Pages

Friday, 31 July 2015

Windows 10 Wi-Fi Sense Is Not A Security Risk



A much-discussed component in Windows 10, Wi-Fi Sense , which makes it possible to display contacts access to their own Wi-Fi network. Contrary to what some journalists and websites is no security risk, says Windows Follower Ed Bott .

This week IT journalist Brian Krebs came up with an article in which he warned of Wi-Fi Sense. According to Krebs would Windows 10 standard questions to share the wifi password with all the contacts in Outlook and Skype. Then, these users as they are in the area, can use the Wi-Fi network. Krebs warned that the feature could have serious consequences and advised Windows users, therefore, to eliminate it.

Bott says that Wi-Fi Sense does not work this way. In addition, there is no shared password, but only Internet access. The option to share Wi-Fi access is indeed default. However, it only applies to networks that the user has chosen. Users must select the Wi-Fi network from which they wish to share access yourself first.

According to Bott's Wi-Fi Sense vulnerability and therefore no one will make unauthorized connection to the Wi-Fi network of the user. Krebs responds by stating that many users have been conditioned to this type of windows that Windows just asks "yes" button, and shared networks will be shared as contacts on Facebook, Outlook and Skype.

Infected Version TrueCrypt Used For Cyber Spying


A Russian website has years of an infected version of the popular encryption program TrueCrypt offered, which in reality turned out to be a Trojan horse that has been used for cyber-espionage. That leaves the Slovak anti-virus company ESET in a report published today ( pdf ) know.

The website was a truecryptrussia.ru offered in Russian translated version of TrueCrypt. Visitors who met but were offered an infected version specific criteria. What criteria were precisely known. Once installed on the system was also installed a backdoor that allows the attackers had full control over the computer. At least since June 2012 was offered via truecryptrussia.ru malware.

As a select number of victims were attacked in this way, could also backed by long time undetected, according to ESET. The TrueCrypt website also served as Command & Control domain. Communication between the attackers and infected computers ran through the website. Researchers also think the site was managed by the attackers and that it is not a hacked website.

Apart from the TrueCrypt website spread the malware, called Potao, also via e-mail attachments and USB sticks. This was done on a simple but effective way. The malware placed himself on the USB stick and made all other files invisible. In addition, the malware got the name of the USB stick and a disk icon. Users would have thought that it was a disk or shortcut while they opened the malware in reality.

Most targets of the malware were located in the Ukraine. It was among other things the Ukrainian government, the Ukrainian army and a major Ukrainian news agency. Members of the Russian and Ukrainian popular pyramid games were spied by the malware. So were victims of infectious TrueCrypt version mainly in Russia.

SHA1 hashes: Early Potao versions: 

8839D3E213717B88A06FFC48827929891A10059E
5C52996D9F68BA6FD0DA4982F238EC1D279A7F9D 
CE7F96B400ED51F7FAB465DEA26147984F2627BD 
D88C7C1E465BEA7BF7377C08FBA3AAF77CBF485F 
81EFB422ED2631C739CC690D0A9A5EAA07897531 
18DDCD41DCCFBBD904347EA75BC9413FF6DC8786 
E400E1DD983FD94E29345AABC77FADEB3F43C219 
EB86615F539E35A8D3E4838949382D09743502BF 
52E59CD4C864FBFC9902A144ED5E68C9DED45DEB 
642BE4B2A87B47E77814744D154094392E413AB1 

Debug versions: 

BA35EDC3143AD021BB2490A3EB7B50C06F2EA40B 
9D584DE2CCE6B654E62573938C2C824D7CC7D0EB 
73A4A6864EF68C810C7C699ED51B759CF1C4ADFB 
1B3437C06CF917920688B25DA0345749AA1A4A46 

Droppers with decoy documents: 

FBB399568E0A3B2E461A4EB3268ABDF07F3D5764 
4D5E0808A03A75BFE8202E3A6D2920EDDBFC7774 
BCC5A0CE0BCDFEA2FD1D64B5529EAC7309488273 
F8BCDAD02DA2E0223F45F15DA4FBAB053E73CF6E 
2CDD6AABB71FDB244BAA313EBBA13F06BCAD2612 
9BE3800B49E84E0C014852977557F21BCDE2A775 
4AC999A1C54AE6F54803023DC0FCF126CB77C854 
59C07E5D69181E6C3AFA7593E26D33383722D6C5 
E15834263F2A6CCAE07D106A71B99FE80A5F744B 
A62E69EF1E4F4D48E2920572B9176AEDB0EEB1C6 
900AD432B4CB2F2790FFEB0590B0A8348D9E60EB 
856802E0BD4A774CFFFE5134D249508D89DCDA58 
A655020D606CA180E056A5B2C2F72F94E985E9DB 
04DE076ACF5394375B8886868448F63F7E1B4DB9 31 

Droppers from postal websites:

94BBF39FFF09B3A62A583C7D45A00B2492102DD7 
F347DA9AAD52B717641AD3DD96925AB634CEB572 
A4D685FCA8AFE9885DB75282516006F5BC56C098 
CC9BDBE37CBAF0CC634076950FD32D9A377DE650 
B0413EA5C5951C57EA7201DB8BB1D8C5EF42AA1E 
0AE4E6E6FA1B1F8161A74525D4CB5A1808ABFAF4 
EC0563CDE3FFAFF424B97D7EB692847132344127 
639560488A75A9E3D35E4C0D9C4934295072DD89 

USB-spreaders:

850C9F3B14F895AAA97A85AE147F07C9770FB4C7 
BB0500A24853E404AD6CA708813F926B90B38468 
71A5DA3CCB4347FE785C6BFFF7B741AF80B76091 
7664C490160858EC8CFC8203F88D354AEA1CFE43 
92A459E759320447E1FA7B0E48328AB2C20B2C64 
BB7A089BAE3A4AF44FB9B053BB703239E03C036E 
DB966220463DB87C2C51C19303B3A20F4577D632 
37A3E77BFA6CA1AFBD0AF7661655815FB1D3DA83 
181E9BCA23484156CAE005F421629DA56B5CC6B5 
A96B3D31888D267D7488417AFE68671EB4F568BD 
224A07F002E8DFB3F2B615B3FA71166CF1A61B6D 
5D4724FBA02965916A15A50A6937CDB6AB609FDD 
8BE74605D90ED762310241828340900D4B502358 
5BE1AC1515DA2397A7C52A8B1DF384DD938FA714 
56F6AC6197CE9CC774F72DF948B414EED576B6C3 
F6F290A95D68373DA813782EF4723E39524D048B 
48904399F7726B9ADF7F28C07B0599717F741B8B 
791ECF11C04470E9EA881549AEBD1DDED3E4A5CA 
E2B2B2C8FB1996F3A4A4E3CEE09028437A5284AE 
5B30ECFD47988A77556FE6C0C0B950510052C91E 
4EE82934F24E348696F1C813C24797618286A70C 
B80A90B39FBA705F86676C5CC3E0DECA225D57FF 
971A69547C5BC9B711A3BB6F6F2C5E3A46BF7B29 
C1D8BE765ADCF76E5CCB2CF094191C0FEC4BF085 
2531F40A1D9E50793D04D245FD6185AAEBCC54F4

32 Other droppers:

D8837002A04F4C93CC3B857F6A42CED6C9F3B882 
BA5AD566A28D7712E0A64899D4675C06139F3FF0 
FF6F6DCBEDC24D22541013D2273C63B5F0F19FE9 
76DA7B4ABC9B711AB1EF87B97C61DD895E508232 
855CA024AFBA0DC09D336A0896318D5CC47F03A6 
12240271E928979AB2347C29B5599D6AC7CD6B8E 
A9CB079EF49CEE35BF68AC80534CBFB5FA443780 
1B278A1A5E109F32B526660087AEA99FB8D89403 
4332A5AD314616D9319C248D41C7D1A709124DB2 
5BEA9423DB6D0500920578C12CB127CBAFDD125E 

Plugins: 

2341139A0BC4BB80F5EFCE63A97AA9B5E818E79D 
8BD2C45DE1BA7A7FD27E43ABD35AE30E0D5E03BC 
54FEDCDB0D0F47453DD65373378D037844E813D0 
CC3ECFB822D09CBB37916D7087EB032C1EE81AEE 
F1C9BC7B1D3FD3D9D96ECDE3A46DFC3C33BBCD2B 
9654B6EA49B7FEC4F92683863D10C045764CCA86 
526C3263F63F9470D08C6BA23E68F030E76CAAF3 
E6D2EF05CEDCD4ABF1D8E3BCAF48B768EAC598D7 
CEBAB498E6FB1A324C84BA267A7BF5D9DF1CF264 
324B65C4291696D5C6C29B299C2849261F816A08 
C96C29252E24B3EEC5A21C29F7D9D30198F89232 
CDDDE7D44EFE12B7252EA300362CF5898BDC5013 
84A70CDC24B68207F015D6308FE5AD13DDABB771 

Fake TrueCrypt setup: 

82F48D7787BDE5B7DEC046CBEF99963EEEB821A7 
9666AF44FAFC37E074B79455D347C2801218D9EA 
C02878A69EFDE20F049BC380DAE10133C32E9CC9 
7FBABEA446206991945FB4586AEE93B61AF1B341 

Fake TrueCrypt extracted exe: 

DCBD43CFE2F490A569E1C3DD6BCA6546074FD2A1 
422B350371B3666A0BD0D56AEAAD5DEC6BD7C0D0 
88D703ADDB26ACB7FBE35EC04D7B1AA6DE982241 
86E3276B03F9B92B47D441BCFBB913C6C4263BFE

Hacker Makes Tool To Unlock GM Cars Remotely



The well-known hacker Samy Kamkar has a tool designed to cars from manufacturer General Motors (GM) are located remotely open and start. GM offers car owners a service called OnStar with which the car can be found via a smartphone app, opened and started.

Kamkar developed for 100 dollars a small device, the OwnStar that a car or truck should be placed and the communication of the smartphone to the app to intercept. The problem with the app is that SSL be used to exchange encrypted data, but the certificate does not correctly check to ensure that there is communication with the real OnStar servers.

The Ownstar consists of a Raspberry Pi and three radios and can occur as a friendly network. Once the user's GM Remote Link app launch and the smartphone within range of the device is a man-in-the-middle attack is carried out in order to steal the user's credentials. Then these data are from a 2G GSM connection is sent to the attacker. With the login information, an attacker then follow the car, open the doors, start the engine or to sound the horn or alarm.

Starting on distance is not possible, this is still requires a human operator. GM is now working on an update to address the problem, as a spokesperson of the automaker opposite Wired know. During the upcoming Def Con conference in Las Vegas will Kamkar provide more information about his attack. The following video shows already see a short demonstration.

Yahoo Will Pay Researchers $ 1 Million For Bug Reports


Since Internet giant Yahoo late 2013 a reward program for researchers and hackers have started it more than $ 1 million paid to bug reports. In total, Yahoo received during this period 10,000 bug reports, of which 1500 were finally rewarded financially, so let the company know .

Of the more than 1,800 people who took part in the rewards program have delivered about 600 bugs that could be verified. It is a small group bug detectors (6%) which is responsible for 50% of all bug reports. According to Yahoo was the addition of a reputation system to the reward program a big improvement. This gives researchers points for reporting verified bug reports, and the amount of the paid compensation. Through the reputation system, researchers can then compare the program with other participants their skills.

Thursday, 30 July 2015

New Android Phones Leak Is Virtually Useless



Researchers have discovered a vulnerability in Android devices allow an attacker can make it as good as useless. The vulnerability, which can be attacked through both websites as a rogue app, ensures that the user can not hear or see that there is a call or a text message is sent. Also, calls can not be accepted.

In case the attack is carried out via a malicious app can crash the operating system. When the app first set to start automatically upon loading the operating system, would thus arise a continuous loop of crashes. Each time the machine crashes because the user's phone and restart the app is loaded again and release Android then crash. Further, the telephone such as that it is no longer locked, to be unlocked.

The problem is in Android 4.3 to Android 5.1.1, which together more than half of all Android devices. According to researchers at Trend Micro appears to be the vulnerability this week announced Stage Fright leak . Both vulnerabilities arise due to the way Android handles media files, although the way these files reach different user. Google was on May 15 informed about the problem, but still has not rolled out updates.

Chrome Extension Prevents Profiling By Type Of Behavior



Websites, Internet users nowadays not only to follow based on their IP address or browser features, including the way one type provides companies with sufficient information to draw up a profile. Two researchers, Paul Moore and Per Thorsheim therefore have developed an extension for Google Chrome called " Keyboard Privacy "that prevents profiling by type of behavior.

Several banks were already using the technology. The technology according to the researchers, also interesting for totalitarian regimes, as well as advertisers. Even when using an Internet user or a Tor proxy, he would still be recognized by the use of his type of behavior. In order to counter this form of tracking and profiling Keyboard Privacy changes the rate at which typed characters arriving at the website.

Moore argues that the extension reduces security, but this is not a bad thing necessarily. "It's important to find a good balance between security and privacy. It is very difficult to raise one without the other measurable decrease," he notes.Internet users who like their type of behavior on websites "leak" or their bank will be forced to, according to Moore extension per website on or off. Soon there will appear a Firefox version of the extension.

American City Has Allocated 3.5 Million Dollars For Firewall


The US city of Boston has $ 3.5 million earmarked for the development of a "next generation" firewall, to protect the city against cyber attacks. According Jascha Franklin-Hodge, CIO of the city, is currently the technical infrastructure for vulnerabilities controlled and it is checked whether or systems have the appropriate redundancy, reports the Boston Herald .

The firewall must be Boston in mind, would later become operational this year, but the campaign to strengthen the digital security of the city runs through 2020. Eventually, there should be a system of multi-layer data protection. Boston has not had to deal with major security incidents and data breaches, but according to Greg McCarthy, CISO of the city, there is commanded constant vigilance.

Researchers Crack Smart Safe Via USB Stick


Researchers from the US security Bishop Fox managed a "smart safe" by manufacturer Brinks with nothing more than to get a USB stick open. The problem is playing in the CompuSafe Galileo of Brinks, which can contain up to $ 240,000.

The vault has a touch screen and Internet and runs on an embedded version of Windows XP. Once there is money in the safe it is placed automatically by a reader scanned and added to the total. Information about the contents of the safe can be printed daily and is also sent to Brinks over the internet. The smart safe also has a USB port for technicians and making backups. The researchers wrote a malicious script that loads automatically from a connected USB stick.

To open the safe door the USB stick only needs to be connected, then after a minute automatically opens the safe door. For this, an attacker must have physical access to the safe. To erase traces of theft can also database that keeps track of how much money there is to be adapted in the safe. The vulnerability was more than a year ago reported to Brinks, but according to the researchers, the company's problems still not resolved, so let them Wired know. The researchers will present their attack this year at the Def Con hacker conference in Las Vegas show .

Wednesday, 29 July 2015

Wifi System Skoda Cars Vulnerable To Attackers


Several vehicles carmaker Skoda has a wifi system so that it can be read on a tablet or smartphone information from the car, but according to researchers is inadequate security. The SmartGate system lets users create through wifi to connect to the car.

Then all kinds of data can be read, such as speed, fuel consumption, number of days until the next service and other information. Researchers at Trend Micro discovered that an attacker more than twenty different parameters can be read out and the owner of the car from the SmartGuard system can exclude. To carry out the attack, an attacker must remain in the vicinity of the Wi-Fi network of the car and then crack the wifi password. That's according to the researchers, however, rather weak. Also, it is no problem to stay close to the Wi-Fi network. With a speed of up to 40 kilometers per hour they managed to crack the Wi-Fi network.

Reading the data even managed a speed of 120 kilometers per hour. The researchers argue that an attacker can modify the wifi settings and the user so can eliminate the system. Then it must return to the dealer to put make back its institutions. The researchers advise owners of a Skoda with SmartGate to put the wif-range at 10% and change the wifi password and network name. Skoda is advised to set the standard signal strong at 10% and an on / off switch SmartGate design. SmartGate would be present at least in the Octavia, Yeti and Superb.

Internet Again Exposed To Contaminated Ads


In recent weeks several popular websites appeared infected ads, making the potential for at least 10 million Internet users have run risk of infection. The actual number of people that the received ads to see infected and as a consequence thereof became infected is not known. The ads pointed to a copy of the Angler Exploitkit.

This exploitkit tries users silently through vulnerabilities in popular software such as Adobe Flash Player to infect with malware. It regularly happens that the ads or exploits are displayed only to visitors from certain countries. In case the infected advert appears the attack can only succeed if the visitor uses the attacked software or browser plug-in instance is not up to date.

The sites where the ads would appear according to statistics from security Cyphort SimilarWeb and get at least 10 million visitors per month. The most popular websites showing the infected ads were found in Vietnam, Greece, Indonesia and Thailand. Earlier this month, the ads were also found on the Japanese edition of the Huffington Post. Earlier this year warned Cyphort even for infected ads on popular websites. Even when it came to the Huffington Post.

British Government Warns Of Ransomware


The British government has Internet users warned of ransomware, cyber criminals now use the name of the Ministry of Interior and the Ministry of Justice to infect computers with malware. The emails claim to come from a ministry and contain a link or attachment that contains information about an upcoming lawsuit.

In reality it is the Torrent Locker ransomware that encrypts files on the computer and then asks for a sum in Bitcoin to decrypt them. The UK Government says that it does not send unsolicited emails and never in e-mails asking for personal information and passwords. Additionally point links in e-mails from the Interior Ministry always to government sites that begin with https and on one. gov.uk are domain.

Experts Denounce Sending USB Drives By Chrysler


Last week, carmaker Chrysler announced that the 1.4 million cars because of a vulnerability in the software recall. The vulnerability allows an attacker cars via the Internet partly control. So the brakes can be switched on and off and it is possible to turn off the engine.

Chrysler developed an update for the security vulnerability and offers now via three ways. Consumers can download the update itself and update the car software via a USB stick. This is now a comprehensive manual ( pdf ) appeared online. The second option is to return the car to the dealer who then installs the update. In addition, there is also a third possibility.Namely to allow sending a USB stick with the update.

And it is this last option that can count on criticism from security experts. "This is the dumbest action that I've heard in a long time," said Khalil Sehnaoui Krypton Security embarrassed about ZDNet . Also Tod Beardsley security company Rapid7 is not happy with the action. "Just a USB stick into the computer stabbing without knowing exactly where it comes from is a bad idea," he observes. He warns that teaching users that they have a USB stick that can confidence be sent by post creates a dangerous behavior and opens the door for criminals to take advantage of this.

Chris Kennedy of anti-fraud business Trustev takes the decision to send around USB sticks "incredibly irresponsible" and "unsafe". Kennedy is especially worried that the USB sticks be intercepted. Also on Twitter users react with amazement."Now is a good time to send USB sticks containing exploits for any Chrysler owners", as a late Twitterer know. Beardsley advises owners of Chrysler to go to a dealer. Since there are then at least one more track is that paper shows that there is a reliable party is searched. Chrysler states in response that the measure is selected to increase convenience for customers.

App Store And iTunes Exposed Significant Vulnerabilities: Relates To System Security



Security experts recently discovered a major flaw in Apple's iTunes App Store and invoice systems. An attacker who exploited this vulnerability could hijack sessions, the malicious manipulation of the invoice. Vulnerability Lab's security researcher Benjamin Kunz Mejri announced its discovery of this vulnerability this week. The major drawback is that the injection-side input validation web application vulnerabilities. The security researcher said in the announcement, can contribute to the flawed content features and services modules inject malicious script code through this vulnerability a remote attacker.

Mejri introduction represents an attacker could exploit the vulnerability approach is to replace the malicious script code to control the value of the invoice module name. If the device is in the Apple store to buy, the backend will use the name value to add coding control condition, which can generate an invoice before the invoice is sent to the seller. The consequences of this will lead to is to have the application side scripting code execution Apple invoice. The severity rating of the vulnerability is CVSS 5.8 (universal vulnerability rating system).

In addition the network attacker can also interact with other Apple applications store account users to control this vulnerability by continuing operating environment, irrespective of the user is the sender or recipient will not affect them take advantage of this loophole. The security researcher said invoice is available to sellers and buyers of both sides, this will give the buyer, the seller or the Apple web administrators / developers to bring great risk.

An attacker can also exploit this vulnerability to hijack user sessions, constantly launch phishing attacks, create links to external resources redirected lasting, influence or manipulation is connected to the service module.

After Mejri found the vulnerability in June 8 was the notification and coordination, then it would be for Apple's product security team issued a notice supplier, Apple after notification responded and feedback, Apple Developer Group provides repair After notice vulnerability, Vulnerability Laboratory was recently disclosed that they discovered this vulnerability.

Earlier this month, Apple's new version of iOS and OS X operating system, the existence of many security vulnerabilities were patched. In a security bulletin, Apple said they released the iOS 8.4 contains 20 multiple patches, the existence of remote code execution, the application terminates, encrypted traffic interception and other issues were corrected.

In these updates, the one called "Logjam" defects has been resolved. It is used in the Diffie-Hellman key exchange algorithm encryption vulnerabilities, the technology is widely used to share key and create a secure communication channel in the Internet protocol. That could allow hundreds of thousands of websites and servers using HTTPS exposed to the risk of theft and traffic is intercepted, and thus may be subject to-middle attack.

At least one of these issues will have a direct impact on Apple Watch. The problem exists in the application installation link, malicious applications can exploit the vulnerability Watch prevent application launch.

Proof of Concept



Tuesday, 28 July 2015

FBI Cyber Crime Forum Taken Offline Back Online


A popular forum for cyber criminals that two weeks ago by the FBI offline was removed has announced his comeback. In addition, the security will be tightened to thwart a new operation by investigators. Darkode the forum, according to the FBI an important place where criminals services, tools and exchange ideas to attack systems.

During an international operation where twenty countries participated were 70 Darkode members arrested, indicted or are still being sought. Including a trainee of security FireEye was arrested for activities at the forum. It was about to take offline a forum for cyber criminals largest international operation of investigative services.

Rentree

But the forum's administrator was not arrested and has now announced the comeback of Darkode. According to the administrator is the largest part of the administrators and other senior members are not picked up. The operation of the investigators would focus on new members or people who have long been nothing more with the "scene" had to do. The new version of Darkode will again be hosted through the Tor network and are by invitation only.

In addition, each member will receive their own onion address to visit the website. Thus have visited the administrators more control over who the website and offers more log information to identify informants for example. In addition, a user of the bitcoin-wallet will be linked to his account. Even if the user's account was hacked, an attacker can not use the account unless the private key of the user bitcoin wallet knows, reports Malware Tech .

Stop Using NSA Collected Phone Records


US intelligence NSA will stop on November 29 with the use of the telephone data collected in recent years through mass surveillance in the United States. Just recently, the US Senate Section 215 of the Patriot Act not to renew . Through this legislation, the NSA was authorized to store massive call data of American citizens and preserve.

In a statement, the Director of National Intelligence now announced that data from November 29 will no longer be used.However, technical staff of the NSA will have three months long to access the data. This would be necessary in order of data which may be collected to verify the new USA under Freedom legislation.

In addition, the NSA would be legally bound to keep the bulk of the collected telephone records, until civil proceedings are related to the eavesdropping program completed or that the court states that the NSA's data no longer need to keep.According to the NSA Data is maintained only because of the civil proceedings and will not be used for other purposes. The data will eventually be destroyed, so the Secret Service says.

Stephen Hawking Fears Military Deployment Artificial Intelligence


Stephen Hawking, Elon Musk, Steve Wozniak, and many other eminent researchers and scientists have an open letter published and signed in which they warn about the military use of artificial intelligence. According to experts, artificial intelligence reaches a point where the use of such systems within a few years is a reality.

If it is mentioned both advantages and disadvantages to the use of artificial intelligence by the army. The replacement of human soldiers by robots could reduce the number of human victims, but can on the other hand, the threshold to start a war decrease. The experts fear that a global competition arises in the development of artificial intelligence for military purposes.

Once a military world power will develop artificial intelligent weapons others will follow. Autonomous weapons will therefore be the Kalashnikovs tomorrow, according to the experts. Unlike nuclear weapons autonomous weapons would be easy to produce and do not require expensive materials. It would also only a matter of time before they get into the hands of terrorists, dictators and warlords.

Autonomous weapons, according to the experts also ideal for conducting attacks, destabilise countries, suppressing the population and the selective killing of ethnic groups. Therefore, a military race in artificial intelligence is not in the interest of humanity, so they warn. The experts conclude the letter off by saying that artificial intelligence has great potential for humanity, but that this is not militarily, and therefore should be banned in an autonomous weapons.

Handy Privacy Tips For Firefox Users


Firefox includes many extensions to block trackers on the Internet and to protect the privacy of users, but the browser also sends itself data to third parties. Reason for a GitHub user to a list to the privacy options that adapt themselves through the browser.

This concerns issues such as Safe Browsing, collect statistics by Mozilla, the built-DRM plug-in, Firefox Hello, Pocket-integration WebRTC and geolocation. Sometimes users need to balance security and privacy. As Firefox exchanges via Google Safe Browsing information with Google in order to protect users from phishing sites and malware. Disabling this option can also be a security risk.

It also appears that Firefox Hello, a tool for video calls via the browser, connect to the servers of ISP Telefonica, without asking for your permission. In the case of the Pocket-integration, it is a connection to a third party to manage a list of articles read. In addition, users advised to search suggestions from the search box from the switch, since everything that is sent is typed into the search box defaults to the preset engine.

1900 Roku Media Streamers Accessible Via The Internet


Around 1,900 Roku media streamers are publicly available on the Internet, while this probably is not the intention of the owners. The Roku is actually a small computer for streaming media such as music and movies to a television and especially in the US very popular .

The device features an API (application programming interface) to be controlled via a smartphone. This is to not use any form of authentication. The idea behind the API is that it is applied locally use only and can not be accessed over the internet.Recently discovered a researcher to incorrectly set Roku media streamers are indeed accessible via the internet and that anyone who can give commands via the API.

John Matherly search engine Shodan therefore decided to scan the Internet, the number of Roku media streamers which is accessible via the web. His scan yielded some 1,900 devices. Matherly according to the number, however, differ depending on the time zone that the scan is performed. Using the scan was also discovered which several Roku media streamers are using it, which versions are installed, Netflix is the most popular channel and that many users do not update the apps and channels on their device.

Serious Leak Was Hijacking Steam Accounts Child



A serious vulnerability in the popular gaming service Steam ensured that users' accounts this weekend could be hijacked by childishly simple way. The only thing that an attacker would need to gain access to an account was user of the user name.

The vulnerability was in the password reset function. When changing a password, please send Valve, the developer of Steam, a code to the email address of the user. This code must be entered before the password can be changed. However, a bug meant that this code was not necessary. An attacker who did not fill in the code could just click Continue, and then reset the password and gain access to the account, such as this video shows.

Bug

Valve late in a response to gaming website Kotaku know that it was a "bug" and the problem was discovered on July 25.Meanwhile, the bug would be fixed. To protect users of all of the accounts with "suspicious password changes" the password will be reset. Users in this case will receive an email with a new password. In addition, Valve states that accounts using Steam Guard, the two-factor authentication of the gaming service, attackers could also log if it was changed password.

Steam has 125 million users worldwide. Through the platform, users can buy all sorts of games and digital objects. Some research argue that sold 75% of all PC games through Steam. Steam Accounts with many games or digital goods are also a favorite target. How many users it has been hijacked account is unknown, but on Reddit let readers know that several known players, the victim became.

Malware Steals Data From Offline Computer Via Mobile Phone



























Researchers have developed malware with which it is possible to go from computers that are not connected to the Internet to steal its data. Air-pinch, such as disconnecting systems is referred to the Internet, is a popular method for securing systems in critical environments.

Yet these systems are also at risk, according to researchers at the Cyber ​​Security Research Center at Israel's Ben-Gurion University. They developed a way in which a mobile phone can be used to steal data from a computer. To carry out the attack requires that both the computer and mobile phone with malware are infected. The " GSMem malware "the researchers let the memory of the computer act as an antenna and then send via GSM frequency data to the infected phone.

On the other hand, the phone must have been infected with a rootkit that researchers call the "Receiver Handler". This malware to be installed in the firmware of the mobile phone. The GSM malware could be installed via physical access or by intercepting the machine during the delivery process. To install the rootkit was social engineering, a malicious app or physical access can be used. The amount of data that can be stolen is limited in this way. It is enough to steal passwords and encryption keys in about two minutes, reports Wired .

By using a separate receiver can be collected at a distance of 30 meters much more data. In environments where air-gapped computers are used, it may be illegal to use a smartphone, but are simple devices allowed. Therefore, researchers developed the malware works on simple mobile phones. However, they expect a smartphone with better results and this will also be testing in the future. During the Usenix Security Symposium in Washington next month, the researchers will provide more details on their attack.

Monday, 27 July 2015

Millions Of Android Phones Vulnerable By New Leak



Researchers have discovered a serious vulnerability in Android which makes it possible to gain access to devices simply by sending an MMS message. Then an attacker can steal information, read emails, activate the microphone and perform other tasks. The vulnerability is in Stage Fright, a media library that handles various popular media formats.

Security Zimperium discovered vulnerability in the Android part, that the self worst Android leak calls so far. An attacker only needs namely to send an MMS message to execute code on the device. It is thereby even possible to remove the message before the user gets to see it. Only the acknowledgement is all that is visible. The researchers warn that the vulnerability is very serious, because there is no interaction from the victim is required.

Estimates suggest that 950 million Android devices running risk. The problem is particularly acute among Android versions Jelly Bean, which is about 11% of all Android devices. Zimperium warned Google that has already rolled out patches for Android. In many cases, telecoms providers and manufacturers are, however, responsible for distributing updates to their users and the security company also fears that it may take a long time before everyone is protected.

Two manufacturers, however, are a positive exception. Meanwhile the Black Phone Silent Circle is patched and Mozilla Firefox is protected from the issue. At the upcoming Black Hat conference in Las Vegas will have more details about the vulnerability are announced.

Microsoft Tool Blocks Unwanted Windows 10 Updates


Microsoft Windows 10 Home front will roll out updates automatically among users and is the standard no longer possible to block certain updates or drivers, like other Windows versions is the case. And that can be a problem if, for example faulty drivers or updates are rolled out via the automatic update mechanism.

Nevertheless, users do not blindly accept all the updates because Microsoft has recently been a " troubleshooter package released "to block unwanted updates. The troubleshooter provides an interface for showing and hiding updates and drivers.Once a user or an unwanted update driver has been removed which will no longer be available after installing the troubleshooter. In the description of Microsoft is that the tool is for the Windows 10 Preview, but Windows Follower Ed Bott notes that the troubleshooter, based on the latest test version of the Windows 10 Preview, including the final version will work.

Secure FTP Server Vsftpd Improves SSL Support


For users of FTP (File Transfer Protocol) which further improves safe way to exchange files existed for some time the FTP server "vsftpd" and the latest version is the support for SSL. By default, files and log data is not encrypted when using FTP. An attacker can eavesdrop on the connection can thus discover a range of data.

Chris Evans , head of Google Chrome Security Team, developed a few years ago why vsftpd, which stands for very secure FTP daemon . According to Evans vsftpd is "probably the safest and fastest FTP server for UNIX-like systems." If the FTP server supports SSL. Therefore, it is possible to log in encrypted on vsftpd-servers and to exchange data. The latest version of vsftpd was dated September 18, 2012, but now there's a new version appeared.

Therein Evans has further enhanced SSL support and various measures aimed at preventing attacks. There is also support for Elliptic Curve Diffie-Hellman (ECDH) added. According to Evans is the use of SSL, in combination with FTP still "tricky" and are not yet solved all of the problems 100%. Nevertheless, a combination of the latest version of the FTP client FileZilla with vsftpd a good start for users who need to use FTP over SSL, as he notes.

Sunday, 26 July 2015

Fraudulent Mobile Ads Consume Gigabytes Of Data



Fraudulent apps for both Android, iOS and Windows Mobile posing as popular games allow devices actually charging thousands of ads a day, without users having this in the first instance. However, the applications run continuously in the background, may consume gigabytes of data, ensure that the battery previously absorbed and are able to download more than 16,000 ads per day.

Then there are simulated random clicks on the ads, which get the developers of the paid apps. Average would be the apps on a device 700 ads download per hour, which amounts to 16 800 ads per day. It consumes about 2GB of data. Globally, there are more than 12 million devices with rogue apps are infected.

According to the US Forensiq have rogue apps produced last year for $ 857 million in damages and this year will be $ 1 billion to be passed. It should be noted that Forensiq a company engaged in the fight of advertising and click fraud. Google has already removed several of the rogue apps from Google Play, but would not say how many, reports AdvertisingAge .

US Government Attacked Via Flash Player Flaw


Several agencies of the US government in June and July attacked via a Flash Player vulnerability that was discovered by the Italian Hacking Team and true at the time of the attacks had no patch yet, says the FBI. Details about the vulnerability were found in the data that were stolen from the Italian surveillance company. However, the break-in at Hacking Team was made ​​public on July 6.

Now, according to information from the FBI's Flash Player flaw had been since June 8 by assailants known and actively used to penetrate US government agencies. Previously had anti-virus company Trend Micro already know that the vulnerability before the disclosure in targeted attacks against targets in Korea and Japan had begun, namely July 1 . The FBI goes in the case for the attacks against US government agencies for two campaigns which probably gathering information aim.

Campaigns

The first phishing campaign took place on 8, 9 and 11 June, the second was observed on July 8, according to a warning that spread the FBI and by Public Intelligence online ( pdf is put). Both attacks emails were sent with a link. The link pointed to an exploit that took advantage of the vulnerability in Flash Player. The attack on July 8, the FBI more information mentioned in the warning. Thus, the government received a spear phishing e-mail with a link to a PDF document. When users opened a website loaded there the link containing JavaScript code. This code then loaded a malicious Flash file that vulnerability in Flash Player attacked to infect your computer with malware.

The spear phishing emails had different topics such as 'BBW Analysis report - 2015', 'Tomorrow Morning New Starts', "Perry Dale Club for Leadership: Financial Literacy 101", "FAS Analysis Report - 2015", "AEP Energy Program Update: 2015 Program Year Kick Off ',' Review Link "and" PLS Account A42660861. All spear phishing emails that were submitted in July had the same sender. The timing of the attack in July is remarkable, because on July 8 wrote poetry namely the vulnerability in Adobe Flash Player version 18.0.0.194 and earlier on an emergency patch . In the warning, the FBI also recorded several IP addresses and domains that were used by the attackers and can help detect a possible attack.

Apple Allows Users To Rogue Pop-Up Blocker In iOS 9


Apple has added a feature to iOS Safari 9 which allows users to block malicious pop-ups. IOS users for some time been the target of fraudulent pop-ups that occur as crash reports. The popups use JavaScript to ensure that they do not close on a normal way.

In the so-called crash message is called to call a specific phone number. The number of telephone scammers then ask users amounts of between 40 and 70 euros for solving the "problem". On the Apple forum in recent months dozens of topics and responses to find the people who report to see were . Users who have to deal with the pop-up to close Safari by tapping twice on the home button and then clear the browser history, as Apple on this page explains.

In iOS 9 However, it will also be possible to block pop-ups, as discovered Mac developer Rosyna Keller in the beta version of iOS 9. The Finnish anti-virus firm F-Secure affirms that pop-ups with fraudulent JavaScript indeed simple be closed. All expected to appear iOS 9th September.

Saturday, 25 July 2015

Chrysler Raises 1.4 Million Cars Back Because Of Vulnerability



Carmaker Chrysler raises some 1.4 million cars and trucks back because of a vulnerability in the software that allow attackers over the internet can access the vehicles. It is then possible to switch on the brakes, to turn off and to turn off the motor at low speeds.

The vulnerability was by researchers Charlie Miller and Chris Valasek discovered . The problem is in Uconnect, a component that gives the cars online capabilities and that the entertainment and navigation are operable. The functionality even offers a wifi hotspot and makes phone calls possible. Uconnect allows anyone with a vehicle connection as long as the IP address of the car is known.

After the connection was made with a car, the researchers succeeded in order to adapt the firmware of the system. This custom firmware can then send instructions via the internal network of the car to the physical components such as the engine and the wheels.

Recall

After Chrysler nine months ago was informed, was the manufacturer on July 16 with a security update . The update must be installed via a USB stick by car owners. The fear was that many owners would not do this. Therefore Chrysler now launched a voluntary recall, let the manufacturer through their own website to know. It is about 1.4 million vehicles. According to Chrysler there are no attacks still in the "wild" that have been observed using the vulnerability.

The problem is present in the MY Dodge Viper and different models of RAM pickup, the Jeep Grand Cherokee and Cherokee SUVs, Dodge Durango SUVs, different My Chrysler and Dodge Charger sedans and Dodge Challenger sports coupe.Customers of an affected vehicle will have received a USB device that they can use to upgrade the car software. The upgrade not only resolves the vulnerability, but also adds additional security measures, according to Chrysler.

FBI Warns Businesses For Extortion Through DDoS Attacks



The FBI has warned businesses through extortion DDoS attacks on their websites, as these attacks take place more often. The past few months have also several security companies to this form of extortion warned .

The attacks are carried out by a group that DD4BC (DDoS for Bitcoin) names and since last July is active. The FBI warning that Public Intelligence published ( PDF ), the group is not mentioned, but the method does is mentioned is identical. There is first a DDoS attack on the website of the company which usually takes place about an hour and has a size of 20 to 40 Gbps.You then send an e-mail with the demands of the attackers. That require an amount to be paid in bitcoin.

If the victim does not meet the requirements there will be a powerful DDoS attack within 24 hours, which lasts an hour and again has a size of 40 to 50 Gbps. This attack is succeeded by a warning. According to the FBI know most attacked companies to turn down the DDoS attacks by enabling the anti-DDoS services from third parties instead of paying the ransom. Where the attackers had first mainly on gambling sites provide, since April this year, other sectors targeted and larger amounts are required.

Red Hat Patches Leak That Gave Local Users Root Privileges


Red Hat has released security updates for two vulnerabilities allowing a local user to the file / etc / passwd could adapt and root privileges could get. The vulnerabilities are in the libuser library, which is standard on all Red Hat-derived Linux distributions is present.

During an internal investigation discovered security company Qualys different libuser-related vulnerabilities. The first vulnerability is present in the "user helper" and a local user allows to edit the file / etc / passwd. This would be possible to cause a local denial of service. Qualys does not exclude that it is possible for a local user to gain root privileges on the system, but to make the company failed an exploit that realizes this. That did succeed with a second leak in libuser itself.This allows a local user to gain root privileges.

Red Hat released yesterday updates to the vulnerabilities of, after being informed in advance. However, there is a commotion about the publication of Qualys. The company would information about the vulnerabilities, including exploits, published before the Red Hat updates to users could be deployed. Something for discussion on the oss-sec mailing list and Reddit made.

No New Data Ashley Madison Users Put Online


Several media reports that the attackers behind the hack of Ashley Madison information of users have put online, but it is the same data that Sunday had already been made ​​public. Attackers then made ​​known to the data of over 37 million users had captured, as well as all kinds of business data of a site for cheaters.

The attackers threatened to remove all data online as Ashley Madison has not been taken off the air. The website is still online. Still, the threat has not yet been implemented and there are no new data made public. In announcing the hack data from two users were mentioned. It is the real name, username, registration date, complete address, email address, sexual fantasies, desires and password hash of an American man.

In the case of the second user it comes to someone from the "full delete" function had used. This option allows users of the website for $ 19 it removed their profile. However, the purchase details have been preserved, said the attackers. In this case it is the user's name, address and sexual fantasies. His username, password hash and email address are not mentioned.Ashley Madison is a website for people who want to cheat. Because of the incident, the website decided users free of charge to raise their profile.

Speed ​​Network For Internet Anonymously Unveiled


Scientists have unveiled a high-speed network that users can go online anonymously and that mass surveillance will be available. The network is called HORNET ( pdf ), which stands for High Speed ​​Onion Routing at the Network Layer. Because the running at the network layer, there are, according to the scientists, all kinds of applications are possible. To protect the privacy of users is made ​​use of symmetric cryptography. It does this in a way that HORNET nodes, the computers where the network consists of, can process at a rate of 93GB / s traffic.

At present, there are already several solutions for Internet users to protect their anonymity on the Web, such as the Tor network, which has over 2 million users a day. The speed of the Tor network can not be perfect. According to scientists, is well suited for Tor anonymous communication, but its scalability and network performance problems. The more people Tor to use, the more nodes are to be added in order to maintain the speed of the network.

The scientists therefore looked for a solution that did scalable. In doing so HORNET agreements with Tor (The Onion Router).They both use onion routing, where traffic runs on multiple nodes to protect the identity of users. In the case of HORNET have to store the nodes in the middle of the network, less information about the connection, so that they can exchange traffic faster in theory. For the time being, however, the only paper in which the scientists describe the new anonymity network.

Cyber ​​Spies Added Linux Support To Allow Malware



A group of cyber spies who is held responsible for attacks on the Belgian government , the White House and a variety of other businesses , government agencies and institutions in Europe and the United States has developed new malware that also features Linux support.

The group is "Duke" and has been active for several years. Recently, a new instance of malware from the group discovered called "Seaduke". It is a Trojan designed to steal information and will be used against a small number of valuable objectives.According to both Symantec and Palo Alto Networks involves highly sophisticated malware.

Linux

Finland's F-Secure analyzed the malware and also saw that the Trojan is written in Python and supports both Windows and Linux. According to the virus fighter Seaduke is the first "cross-platform" malware of the Duke group. The first thing is to use the popular scripting language Python. Earlier malware cyber spies were written in the programming languages ​​C and C ++. In addition, the Python code for both Windows and Linux proves to be developed. "We therefore suspect that the Duke group same Python code Seaduke used to attack Linux users," says researcher Artturi Lehtiƶ.

Lehtiƶ leaves in front Security.NL know that there are no attacks against Linux users in the "wild" are found. "But it is safe to assume that they have added Linux support to the use," he notes. The question remains how Linux users would be attacked.The Duke group, for example, used a funny movie monkeys to attack Windows users, which in reality was an exe file. There are PDF documents containing exploits for vulnerabilities in Adobe Reader used to infect computers with malware.

Adding Linux support to malware is not new. Earlier this year it was discovered another group of cyber spies who had done this. The group decided to use social engineering to infect Linux users. Attacked users received a rogue HTML5 plugin offered which turned out to be in reality spyware.