Saturday, 28 February 2015

Mozilla Firefox Does Not Come With Its Own Phone Privacy


Mozilla will next week at the Mobile World Congress in Barcelona launch not own privacy phone. Rumors about the phone after an article appeared in the Wall Street Journal , but according to Mozilla, it is a misconception. The journalist of the American newspaper was briefed on various privacy options that are present in Firefox OS.

These were options that part of the " Future of Mobile Privacy Project "and last year were unveiled at the Mobile World Congress. These options a user has more control over his privacy and data. It is, among other things, location tracking."Many apps such as weather apps do not need to know my exact location," said Claus Ulmer, head of data privacy at Deutsche Telekom, to the Wall Street Journal. "It is sufficient if the location is accurate to 20 kilometers."

Mozilla is working on the project privacy and developing new privacy options with Deutsche Telekom. A spokesman for the software developer, the journalist of the American newspaper this cooperation misunderstood and will therefore no new device will be launched. "The Future of Mobile Privacy Project is a collaborative effort and continuous Deutsche Telekom and Mozilla that was introduced a year ago," said the spokesman opposite TechCrunch .

MEGA: PayPal Account Closed Due To Encryption


PayPal has the account of the online storage MEGA closed, according MEGA is due to the end-to-end encryption which it offers to users. That leaves the storage service of internet entrepreneur Kim Dotcom in a blog posting know. MEGA states that it is aware of a report that the storage service as illegal cloud storage service was dismissed.

This US Senator Patrick Leahy Visa and Mastercard put under pressure not to accept payments for more MEGA. Then the credit card companies would have PayPal put under pressure not to process payments more for MEGA. MEGA showed opposite PayPal know that it is indeed a legitimate service and provided all kinds of statistics to prove this. Yet PayPal decided to discontinue the service towards MEGA.

MEGA would have made the payment service excuses and admitted that it was a legitimate service. One of the biggest stumbling blocks, however, the end-to-end encryption it offers, which is unknown what is offered via the cloud storage service. MEGA still pointed to the encryption models of other cloud storage services such as Apple, Dropbox and SpiderOak, but that would be no problem for the pay.

"I want to thank PayPal for supporting MEGA for such a long period. The pressure of Hollywood and the US government was just too big," said Kim Dotcom , founder of MEGA. Then he calls his followers to go use bitcoin now.

Lenovo Will Reduce Bloatware On Computers


Lenovo is the amount of preinstalled software on computers, also called " bloatware called "reduce significantly. That leaves the company said in a response to the Superfish debacle. "The events of last week, reinforce the principle that the customer experience, security and privacy should be our top priorities. With this in mind, we will pre-installed applications will be greatly reduced."

In a press release here said Lenovo will start right away. Will be at the launch of computers running Windows 10 "standard image" for computers only contain the operating system and related software as well as software needed to make the hardware work, security and Lenovo applications. "This would be what our industry" adware "and" bloatware "calls must eliminate." In some countries will install Lenovo programs that users expect in these areas.

Furthermore, the manufacturer information about all software preinstalled and explain what each application does. In addition, it will also collect feedback from users and experts going to make sure the right applications have been installed. In addition to changing the "preloadbeleid" will provide users with a Lenovo PC also receive a free six-month subscription to McAfee Safe Live service. About this action will soon appear more details.

Privacy OS Tails adds to bitcoinportemonnee


This week there's a new version of it appeared on privacy-oriented operating system Tails, including a bitcoinportemonnee as addition. Tails stands for The Amnesic Incognito Live System and is designed to leave minimal traces on the Internet. With the advent of Tails 1.3 several vulnerabilities have been resolved, but also added several new features.

The first feature that in the eye is the presence of sprint Electrum , a user for the digital wallet currency bitcoin. Another new feature is keyringer , a program that can be managed in encrypted fashion secrets and exchanged. For this, the software uses GnuPG and Git. Tails is a complete operating system that can be used from a DVD or USB stick. Despite all the attention to the privacy Tails developers recently showed that a daily basis but 10,000 of the privacy OS use.

Almost 97% Of Tor Traffic Goes To 'Normal' Websites


Almost 97% of the traffic that will generate Tor users to 'normal' websites over the internet anyone can visit, according to research from the Tor Project. Tor is a software that allows users not only to hide their IP address, but also makes it possible to visit Tor sites that are only accessible through the Tor network.These are the so-called "hidden services".

The Tor Project wanted to know how many of the Tor traffic goes to these hidden services. For this was the collaboration of several volunteers to share data from their Tor server. This enabled the Tor Project a small proportion (2% - 5%) of activities in hidden view services. Establish on the basis of current calculations, the researchers found that each day 30,000 hidden services are active. These websites generate every day 400 to 600Mbit per second of traffic, which amounts to about 5 terabytes of data per day.

Furthermore, it appears that is the Tor traffic from Tor users to these hidden services 3.4% of the total Tor traffic. This means that 96.6% of the Tor traffic to "normal" websites is that anyone can access through a browser. Tor came last year regularly negative in the news because Tor would mainly be used for visiting criminal Tor sites. Now it appears that the most traffic to websites is that outside Gate to visit.

The researchers suggest that it is still to preliminary results in that regard are established on the basis of a limited data set, and with a grain would have to be taken. The study was conducted over a period of several months, but the researchers plan to expand further in the future. They want to know how many people visit daily Tor sites and how often people try to visit a hidden service that no longer exists.

"Unfortunately, some of these questions with the current reporting infrastructure are not easy to answer, mostly because the collection in this way can reveal hidden information about specific services, as well as the results of the current system include excess  dates." The researchers are also looking at aggregation protocols for statistics that they can use in place of the current system, so they still safe to collect all kinds of statistics.

Aggressive Android Adware discovered on Google Play


Researchers from the Romanian antivirus company Bitdefender have on Google Play different Android apps discovered containing aggressive adware. Using apps after installation on the device a different name, which may make it more difficult for users to find and remove them.

Once active show the apps, such as "What is my IP?", All kinds of so-called warnings to install subscribing users on expensive telephone or make additional apps that contain more ads. One possible reason that the apps Google checkout managed to avoid is that the URL that sends users does not point to malicious APK files. The URL allows browsers to open a website that users from one ad to another forward.


For example, users in each search, clicked URL or open Facebook link to a special page redirected showing various location-specific ads. "Aggressive adware has in recent years developed further in-app ads and adware software development kits, to browser redirects and turning legitimate apps under similar names," said analyst Liviu Arsene. Some of the apps are as Bitdefender still be found on Google Play.

Hashes:

f2d57300d5f991dbc965ac092d5f4301 – com.alm.alm
c1d7afa5c4eb0b8e3c0292eadf98771e – com.tr.dum.dum
16967bea7d3dcb08c12220925ef6f030 – com.est.hk
cb9d3ff0eea162dd602eefe7b08ded49 – com.est.esteban
dbc99ba3241f943cc9e58870f0e40b34 – com.brer.brer
51bc232de9af3f34a58d824da86a70bc – com.tr.ipp
996c4a1525729466d87edf85cbbdf5de – com.who.myip.detect
6f37bd3c286440e37103ee8b67aca7d6 – com.tf.fed
47b863625a8022399247fc92c4d5d178 – com.esc.escd
e1ccb51569635415e66af16cbdd94ddc – com.esc.escde

US Spy Chief Calls "Cyber Armageddon" Unlikely


Although some politicians, military officials , businesses and interest groups for years for a digital "Pearl Harbor" warn the risk of a catastrophic attack by one party at this time is unlikely. That left James Clapper, head of US intelligence, yesterday at a hearing before a committee of the US Senate to know.

"Instead of a" cyber Armageddon "scenario that the entire US infrastructure disrupted, we foresee something else," said Clapper. It is then to form a continuous series of small to moderate cyber attacks from various parties that an increasing burden on the competitiveness of the US economy and national security.

According Clapper Various studies indicate that a number of countries, including Iran and North Korea, from economic and political motives offensive cyber operations conducted against the US private sector. Furthermore Clapper also warned of the risk of compromised hardware and software that is sabotaged anywhere in the supply chain. Also, malicious insiders in the coming years pose a risk to IT systems.

In addition to Iran and North Korea Clapper also named Russia and China as countries engaged in offensive cyber operations and cyber espionage. Finally, the head of intelligence for terrorists who will use the Internet to carry out attacks. "Terrorist groups will continue to experiment with hacking, which can serve as the basis for the development of more advanced capabilities."

The statements of Clapper follow the revelations of the Equation Group . According to experts, one of the most advanced cyber-espionage operations ever that would be carried out by the NSA or the NSA affiliated group during a period of several years.

Friday, 27 February 2015

Shodan Search Engine Will Find Thousands Of Hacked Websites


Many websites hacked and leave a message of the attacker behind often with "Hacked by" begins. The developer of the search engine Shodan is using this term were found thousands of websites have been hacked recently and were provided with the text "Hacked by."

Shodan is known as search engine that sorts of devices connected to the Internet, such as printers , routers, cameras and even complete industrial SCADA systems can be found. However, the search engine indexes also websites. The research that developer John Matherly conducted revealed that many of the hacked websites were hosted by one provider. A quarter of the "Hacked by" sites was in fact housed in the E commerce Corporation.

Almost all servers of this hosting company running on Apache and PHP, although not all have the same versions. Continue turning the most hacked websites not entirely surprised on port 80 (HTTP). Matherly also wanted to know what attackers had most websites and so could create a Top 10, where "GHoST61" 57 defacement's ends on the first place. The investigation of the Shodan developer late unfortunately not see how the sites were compromised.

Phishing Mail Hijacks Routers Using Default Password


During the final weeks of last year and the first half of January, cybercriminals conducted a small-scale email attack which tried to hijack different models of routers. The less than 100 emails were sent to Brazilian Internet users.

The email seemed the largest Brazilian telecommunications company coming and contained a link to a website. This website was abuse of cross-site request forgery (CSRF) vulnerabilities in the UTStarcom- and TP-Link routers from the telco. The CRSF attack tried to log into different default passwords and administrator names on the router. In case the attack was successful, the DNS servers from the router were changed.


The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. The DNS hijacking an attacker can manipulate the movement of users and intercept sensitive data. Example, if users want them to be redirected to another page to their banking site. During the attack on Brazilian users to security firm Proofpoint , the campaign found out, not knowing what was done using the custom DNS servers.

Google Analytics Will Warn Websites For Malware


To protect Internet users from malware Google now also goes websites that use Google Analytics to warn when there is detected malicious code in them. The Internet giant warned websites that the Google Webmaster Tools were notified.

Alert program is now expanded to websites that use analytics from Google. Websites will in the case of malware automatically alerted via so-called "Google Analytics Notifications", including the pages are specified. This way, webmasters can take faster and more effective action to remove the malicious code from their website.

Digital Newspaper NRC Hit By Hacking By Publisher


Hack the digital publisher Twipe Mobile made ​​yesterday the digital newspaper NRC Handelsblad and NRC Next several Belgian newspapers were not available, so let Twipe. Twipe is a Belgian start-up that has developed a digital platform that issue digital newspapers can be offered.

According to the Belgian newspaper De Standaard knew vandals on the digital infrastructure of the publisher to break into. In addition, the virtual servers from the publisher were irreparably damaged. Twipe say they have no evidence that there are copied. The systems were Mailings containing login and passwords of digitally enabled subscribers.

Meanwhile, the Regional Computer Crime Unit of Leuven has begun an investigation into the burglary. Microsoft would also participate in the research, analyzing the log data of its own cloud service. In Belgium Twipe provides digital publishing newspapers Mediahuis (De Standaard, Het Nieuwsblad, De Gazet Van Antwerpen and Limburg The Importance) and of L'Avenir. Twipe Mobile also allows for the distribution of some French newspapers.

In the Netherlands Twipe care through apps for Android and Windows digital newspaper NRC. The website speaks NRC a "technical malfunction" that caused the digital editions for Android and Windows users yesterday were not available.Meanwhile, the problem would be largely solved. "TVNZ Today is now available. Earlier numbers are downloading the next few hours. We expect nrc.next Friday continued in the apps available. Earlier numbers are accessible again in the coming hours," the newspaper

Facebook 1.3 Million Paid Researchers For Bug Reports


Facebook last year, $ 1.3 million paid for bug reports were submitted by researchers. Since the "bug bounty" program began in 2011 is more than $ 3 million disbursed. In 2014, Facebook received 17,000 bug reports, an increase of 16% compared to 2013.

Eventually, 321 researchers rewarded for their entries, which equates to an average reward of 1788 dollars per bugmelding.The five most active researchers earned last year together $ 256,000. Furthermore, according to figures from Facebook that most bugs last year were sent by Indian researchers, namely 196. Average yielded investigators USD 1,343 per bugmelding on.

The number of bug reports from Great Britain is 28 much lower, but average paid Facebook British researchers dollar 2,768 per bugmelding. A total of researchers from 65 countries paid by the social networking site. For this year expects Facebook again the necessary bug reports. Since the new year were already more than 100 valid reports are received.

Thursday, 26 February 2015

Virus Switched On Millions Of PCs From Windows Update


The Ramnit botnet that this week by Europol, investigative services, Microsoft and security from the air was removed the last 5 years more than 3 million computers Windows Update, Windows Firewall, Windows Defender, User Account Control and the virus off, leaving the machines did not receive important updates and risked getting infected by even more malware.

Ramnit first appeared in 2010. The malware is designed to steal passwords and data for Internet banking. Also, .exe virus, .dll- and .html files on hard drives and connected storage devices infect. Once activated switches the kinds of security measures in Windows as well as the present virus. Ramnit above used a special blacklist with more than 300 different anti-virus programs.

The last time the virus would only disable Microsoft virus scanners. The software giant detected the last six months, some 500,000 computers were infected with Ramnit. Since this week the cyber criminals behind the botnet would no longer be able to communicate with the infected computers. The infection and custom settings are still active.

Virus scanning and removal tools could, however, detect and remove malware. Microsoft recommends that users, therefore, to perform a virus scan regularly. In addition, it is recommended to be careful when opening emails and messages on social media from unknown users and software only download from the website of the supplier. In this way, new infections can be prevented.

Hashes:
b87dda7ab5ff13248e3c084c63d02b4a
4390dec38fefb2f7197b6b5cd3f7ab30
69412c0433d966b49795fa10bb7387ed
72609754b056fe8793fb848fe0167112

Domain Lenovo.com Hijacked Through DNS Adjustment


Attackers there yesterday managed to Lenovo.com hijack the DNS of the domain name to suit . Earlier this week, the attackers used the same technique in the Vietnamese Google website. In both cases Lizard Squad behind the DNS changes, as reported OpenDNS.

The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. The DNS servers Lenovo.com and Google.com.vn change the attackers could then specify the IP addresses where the domain was pointing to. The IP address of the mail server could be modified so that emails for Lenovo.com found themselves at the attackers. In the case of Google.com.vn be the site for a Dutch IP address. Meanwhile, both websites are accessible again and the DNS changes undone.

On Twitter was the Malaysian Registrar WebNIC where both domain names are registered, then with the DNS adjustments in connection brought . IT journalist Brian Krebs reports that Webnic.cc via a command injection vulnerability has been hacked, leaving a rootkit could be uploaded. This rootkit would already have been removed. The website of WebNIC is still unreachable.

Hacked Insurer Fined For Missing Patches


A British insurance company has been fined 175,000 pounds (239,000 euros) because the security updates forgot to install which customer data could be stolen. During the attack on Stay Sure attackers had access data from more than 100,000 credit cards, as well as medical data. The security of the credit cards, which is the back of the card, was also accessible.

However, this is in violation of industry rules, which state that they may not be saved. Eventually tampered with the credit cards of more than 5,000 people. It emerged that the company had no policies or procedures for checking and updating of IT security systems. In addition, the insurer password twice to update the database, so the intruder could have been prevented.

"It is inconceivable that a company with three million customer data had no procedures in place to protect that information,"says Steve Eckersley, head of enforcement at the UK Information Commissioner's Office. Eckersley hopes that the penalty as a warning to other companies will need to keep their IT security in order.

FBI Put $ 3 Million Head Of Cybercriminal


The FBI has offered a reward of $ 3 million put at the head of an unknown Russian cybercriminal who is considered the mastermind behind the Crypto Locker ransomware and the Game Over Zeus botnet. Last year there was a large-scale international operation against the botnet and ransomware place where the Russian was indicted by the US authorities.

Game Over Zeus malware that the man would have developed is a Trojan horse that is based on the infamous Zeus Trojan and was mainly used to steal data for online banking and other services. The malware that infected hundreds of thousands of computers over the years, would have caused more than $ 100 million in damage.

Game Over Zeus botnet was next to steal credentials used for spreading the Crypto Locker ransomware. This ransomware encrypted files on computers and gave users not access it if they ransom paid, which could amount to hundreds of dollars.Estimated Crypto Locker would have until April 2014 hostage together 234,000 computers. The FBI estimates that in the first two months that Crypto Locker active victims were paid a total of $ 24 million.

Nine months later, the Russian cyber criminals still on the run. According to the FBI maintains the man in Russia, but it may be that he travels abroad. To convict him is now $ 3 million awarded for the golden tip that leads to an arrest and / or conviction.

Wednesday, 25 February 2015

Large Botnet Achieved By Europol In The Air


Europol has partnered with European investigation services a large botnet off the air that had infected 3.2 million computers worldwide. It involves Ramnit botnet that for years was active and on infected computers include passwords booty made ​​and other data.

Computers were infected by opening links in spam emails and visiting infected websites. Ramnit is also a so-called "file infector" who .exe, .dll- and .html files on hard drives and connected storage devices infected. Once a computer became infected malware added the infected code in these files, and as soon as they were started spreading the infection further. Also were found public FTP servers that were used for distributing Ramnit.

In addition to investigative agencies from the Netherlands, Italy, Germany and Britain Europol coordinated the operation with Microsoft, Symantec and Anubis Networks . During the operation of the botnet Command & Control servers were turned off, and the 300 domains that were used to control infected computers.

"This successful operation demonstrates the importance of cooperation between international investigative agencies and private industry in combating cybercrime. We will remain committed to disable botnets and disrupting the infrastructure used by criminals for cyber crime," said Wil van Gemert, Deputy Director of Europol. Microsoft and Symantec have now been delivered solutions to remove the malware from infected computers.

Gemalto Denies Scale Theft Encryption Keys


SIM card manufacturer Gemalto denies that the American and British secret services widely encryption keys of SIM cards have been stolen. That leaves the Netherlands-based company after research know.Last week The Intercept came with the message that the US NSA and the British GCHQ in 2010 had obtained access to the network of Gemalto there and had the encryption keys sim captured.

According to the SIM card manufacturer is discovered in 2010 and 2011, two sophisticated attacks against the company that seem to correspond to the attack methods that are defined in the document of The Intercept. In 2010, the company discovered suspicious activity on one of the French sites where a "third party" the office trying to spy.

In July 2010 a second incident was discovered, which were sent phishing e-mails to a telecommunications company seemed from Gemalto and contained an infected attachment. Also, this time it happen several times tried to gain access to the computers of Gemalto staff. The company calls it "likely" that an operation has been carried by the NSA and GCHQ. This would, however, only the office have been compromised.

There has therefore been no large-scale theft of encryption keys. In addition, Gemalto says it had already rolled out a secure exchange system in 2010 for the exchange of these keys with telecom providers, which is the risk of theft would create exceptional. However if keys are captured, they would only intelligence second generation 2G networks can eavesdrop. 3G and 4G networks would not be vulnerable to such attacks.

Google Expands Chrome Hacking Contest Day


Every year Google organized during a security conference in Canada, a one-day competition in which hackers and researchers were rewarded for demonstrating vulnerabilities in Google Chrome. The Internet giant has now decided to expand the competition. Instead of a one-day hacking contest, researchers can now throughout the year for millions of Pwnium competition qualify.

Last year there was 2.71828 million dollars prize money available for new vulnerabilities. That prize is "infinity". According to Tim Willis of the Google Chrome Security Team has the game for various reasons changed . So researchers had to be physically on site in Canada to demonstrate their vulnerabilities and exploits. In addition, researchers decided to collect their leak to the Pwnium contest. "This is a bad scenario for all parties," said Willis.

Google was told the leak because later allowing users were more risk. Also, other researchers not to Pwnium participated vulnerabilities can find and report. The contest now to let a whole year, researchers found last report bugs directly, which should prevent them from doing the same work. Besides Chrome Chrome OS is also eligible for the new rules, wherein the top beloning now $ 50,000.

Cyber ​​Spies Often Pose As IT Staff


Cyber ​​Spies trying to break in organizations often pose as IT staff of the attacked organization. Also, they often send phishing emails that are security and seem related example of an anti-virus company originates. That reports the American security company Mandiant in a new report. 78% of targeted phishing mails which saw passing by the company were IT or security-related.

Social engineering, in which users are tricked into opening an email attachment or open a certain website, combined with unpatched vulnerabilities are also the principal way in which attackers to gain access to organizations know. Most phishing emails that were analyzed were found to be shipped on Saturday.

The report also shows that 69% of organizations affected an intrusion on the network through a third party comes to know, while 31% of the victims discovered it yourself. Average attackers would have had last year 205 days access to networks attacked before they were noticed. A decrease of 24 days compared to 2013. At one organization knew the attackers to hide even 8 years.

For passwords, hashes and certificates of compromised systems and networks to steal attackers would increasingly use the Mimikatz program, warns Mandiant. Mimikatz is freely downloadable from the Internet and according to the developer a tool to "experiment" with Windows security too. Using the tool, passwords, hashes and Kerberos tickets are retrieved from the memory. In almost all cases that were analyzed and Mimikatz was deployed the existing anti-virus software turned out not to stop the tool.

NSA Director Wants Access To Encrypted Data


The NSA wants technology give the secret service access to the encrypted data and communications from customers, but NSA director Mike Rogers does not speak of a "backdoor". According to Rogers, in the fight against terrorism necessary to decrypt encrypted devices.

"The discussion I have seen is mostly about all or nothing, or full encryption or no encryption", as the NSA director said yesterday during a cybersecurity forum in Washington. According to Rogers, it is feasible to establish a legal framework so that there can still gain access to encrypted data. He pointed to the fight against child pornography where technology companies with public authorities and hopes to achieve a similar cooperation in the field of encryption, reports AFP .

Alex Stamos, Chief Security Information Officer Yahoo asked Rogers if he wants technology backdoors add to their products and services. "Backdoor is not the context that I would use. If I use the term" backdoor "Sure, I think it is suspicious. Why would you want through the back door? It would be correct public should be," gave the NSA director reply . "We can develop a legal framework to do this. It's not something that we necessarily have to hide."

PrivDog: Only 57,000 Users At Risk


Adware PrivDog developer has released a security update after there was a vulnerability in the software detects allowing users targeted by Man-in-the-middle attack could be. In total, this "only" 57,000 users have run risk, says the developer. However, this is not the PrivDog software that comes with the programs of security provider and Certificate Authority Comodo. PrivDog makes adware that SSL connections are intercepted and software advertisements of "reliable partners" can inject.

Researchers discovered that PrivDog install a root certificate and thus intercepted each SSL certificate of websites using a self-signed certificate, even when it comes to SSL certificates that are not valid. As a result, the browser will accept HTTPS each certificate that is, whether by a Certificate Authority (CA) is signed or not. For example, users of public Wi-Fi networks could thus be the victim of a Man-in-the-middle attack. The vulnerability is present in versions 3.0.96.0 and 3.0.97.0 PrivDog.

These versions intercept SSL traffic and were downloaded from the website of PrivDog. Contrary to what was thought yesterday is Comodo Internet Security with an earlier version of PrivDog bundled working with a browser extension and thus is not directly vulnerable to this threat. That says researcher Hanno Boeck in addition to his research. PrivDog also confirms that the PrivDogplug-in that comes with the Comodo Browsers problem has not.

Globally, more than 57,000 people have downloaded the vulnerable PrivDog versions. According adware developer made ​​sure that the problem with some sites that use a self-signed certificate no certificate warning was given. However, the encryption was offered to the end user would remain intact, says PrivDog. Tonight there is rolled out an automatic update that fixes the problem by users.

Tuesday, 24 February 2015

Google Warns Of Sites With Unwanted Software


Google warned users of the search engine and Chrome all if they want to download malware or visit websites that attempt to install malware, but now the browser and search engine also show a warning when users arrive at websites that offer unwanted software.

This involves software that affects the Internet, for example, by adjusting the start or showing additional ads on websites. In the case of Chrome displays a prominent warning that explains the underlying website better can not be visited. To prevent Internet users through the search engine on these sites let reach Google Search now see signs that warn of this kind of misleading websites.

Finally, Google also has begun to turn off ads that lead to this kind of unwanted software. "We are constantly working to protect people on the Internet," says Google software engineer Lucas Ballard. Webmasters are advised to log on their website for the Google Webmaster Tools. This way Google can alert the webmaster if there are issues found on the website that people lead to unwanted software.

Research: Thousands Of Netgear Routers Accessible via FTP


Thousands manufacturer Netgear routers with attached storage accessible to anyone via FTP. The problem is independent of a vulnerability that was recently revealed in Netgear routers. In this case it is the WNDR4700 router that is also sold in the Netherlands. On devices running an old version of the ProFTPd FTP server. Not only is it possible to log in as "anonymous". The version in question contains a leak which allows an attacker to execute arbitrary code on the router.

A user of Reddit reports how he found more than 2,000 open routers via the Shodan search engine. Only specify the IP address was enough to log in using the FileZilla FTP program and to gain full read and write permissions. The connected storage media medical information, tax information, private photos, found academic research and business information.

Also, the user could own words 10 to 15 download movies. He hopes that Netgear quickly comes with an update to turn down the FTP access to anonymous users. The problem is reminiscent of earlier incidents where FTP servers unsecured bleaching and so could gain access to sensitive data.
Other vulnerability

A few days ago revealed security researcher Peter Adkins in different Netgear routers another vulnerability which allows an attacker to retrieve information from the device. For this, remote management must be enabled. If this is the case, then an attacker can view and modify certain settings, including the login information for the Wi-Fi network and connected devices.

Adkins had the problem on 18 January reported to Netgear, but the company said that the routers on a security feature that enable users are not at risk. Then the case was closed by Netgear and the researcher decided to make its findings public.Users of NetGear WNDR3700v4, WNR2200 WNR2500 and are advised to disable remote management. The problem probably plays into the WNDR3800, WNDRMAC, WPN824N and WNDR4700.

Location Smartphone To Monitor Power Consumption Through


Owners of a smartphone is not only to follow through their location information, also the power consumption can make clear where one has been. That have researchers from Stanford University in the United States and the National Research and Simulation Center Rafael determined from Israel.

A malicious app on the phone can measure the power consumption and thus determine the position of the owner. "Our approach allows the identification of known routes, real-time tracking and new routes possible by measuring the power consumption," said Yan Michalevsky opposite Technology Review . The idea behind the theory is that the power consumption of the smartphone is dependent on the distance to the base station.

If a user travels changing this distance, whereby the power consumption increases or decreases. The power consumption is therefore highly dependent on the phone's movements and the route taken by the user. Given different routes that a user can take, the power profile will show which route the user has actually taken.

The researchers concluded an Android app called "PowerSpy" develop to prove the theory in practice. The app on different devices was then tested, with 43 different user profiles for four different routes were collected. On the basis of the power consumption, the researchers with an accuracy of 93% were able to determine the selected route. The power consumption of other existing apps, according to the researchers to easily eliminate.

To protect users against this form of tracking apps would have to gain access to power, although this is probably overkill. A better option is apps only allow access to the power that is not associated with radio communications. One option that is also easy to implement. The research and presentation ( ppt to find) the researchers are online.

Privdog Software Worse Than Superfish Adware


After computer manufacturer Lenovo appears to combine security provider Comodo adware with its own software SSL traffic intercepted, only the impact is much greater than with Lenovo's Superfish was. That says researcher Hanno Bock . Comodo is known software like Comodo Internet Security and Comodo Dragon Browser. With some of the programs PrivDog-adware is included.

Like Superfish intercepted PrivDog HTTPS traffic to inject ads from "reliable partners". Late last year, the ability to filter HTTPS traffic was already on the forum Comodo discussed . The software is after Superfish scandal now in the spotlight. A user decided because Superfish a test page to do, which warns users if their HTTPS connection is manipulated. Although the user is not used Superfish he got a warning. Then this user reported on Hacker News that the possible was the PrivDog-adware.

PrivDog not have the same vulnerability as Superfish, using a weak certificate and a weak password to protect the private key of the certificate, but one which is many times as possible according to Bock. Although Superfish same certificate and key used for all installations, PrivDog makes for each installation a separate key and certificate. The biggest problem is that each certificate PrivDog intercepted and replaced by a self-signed certificate.

It is also about certificates that were not valid in the first place. As a result, the browser will accept HTTPS each certificate that is, whether by a Certificate Authority (CA) is signed or not. "We are still trying to find out the details, but it looks bad," Bock says. The researcher also finds it strange that Comodo, which is itself a CA bundle adware with their own software. "If the CA would be their job to protect HTTPS, not break," the researcher concludes.

Meanwhile warns also the CERT Coordination Center (CERT / CC) at Carnegie Mellon University for PrivDog. An attacker could according to the CERT / CC HTTPS sites spoof and intercept HTTPS traffic without users see a certificate warning.Users will also be advised to remove PrivDog. This would also be the root certificate in question to be removed.

US-CERT writes: "Adtrustmedia PrivDog is promoted by the Comodo Group, which is an organization that offers SSL certificates and authentication solutions." A variant of PrivDog that is not affected by this issue is shipped with products produced by Comodo (see below). This makes this case especially interesting because Comodo itself is a certificate authority (they had issues before). As ACLU technologist Christopher Soghoian points out on Twitter the founder of PrivDog is the CEO of Comodo. (See this blog post.)

Update/Clarification: The dangerous TLS interception behaviour is part of the latest version of PrivDog 3.0.96.0, which can be downloaded from the PrivDog webpage. Comodo Internet Security bundles an earlier version of PrivDog that works with a browser extension, so it is not directly vulnerable to this threat. According to online sources PrivDog 3.0.96.0 was released in December 2014 and changed the TLS interception technology.

Update 2: Privdog published an Advisory.

Professor: Cyber Criminal Is Not A Full Hacker


Hackers are often portrayed as evil geniuses, but a better description of who is talented, albeit sometimes mischievous, craftsman. They also play a key role in society by things safer else to think about problems and systems. That suggests Kevin Steinmetz , professor of sociology, anthropology and social work at Kansas State University.

Hacking is according to him, more than breaking into computer networks and security systems. "Hackers are often portrayed as criminals who steal in the dark money. Hacking is much more than that. It can also consist of the development of free and open source software." The professor is concerned with the study of the hacker culture and digital crime. In his latest research on the question of what is a hacker and what it means to hack.

"If there's one thing that they have taught me is to not be afraid to bend the rules or an idea on its head and put things challenging," said the professor in an interview about his research the Wichita Eagle . "We need to encourage people to think differently and to draw the status quo in doubt." Part of both hacking and craftsmanship consists of finding and solving problems. Hacking also has many similarities with craftsmanship. Steinmetz designates the self as a technological craft passing boundaries.

Hacking has evolved over the years. Yet hackers engaged in security currently getting all the attention, according to the research of the professor. The reason that security at the moment is so popular is because here play all interesting problems, says a hacker who spoke Steinmetz. The research also shows that hacking is no longer associated with the subculture where it originally came from. Namely people who are interested in technology and computers. Hacking is now used in a variety of domains. The media usually about hackers who are guilty of cyber crime, breaking into networks and steal credit card information.

However, this stereotyping fog that hacking is more to the process than the end result. Without craftsmanship is someone who commits crimes with digital may therefore not a hacker. "If people are engaged in this type of behavior because they want only final results, my research shows that they can not be regarded as a complete hacker" said Steinmetz. "They need to embrace the qualities of a professional, someone who loves his job and goes up here." The research of the professor was published in the British Journal of Criminology.

Monday, 23 February 2015

Mozilla Is Considering Blacklist For Superfish Certificate


Mozilla is considering to put the Superfish certificate was installed on laptops from Lenovo on a blacklist.According to a discussion on Mozilla's Bugzilla where developers discuss issues and bugs in Mozilla software. By putting the certificate on a blacklist would user certificate warnings that are displayed when using the Superfish certificate can not ignore.

Through the root certificate that installs Superfish on the root store of computers, where all root certificates are stored, SSL connections can be intercepted. Superfish late because all SSL connections run through its own certificate. Researchers managed to crack the password using the private key of the Superfish certificate. This makes it possible in some cases to Man-in-the-middle attacks against systems that perform Superfish and certificate are active.

"Every certificate that is added to root stores by commonly used software and whose private key is known, is a risk," said Gervase Markham on Bugzilla. He notes that the behavior of software installation certificates or not install on computers can change. A program can one week show no suspicious behavior and that a week later do it again. "Without extensive research, we do not know exactly how they work, and in what cases can modify software root lists and also what root lists."

Although Mozilla employees were initially quite hesitant to put the certificate on the blacklist, the decision by Microsoft to the Superfish application and the certificate by using Windows Defender and Security Essentials to remove changed this. "This paves the way for us free to revoke the certificate," said Mozilla's Richard Barnes . Since Microsoft already has the certificate on many computers removed the impact of any blacklisting will therefore be easy. "It just adds to the disinfection," Barnes continues. However, if and when the certificate on the blacklist will not yet decided.

Shop Sees Increase In Adware Mac Users


A US store warns Mac users to download software only from the official supplier, after it saw an increase in clients who were infected with adware. According to Annie Hayes iCape Solutions is the number of Mac customers that come along because adware increasing.

"Although Macs are resistant to viruses, we have an increase of adware / malware seen as Genio and Install mac," says Hayes. This is because according to its Mac users software such as Adobe Flash Player for free outside the official Adobe website. Once active adware modifies the home page and search engines and injects ads. "In order to avoid this kind of programs you should only download programs from a reliable place. For example if you need the latest version of Flash, make sure that you are on the genuine Adobe website."

Another problem that the Mac store regular customers see return is MacKeeper. This is a program that claims to optimize Mac OS X systems and to protect the privacy of users. "I can give you a million reasons to avoid it, but I refer to this article on iMore , "Hayes says. "Ordinary users do not need anti-virus software or cleaner, and much of what is in circulation resembles MacKeeper, a program designed to let you pay for a service."

American Police Pay $ 600 To Ransomware


An American police has cybercriminals paid $ 600 after a police computer became infected with ransomware. "Not everything was encrypted at the police station, it was only for that specific computer and files," said Calvin Harden, an IT provider who works with the city.

Harden notes that the cybercriminals have not stolen the information, but only acted encryptions. According to the Chicago Tribune ran the computer infected by someone at the police opened an infected email attachment. All files were then encrypted and there appeared a message that an amount was to be paid in bitcoins to recover the files. The police eventually made ​​$ 606.

"Because the backups were also infected the decision was made ​​to pay the hacker and the files to recover," Harden furthermore states. It is not the first time that an American police station in the news because of ransomware. In 2013 it was a police station in the state of Massachusetts who proceeded to pay, followed by police stations in Dickson County and Durham who were the victims of ransomware.

TYPO3 Warns Of Critical Vulnerability In CMS


The developers of the popular content management system (CMS) TYPO3 have warned of a critical flaw in the software that only can be logged in with a user name. To also carry out the attack, the CMS software must be set in a certain way.

The system extension must "rsaauth" are loaded and configured in a particular way for frontend use. Furthermore, there must be a vulnerable CMS version installed. The leak, which has not yet CVE number, is present in versions 4.3.0 t / m 4.3.14, 4.4.0 t / m 4.4.15, 4.5.0 t / m 5.4.39 and 4.6.0 t / m 04/06/18. Users have strongly advised to upgrade to 5.4.40 or use a specially crafted shell script that vulnerable TYPO3 versions patches.

Weak "Superfish Certificate" Found In More Software


It is not just the owners of a Lenovo laptop that ran through the Super Fish-adware risk that their SSL traffic was intercepted, also all kinds of other programs using the same kind of certificate. That security researchers discovered Marc Rogers and Filippo Valsorda , both working for CloudFlare. The certificate used Superfish was from Komodia, an Israeli company.

The company shows the framework that for Superfish also used to have used other software. This relates to Keep My Family Secure, Easy hide IP Classic, Lavasoft Ad-aware Web Companion, Staffcop version 5.6 and 5.8, Kurupira Webfilter and Qustodio's parental control software. Also hide-my-ip is called by Rogers, only this software does not use SSL man-in-the-Middle and the certificate used is slightly different with the other programs. Yet it still uses an unrestricted root certificate with a simple password in plain text. Furthermore, the certificates Komodia for these programs used weak and the password is always Komodia.

"I think it's safe to assume that every SSL interception product sold by Komodia or Komodia SDK is based on the same method will be used," said Rogers. This means that the dangerous certificates are not only restricted to the laptops from Lenovo. Everyone who has come into contact with a product or Komodia parental control software installed check that it is not at risk.

"This problem is much bigger than we thought," warns Rogers. By using weak certificates, an attacker can eavesdrop on traffic or manipulate, without requiring users to see this. Even if the SSL connection is checked, the user sees only the strength of the connection between the Komodia software and its browser, and not the connection which goes over the internet. Users can use this page to check if it is installed on their computer, one of the Komodia certificates.
Superfish

Meanwhile Superfish puts the blame down to Komodia. The company leaves opposite the Associated Press that the vulnerability was inadvertently caused by a third party in the software. Superfish CEO Adi Pinhas also denounces the "false and misleading messages" in the media.

Researcher Late MITM Attack With Superfish Certificate See


An American security researcher demonstrated how he set up via a malicious WiFi network and the Superfish certificate Lenovo users may attack. Previously showed researcher Robert Graham already see how the password cracked that the private key of the Superfish certificate used.

Something for which he needed about three hours. Then he wanted to demonstrate that an attack with the obtained certificate would not only theoretically, as the CTO of Lenovo claimed, but also practical. For this, Graham chose as a hardware Raspberry Pi2 combined with Alpha-WiFi adapter. Through " RPI Wireless Hotspot "he changed the Raspberry Pi2 into a wifi hotspot, while sslsplit to perform the Man-in-the-middle attack used. In total, cost of setting up the hotspot also three hours.

Graham leaves on his blog how a simulated user via its Wi-Fi hotspot is internet banking can be intercepted, even though the user gets when visiting his bank site to see a valid SSL icon. According to Graham he used for performing the attack only commonly available tools. "The only special feature is sslplit, but it is a tool that companies use often for security purposes, and does not have a special hacking purpose. '" The researcher therefore concludes that this attack is really practical and not just theoretical.

Sunday, 22 February 2015

Virus Scanners Microsoft Remove Superfish-Adware


Microsoft released an update for the virus Security Essentials and Windows Defender that addresses the Super Fish-adware on Lenovo laptops as well as the self-signed certificate that the adware used will be deleted. Also the free Microsoft Safety Scanner is able to detect and remove Superfish.This was discovered by Filippo Valsorda of the CloudFlare Security Team.

Meanwhile, Microsoft has also the definition put the Super Fish-adware line, where the threat as a Trojan horse is described.In addition to Microsoft also have several other providers of anti-virus solutions now released an update to detect and remove Superfish. A survey on VirusTotal shows that Superfish yesterday by 17 of the 55 virus was detected. Earlier in the day there were still six .

Besides the anti-virus companies warn the American and Dutch government for Superfish. The Computer Emergency Readiness Team (US-CERT) that part of the US Department of Homeland Security has issued this warning off. Consumers get it advised to remove the adware and the certificate installed. The Dutch government through veiliginternetten.nl published, an initiative of Economic Affairs, the National Cyber ​​Security Center and the ECP, a short article about Superfish.

Researcher: "Gemalto was specifically targeted by GCHQ"


The chip maker based in the Netherlands Gemalto was indeed a specific target of the British secret service GCHQ, although Gemalto denies this in a press release. Yesterday The Intercept dropped on the basis of documents that the NSA and GCHQ in 2010 had broken at Gemalto .

In addition, the encryption keys were to secure mobile communications captured. In a press release states that Gemalto would appear from the publication that it was not necessarily the target. "It was an attempt to maximize net eject and as many mobile phones as possible to reach, with the aim to monitor the mobile communications without the consent of telecom providers and users."

Andrew Fishman, researcher and journalist at The Intercept let on Twitter know that Gemalto was indeed the target of the secret services. Codenamed "Dapino GAMMA" which appears in the documents of the GCHQ are namely GCHQ code name for Gemalto. In an operation of the British secret service, named HIGHLAND FLING, Gemalto is even named. This operation was intended to access the email accounts of Gemalto employees in France and Poland. Because of the revelations is the share of Gemalto on the AEX stock market currently more than 6% in the minus.

Expert Wants End to Pre-Installed 'Crapware'


Computer manufacturers must stop before installing all kinds of software on new PCs, also known as 'crapware'. "Companies like Apple, who sell their products on their own merits, saddling their customers with this adware mess," said security analyst Ken Westin at Computerworld . Following the Super Fish-scandal in the Chinese computer manufacturer Lenovo.

Practice to install software in advance, as tryouts, and other programs for which the manufacturers get paid by the software developer, will place many years. In 2011, Microsoft even came with an initiative to rid computers of crapware. Computers with no trialware (tryouts) was present and there were no programs were loaded during startup called "Signature PCs". It was also for these PCs required to provide a clean desktop without gadgets, icons and unnecessary taskbar icons.

According Westin is important that consumers, manufacturers can trust. The analyst makes the blog know his employer Tripwire that mobile phone manufacturers and laptops itself a disservice by using this kind of dated ad strategies. Meanwhile, consider multiple virus Superfish as a Trojan horse. Six of the 57 scanners on VirusTotal store in detecting adware alarm.

Virustotal: "Easily Detect Malware With Free Microsoft Sysinternal Tool Process Explorer"

Microsoft has been offering the free program Process Explorer, but recently it cooperates with VirusTotal Google, allowing users to easily check their computer for malware. Process Explorer shows an overview of services, programs, and files that are running on the computer. Through the integration with VirusTotal hashes may be checked at VirusTotal.

VirusTotal is an online virus scanner that scans files by 57 virus scanners. By the online virus scan service via Process Explorer to call can be clearly or suspicious files on your computer are active. Microsoft security architect Roger Grimes late InfoWorld know how suspicious files then disable via Process Explorer. Then he removes the computer the file in question manually.

Grimes warns Windows users that deleting files is at your own risk. It can namely that a virus file wrongly regarded as malware or that the file in question is a driver or other important program component. Some malware can not be closed by Process Explorer. For this, use Grimes Autoruns , another free program from Microsoft, which prevents the infected file the next time Windows starts loading.

The security architect stressed that this detection is not perfect. Some malware to evade detection, although that is special, says Grimes. "In the future, do virus writers struggled to avoid Process Explorer and Autoruns, but this is currently not the case. This method is therefore one of the best protection methods that you can use."

Saturday, 21 February 2015

Lenovo Warns Customers For Super Fish-Adware


Lenovo has a security bulletin released which warns customers for the Super Fish-adware that was installed previously on laptops. According to the manufacturer discovered several vulnerabilities in Superfish, including the installation of a self-signed root certificate.

Consumers can remove Superfish, but Superfish certificate but will remain on the system. Since Superfish according Lenovo SSL traffic intercepted this is a "security concern". Therefore, the manufacturer removal instructions put online, and a list of vulnerable laptops. These laptops in E, Flex, G, M, S, U, Y Yoga and Z-series that are delivered between September 2014 and February 2015. Together account for more than 40 models.

Customers who leave running the certificate in certain scenarios, for example when an open Wi-Fi network, the risk of being attacked by a man-in-the-Middle. Users will also be advised to remove the certificate. Furthermore Superfish would be asked to turn off all server activity of the software. Via Twitter Lenovo announces that it is busy working to rectify the problem and regain the trust of customers.

The CERT Coordination Center (CERT / CC) at Carnegie Mellon University now has a warning issued for the certificate and advises users to delete it. There are EFF by the American civil rights movement removal instructions put online, including for Firefox users.