Friday, 31 July 2015

Windows 10 Wi-Fi Sense Is Not A Security Risk

A much-discussed component in Windows 10, Wi-Fi Sense , which makes it possible to display contacts access to their own Wi-Fi network. Contrary to what some journalists and websites is no security risk, says Windows Follower Ed Bott .

This week IT journalist Brian Krebs came up with an article in which he warned of Wi-Fi Sense. According to Krebs would Windows 10 standard questions to share the wifi password with all the contacts in Outlook and Skype. Then, these users as they are in the area, can use the Wi-Fi network. Krebs warned that the feature could have serious consequences and advised Windows users, therefore, to eliminate it.

Bott says that Wi-Fi Sense does not work this way. In addition, there is no shared password, but only Internet access. The option to share Wi-Fi access is indeed default. However, it only applies to networks that the user has chosen. Users must select the Wi-Fi network from which they wish to share access yourself first.

According to Bott's Wi-Fi Sense vulnerability and therefore no one will make unauthorized connection to the Wi-Fi network of the user. Krebs responds by stating that many users have been conditioned to this type of windows that Windows just asks "yes" button, and shared networks will be shared as contacts on Facebook, Outlook and Skype.

Infected Version TrueCrypt Used For Cyber Spying

A Russian website has years of an infected version of the popular encryption program TrueCrypt offered, which in reality turned out to be a Trojan horse that has been used for cyber-espionage. That leaves the Slovak anti-virus company ESET in a report published today ( pdf ) know.

The website was a offered in Russian translated version of TrueCrypt. Visitors who met but were offered an infected version specific criteria. What criteria were precisely known. Once installed on the system was also installed a backdoor that allows the attackers had full control over the computer. At least since June 2012 was offered via malware.

As a select number of victims were attacked in this way, could also backed by long time undetected, according to ESET. The TrueCrypt website also served as Command & Control domain. Communication between the attackers and infected computers ran through the website. Researchers also think the site was managed by the attackers and that it is not a hacked website.

Apart from the TrueCrypt website spread the malware, called Potao, also via e-mail attachments and USB sticks. This was done on a simple but effective way. The malware placed himself on the USB stick and made all other files invisible. In addition, the malware got the name of the USB stick and a disk icon. Users would have thought that it was a disk or shortcut while they opened the malware in reality.

Most targets of the malware were located in the Ukraine. It was among other things the Ukrainian government, the Ukrainian army and a major Ukrainian news agency. Members of the Russian and Ukrainian popular pyramid games were spied by the malware. So were victims of infectious TrueCrypt version mainly in Russia.

SHA1 hashes: Early Potao versions: 


Debug versions: 


Droppers with decoy documents: 

04DE076ACF5394375B8886868448F63F7E1B4DB9 31 

Droppers from postal websites:




32 Other droppers:




Fake TrueCrypt setup: 


Fake TrueCrypt extracted exe: 


Hacker Makes Tool To Unlock GM Cars Remotely

The well-known hacker Samy Kamkar has a tool designed to cars from manufacturer General Motors (GM) are located remotely open and start. GM offers car owners a service called OnStar with which the car can be found via a smartphone app, opened and started.

Kamkar developed for 100 dollars a small device, the OwnStar that a car or truck should be placed and the communication of the smartphone to the app to intercept. The problem with the app is that SSL be used to exchange encrypted data, but the certificate does not correctly check to ensure that there is communication with the real OnStar servers.

The Ownstar consists of a Raspberry Pi and three radios and can occur as a friendly network. Once the user's GM Remote Link app launch and the smartphone within range of the device is a man-in-the-middle attack is carried out in order to steal the user's credentials. Then these data are from a 2G GSM connection is sent to the attacker. With the login information, an attacker then follow the car, open the doors, start the engine or to sound the horn or alarm.

Starting on distance is not possible, this is still requires a human operator. GM is now working on an update to address the problem, as a spokesperson of the automaker opposite Wired know. During the upcoming Def Con conference in Las Vegas will Kamkar provide more information about his attack. The following video shows already see a short demonstration.

Yahoo Will Pay Researchers $ 1 Million For Bug Reports

Since Internet giant Yahoo late 2013 a reward program for researchers and hackers have started it more than $ 1 million paid to bug reports. In total, Yahoo received during this period 10,000 bug reports, of which 1500 were finally rewarded financially, so let the company know .

Of the more than 1,800 people who took part in the rewards program have delivered about 600 bugs that could be verified. It is a small group bug detectors (6%) which is responsible for 50% of all bug reports. According to Yahoo was the addition of a reputation system to the reward program a big improvement. This gives researchers points for reporting verified bug reports, and the amount of the paid compensation. Through the reputation system, researchers can then compare the program with other participants their skills.

Thursday, 30 July 2015

New Android Phones Leak Is Virtually Useless

Researchers have discovered a vulnerability in Android devices allow an attacker can make it as good as useless. The vulnerability, which can be attacked through both websites as a rogue app, ensures that the user can not hear or see that there is a call or a text message is sent. Also, calls can not be accepted.

In case the attack is carried out via a malicious app can crash the operating system. When the app first set to start automatically upon loading the operating system, would thus arise a continuous loop of crashes. Each time the machine crashes because the user's phone and restart the app is loaded again and release Android then crash. Further, the telephone such as that it is no longer locked, to be unlocked.

The problem is in Android 4.3 to Android 5.1.1, which together more than half of all Android devices. According to researchers at Trend Micro appears to be the vulnerability this week announced Stage Fright leak . Both vulnerabilities arise due to the way Android handles media files, although the way these files reach different user. Google was on May 15 informed about the problem, but still has not rolled out updates.

Chrome Extension Prevents Profiling By Type Of Behavior

Websites, Internet users nowadays not only to follow based on their IP address or browser features, including the way one type provides companies with sufficient information to draw up a profile. Two researchers, Paul Moore and Per Thorsheim therefore have developed an extension for Google Chrome called " Keyboard Privacy "that prevents profiling by type of behavior.

Several banks were already using the technology. The technology according to the researchers, also interesting for totalitarian regimes, as well as advertisers. Even when using an Internet user or a Tor proxy, he would still be recognized by the use of his type of behavior. In order to counter this form of tracking and profiling Keyboard Privacy changes the rate at which typed characters arriving at the website.

Moore argues that the extension reduces security, but this is not a bad thing necessarily. "It's important to find a good balance between security and privacy. It is very difficult to raise one without the other measurable decrease," he notes.Internet users who like their type of behavior on websites "leak" or their bank will be forced to, according to Moore extension per website on or off. Soon there will appear a Firefox version of the extension.

American City Has Allocated 3.5 Million Dollars For Firewall

The US city of Boston has $ 3.5 million earmarked for the development of a "next generation" firewall, to protect the city against cyber attacks. According Jascha Franklin-Hodge, CIO of the city, is currently the technical infrastructure for vulnerabilities controlled and it is checked whether or systems have the appropriate redundancy, reports the Boston Herald .

The firewall must be Boston in mind, would later become operational this year, but the campaign to strengthen the digital security of the city runs through 2020. Eventually, there should be a system of multi-layer data protection. Boston has not had to deal with major security incidents and data breaches, but according to Greg McCarthy, CISO of the city, there is commanded constant vigilance.

Researchers Crack Smart Safe Via USB Stick

Researchers from the US security Bishop Fox managed a "smart safe" by manufacturer Brinks with nothing more than to get a USB stick open. The problem is playing in the CompuSafe Galileo of Brinks, which can contain up to $ 240,000.

The vault has a touch screen and Internet and runs on an embedded version of Windows XP. Once there is money in the safe it is placed automatically by a reader scanned and added to the total. Information about the contents of the safe can be printed daily and is also sent to Brinks over the internet. The smart safe also has a USB port for technicians and making backups. The researchers wrote a malicious script that loads automatically from a connected USB stick.

To open the safe door the USB stick only needs to be connected, then after a minute automatically opens the safe door. For this, an attacker must have physical access to the safe. To erase traces of theft can also database that keeps track of how much money there is to be adapted in the safe. The vulnerability was more than a year ago reported to Brinks, but according to the researchers, the company's problems still not resolved, so let them Wired know. The researchers will present their attack this year at the Def Con hacker conference in Las Vegas show .

Wednesday, 29 July 2015

Wifi System Skoda Cars Vulnerable To Attackers

Several vehicles carmaker Skoda has a wifi system so that it can be read on a tablet or smartphone information from the car, but according to researchers is inadequate security. The SmartGate system lets users create through wifi to connect to the car.

Then all kinds of data can be read, such as speed, fuel consumption, number of days until the next service and other information. Researchers at Trend Micro discovered that an attacker more than twenty different parameters can be read out and the owner of the car from the SmartGuard system can exclude. To carry out the attack, an attacker must remain in the vicinity of the Wi-Fi network of the car and then crack the wifi password. That's according to the researchers, however, rather weak. Also, it is no problem to stay close to the Wi-Fi network. With a speed of up to 40 kilometers per hour they managed to crack the Wi-Fi network.

Reading the data even managed a speed of 120 kilometers per hour. The researchers argue that an attacker can modify the wifi settings and the user so can eliminate the system. Then it must return to the dealer to put make back its institutions. The researchers advise owners of a Skoda with SmartGate to put the wif-range at 10% and change the wifi password and network name. Skoda is advised to set the standard signal strong at 10% and an on / off switch SmartGate design. SmartGate would be present at least in the Octavia, Yeti and Superb.

Internet Again Exposed To Contaminated Ads

In recent weeks several popular websites appeared infected ads, making the potential for at least 10 million Internet users have run risk of infection. The actual number of people that the received ads to see infected and as a consequence thereof became infected is not known. The ads pointed to a copy of the Angler Exploitkit.

This exploitkit tries users silently through vulnerabilities in popular software such as Adobe Flash Player to infect with malware. It regularly happens that the ads or exploits are displayed only to visitors from certain countries. In case the infected advert appears the attack can only succeed if the visitor uses the attacked software or browser plug-in instance is not up to date.

The sites where the ads would appear according to statistics from security Cyphort SimilarWeb and get at least 10 million visitors per month. The most popular websites showing the infected ads were found in Vietnam, Greece, Indonesia and Thailand. Earlier this month, the ads were also found on the Japanese edition of the Huffington Post. Earlier this year warned Cyphort even for infected ads on popular websites. Even when it came to the Huffington Post.

British Government Warns Of Ransomware

The British government has Internet users warned of ransomware, cyber criminals now use the name of the Ministry of Interior and the Ministry of Justice to infect computers with malware. The emails claim to come from a ministry and contain a link or attachment that contains information about an upcoming lawsuit.

In reality it is the Torrent Locker ransomware that encrypts files on the computer and then asks for a sum in Bitcoin to decrypt them. The UK Government says that it does not send unsolicited emails and never in e-mails asking for personal information and passwords. Additionally point links in e-mails from the Interior Ministry always to government sites that begin with https and on one. are domain.

Experts Denounce Sending USB Drives By Chrysler

Last week, carmaker Chrysler announced that the 1.4 million cars because of a vulnerability in the software recall. The vulnerability allows an attacker cars via the Internet partly control. So the brakes can be switched on and off and it is possible to turn off the engine.

Chrysler developed an update for the security vulnerability and offers now via three ways. Consumers can download the update itself and update the car software via a USB stick. This is now a comprehensive manual ( pdf ) appeared online. The second option is to return the car to the dealer who then installs the update. In addition, there is also a third possibility.Namely to allow sending a USB stick with the update.

And it is this last option that can count on criticism from security experts. "This is the dumbest action that I've heard in a long time," said Khalil Sehnaoui Krypton Security embarrassed about ZDNet . Also Tod Beardsley security company Rapid7 is not happy with the action. "Just a USB stick into the computer stabbing without knowing exactly where it comes from is a bad idea," he observes. He warns that teaching users that they have a USB stick that can confidence be sent by post creates a dangerous behavior and opens the door for criminals to take advantage of this.

Chris Kennedy of anti-fraud business Trustev takes the decision to send around USB sticks "incredibly irresponsible" and "unsafe". Kennedy is especially worried that the USB sticks be intercepted. Also on Twitter users react with amazement."Now is a good time to send USB sticks containing exploits for any Chrysler owners", as a late Twitterer know. Beardsley advises owners of Chrysler to go to a dealer. Since there are then at least one more track is that paper shows that there is a reliable party is searched. Chrysler states in response that the measure is selected to increase convenience for customers.

App Store And iTunes Exposed Significant Vulnerabilities: Relates To System Security

Security experts recently discovered a major flaw in Apple's iTunes App Store and invoice systems. An attacker who exploited this vulnerability could hijack sessions, the malicious manipulation of the invoice. Vulnerability Lab's security researcher Benjamin Kunz Mejri announced its discovery of this vulnerability this week. The major drawback is that the injection-side input validation web application vulnerabilities. The security researcher said in the announcement, can contribute to the flawed content features and services modules inject malicious script code through this vulnerability a remote attacker.

Mejri introduction represents an attacker could exploit the vulnerability approach is to replace the malicious script code to control the value of the invoice module name. If the device is in the Apple store to buy, the backend will use the name value to add coding control condition, which can generate an invoice before the invoice is sent to the seller. The consequences of this will lead to is to have the application side scripting code execution Apple invoice. The severity rating of the vulnerability is CVSS 5.8 (universal vulnerability rating system).

In addition the network attacker can also interact with other Apple applications store account users to control this vulnerability by continuing operating environment, irrespective of the user is the sender or recipient will not affect them take advantage of this loophole. The security researcher said invoice is available to sellers and buyers of both sides, this will give the buyer, the seller or the Apple web administrators / developers to bring great risk.

An attacker can also exploit this vulnerability to hijack user sessions, constantly launch phishing attacks, create links to external resources redirected lasting, influence or manipulation is connected to the service module.

After Mejri found the vulnerability in June 8 was the notification and coordination, then it would be for Apple's product security team issued a notice supplier, Apple after notification responded and feedback, Apple Developer Group provides repair After notice vulnerability, Vulnerability Laboratory was recently disclosed that they discovered this vulnerability.

Earlier this month, Apple's new version of iOS and OS X operating system, the existence of many security vulnerabilities were patched. In a security bulletin, Apple said they released the iOS 8.4 contains 20 multiple patches, the existence of remote code execution, the application terminates, encrypted traffic interception and other issues were corrected.

In these updates, the one called "Logjam" defects has been resolved. It is used in the Diffie-Hellman key exchange algorithm encryption vulnerabilities, the technology is widely used to share key and create a secure communication channel in the Internet protocol. That could allow hundreds of thousands of websites and servers using HTTPS exposed to the risk of theft and traffic is intercepted, and thus may be subject to-middle attack.

At least one of these issues will have a direct impact on Apple Watch. The problem exists in the application installation link, malicious applications can exploit the vulnerability Watch prevent application launch.

Proof of Concept

Tuesday, 28 July 2015

FBI Cyber Crime Forum Taken Offline Back Online

A popular forum for cyber criminals that two weeks ago by the FBI offline was removed has announced his comeback. In addition, the security will be tightened to thwart a new operation by investigators. Darkode the forum, according to the FBI an important place where criminals services, tools and exchange ideas to attack systems.

During an international operation where twenty countries participated were 70 Darkode members arrested, indicted or are still being sought. Including a trainee of security FireEye was arrested for activities at the forum. It was about to take offline a forum for cyber criminals largest international operation of investigative services.


But the forum's administrator was not arrested and has now announced the comeback of Darkode. According to the administrator is the largest part of the administrators and other senior members are not picked up. The operation of the investigators would focus on new members or people who have long been nothing more with the "scene" had to do. The new version of Darkode will again be hosted through the Tor network and are by invitation only.

In addition, each member will receive their own onion address to visit the website. Thus have visited the administrators more control over who the website and offers more log information to identify informants for example. In addition, a user of the bitcoin-wallet will be linked to his account. Even if the user's account was hacked, an attacker can not use the account unless the private key of the user bitcoin wallet knows, reports Malware Tech .

Stop Using NSA Collected Phone Records

US intelligence NSA will stop on November 29 with the use of the telephone data collected in recent years through mass surveillance in the United States. Just recently, the US Senate Section 215 of the Patriot Act not to renew . Through this legislation, the NSA was authorized to store massive call data of American citizens and preserve.

In a statement, the Director of National Intelligence now announced that data from November 29 will no longer be used.However, technical staff of the NSA will have three months long to access the data. This would be necessary in order of data which may be collected to verify the new USA under Freedom legislation.

In addition, the NSA would be legally bound to keep the bulk of the collected telephone records, until civil proceedings are related to the eavesdropping program completed or that the court states that the NSA's data no longer need to keep.According to the NSA Data is maintained only because of the civil proceedings and will not be used for other purposes. The data will eventually be destroyed, so the Secret Service says.

Stephen Hawking Fears Military Deployment Artificial Intelligence

Stephen Hawking, Elon Musk, Steve Wozniak, and many other eminent researchers and scientists have an open letter published and signed in which they warn about the military use of artificial intelligence. According to experts, artificial intelligence reaches a point where the use of such systems within a few years is a reality.

If it is mentioned both advantages and disadvantages to the use of artificial intelligence by the army. The replacement of human soldiers by robots could reduce the number of human victims, but can on the other hand, the threshold to start a war decrease. The experts fear that a global competition arises in the development of artificial intelligence for military purposes.

Once a military world power will develop artificial intelligent weapons others will follow. Autonomous weapons will therefore be the Kalashnikovs tomorrow, according to the experts. Unlike nuclear weapons autonomous weapons would be easy to produce and do not require expensive materials. It would also only a matter of time before they get into the hands of terrorists, dictators and warlords.

Autonomous weapons, according to the experts also ideal for conducting attacks, destabilise countries, suppressing the population and the selective killing of ethnic groups. Therefore, a military race in artificial intelligence is not in the interest of humanity, so they warn. The experts conclude the letter off by saying that artificial intelligence has great potential for humanity, but that this is not militarily, and therefore should be banned in an autonomous weapons.

Handy Privacy Tips For Firefox Users

Firefox includes many extensions to block trackers on the Internet and to protect the privacy of users, but the browser also sends itself data to third parties. Reason for a GitHub user to a list to the privacy options that adapt themselves through the browser.

This concerns issues such as Safe Browsing, collect statistics by Mozilla, the built-DRM plug-in, Firefox Hello, Pocket-integration WebRTC and geolocation. Sometimes users need to balance security and privacy. As Firefox exchanges via Google Safe Browsing information with Google in order to protect users from phishing sites and malware. Disabling this option can also be a security risk.

It also appears that Firefox Hello, a tool for video calls via the browser, connect to the servers of ISP Telefonica, without asking for your permission. In the case of the Pocket-integration, it is a connection to a third party to manage a list of articles read. In addition, users advised to search suggestions from the search box from the switch, since everything that is sent is typed into the search box defaults to the preset engine.

1900 Roku Media Streamers Accessible Via The Internet

Around 1,900 Roku media streamers are publicly available on the Internet, while this probably is not the intention of the owners. The Roku is actually a small computer for streaming media such as music and movies to a television and especially in the US very popular .

The device features an API (application programming interface) to be controlled via a smartphone. This is to not use any form of authentication. The idea behind the API is that it is applied locally use only and can not be accessed over the internet.Recently discovered a researcher to incorrectly set Roku media streamers are indeed accessible via the internet and that anyone who can give commands via the API.

John Matherly search engine Shodan therefore decided to scan the Internet, the number of Roku media streamers which is accessible via the web. His scan yielded some 1,900 devices. Matherly according to the number, however, differ depending on the time zone that the scan is performed. Using the scan was also discovered which several Roku media streamers are using it, which versions are installed, Netflix is the most popular channel and that many users do not update the apps and channels on their device.

Serious Leak Was Hijacking Steam Accounts Child

A serious vulnerability in the popular gaming service Steam ensured that users' accounts this weekend could be hijacked by childishly simple way. The only thing that an attacker would need to gain access to an account was user of the user name.

The vulnerability was in the password reset function. When changing a password, please send Valve, the developer of Steam, a code to the email address of the user. This code must be entered before the password can be changed. However, a bug meant that this code was not necessary. An attacker who did not fill in the code could just click Continue, and then reset the password and gain access to the account, such as this video shows.


Valve late in a response to gaming website Kotaku know that it was a "bug" and the problem was discovered on July 25.Meanwhile, the bug would be fixed. To protect users of all of the accounts with "suspicious password changes" the password will be reset. Users in this case will receive an email with a new password. In addition, Valve states that accounts using Steam Guard, the two-factor authentication of the gaming service, attackers could also log if it was changed password.

Steam has 125 million users worldwide. Through the platform, users can buy all sorts of games and digital objects. Some research argue that sold 75% of all PC games through Steam. Steam Accounts with many games or digital goods are also a favorite target. How many users it has been hijacked account is unknown, but on Reddit let readers know that several known players, the victim became.

Malware Steals Data From Offline Computer Via Mobile Phone

Researchers have developed malware with which it is possible to go from computers that are not connected to the Internet to steal its data. Air-pinch, such as disconnecting systems is referred to the Internet, is a popular method for securing systems in critical environments.

Yet these systems are also at risk, according to researchers at the Cyber ​​Security Research Center at Israel's Ben-Gurion University. They developed a way in which a mobile phone can be used to steal data from a computer. To carry out the attack requires that both the computer and mobile phone with malware are infected. The " GSMem malware "the researchers let the memory of the computer act as an antenna and then send via GSM frequency data to the infected phone.

On the other hand, the phone must have been infected with a rootkit that researchers call the "Receiver Handler". This malware to be installed in the firmware of the mobile phone. The GSM malware could be installed via physical access or by intercepting the machine during the delivery process. To install the rootkit was social engineering, a malicious app or physical access can be used. The amount of data that can be stolen is limited in this way. It is enough to steal passwords and encryption keys in about two minutes, reports Wired .

By using a separate receiver can be collected at a distance of 30 meters much more data. In environments where air-gapped computers are used, it may be illegal to use a smartphone, but are simple devices allowed. Therefore, researchers developed the malware works on simple mobile phones. However, they expect a smartphone with better results and this will also be testing in the future. During the Usenix Security Symposium in Washington next month, the researchers will provide more details on their attack.

Monday, 27 July 2015

Millions Of Android Phones Vulnerable By New Leak

Researchers have discovered a serious vulnerability in Android which makes it possible to gain access to devices simply by sending an MMS message. Then an attacker can steal information, read emails, activate the microphone and perform other tasks. The vulnerability is in Stage Fright, a media library that handles various popular media formats.

Security Zimperium discovered vulnerability in the Android part, that the self worst Android leak calls so far. An attacker only needs namely to send an MMS message to execute code on the device. It is thereby even possible to remove the message before the user gets to see it. Only the acknowledgement is all that is visible. The researchers warn that the vulnerability is very serious, because there is no interaction from the victim is required.

Estimates suggest that 950 million Android devices running risk. The problem is particularly acute among Android versions Jelly Bean, which is about 11% of all Android devices. Zimperium warned Google that has already rolled out patches for Android. In many cases, telecoms providers and manufacturers are, however, responsible for distributing updates to their users and the security company also fears that it may take a long time before everyone is protected.

Two manufacturers, however, are a positive exception. Meanwhile the Black Phone Silent Circle is patched and Mozilla Firefox is protected from the issue. At the upcoming Black Hat conference in Las Vegas will have more details about the vulnerability are announced.

Microsoft Tool Blocks Unwanted Windows 10 Updates

Microsoft Windows 10 Home front will roll out updates automatically among users and is the standard no longer possible to block certain updates or drivers, like other Windows versions is the case. And that can be a problem if, for example faulty drivers or updates are rolled out via the automatic update mechanism.

Nevertheless, users do not blindly accept all the updates because Microsoft has recently been a " troubleshooter package released "to block unwanted updates. The troubleshooter provides an interface for showing and hiding updates and drivers.Once a user or an unwanted update driver has been removed which will no longer be available after installing the troubleshooter. In the description of Microsoft is that the tool is for the Windows 10 Preview, but Windows Follower Ed Bott notes that the troubleshooter, based on the latest test version of the Windows 10 Preview, including the final version will work.

Secure FTP Server Vsftpd Improves SSL Support

For users of FTP (File Transfer Protocol) which further improves safe way to exchange files existed for some time the FTP server "vsftpd" and the latest version is the support for SSL. By default, files and log data is not encrypted when using FTP. An attacker can eavesdrop on the connection can thus discover a range of data.

Chris Evans , head of Google Chrome Security Team, developed a few years ago why vsftpd, which stands for very secure FTP daemon . According to Evans vsftpd is "probably the safest and fastest FTP server for UNIX-like systems." If the FTP server supports SSL. Therefore, it is possible to log in encrypted on vsftpd-servers and to exchange data. The latest version of vsftpd was dated September 18, 2012, but now there's a new version appeared.

Therein Evans has further enhanced SSL support and various measures aimed at preventing attacks. There is also support for Elliptic Curve Diffie-Hellman (ECDH) added. According to Evans is the use of SSL, in combination with FTP still "tricky" and are not yet solved all of the problems 100%. Nevertheless, a combination of the latest version of the FTP client FileZilla with vsftpd a good start for users who need to use FTP over SSL, as he notes.

Sunday, 26 July 2015

Fraudulent Mobile Ads Consume Gigabytes Of Data

Fraudulent apps for both Android, iOS and Windows Mobile posing as popular games allow devices actually charging thousands of ads a day, without users having this in the first instance. However, the applications run continuously in the background, may consume gigabytes of data, ensure that the battery previously absorbed and are able to download more than 16,000 ads per day.

Then there are simulated random clicks on the ads, which get the developers of the paid apps. Average would be the apps on a device 700 ads download per hour, which amounts to 16 800 ads per day. It consumes about 2GB of data. Globally, there are more than 12 million devices with rogue apps are infected.

According to the US Forensiq have rogue apps produced last year for $ 857 million in damages and this year will be $ 1 billion to be passed. It should be noted that Forensiq a company engaged in the fight of advertising and click fraud. Google has already removed several of the rogue apps from Google Play, but would not say how many, reports AdvertisingAge .

US Government Attacked Via Flash Player Flaw

Several agencies of the US government in June and July attacked via a Flash Player vulnerability that was discovered by the Italian Hacking Team and true at the time of the attacks had no patch yet, says the FBI. Details about the vulnerability were found in the data that were stolen from the Italian surveillance company. However, the break-in at Hacking Team was made ​​public on July 6.

Now, according to information from the FBI's Flash Player flaw had been since June 8 by assailants known and actively used to penetrate US government agencies. Previously had anti-virus company Trend Micro already know that the vulnerability before the disclosure in targeted attacks against targets in Korea and Japan had begun, namely July 1 . The FBI goes in the case for the attacks against US government agencies for two campaigns which probably gathering information aim.


The first phishing campaign took place on 8, 9 and 11 June, the second was observed on July 8, according to a warning that spread the FBI and by Public Intelligence online ( pdf is put). Both attacks emails were sent with a link. The link pointed to an exploit that took advantage of the vulnerability in Flash Player. The attack on July 8, the FBI more information mentioned in the warning. Thus, the government received a spear phishing e-mail with a link to a PDF document. When users opened a website loaded there the link containing JavaScript code. This code then loaded a malicious Flash file that vulnerability in Flash Player attacked to infect your computer with malware.

The spear phishing emails had different topics such as 'BBW Analysis report - 2015', 'Tomorrow Morning New Starts', "Perry Dale Club for Leadership: Financial Literacy 101", "FAS Analysis Report - 2015", "AEP Energy Program Update: 2015 Program Year Kick Off ',' Review Link "and" PLS Account A42660861. All spear phishing emails that were submitted in July had the same sender. The timing of the attack in July is remarkable, because on July 8 wrote poetry namely the vulnerability in Adobe Flash Player version and earlier on an emergency patch . In the warning, the FBI also recorded several IP addresses and domains that were used by the attackers and can help detect a possible attack.

Apple Allows Users To Rogue Pop-Up Blocker In iOS 9

Apple has added a feature to iOS Safari 9 which allows users to block malicious pop-ups. IOS users for some time been the target of fraudulent pop-ups that occur as crash reports. The popups use JavaScript to ensure that they do not close on a normal way.

In the so-called crash message is called to call a specific phone number. The number of telephone scammers then ask users amounts of between 40 and 70 euros for solving the "problem". On the Apple forum in recent months dozens of topics and responses to find the people who report to see were . Users who have to deal with the pop-up to close Safari by tapping twice on the home button and then clear the browser history, as Apple on this page explains.

In iOS 9 However, it will also be possible to block pop-ups, as discovered Mac developer Rosyna Keller in the beta version of iOS 9. The Finnish anti-virus firm F-Secure affirms that pop-ups with fraudulent JavaScript indeed simple be closed. All expected to appear iOS 9th September.

Saturday, 25 July 2015

Chrysler Raises 1.4 Million Cars Back Because Of Vulnerability

Carmaker Chrysler raises some 1.4 million cars and trucks back because of a vulnerability in the software that allow attackers over the internet can access the vehicles. It is then possible to switch on the brakes, to turn off and to turn off the motor at low speeds.

The vulnerability was by researchers Charlie Miller and Chris Valasek discovered . The problem is in Uconnect, a component that gives the cars online capabilities and that the entertainment and navigation are operable. The functionality even offers a wifi hotspot and makes phone calls possible. Uconnect allows anyone with a vehicle connection as long as the IP address of the car is known.

After the connection was made with a car, the researchers succeeded in order to adapt the firmware of the system. This custom firmware can then send instructions via the internal network of the car to the physical components such as the engine and the wheels.


After Chrysler nine months ago was informed, was the manufacturer on July 16 with a security update . The update must be installed via a USB stick by car owners. The fear was that many owners would not do this. Therefore Chrysler now launched a voluntary recall, let the manufacturer through their own website to know. It is about 1.4 million vehicles. According to Chrysler there are no attacks still in the "wild" that have been observed using the vulnerability.

The problem is present in the MY Dodge Viper and different models of RAM pickup, the Jeep Grand Cherokee and Cherokee SUVs, Dodge Durango SUVs, different My Chrysler and Dodge Charger sedans and Dodge Challenger sports coupe.Customers of an affected vehicle will have received a USB device that they can use to upgrade the car software. The upgrade not only resolves the vulnerability, but also adds additional security measures, according to Chrysler.

FBI Warns Businesses For Extortion Through DDoS Attacks

The FBI has warned businesses through extortion DDoS attacks on their websites, as these attacks take place more often. The past few months have also several security companies to this form of extortion warned .

The attacks are carried out by a group that DD4BC (DDoS for Bitcoin) names and since last July is active. The FBI warning that Public Intelligence published ( PDF ), the group is not mentioned, but the method does is mentioned is identical. There is first a DDoS attack on the website of the company which usually takes place about an hour and has a size of 20 to 40 Gbps.You then send an e-mail with the demands of the attackers. That require an amount to be paid in bitcoin.

If the victim does not meet the requirements there will be a powerful DDoS attack within 24 hours, which lasts an hour and again has a size of 40 to 50 Gbps. This attack is succeeded by a warning. According to the FBI know most attacked companies to turn down the DDoS attacks by enabling the anti-DDoS services from third parties instead of paying the ransom. Where the attackers had first mainly on gambling sites provide, since April this year, other sectors targeted and larger amounts are required.

Red Hat Patches Leak That Gave Local Users Root Privileges

Red Hat has released security updates for two vulnerabilities allowing a local user to the file / etc / passwd could adapt and root privileges could get. The vulnerabilities are in the libuser library, which is standard on all Red Hat-derived Linux distributions is present.

During an internal investigation discovered security company Qualys different libuser-related vulnerabilities. The first vulnerability is present in the "user helper" and a local user allows to edit the file / etc / passwd. This would be possible to cause a local denial of service. Qualys does not exclude that it is possible for a local user to gain root privileges on the system, but to make the company failed an exploit that realizes this. That did succeed with a second leak in libuser itself.This allows a local user to gain root privileges.

Red Hat released yesterday updates to the vulnerabilities of, after being informed in advance. However, there is a commotion about the publication of Qualys. The company would information about the vulnerabilities, including exploits, published before the Red Hat updates to users could be deployed. Something for discussion on the oss-sec mailing list and Reddit made.

No New Data Ashley Madison Users Put Online

Several media reports that the attackers behind the hack of Ashley Madison information of users have put online, but it is the same data that Sunday had already been made ​​public. Attackers then made ​​known to the data of over 37 million users had captured, as well as all kinds of business data of a site for cheaters.

The attackers threatened to remove all data online as Ashley Madison has not been taken off the air. The website is still online. Still, the threat has not yet been implemented and there are no new data made public. In announcing the hack data from two users were mentioned. It is the real name, username, registration date, complete address, email address, sexual fantasies, desires and password hash of an American man.

In the case of the second user it comes to someone from the "full delete" function had used. This option allows users of the website for $ 19 it removed their profile. However, the purchase details have been preserved, said the attackers. In this case it is the user's name, address and sexual fantasies. His username, password hash and email address are not mentioned.Ashley Madison is a website for people who want to cheat. Because of the incident, the website decided users free of charge to raise their profile.

Speed ​​Network For Internet Anonymously Unveiled

Scientists have unveiled a high-speed network that users can go online anonymously and that mass surveillance will be available. The network is called HORNET ( pdf ), which stands for High Speed ​​Onion Routing at the Network Layer. Because the running at the network layer, there are, according to the scientists, all kinds of applications are possible. To protect the privacy of users is made ​​use of symmetric cryptography. It does this in a way that HORNET nodes, the computers where the network consists of, can process at a rate of 93GB / s traffic.

At present, there are already several solutions for Internet users to protect their anonymity on the Web, such as the Tor network, which has over 2 million users a day. The speed of the Tor network can not be perfect. According to scientists, is well suited for Tor anonymous communication, but its scalability and network performance problems. The more people Tor to use, the more nodes are to be added in order to maintain the speed of the network.

The scientists therefore looked for a solution that did scalable. In doing so HORNET agreements with Tor (The Onion Router).They both use onion routing, where traffic runs on multiple nodes to protect the identity of users. In the case of HORNET have to store the nodes in the middle of the network, less information about the connection, so that they can exchange traffic faster in theory. For the time being, however, the only paper in which the scientists describe the new anonymity network.

Cyber ​​Spies Added Linux Support To Allow Malware

A group of cyber spies who is held responsible for attacks on the Belgian government , the White House and a variety of other businesses , government agencies and institutions in Europe and the United States has developed new malware that also features Linux support.

The group is "Duke" and has been active for several years. Recently, a new instance of malware from the group discovered called "Seaduke". It is a Trojan designed to steal information and will be used against a small number of valuable objectives.According to both Symantec and Palo Alto Networks involves highly sophisticated malware.


Finland's F-Secure analyzed the malware and also saw that the Trojan is written in Python and supports both Windows and Linux. According to the virus fighter Seaduke is the first "cross-platform" malware of the Duke group. The first thing is to use the popular scripting language Python. Earlier malware cyber spies were written in the programming languages ​​C and C ++. In addition, the Python code for both Windows and Linux proves to be developed. "We therefore suspect that the Duke group same Python code Seaduke used to attack Linux users," says researcher Artturi Lehtiö.

Lehtiö leaves in front Security.NL know that there are no attacks against Linux users in the "wild" are found. "But it is safe to assume that they have added Linux support to the use," he notes. The question remains how Linux users would be attacked.The Duke group, for example, used a funny movie monkeys to attack Windows users, which in reality was an exe file. There are PDF documents containing exploits for vulnerabilities in Adobe Reader used to infect computers with malware.

Adding Linux support to malware is not new. Earlier this year it was discovered another group of cyber spies who had done this. The group decided to use social engineering to infect Linux users. Attacked users received a rogue HTML5 plugin offered which turned out to be in reality spyware.

FBI Launches Campaign Against Economic Espionage

The FBI in the United States a campaign launched to warn companies and research institutes for economic espionage. According to the investigation department of industrial espionage is a growing threat that causes more damage. The exact damage is difficult to determine, but the losses are "substantial" amount and possibly hundreds of billions of dollars annually, according to the FBI.

They are mostly foreign competitors and countries that trade secrets, manufacturing methods, innovations and insights in trade and labor disputes  search. The FBI would not only see an increase in the attempts to steal company secrets, but the way is getting nastier too. "We had cases where people literally warehouses and factories within walking to steal trade secrets," said Randall Coleman, deputy director of the FBI's Counterintelligence Division. "It is shocking to see how much effort they do to steal information."

The companies would use different ways to sit behind the espionage attacks to steal information from US companies. Thus, current and former foreign employees of US companies and research institutes contacted. In addition, "technical operations" conducted as computer hacking, searching bins and bribing staff. Finally go on seemingly innocent business relationships with US companies in order to make economic information as booty.

The FBI gives American companies and organisations also advice how to protect their business and trade secrets. This relates to matters such as ongoing security training for staff to draw up a plan to protect business secrets and implement physical security measures. There is also a 36 minute video made ​​based on a real case, which tries to make the threat clear.

Google: Consumers Wary Of Security Updates

Average Internet users are wary of security updates, and consider even mistaken as a security risk, according to research ( pdf ) from Google. The Internet giant decided the security behaviour of 231 294 security experts and Internet users who are not experts to compare.

For example, among other things, to the top five security measures take any consideration of both groups. It shows that average Internet users underestimate the importance of security updates seriously. 35% of the experts called to install security updates as a security measure, while only 2% of users doing this. As a result, the installation of the patches is a security measure, with the largest difference between users and experts.

Further research into this behaviour shows that 39% of the experts shows automatically install updates, while among users is 29%. In addition, 25% of the experts said that updates are installed immediately. When the user, this is done by only 9%.According to the researchers did not make installing updates as timely as possible with bad past experiences or that users do not realise its effectiveness.


The study also shows that password management is important for both users and experts, but there different approaches are used. The experts often use password managers. The difference between experts and users is a factor of three. 24% of users said for some accounts using a password manager, while it is 73% of the experts. Furthermore, users will find anti-virus software very important, while experts prefer other measures.

"Our results show that experts and non-experts take various measures to protect themselves on the Internet. The action of the experts be experts considered good advice, while the actions of the non-experts get mixed reactions from experts," said the researchers. They argue that there is room for improvement when it comes to identifying the main security and to then make this clear to users.