54847911
submission
msm1267 writes:
The NSA uses its XKeyscore spying tool to find Windows Error Reporting crash reports, which are sent in the clear to Microsoft. The information is used to fingerprint machines for compromise, and is a treasure trove of system and application data for not only the spy agency, but for hackers as well who may have compromised an upstream proxy or ISP.
The best countermeasure, since the feature is on by default post-Windows XP, is a change to a Group Policy setting that forces that initial transmission to be encrypted. However, 80 percent of the billion-plus Windows machines on the plant, participate in the program and send this sensitive data in the clear.
54846717
submission
DavidGilbert99 writes:
“The shadowy Darknet then will be the only truly world-wide web” — this is the view of Alexander Gostev, chief security expert at Kaspersky Lab who believes the fallout from Edward Snowden's leaks may lead at some point to the "collapse of the current Internet, which will break into dozens of national networks."
54755977
submission
JoeyRox writes:
The recent decline in Facebook's popularity with teenagers appears to be worsening. A Global Social Media Impact study of 16 to 18 year olds found that many considered the site "uncool" and keep their profiles alive only to keep in touch with older relatives, for whom the site remains popular. Researches say teens have switched to using WhatsApp, Snapchat, and Twitter in place of Facebook.
54753161
submission
msm1267 writes:
eBay users remain vulnerable to account hijacking nearly five months after it was initially informed of a cross-site request forgery flaw by a U.K. security researcher. Ebay has three times communicated to the researcher that the code causing the XSRF situation has been fixed, but it still remains vulnerable to his exploit.
The attack allows a hacker who lures a victim to a website hosting the exploit to change the user's contact information necessary to perform a password reset. The hacker eventually is able to log in as the victim and make purchases on their behalf.
54305581
submission
msm1267 writes:
Users of Apple’s Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions.
The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file called a Property list, or plist, file. The plist files, a researcher with Kaspersky Lab’s Global Research and Analysis Team said, are stored in a hidden folder, but hiding them in plain sight isn’t much of a hurdle for a determined attacker.
“The complete authorized session on the site is saved in the plist file in full view despite the use of https,” said researcher Vyacheslav Zakorzhevsky on the Securelist blog. “The file itself is located in a hidden folder, but is available for anyone to read.”
54162003
submission
msm1267 writes:
As expected, Microsoft did today patch a zero-day in its GDI+ graphics component (MS13-096) reported more than a month ago after exploits were spotted in the wild. The fix was one of 11 security bulletins—five critical—released as part of the December 2013 Patch Tuesday security updates.
While there were five critical bulletins released today, experts urge IT administrators to also prioritize an ASLR bypass vulnerability that was patched today and rated “important” by Microsoft.
MS13-106 takes care of an Office vulnerability that is being exploited in the wild, Microsoft said. Attackers hosting a malicious exploit online can trigger the vulnerability in the hxds.dll that enables a bypass of ASLR or Address Space Layout Randomization, a security feature in Windows that mitigates memory corruption exploits.
53943387
submission
msm1267 writes:
A weakness has been discovered in the reflective cross-site scripting filter present in Internet Explorer since IE 8 that could enable an attacker to trick the browser into executing malicious code as trusted. The problem going forward is twofold: everything occurring in the bypass method is accepted as part of the official HTML standard going back at least 15 years; and Microsoft said it will not work on a fix for the flaw.
53888877
submission
msm1267 writes:
Noted cryptographer Matthew Green of Johns Hopkins University proposed a number of practical and elaborate scenarios explaining how SSL could be subverted or suborned. He also suggests that there’s no time like the present to get away from RSA keys and consider alternatives such as perfect forward secrecy and even Elliptic Curve Cryptography.
53880661
submission
judgecorp writes:
A trove of two million passwords for online services has been found, collected by a botnet running the Pony malware. There are a lot of Facebook credentials in the stash, and security expert SpiderLabs observes that all too many of the passwords are "terrible".
53776197
submission
msm1267 writes:
CryptoLocker infections are up, and that makes security analysts nervous. One Boston-area forensics expert, however, may have found a way to shave down some recovery time after a recent infection at his company. Using a couple of available tools, he found clues in the NTFS Master File Table that led him to the specific files encrypted by CryptoLocker, meaning he had to restore only gigabytes of data versus terabytes.
53428421
submission
msm1267 writes:
A lingering security issue in Ruby on Rails that stems from a setting in the framework’s cookie-based storage mechanism is still present in almost 2,000 websites.
Sites using an old version of Ruby on Rails that relies on CookieStore, the framework’s default cookie storage mechanism, are at risk. CookieStore saves each user’s session hash in the cookie on the client side, something that keeps each cookie valid for life. This makes it possible for an attacker to glean a user’s log-in information – either via cross-side scripting or session sidejacking – and log in as them at a later date.
53338455
submission
msm1267 writes:
An attack platform has been discovered in espionage attacks against Asian automotive makers and activists in the region. The platform has been around for a few years, but has gone undetected because the platform itself is relatively benign until it's dropped onto the victim's machine and opens a backdoor connection to the hacker's infrastructure.
The attacker can then, under layers of encryption, upload diverse attack tools such as keyloggers, remote shells, file upload and download capabilities and steal data or credentials from the victim.The attack also makes use of the now-familiar CVE-2012-0158 vulnerability, using infected Office documents trigger the remote code execution flaw in Windows.
53173415
submission
msm1267 writes:
The Mevade botnet made news when it was found to be using the Tor anonymity network to communicate with its command and control infrastructure. Running C&C on Tor, however, turned out to be a fatal mistake when Tor usage spiked alerting administrators to the unusual activity.
A group of Russian criminals apparently were paying attention to what happened to Mevade and are using a different darknet called I2P, or Invisible Internet Protocol, as a communication protocol for new financial malware called i2Ninja.
Researchers at Trusteer monitoring a Russian malware forum spotted i2Ninja, which seems to be run-of-the-mill financial malware that includes HTTP injection capabilities, email , FTP and form grabbers. The twist on this one is that it uses I2P to send stolen credentials back to the attackers, and it promotes 24/7 support as a differentiator.
53145387
submission
msm1267 writes:
Attackers are using route injection attacks against BGP-speaking routers to insert additional hops in the traffic stream, redirecting traffic to third-party locations where it can be inspected before it’s sent to its destination.
Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure.
53143775
submission
puddingebola writes:
Toyota has announced plans for a fuel cell powered car at the Tokyo Motor show. From the article, "Satoshi Ogiso, the Toyota Motor Corp. executive in charge of fuel cells, said Wednesday the vehicle is not just for leasing to officials and celebrities but will be an everyday car for ordinary consumers, widely available at dealers. "Development is going very smoothly," he told The Associated Press on the sidelines of the Tokyo Motor Show. The car will go on sale in Japan in 2015 and within a year later in Europe and U.S." I couldn't find any further details in searches.
