sage Pay forgets to renew SSL certificate

Customers logging into "secure and efficient payment service" Sage Pay this morning were served up an error message saying that the site could not be trusted, and didn't have a valid security certificate.

Posted Image


Looks like someone forgot to renew the site's SSL certificate – which expired at 12:59am this morning.


Customers complaining to Sage Pay's Twitter account were initially told that the SSL certificate message was an error: "Hi, Its [sic] an error causing this page to appear. The certificate is still valid and we are working to resolve this," Sage's PR bod asserted. But that information was then corrected two hours later: "We're working with the hosting company to replace the expired cert with our valid in-date one. Just an admin error."

It comes less than 48 hours after Sage Pay suffered an intermittent day-long outage that prevented payments being processed on the network.

In a statement to The Register, Sage Pay said that the certificate snafu was down to someone outside the company and was purely an admin error:

Today, due to an administrative error with a third party, an expired SSL certificate was displayed on our site.

The spokesperson stressed that at no point was security breached in any way, adding:

It is minor issue, which has no impact on our customers.

We currently have a valid and in-date SSL certificate and are working with our hosting company to replace the expired certificate on our site.

theregister.co.uk

Nissan says hackers stole user IDs and hashed passwords

Nissan has found malicious software on its network that stole employee user IDs and hashed passwords, but said that no personal information or emails appeared to have been compromised.
The car company released a statement on April 20, one week after the intrusion was detected. Jeff Kuhlman, Nissan's head of global communications, said that Nissan delayed disclosing the breach sooner in order to cleanse its network of the malicious software and prevent tipping off the hackers.

"We are working with security software specialists and making sure that all the doors are closed and that going forward we have the most secure system we can have," Kuhlman said.



Nissan said in a statement that the malware accessed a data store that held employee user account credentials. Kuhlman said the company is not sure what information the hackers were after.
"As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised," according to the statement.


Nissan said it would "continue to vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats."
Storing hashed passwords rather than passwords in clear text is considered a good security practice. A hash is a cryptographic representation of a password, but the hash can be converted back to the original password using modest computing power and password cracking programs.

The shorter and less complicated the password, such as those without capital letters and numbers, the faster it can be decoded.


techworld

Star Trek role-players' privates sniffed by alien invader

Gaming studio Cryptic, the company behind Star Trek Online, Champions Online and City of Heroes, has admitted that its players' details were lifted in an unauthorised database access two years ago.

Cryptic said in a canned statement yesterday that it had only just discovered evidence of a data breach in December 2010, during which account names, handles and encrypted passwords were gathered.

The studio said it had reset passwords and sent emails out to all affected online role-players, but it doesn't yet know whether more sensitive information - such as real names, dates of birth, billing addresses and some digits of credit cards - were slurped.


"While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information," Cryptic admitted.

The studio said it was still investigating the digital break-in and was strengthening its security systems.

"For your own security, we encourage you to be especially aware of email and postal mail scams that ask for personal or sensitive information," it advised. "If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them."

Cryptic specialises in free-to-play online games and was acquired by Perfect World last year. The studio had not returned a request for additional comment at the time of publication. ®

theregister.co.uk

Infosec and B-Sides: Security biz exhibitions face off in London

Show diary Infosec and B-Sides both came to London this week to display the contrasting faces of the information security industry.

InfoSec Europe, in London's Earls Court, played host to government bigwigs including Universities and Science Minister David Willetts and Information Commissioner Christopher Graham, as well as hordes of marketing suits.

B-Sides UK, by contrast, featured the elite from the UK and Ireland's whitehat security research scene; there were no suits or ties at the Barbican, the venue of the second annual B-Sides gathering.

The absence of an upcoming general election, Icelandic volcanic ash or other travel disruption meant that there were plenty of US marketing execs and other high-profile speakers at Infosec. More than 350 firms competed for attention at Earls Court this week during the 17th edition of "Europe’s number one information security event". The show was packed with attendees, as per every year, who take advantage of free entrance to canvass vendors on security strategy. In truth there was little or no breaking news, but Infosec remains a good place to get vendor roadmaps or see security technology in action.


Infosec show numbers seem to be holding up. Last year around 12,000 people visited the show.

The mugs, biros, T-shirts and assorted giveaways were less in evidence at InfoSec this year. However, several vendors offered open bars at the end of the first day (Tuesday) of the show, with a couple cracking open the cask as early at 3.30pm, two hours before the show floor closed. Plenty of attractive female models found work as booth babes at the show, another draw.

Bring Your Own Device was a key issue for many of the security pros attending the vent. Imation used the show to launch its StealthZONE PC-on-a-stick desktop environment to enterprise customers. The technology offers a secure, consistent work environment on any USB-capable end point, offering relief from BYOD headaches. Becrypt's Trusted Client tackles much the same problem but unlike Imation's technology it can also boot off a Mac.

Those looking for the latest security research at InfoSec would have been disappointed. A sizeable number of security researchers attended but they were there to catch up with contacts rather than to make presentations or outline new research.

InfoSec is primarily about technology marketing. It's more about generating leads, or setting up channel partners, than clinching sales, which tends to happen for visiting vendors at either side of the show. The interactive workshops that used to be one of the main features of InfoSec were thin on the ground this year, from what we could see at least.

The biggest stands at the show continue to be dominated by by anti-virus vendors. Former show stalwart Microsoft hasn't appeared for two or three years, but other IT players such as BT and Cisco were back.

BlackHat, RSA and their ilk are far better places to hear about the latest breaking research about information security. InfoSec's education problems used to be a draw but this function has receded over recent years. Thankfully B-Sides has come along to pick up the slack on the educational front, as well as outlining new security research in areas such as Windows Mobile 7 and HTML 5.

B-Sides – featuring speakers such as @securityninja and @f1nux – offered a counter-program to that of InfoSec, akin to putting a screening of Withnail and I across the road from that of the latest Hollywood blockbuster. ®

theregister.co.uk

Global cop squad busts 36 credit card data-selling sites

An international team of cops has taken down 36 websites that were being used to shift vast quantities of stolen credit card and bank account data.

The Serious Organised Crime Agency in the UK, along with the FBI and the US Department of Justice, and agencies from Germany, the Netherlands, Austria, Ukraine and Romania pulled the sites offline.

Criminals were using these sites' automated vending carts to sell batches of stolen private information quickly and easily.

The agencies have already recovered over 2.5 million items of illicitly obtained personal and financial data during the last two years of the operation, which they have passed on to financial institutions to prevent potential fraud. This has stopped over £500m worth of international fraud.


The sting also rounded up two men who are suspected of buying the compromised information on a large scale.

“This operation is an excellent example of the level of international cooperation being focused on tackling online fraud," Lee Miles, head of cyber ops at SOCA, said in a canned statement.

"Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime.” ®

Graham: ICO will blow £3m on IT services

Infosec 2012 The UK's Information Commissioner's Office is looking to spend around £3m on its IT, with an invitation for tenders expected at the end of next month.

Information commissioner Christopher Graham told vendors at Infosec during his keynote speech that the ICO hoped to publish its procurement notice in the Official Journal of the European Union, seeking a vendor to provide his office with IT services.

Graham said the office would be spending about 20 per cent of its £15m budget on IT.

The commissioner also said that the ICO had handed out 14 civil monetary penalties (CMPs), the office's fancy name for fines, for data protection breaches in the 18 months since he was given the power to do so.


Graham was keen to prove that the ICO wasn't just a toothless watchdog, but the fact that the majority of the penalties had gone to local authorities and other public bodies raised questions about the office's authority in the private sector.

However, Graham said that public bodies simply had more personal data than businesses so their breaches were often more serious. The penalties were only meant to be used when there had been a serious breach and if the offenders quickly fixed the problem and put in policies to make sure it would never happen again, they may not be fined, he said.

Data protection breaches were also taken more seriously by the ICO when the data controller wasn't up to scratch or the business hadn't taken steps to ensure their staff handled private information carefully.

He cited the example of one local authority where child protection papers were faxed off to the wrong place.

"[The authority] said that all the policies were in place, everybody was trained, it was all fine, nothing to see here," he said.

"But my people said, "Certainly not, this could happen again tomorrow".

"It happened that afternoon, exactly the same stupid faxing error and that's one of the reasons why a CMP was appropriate."

The commissioner was also asked by an Infosec attendee what he thought of the proposed web-snoop law and how that fit in with his mandate to protect people's privacy .

"You're referring to something that's called the Communications Capability Directive. We believe there's going to be something in the Queen's speech, whether it's going to be a bill or a draft, I don't know," he said.

"I would prefer to wait and see what's in the bill, but... I think if you're going to justify this invasion of privacy, you've got to make your case for it and you've got to mitigate any threats by showing that you've got limitations in place... and safeguards to make sure this honey-pot is not accessed by just anyone." ®


theregister.co.uk

UK2.NET smashed offline by '10-million-strong' botnet


British web hosting outfit UK2.NET was on the business end of a distributed denial-of-service attack last night that took down customers' websites.
The company's chief operating officer, Martin Baker, told The Register that UK2 had never seen a DDOS attack on this scale before.

"There was a botnet attack last night on our DNS servers. It was intermittent for people so they might see some sites up or down depending on when they're making the requests for pages," he explained. "We saw around 10 million apparently unique IPs attack us."
UK2 saw the peak of the attack at around midnight although customers first started seeing problems with their websites yesterday afternoon.
"We took various actions to trace this back to the IP addresses that they were attacking from so once we identified that we were able to put in mitigating activities to reduce it down and managed to get it off our network by about 3am," Baker said.


"The scale [of the attack] just took us longer than usual to mitigate," he added.
This isn't the first time UK2 has fended off a DDoS attack as the company is seen as a prospective target due to its size, Baker said. He added that customer websites might still be having problems today, but it should all be cleared up by late tonight.
"The way that DNS works is that it's cached elsewhere across the internet so it will take the time that it takes those servers to get refreshed by the internet [to totally clear up], so it could take up to 24 hours for it to refresh all the way through," he said.
Punters had, of course, taken to Twitter to express their outrage as their websites fell off the net, although not in large numbers. Some complained that UK2's service status page wasn't kept up to date.
While the firm's status site did mention that some domains "may be experiencing slow DNS lookups at the moment", the last update was given at 4.51pm yesterday. One tweeter mildly put it: "@UK2 are you at least going to update your service status page to apologise for the downtime? even a statement on twitter would help!!!" ®

theregister.co.uk

Feds bust plot to smuggle US military tech to China

Two suspected Taiwanese drug smugglers have been accused of an ambitious plot to smuggle some pretty serious military technology including a US drone out of the States and into China.

Hui Sheng Shen and Huan Ling Chang, who have been in custody since February for allegedly smuggling methamphetamine into the US, will be formally charged with conspiracy to violate the Arms Export Control Act, according to an AP report.

The two were caught in an undercover FBI sting which caught them on tape claiming that their clients in the Chinese government were keen on acquiring US drones as well as stealth technology, anti-aircraft systems and even an E-2 Hawkeye early warning aircraft.

The two reportedly ignored the undercover Feds’ repeated cautioning that they would not like to profit from any kit which would harm US interests, with Shen saying, “I think that all items would hurt America.”

"The people we met, they come from Beijing. ... They work for Beijing government ... some kind of intelligence company for Chinese government — like C.I.A," Shen reportedly told the agents. "They are spies."


Shen also boasted that he could use scuba divers to transport parts of the kit underwater from Port Newark-Elizabeth Marine Terminal to a ship waiting offshore – a similar technique to that which he allegedly used to smuggle drugs.

The two had been under surveillance for a year and were arrested a couple of months back for a rather less headline-grabbing investigation into counterfeit UGG boots being smuggled into New Jersey. From small acorns and all that…

The news will be of minor embarrassment to the Chinese authorities given that, as usual, there is apparently no concrete proof linking any official involvement in the plot.

However it does come just days after a Pentagon report accused the People’s Republic of “economic espionage” facilitated by widespread hacking and designed to accelerate the development of its military and space technology.

China was forced to strongly deny the allegations in the report, which claimed to have identified 26 separate occasions since 2006 on which China tried to get hold of space launch data and sensitive info on cruise missiles and other military equipment. ®

theregister.co.uk

Facebook shares URL blacklists with security companies

Facebook has formed a two-faceted relationship with five prominent players from the security industry.

The first facet will be invisible to most, as it will see the social network share its URL blacklists with those generated by Microsoft, McAfee, TrendMicro, Sophos, and Symantec. Facebook says pooling resources in this way will make it less likely that its users are sent to known sources of malware or other online nasties.

The second part of the deal is expressed at the new Facebook AntiVirus Marketplace, a page where the five vendors above now offer their security wares for sale. Software downloaded from the page is free, but only updates with new antivirus signatures for six months. Microsoft's Security Essentials is Redmond's offering and usually offers free updates in perpetuity. It's not clear if the version offered through Facebook limits the free update period.

The five vendors will also blog on Facebook's security blog, where the new deal was announced. &reg

theregister.co.uk

90% SSL sites vulnerable to the BEAST SSL attack


Posted Image


90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.


The report is based on data from a new TIM project called SSL Pulse, which uses automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top one million published by Web analytics firm Alexa.

SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1024 bits, 2048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower).


The BEAST attack takes advantage of a flaw in SSL 3.0, allowing the attacker to grab and decrypt HTTPS cookies on an end user’s browser, effectively hijacking the victim’s session. This could be achieved either through an iframe injection or by loading the BEAST JavaScript into the victim’s browser, but BEAST is known to be especially hard to execute.

TIM has established a taskforce of security experts, who will review SSL governance issues and develop proposals aimed at fixing both SSL and the certificate authority systems, both of which have been called into question in recent times. In the case of certificate authorities (CAs), a number of them have been compromised in the past year, allowing attackers to spoof websites with fake certificates. One of those CAs, DigiNotar, went bankrupt after it was hacked.

Posted Image

The attack was fixed in version 1.1 of the Transport Layer Security (TLS) protocol, but a lot of servers continue to support older and vulnerable protocols, like SSL 3.0, for backward compatibility reasons. Such servers are vulnerable to so-called SSL downgrade attacks in which they can be tricked to use vulnerable versions of SSL/TLS even when the targeted clients support secure versions.

The taskforce members include Michael Barrett, chief information security officer at PayPal; Taher Elgamal, one of the creators of the SSL protocol; Adam Langley, a Google software engineer responsible for SSL in Chrome and on the company's front-end servers; Moxie Marlinspike, the creator of the Convergence project, which offers an alternative method for SSL certificate validation; Ivan Ristic, the creator of the Qualys SSL Labs and Ryan Hurst, chief technology officer at certificate authority GlobalSign.

thehackernews

Google new algorithm fights Black Hat SEO

Google has said before that search engine optimization, or SEO, can be positive and constructive—and we're not the only ones. Effective search engine optimization can make a site more crawlable and make individual pages more accessible and easier to find. Search engine optimization includes things as simple as keyword research to ensure that the right words are on the page, not just industry jargon that normal people will never type.
“White hat” search engine optimizers often improve the usability of a site, help create great content, or make sites faster, which is good for both users and search engines. Good search engine optimization can also mean good marketing: thinking about creative ways to make a site more compelling, which can help with search engines as well as social media. The net result of making a great site is often greater awareness of that site on the web, which can translate into more people linking to or visiting a site.

The opposite of “white hat” SEO is something called “black hat webspam” (we say “webspam” to distinguish it from email spam). In the pursuit of higher rankings or traffic, a few sites use techniques that don’t benefit users, where the intent is to look for shortcuts or loopholes that would rank pages higher than they deserve to be to be ranked. We see all sorts of webspam techniques every day, from keyword stuffing to link schemes that attempt to propel sites higher in rankings.




The goal of many of our ranking changes is to help searchers find sites that provide a great user experience and fulfill their information needs. We also want the “good guys” making great sites for users, not just algorithms, to see their effort rewarded. To that end we’ve launched Panda changes that successfully returned higher-quality sites in search results. And earlier this year we launched a page layout algorithm that reduces rankings for sites that don’t make much content available “above the fold.”

In the next few days, we’re launching an important algorithm change targeted at webspam. The change will decrease rankings for sites that we believe are violating Google’s existing quality guidelines. We’ve always targeted webspam in our rankings, and this algorithm represents another improvement in our efforts to reduce webspam and promote high quality content. While we can't divulge specific signals because we don't want to give people a way to game our search results and worsen the experience for users, our advice for webmasters is to focus on creating high quality sites that create a good user experience and employ white hat SEO methods instead of engaging in aggressive webspam tactics.



Here’s an example of a webspam tactic like keyword stuffing taken from a site that will be affected by this change:

Posted Image

Of course, most sites affected by this change aren’t so blatant. Here’s an example of a site with unusual linking patterns that is also affected by this change. Notice that if you try to read the text aloud you’ll discover that the outgoing links are completely unrelated to the actual content, and in fact the page text has been “spun” beyond recognition:

Posted Image

Sites affected by this change might not be easily recognizable as spamming without deep analysis or expertise, but the common thread is that these sites are doing much more than white hat SEO; we believe they are engaging in webspam tactics to manipulate search engine rankings.


The change will go live for all languages at the same time. For context, the initial Panda change affected about 12% of queries to a significant degree; this algorithm affects about 3.1% of queries in English to a degree that a regular user might notice. The change affects roughly 3% of queries in languages such as German, Chinese, and Arabic, but the impact is higher in more heavily-spammed languages. For example, 5% of Polish queries change to a degree that a regular user might notice.

We want people doing white hat search engine optimization (or even no search engine optimization at all) to be free to focus on creating amazing, compelling web sites. As always, we’ll keep our ears open for feedback on ways to iterate and improve our ranking algorithms toward that goal.


googlewebmastercentral.blogspot.ca

Afghan Taliban website hacked 3rd time by hackers


Posted Image


Hackers have for the third time in less than a year attacked the main website of the Afghan Taliban. Images of pigeons and Taliban executions of women were combined with various messages in English, Pashto, and Arabic that support the Afghan government, replacing the Taliban's usual pabulum of exaggerated battlefield claims and anti-government commentaries, by early afternoon.


The Taliban has blamed western intelligence agencies amid an intensifying cyberwar with the insurgents. One of the statements posted in English read: "Any kind of violence is condemnable, especially killing of innocent people. It is the responsibility of Afghan security forces to provide security for the country after the withdrawal of foreign troops,"

"It was hacked again by enemies and foreign intelligence services," Taliban spokesman Zabihullah Mujahid said. "The enemy tries to push its propaganda. The enemy is worried by what gets published in our webpage. It's confusing for them, so they try to react."


A day rarely passes without a Taliban spokesman using Twitter to claim the destruction of numerous Nato armoured vehicles and the deaths of scores of western or Afghan security forces. Nato quickly counters in its own Twitter feeds.

Unknown hackers brought down the main Taliban website earlier this month, when El Emara's English language page was replaced temporarily with images of Taliban atrocities and photographs of roadside bombs, according to the Long War Journal website, which tracks progress in the war, now dragging into its eleventh year.


In in 2010, various websites attributed to the Taliban as well as an Arabic jihadi journal covering the Afghan conflict, Al Samood, were 'infiltrated' and their content was replaced by images depicting Taliban atrocities.

thehackernews

miercuri, 25 aprilie 2012

Fake LinkedIn, MySpace, Pinterest, Foresquare Notifications Serve Fraud Sites


Cybercrooks are persistent when it comes to duping Internet users into visiting their malicious sites. The last campaigns rely on fake notifications that seem to originate from LinkedIn, MySpace, Pinterest, or Foresquare.

The main goal of these schemes is to lure users to fraud sites or shady online pharmacies, Trend Micro experts inform.

While bogus notifications from LinkedIn and MySpace are not exactly uncommon, ones that purport to come from Foresquare and Pinterest are only now becoming a trend. However, as Pinterest’s popularity grows, so will the campaigns that rely on it.

The alerts that target Foresquare customers use the noreply@foresquare.com spoofed email address to make them more legitimate-looking.


To mask the malicious links contained in the email, a clever tactic is deployed by the fraudsters. Users who click on them are not taken directly to the online drug store. Instead, they are first directed to an empty webpage that contains another link. Only when this one is clicked, the victim is presented with the shady site.

The LinkedIn and MySpace emails are also well designed, embedding a number of graphical elements that appear in genuine notifications. The sender’s address looks something like emailconfirm@linkedin.com and noreply@message.myspace.com, which leads recipients to believe that the messages really come from the social media networks.

In both cases, the links point to a website called Wiki Pharmacy, which advertises a number of shady drugs at apparently fabulous prices.

Finally, researchers reveal that the weight loss scams that were seen circulating on Pinterest were adapted and sent via email.

“Here’s a tip to all my female Pinterest friends! [LINK] the article describes perfectly how I have eliminated 29 lbs last month!,” reads the fake alert.

Similar to the variant that makes the rounds on the social network, the email version of the plot also directs internauts to fraud sites.

softpedia.com

Philippine National Police, 3 Government Sites Targeted by Chinese Hackers



Philippines is under cyberattack. The sites of the Office of the Presidential Adviser on the Peace Process, Philippine National Police, Department of Foreign Affairs and the one of the Department of Budget and Management have been targeted, presumably by Chinese hackers.

Officials from the government of the Philippines told local hackers to stop attacking Chinese sites because it could lead to other more serious conflicts that would not benefit the country. However, no one told Chinese hackers anything, so once again they targeted a number of high-profile Filipino sites.

GMA News reveals that the website of the Department of Budget and Management was defaced and quickly taken down by its administrators.

The domains managed by the Department of Foreign Affairs and the Office of the Presidential Adviser on the Peace Process were most likely hit with distributed denial-of-service attacks that forced them offline.


Users who tried to access the site of the National Police today were presented with an index of the site instead of the normal content.

Representatives of the Department of Budget and Management issued a statement regarding their website’s defacement.

“Our initial findings indicate that all important data in the website remain intact. We are at present conducting a security audit on the site, which will remain offline until the audit has been completed and the necessary repairs are made. In addition, we have yet to establish the true identities of the parties or individuals responsible for the attack,” Secretary Florencio B. Abad said.

“Last week, the DBM made a soft launch of its new website, which was designed to be more user-friendly, navigable, and interactive for Web users and visitors. It is fortunate that we shifted to the new platform, which presents fewer security risks than the DBM’s previous content management system.”

softpedia.com

ICO: Many Fail to Delete Personal Data Before Selling Storage Devices



A study made by the Information Commissioner’s Office (ICO) found that many individuals from the UK failed to ensure that all their sensitive data was properly erased from storage devices before selling them or giving them away. This allows fraudsters to commit crimes more easily.

The organization is urging consumers to take better care of their data and thoroughly verify devices that may store private details before handing them on. In the UK, around 65% of adults pass on their devices to other users, thus increasing the risk of identity theft and misuse.

Around 10% of sold hard drives were found to contain information that could be misused by someone with ill intent.


A report made with the help of NCC Group in December 2010 showed that 200 hard drives, 20 memory sticks and 10 mobile phones contained around 34,000 files that held private or corporate data, including financial and health records, scanned bank statements, and even passports.

“We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands,” Information Commissioner Christopher Graham said.

“Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organizations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.

“Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered.”

As a result, the ICO issued an advisory for individuals who plan on selling or giving away their devices. Organizations will also benefit from such an advisory in the upcoming period.


softpedia.com

Rails Machine Pulls Plug on Pastie.org After 2 DDOS Attacks


Pastie.org, the popular paste site, has been targeted with two distributed denial-of-service (DDOS) attacks. To protect other customers and its own networks, Rails Machine decided to no longer host and sponsor the service.

“I did not see this coming and did not expect my hosting company to just pull the plug so quickly,” Josh Goebel, the developer of Pastie wrote on the site’s main page.

“I really feel bad about this. I'm just a single person running the site free of charge. I make a very minimal amount of monthly income from the ads. Probably just enough to cover hosting now that I don't have a sponsor,” he explained.


Goebel is currently seeking help from someone with expertise in protection against DDOS attacks, so if there’s anyone that can aid him in getting the service running, they should contact him.

Paste tools have become a favorite place for hackers to dump information obtained from breached websites, but if one collective doesn’t agree with the data that’s on the website, they will try to take it offline.

From what we’ve seen, doxes are among the number one reasons for which sites like Pastie.org are attacked. One hacker group doxes another and the victims attack the site to ensure that no one can access the information.

Pastebin, probably the most popular paste tool, has also fallen victim to numerous attacks that forced its administrators to shut it down. The large number of hits and the data dumps posted by hackers and hacktivists even made the site’s owners think about introducing new systems that would keep sensitive data away.

More recently, Anonymous and the Poeples Liberation Front have launched their own paste site, AnonPaste, which they advertise as being a great alternative to Pastebin. The service’s owners promote it as being highly secure and, of course, anonymous.


softpedia.com

Facebook Sweepstakes 419 Scam Promises $100,000 (€76,000)


A fake Facebook lottery is making the rounds, promising recipients a prize of $100,000 (€76,000). In reality, those who respond to the email message that carries the scam will be asked to pay certain amounts of money that are allegedly needed to complete the transaction.

Apparently signed by “The Facebook Team,” the message tries to convince users that all they have to do is report to the nearest Facebook office with the winning code.

Since the fraudsters are aware that there is no “Facebook office” near anyone, they tell the recipients to contact them if they don’t know the location of such an establishment.

This is the part when things become interesting. Users who reply are asked to visit a certain country to collect the prize, but since the country is most likely far from the victim’s place of residence, the crooks offer an alternative.


They offer to send the money in return for a fairly small transaction fee, that supposedly can’t be deducted from the prize because of legal or insurance reasons.

Internet users are advised to ignore such claims. No one wins anything from these scams, except for the ones that run them.

In this particular case, it’s clear that everything is a scam, mainly because it doesn’t make any sense. Why would Facebook use Gmail to promote its own email services?

Take a look at the phony email, provided by Hoax Slayer and see for yourself:

Dear,

Congratulations! you are among the 100 lucky facebook email users that won $100,000 USD (One hundred thousand United States Dollars) each in the just concluded facebook Sweepstakes.

The Sweepstakes was organized to reward facebook email users because of their undying support and massive usage of the facebook email service.The facebook email was launched in November 2010 and by April 2012,facebook email users has passed 100 million,we were excited about this great number of facebook email users within a short period of time and we are hoping that this Sweepstakes will create awareness and encourage more facebook users to activate the facebook email feature on their facebook accounts.

Winners were picked randomly via a balloting process powered by Gmail.Your winning code is wumt33/us.visa23/ikobo11-85/lutrija98-99/mcfcth5-6-10/[removed]@gmail.com

You are required to report at any facebook office nearest to you and present to them your winning code,to enable them pay you the prize money and give you the winning documents.

Reply if you dont know a facebook office near you,to enable us send you a facebook office address nearest to you.

Thanks for using facebook email

The facebook Team



softpedia.com

Imperva: Hackers Use Automated Tools in Most Attacks


The latest report issued by data security solutions firm Imperva for the first quarter of 2012 reveals that in most of the attacks launched by hackers tools that automate the process, such as Havij and SQLmap, are being utilized.

The figures provided by the company show that 98% of Remote File Inclusion (RTF) attacks and 88% of those that leverage SQL Injection vulnerabilities are in fact automated.

Veteran hackers catalogue those who use automated tools as being “Script Kiddies,” but in practice, those who rely on these pieces of software don’t seem to be discouraged. The fact is that a lot of damage can be caused with these applications to systems whose administrators fail to patch them up properly.


"Using automated software tools, even an unskilled attacker can attack applications in a short period of time, potentially collect valuable data and move on to the next target. Automated tools can be used to evade an enterprise's security defenses," Amichai Shulman, the CTO of Imperva, said.

The report reveals that beside Havij and SQLmap, which are used for automated SQL Injections and data theft, hackers also use application scanners such as Acunetix and Nikto.

Imperva advises website owners to be on the lookout for certain clues that can indicate an attack which relies on automated tools.

The first thing that hints the presence of automation is the attack rate. In case of an automated attack, the interaction with the site will be made at “inhuman speeds,” this being a clear indicator of an operation that uses specialized software.

Another important factor that can help admins and owners detect such a hit is the lack of headers, or the use of unique headers.

When it comes to the origins of SQL Injection and RFI attacks, China tops the chart (30%), being closely followed by the United States (24%). The list is completed by countries such as Netherlands, Morocco, Egypt, Luxemburg, Brazil, France, Indonesia and Russia, but these locations are responsible for only 3% or less of the hosts that send attacks.

softpedia.com

Nissan Confirms Being Hacked, User IDs and Password Hashes Leaked


Representatives of the world renowned car manufacturer Nissan Motor Co., Ltd. issued a statement admitting that the company's systems were penetrated by a hacker who apparently managed to steal user IDs and password hashes.

The incident took place on April 13, 2012, when the organization’s IT security team noticed the presence of a piece of malware within the network. Immediate action was taken to protect sensitive data.

“This included actions to protect information related to customers, employees and other partners worldwide. This incident initially involved the malicious placement of malware within our IS network, which then allowed transfer from a data store, housing employee user account credentials,” said Andy Palmer, the firm’s executive vice president.


“As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted. We have no indication that any personal information and emails have been compromised,” he added.

This is not the first time when Nissan suffers a data breach. Back in February, the hacker known as Sepo demonstrated that he was able to easily gain access to the official website of Nissan Motors in Columbia.

At the time, the hacker leaked usernames and password hashes that belonged to the site’s administrators.

Hopefully, this incident will act as a wake-up call for the company. It’s clear that they have some security holes that need to be addressed and they’d better do something fast before their customers’ credentials end up online, or in the hands of cybercriminals with a malicious agenda.

 

softpedia.com

TreasonSMS Bug Allows Hackers to Execute Malicious Code on iPhones



Researchers from the Vulnerability Lab have found high severity HTML Inject and File Include security holes in TreasonSMS, an iPhone application that allows users to send text messages from their desktop computers by turning the phone into a SMS webserver.

According to the experts, the vulnerabilities can be exploited remotely, allowing an attacker to “include malicious persistent script codes on the application-side of the iPhone.”

The security hole can also be leveraged to inject webshell scripts that would give cybercriminals complete control of the affected application directory.

If the device is jailbroken, things become even more complicated. On tampered iPhones an attacker could take control not only of the application folder, but also of the entire phone.


“The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the IP of the webserver makes the TreasonSMS available to anybody without password,” Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab, explained.

“To exploit somebody on a walkthrough it’s only required to scan for the stable IP via WLAN and access the panel for exploitation.”

It’s uncertain at this time if the vendor has responded to the notification sent by the experts, but hopefully the company that develops the app will rush to address the security holes.

Security researchers from the Vulnerability Lab have done a great job this month helping organizations protect their assets, especially their public facing website.

Companies such as Apple, Microsoft and Oracle have been aided by them in fixing SQL Injection vulnerabilities, persistent script code inject flaws and other serious weaknesses that could have been leveraged by cybercriminals to launch malicious operations.

Update. Vulnerability Lab representatives revealed that the vendor has been notified some time ago, but it failed to respond. Also, the experts provided a number of images which show how the vulnerabilities they found can be exploited in Firefox, Safari and even on an iPad 2.


softpedia.com

Phished Credentials Used in Check Fraud, Experts Find



Researchers from the security firm Trusteer have come across a scam, advertised on underground forums, that represents a perfect combination between the classic check fraud and the malicious operations performed by cybercriminals.

Basically, the seller offers high-quality false bank checks on which any information can be printed. For a mere $5 (3.8 EUR) the fraudster that runs the operation can print any banking credentials the buyer wants.

If the buyer doesn’t possess the data, the seller has his own sets of stolen credentials, but the price increases in this case to $50 (38 EUR) per check.

The fields printed on the phony checks include name, address, phone number, bank account, routing code and check number.


To obtain this information, profit-driven hackers rely on pieces of malware and phishing scams which help them find out the victim’s online banking credentials.

Since financial institutions provide scanned versions of checks, if the crooks gain access to the online banking platform they can retrieve all the information they need.

The individual that sells the checks recommends that his customers use them to make purchases in retail stores, instead of trying to cash them. Buyers are also advised to carry IDs that match the ones on the falsified checks. For the right price, the counterfeiter can also provide the identification documents.

“This is the latest example of the how criminals can use malware and phishing techniques to make traditional physical fraud schemes more effective,” Trusteer’s Amit Klein wrote.

“This ‘cross-channel’ approach is helping fraudsters stay one step ahead of even the most sophisticated fraud detection systems deployed online and in the brick and mortar world. It is also creating a new generation of Frank Abagnale’s that are not even required to come up with their own fraud scams.”


softpedia.com

Letter from Experts to Congress: Stop CISPA and Similar Cybersecurity Laws



Experts from a number of domains have sent an open letter to the US Congress to publicly state their disapproval of the Cyber Intelligence Sharing and Protection Act (CISPA) and other “bad” cybersecurity laws.

Among those who signed the letter we find security researcher and cryptographer Bruce Schneier, Donald Eastlake, the architect of DNS Security, Jonathan Weinberg, professor of law at Wayne State University, Principal Engineer Peter G. Neumann, and many other academics, engineers, security experts and professionals.

“We have devoted our careers to building security technologies, and to protecting networks, computers, and critical infrastructure against attacks of many stripes,” the letter reads.

“We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties.”


US lawmakers are primarily warned of the risks posed by the newest anti-piracy legislation, CISPA, but the experts agree that other similar bills also unnecessarily trade civil liberties for network security.

“As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties,” they wrote.

The supporters of this initiative believe that an efficient cybersecurity law should not contain vague terms when describing cyber threats and countermeasures.

An interesting point they make refers to bills that offer immunity to companies that violate the privacy of individuals, even if they don’t have enough evidence to show that what they’re doing is illegal. They state that such legislation should be rejected immediately.

Furthermore, they claim that data collected through cybersecurity programs should not be used when prosecuting someone for crimes that are not related.

Finally, laws such as the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act, and others that protect a user’s privacy should be respected by anyone and new bills should not allow any organizations to ignore them.

softpedia.com

Norton Secured Seal: Symantec Combines VeriSign Checkmark with Norton Brand


Users who want to check if websites are trusted and secure shouldn’t look for the VeriSign Trust Seal anymore. Symantec decided to combine it with their Norton brand and thus resulted the Norton Secured Seal.

Ever since the security organization acquired VeriSign Authentication Services, anti-malware and security technologies have been integrated into authentication solutions.

“Since acquiring the VeriSign Authentication business, Symantec extends the core foundation of SSL to offer the most comprehensive security portfolio in the market,” revealed Fran Rosch, vice president, Identity and Authentication, Symantec.


“Our shift to delivering Website Security Solutions further strengthens the protection of data and information in transit. The Norton Secured Seal represents a major step in helping companies establish higher levels of website trust and confidence with their customers.”

An emblem that can guarantee a safe browsing experience is highly important in an age where the Internet is a place that should be treated as dangerous by default.

Symantec made a study before launching the new Norton Secured Seal and the company is confident that not only consumers can benefit from it, but also businesses which can guarantee a secure environment for their customers.

The numbers from the study show that more than 90% of internauts would continue an online transaction if presented with the new seal.

Symantec has already started replacing VeriSign seals with the new Norton Secured Seal on April 17 and it’s expected that in the upcoming days all logos will be updated.

While customers and experts seem to be happy with the new trust seal, we know someone that would doubt its powers.

Our readers may remember that not so long ago, the grey hat hacker known as Freedom identified a large number of websites that contained cross-site scripting vulnerabilities. As the hacker highlighted at the time, they all displayed the VeriSign Trust logo.


softpedia.com

British and Australian Users Targeted with “My Apple ID” Phishing Scam



Apple customers from the United Kingdom and Australia are being targeted with a cleverly designed phishing scheme that tries to dupe them into handing over sensitive information as part of an Apple Discount Card purchase process.

The scam is not new. We’ve seen it at the beginning of April but, at the time, reports only mentioned Australia. Now, according to Symantec, internauts from the UK are also targeted.

So let’s take a look again at how the scam works.

First, the user is presented with a My Apple ID site that tries to replicate the genuine website. Here, the unsuspecting victim is requested to provide his/her Apple ID.


In the next phase of the scam, Apple customers are presented with a form in which they have to fill in their name, address, date of birth, driver’s license, credit card number, card expiration date, and the Verified by MasterCard password.

Apparently, by completing this process, the user receives a discount card that’s worth 100 Australian dollars or 100 British pounds, depending on the victim’s location.

Because this particular plot seems to be enhanced to target more and more individuals from different parts of the world, we will take this opportunity to remind everyone to be careful when providing sensitive information online.

In this case, the site may look much like the original Apple website, but the domain it’s hosted on is certainly one that clearly doesn’t belong to Apple. Always remember that apple.com is not the same thing as apple.maliciousdomain.com.

Also, when making payments, check to ensure that the site you are on utilizes a secure connection represented by the small padlock icon or by the HTTPS string in the browser’s address bar.

Finally, be sure to keep your antivirus solution permanently updated. Security firms do a decent job in flagging malicious sites, saving you the hassle of checking for yourself if the site is genuine or not.

softpedia.com

Security researchers from McAfee warn that the CVE-2012-0158 vulnerability that exists in Microsoft Office and other products that use MSCOMCTL.OCX is currently being exploited in the wild with the aid of maliciously-crafted RTF, Word and Excel files. The security hole has been patched with the April 2012 updates, but there are a lot of users who failed to apply them, giving cybercriminals the opportunity to launch malicious operations. Experts found that the specially designed files come with a vulnerable OLE object embedded, usually being served to users via unsolicited emails. So, how does the infection work? When the malevolent file is opened, the victim sees a regular document that’s presented as bait, but in the background, the magic happens and a nasty Trojan is installed. It all starts when the Word process opens the crafted document. The CVE-2012-0158 flaw is exploited and the shellcode in the OLE file is triggered. This shellcode is responsible for installing the Trojan in the operating system’s Temp folder. At this stage, the same shellcode starts a new Word process and opens the bait document, which is also dropped in the same Temp directory. The first process is terminated and the victim is presented only with the legitimate-looking document. Because in the first step the malicious element is executed and only then the genuine file is run, users whose computers are targeted may see that Word opens, quits, and then, almost immediately, re-launches to display the bait. To protect themselves against this threat, Internet users are advised to apply the latest updates offered by Microsoft. Also, internauts should beware of suspicious emails that may arrive in their inboxes. That’s because most infections can be avoided if the messages that carry them are simply ignored and deleted. softpedia.com


Pictures of attractive young women that advertise shady diets are flooding Pinterest. While this approach is new, victims end up on the old sites that replicate news outlets to promote the schemes.

Graham Cluley reveals that there are hundreds of different posts that serve the scam, but behind the scenes they all work in the same way.

“Spring is almost over and I just lost those remaining 26 lbs. If you’re interested too, click [LINK],” reads a variant of the scam.


“Summer is about to come and I finally took off these last 27 lbs. If you’re interested too, browser [LINK],” another version reads.

When users click the links, they are taken to a site that replicates Channel 8 News. As in previous similar plots, the website is designed to appear as if the reporters of this media outlet wrote a legitimate story about the miracle diet.

The site doesn’t push any malware, instead it tries to convince users to pay for bogus drugs. In these types of scenarios, you either end up paying for something that you will never receive, or the cybercrooks simply want your private details and payment information that you may hand over while placing an order.

For the time being, Pinterest blocks many of these scams, but most likely, the fraudsters that run them will make other ones that will roam freely until the social media network flags them as spam.

Pinterest customers are advised to be on the lookout for these types of plots and report them as being spam to ensure that others will not fall for them.

It doesn’t matter how legitimate the site looks, online pharmacies and shady diet products advertised via aggressive marketing methods most often hide a malicious plan that’s designed to earn a hefty profit for the cybercriminals that run them.

softpedia.com

Microsoft Office Flaw Exploited in the Wild with Malicious Documents


Security researchers from McAfee warn that the CVE-2012-0158 vulnerability that exists in Microsoft Office and other products that use MSCOMCTL.OCX is currently being exploited in the wild with the aid of maliciously-crafted RTF, Word and Excel files.

The security hole has been patched with the April 2012 updates, but there are a lot of users who failed to apply them, giving cybercriminals the opportunity to launch malicious operations.

Experts found that the specially designed files come with a vulnerable OLE object embedded, usually being served to users via unsolicited emails.


So, how does the infection work?

When the malevolent file is opened, the victim sees a regular document that’s presented as bait, but in the background, the magic happens and a nasty Trojan is installed.

It all starts when the Word process opens the crafted document. The CVE-2012-0158 flaw is exploited and the shellcode in the OLE file is triggered. This shellcode is responsible for installing the Trojan in the operating system’s Temp folder.

At this stage, the same shellcode starts a new Word process and opens the bait document, which is also dropped in the same Temp directory. The first process is terminated and the victim is presented only with the legitimate-looking document.

Because in the first step the malicious element is executed and only then the genuine file is run, users whose computers are targeted may see that Word opens, quits, and then, almost immediately, re-launches to display the bait.

To protect themselves against this threat, Internet users are advised to apply the latest updates offered by Microsoft.

Also, internauts should beware of suspicious emails that may arrive in their inboxes. That’s because most infections can be avoided if the messages that carry them are simply ignored and deleted.


softpedia.com