Forgot your password?
typodupeerror

+ - Microsoft Settles with No-IP After Malware Takedown

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "It’s been a weird couple of weeks for Microsoft. On June 30 the company announced its latest malware takedown operation, which included a civil law suit against Vitalwerks, a small Nevada hosting provider, and the seizure of nearly two dozen domains the company owned. Now, 10 days later, Microsoft has not only returned all of the seized domains but also has reached a settlement with Vitalwerks that resolves the legal action.

Some in the security research community criticized Microsoft harshly for what they saw as heavy handed tactics. Within a few days of the initial takedown and domain seizure Microsoft returned all of the domains to Vitalwerks, which does business as No-IP.com. On Wednesday, the software giant and the hosting provider released a joint statement saying that they had reached a settlement on the legal action.

“Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services,” the companies said in a joint statement.

“Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.”"

+ - "Evolution = Satan" part of Atlanta Public Schools' Biology Curriculum->

Submitted by McGruber
McGruber (1417641) writes "The young journalists at The Southerner (http://thesoutherneronline.com), the student newspaper at Grady High School in Atlanta, Georgia, recently broke the news that creationism and other Christian religious views are incorporated into the Biology curriculum used by the City of Atlanta Public Schools. As the newspaper put it (http://thesoutherneronline.com/frontpage/?p=29658):

A PowerPoint shown to a freshman biology class featured a cartoon depicting dueling castles, one labeled “Creation (Christ)” and the other labeled “Evolution (Satan).” Balloons attached to the evolution castle were labeled euthanasia, homosexuality, pornography, divorce, racism and abortion...... The PowerPoint, which has more than 50 slides largely consisting of material about evolution, was downloaded from SharePoint, an APS file-sharing database for teachers. It was uploaded by Mary E. King, a project manager at APS who has also uploaded more than 2,000 other documents. Phone calls and emails to King have not been returned. Tommy Molden, science coordinator for APS, also did not respond to requests for comment.

Students were offended by the cartoon:

“[I] have gay parents, and [the cartoon] said that evolution caused homosexuality and it implied that to be negative, so I was pretty offended by it,” [freshman Seraphina Cooley] said.

Cooley said that another student emailed the administration complaining about the PowerPoint.

Freshman Griffin Ricker, who is also in Jones’ class, said [Biology class teacher Anquinette Jones] got angry with the class when she found out students had notified the administration.

“She had a 10-minute rant,” Ricker said. “She yelled and said, ‘This is on the APS website, and it was certified.’”

In case of slashdotting, the student reporting is also posted on a local newspaper's blog (http://www.ajc.com/weblogs/get-schooled/2014/jul/03/evolution-vs-creationism-why-still-issue-grady-or-/)."
Link to Original Source

+ - Microsoft Malware Takedown Causes Waves in Security Community

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Microsoft’s latest takedown of a malware operation, announced Monday and involving the infrastructure of several malware families, has, like many of the company’s actions, elicited strong opinions on both sides of the issue from security researchers, activists and others with a stake in the game. This takedown didn’t involve simply hitting the C2 infrastructure of a botnet, but also includes legal action against a hosting company, No-IP.com, which has called out Microsoft for its tactics and raised a lot of questions in the security community, as well.

Microsoft officials said No-IP was a nest of malware activity, but officials at the hosting provider denied this and said Microsoft never even contacted them. Meanwhile, security researchers aren't too happy with Redmond's tactics either. Claudio Guarnieri, an independent botnet researcher, said Microsoft severely overstepped.

“Any other way would have been a better one. Microsoft is building legal precedents to be able to indiscriminately police the Internet at their own discretion. It is absolutely intolerable that Microsoft feels entitled to “take to task” another company and seize its assets, apparently without having explored all possible avenues as No-IP’s statement indicates. Microsoft’s DCU has been disrespectful and uncooperative in many of its recent operations and I’m sure the community will start protesting and refusing to work with them in the future,” he said.

“Whether No-IP was or was not cooperative is irrelevant (still consider that it’s a very small organization), the fact that Microsoft decided “school” them and severely damage their business because they didn’t live up to Microsoft’s own standards is ludicrous.”"

+ - FBI Issued 19,000 National Security Letters in 2013

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information.

The new data was released by the Office of the Director of National Intelligence on Friday as part of its effort to comply with a directive from President Obama to declassify and release as much information as possible about a variety of tools that the government uses to collect intelligence. The directive came in the immediate aftermath of the first revelations by former NSA contractor Edward Snowden about the agency’s capabilities, methods and use of legal authorities.

The use of NSLs is far from new, dating back several decades. But their use was expanded greatly after 9/11 and NSLs are different from other tools in a number of ways, perhaps most importantly in the fact that recipients typically are prohibited from even disclosing the fact that they received an NSL. Successfully fighting an NSL is a rare thing, and privacy advocates have been after the government for years to release data on their use of the letters and the number of NSLs issued. Now, the ODNI is putting some of that information into the public record."

+ - Mass. Supreme Court Says Defendant Can be Compelled to Decrypt Data 1

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops.

The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so.

The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt’s Fifth Amendment rights."

+ - Bug Lets Attackers Bypass PayPal Two Factor Authentication

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses.

The flaw lies in the way that the PayPal authentication flow works with the service’s mobile apps for iOS and Android. It’s on the server side, and researchers at Duo Security developed a proof-of-concept app that can exploit the vulnerability. PayPal has been aware of the issue since March and has implemented a workaround, but isn’t planning a full patch until the end of July.

Using the app they built to exploit the vulnerability, the researchers were able to transfer money from a 2FA-protected account with just the username and password. In an interview, Lanier said there were any number of ways to accomplish that task, none of which is very complicated.

“There are plenty of cases of PayPal passwords being compromised in giant database dumps, and there’s also been a giant rise in PayPal related phishing,” he said. “That approach is already being used. People have long been and are continuing to do so. The whole two factor thing was supposed to make you feel all warm and fuzzy if your password is compromised. I’d probably use one of these techniques that are pretty darn efficient or maybe iterate through the public dumps of passwords.”"

+ - Researchers Map HackingTeam Malware Servers, Reveal iOS, Android Modules

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work.

Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting HackingTeam’s Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices.

The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device’s microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more."

+ - US Marshals Accidentally Reveal Potential Bidders For Gov't-Seized Bitcoin->

Submitted by jfruh
jfruh (300774) writes "When the U.S. government shut down the Silk Road marketplace, they seized its assets, including roughly $18 million in bitcoin, and despite the government's ambivalence about the cryptocurrency, they plan to auction the bitcoin off to the highest bidder, as they do with most criminal assets. Ironically, considering many bitcoin users' intense desire for privacy, the U.S. Marshall service accidentally revealed the complete list of potential bidders by sending a message to everyone on the list and putting their addresses in the CC field instead of the BCC field."
Link to Original Source

+ - Hacker Puts Hosting Provider Code Spaces Out of Business

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company’s data and backups.

Officials wrote a lengthy explanation and apology on the company’s website, promising to spend its current resources helping customers recover whatever data may be left.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” read the note. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

The beginning of the end was a DDoS attack initiated yesterday that was accompanied by an intrusion into Code Spaces’ Amazon EC2 control panel. Extortion demands were left for Code Spaces officials, along with a Hotmail address they were supposed to use to contact the attackers."

+ - Dyreza Banker Trojan Can Bypass SSL, Two-Factor Authentication 1

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the ability to bypass SSL protection for banking sessions by redirecting traffic through the attackers’ own domains.

The Trojan, which is being called either Dyre or Dyreza by researchers, uses a technique known as browser hooking to intercept traffic flowing between the victim’s machine and the target Web site. The malware arrives in users’ inboxes through spam messages, many of which will look like messages from a financial institution. The list of targeted banks includes Bank of America, Natwest, Citibank, RBS and Ulsterbank. Researchers say that much of the activity from the Trojan so far is in the U.K.

“The traffic, when you browse the Internet, is being controlled by the attackers. They use a MiTM (Man in The Middle) approach and thus are able to read anything, even SSL traffic in clear text. This way they will also try to circumvent 2FA,” an analysis by Peter Kruse at CSIS says."

+ - Guarding against 'Carmageddon' cyberattacks->

Submitted by Science_afficionado
Science_afficionado (932920) writes "One of the research projects featured at the SmartAmerica Challenge EXPO in DC was a collaboration between engineers at Vandebilt University and UC Berkeley to develop methods for detecting cyberattacks on smart road systems that use computers, a network of sensors and computer-controlled traffic signals to reduce traffic congestion on heavily traveled stretches of freeway. The goal is to give operators the tools they need to identify such attacks when they occur and, ultimately, create sofware tools that can automatically detect and take measures to block such attacks."
Link to Original Source

+ - Austrian Teen at Heart of TweetDeck Mess Says it Was All a Mistake

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "The last 24 hours have been a sad, scary and frustrating time for an 19-year-old aspiring programmer in Austria who found himself smack in the middle of Wednesday’s TweetDeck mess—all because of a Unicode heart.

Twitter’s real-time account dashboard was taken down for a brief time yesterday before a cross-site scripting vulnerability in the TweetDeck Chrome plug-in was properly addressed. But not before code exploiting the bug in a benign manner spread to Twitter users worldwide.

Ground zero for the incident was the Austrian teen who identified himself only as Florian to Threatpost. The youngster said things began yesterday when he tweeted out an HTML hearts symbol (&hearts) that was graphically displayed in the message.

“TweetDeck is not supposed to display this as an image, because it’s simple text, which should be escaped to “♥,” he said.

“I didn’t know that there is such a big problem. So I experimented with this in a public environment, there was no reason not to do so,” Florian said. “And that was the point where I reported this to TweetDeck.

“TweetDeck actually did not react in any way,” Florian said. “Their next Tweet was saying that there is a security-issue and the users should log in again.”"

+ - Auditors Release Verified Repositories of TrueCrypt

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development.

The message that the TrueCrypt posted about the security of the software also was included in the release of version 7.2a. The OCAP team decided to focus on version 7.1a and created the verified repository by comparing the SHA2 hashes with files found in other TrueCrypt repositories. So the files are the same as the ones that were distributed as 7.1a.

“These files were obtained last November in preparation for our audit, and match the hash reported by iSec in their official report from phase I of the audit,” said Kenn White, part of the team involved in the TrueCrypt audit."

+ - Google EasterEgg pokes fun at the NSA->

Submitted by Charliemopps
Charliemopps (1157495) writes "A few months ago it was revealed that the NSA had been spying on Googles customers according to documents released by Edward Snowned.

In one image NSA staff joked "SSL added and removed here! :-)

Recently Google released a Chrome extention designed to combat this. People who have reviewed the code found an Easter Egg left for the NSA by Google. Interesting times indeed."

Link to Original Source

+ - New OpenSSL Man-in-the-Middle Flaw Affects All Clients

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.

The new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That’s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle.

Researchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998."

For large values of one, one equals two, for small values of two.

Working...