Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

Chinese Hacker Group Targets Air-Gapped Networks 71

Posted by samzenpus
from the minding-the-gap dept.
itwbennett writes An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye, which released a 69-page technical report on Sunday on the group. FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.
Google

Google Is Too Slow At Clearing Junkware From the Chrome Extension Store 45

Posted by timothy
from the imperfect-world dept.
Mark Wilson writes Malware is something computer users — and even mobile and tablet owners — are now more aware of than ever. That said, many people do not give a second thought to installing a browser extension to add new features to their most frequently used application. Despite the increased awareness, malware is not something a lot of web users think of in relation to extensions; but they should.

Since the beginning of 2015 — just over three months — Google has already received over 100,000 complaints from Chrome users about 'ad injectors' hidden in extensions. Security researchers have also discovered that a popular extension — Webpage Screenshot — includes code that could be used to send browsing history back to a remote server. Google is taking steps to clean up the extension store to try to prevent things like this happening, but security still needs to be tightened up.
Android

Google: Less Than One Percent of Android Devices Are Affected By Harmful Apps 91

Posted by Soulskill
from the two-nines-security dept.
jfruh writes: One of the selling points of iOS is that its more restrictive nature makes it more secure. But even though it's easier for users to accidentally install malicious apps on Android, data collected by Google (PDF) indicates that less than one percent of Android users have actually done so. Quoting: "During October 2014, the lowest level of device hygiene was 99.5% and the highest level was 99.65%, so less than 0.5% of devices had a Potentially Harmful Application (PHA) installed (excluding non-malicious Rooting apps). During that same time period, approximately 0.25% of devices had a non-malicious Rooting application installed. ... Worldwide, excluding non-malicious Rooting applications, PHAs are installed on less than 0.1% of devices that install applications only from Google Play. Non-rooting PHAs are installed on approximately 0.7% of devices that are configured to permit installation from outside of Google Play. Additionally, the second graph shows devices with any PHA (including Rooting applications). Rooting applications are installed on about 0.5% of devices that allow sideloading of applications from outside of Google Play."
Firefox

MP3 Backend of Firefox and Thunderbird Found Vulnerable 60

Posted by samzenpus
from the protect-ya-neck dept.
jones_supa writes A critical vulnerability has been found in the MPEG-1 Layer III playback backend of Mozilla Firefox and Thunderbird. Security researcher Aki Helin reported a use-after-free scenario when playing certain audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. A maliciously crafted MP3 file can lead to a potentially exploitable crash. Linux is the only affected platform, so Windows and OS X users are safe from this particular vulnerability.
Electronic Frontier Foundation

EFF Questions US Government's Software Flaw Disclosure Policy 18

Posted by Soulskill
from the we'll-do-that-at-least-once-in-the-past-decade dept.
angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"
Botnet

Ask Slashdot: Who's Going To Win the Malware Arms Race? 155

Posted by Soulskill
from the not-you-and-not-me dept.
An anonymous reader writes: We've been in a malware arms race since the 1990s. Malicious hackers keep building new viruses, worms, and trojan horses, while security vendors keep building better detection and removal algorithms to stop them. Botnets are becoming more powerful, and phishing techniques are always improving — but so are the mitigation strategies. There's been some back and forth, but it seems like the arms race has been pretty balanced, so far. My question: will the balance continue, or is one side likely to take the upper hand over the next decade or two? Which side is going to win? Do you imagine an internet, 20 years from now, where we don't have to worry about what links we click or what attachments we open? Or is it the other way around, with threats so hard to block and DDoS attacks so rampant that the internet of the future is not as useful as it is now?
Books

Book Review: Future Crimes 27

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review.
Advertising

How Malvertising Abuses Real-Time Bidding On Ad Networks 113

Posted by samzenpus
from the rotten-apples dept.
msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.
China

Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From Chinese Government 116

Posted by Soulskill
from the year-of-the-ddos dept.
An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."
Security

Big Vulnerability In Hotel Wi-Fi Router Puts Guests At Risk 40

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Guests at hundreds of hotels around the world are susceptible to serious hacks because of routers that many hotel chains depend on for their Wi-Fi networks. Researchers have discovered a vulnerability in the systems, which would allow an attacker to distribute malware to guests, monitor and record data sent over the network, and even possibly gain access to the hotel's reservation and keycard systems. The vulnerability, which was discovered by Justin W. Clarke of the security firm Cylance, gives attackers read-write access to the root file system of the ANTlabs devices. The discovery of the vulnerable systems was particularly interesting to them in light of an active hotel hacking campaign uncovered last year by researchers at Kaspersky Lab. In that campaign, which Kaspersky dubbed DarkHotel.
Education

NJ School District Hit With Ransomware-For-Bitcoins Scheme 167

Posted by timothy
from the so-is-there-a-downside? dept.
An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.
Hardware Hacking

Hack Air-Gapped Computers Using Heat 123

Posted by timothy
from the oh-baby-you're-so-communicative dept.
An anonymous reader writes Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called "BitWhisper," which enables two-way communications between adjacent, unconnected PC computers using heat. BitWhisper bridges the air-gap between the two computers, approximately 15 inches apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner. Also at Wired.
Security

LightEater Malware Attack Places Millions of Unpatched BIOSes At Risk 83

Posted by timothy
from the nothing's-perfect dept.
Mark Wilson writes Two minutes is all it takes to completely destroy a computer. In a presentation entitled 'How many million BIOSes would you like to infect?' at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments. The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.
Windows

OEMs Allowed To Lock Secure Boot In Windows 10 Computers 362

Posted by Soulskill
from the feel-free-to-do-whatever-we-want-with-your-new-computer dept.
jones_supa writes: Hardware that sports the "Designed for Windows 8" logo requires machines to support UEFI Secure Boot. When the feature is enabled, the core software components used to boot the machine are verified for correct cryptographic signatures, or the system refuses to boot. This is a desirable security feature, because it protects from malware sneaking into the boot process. However, it has an issue for alternative operating systems, because it's likely they won't have a signature that Secure Boot will authorize. No worries, because Microsoft also mandated that every system must have a UEFI configuration setting to turn the protection off, allowing booting other operating systems. This situation may now change. At its WinHEC hardware conference in Shenzhen, China, Microsoft said the setting to allow Secure Boot to be turned off will become optional when Windows 10 arrives. Hardware can be "Designed for Windows 10," and offer no way to opt out of the Secure Boot lock down. The choice to provide the setting (or not) will be up to the original equipment manufacturer.
Piracy

Microsoft Says Free Windows 10 Upgrades For Pirates Will Be Unsupported 193

Posted by samzenpus
from the you-are-dead-to-me dept.
An anonymous reader writes with this story about some of the fine print to Microsoft's offer of Windows 10 upgrades to pirates. "When Microsoft confirmed it will offer free Windows 10 upgrades to pirates worldwide, many were shocked. VentureBeat has been trying to get more details from the company, which disclosed today that after PCs with pirated copies of Windows 7 and Windows 8.1 are upgraded to Windows 10, they will remain in a 'non-genuine' status and Microsoft will not support them. 'With Windows 10, although non-genuine PCs may be able to upgrade to Windows 10, the upgrade will not change the genuine state of the license,' a Microsoft spokesperson told VentureBeat. 'Non-genuine Windows is not published by Microsoft. It is not properly licensed or supported by Microsoft or a trusted partner. If a device was considered non-genuine or mislicensed prior to the upgrade, that device will continue to be considered non-genuine or mislicensed after the upgrade. According to industry experts, use of pirated software, including Non-genuine Windows, results in a higher risk of malware, fraud — identity theft, credit card theft, etc. — public exposure of your personal information, and a higher risk for poor performance or feature malfunctions.' Yet this doesn't provide enough answers. After a pirate upgrades to Windows 10 for free, does this 'non-genuine' version expire and become unusable after a certain period of time? Does no support mean no security updates for pirates?"
Security

Persistent BIOS Rootkit Implant To Debut At CanSecWest 120

Posted by timothy
from the deep-in-the-tunnels dept.
msm1267 writes Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.

Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.
United Kingdom

UK's GCHQ Admits To Using Vulnerabilities To Hack Target Systems 57

Posted by timothy
from the but-we're-your-friends dept.
Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."
Microsoft

Microsoft Blacklists Fake Finnish Certificate 29

Posted by timothy
from the so-that-would-be-a-veneer dept.
jones_supa writes Microsoft has issued a warning that a fraudulent SSL digital certificate has been issued in the name of a Finnish version of its Windows Live service. Although the company says it has revoked the certificate, security experts warn that older software may continue to "trust" the known bad certificate for months or even years, and that attackers could use it to trick users into running malware. "Microsoft is aware of an improperly issued SSL certificate for the domain 'live.fi' that could be used in attempts to spoof content, perform phishing attacks or perform man-in-the-middle attacks," Microsoft says in a March 16 security alert. "It cannot be used to issue other certificates, impersonate other domains or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."
Security

Researchers Find Same RSA Encryption Key Used 28,000 Times 132

Posted by timothy
from the well-if-it-workef-for-that-guy dept.
itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.
Security

Ex-NSA Researcher Claims That DLL-Style Attacks Work Just Fine On OS X 93

Posted by timothy
from the it's-a-feature dept.
An anonymous reader writes Ex-NSA and NASA researcher Patrick Wardle claims to have developed a reliable technique of Shared Library replacement which renders Apple's OSX operating system just as vulnerable to exploitation as Windows has been (via its 'DLL' shared libraries) for years. Speaking at CanSecWest, Wardle explained that Apple's refusal to encrypt software downloads via its App Store allows an attacker on the same network to inject a malicious 'dylib' (shared library) without altering the hash of the legitimate-but-vulnerable software, thereby leaving the Developer ID signature intact. Wardle ran a crafted Python script on a typical Mac and discovered 150 dylib-dependent applications, including Apple's own Xcode developer environment — revealed last week by Edward Snowden to be a priority target for the NSA due to its ability to propagate compromised software.