Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Exploit Kit Delivers Pharming Attacks Against SOHO Routers->

Submitted by msm1267
msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an offshoot of the Sweet Orange kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure.The risk to users is substantial he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.
Link to Original Source

+ - Security Researchers Wary of Wassenaar Rules->

Submitted by msm1267
msm1267 writes: The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries.

For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.

Link to Original Source

+ - ICU Project Patches Memory Vulnerabilities->

Submitted by msm1267
msm1267 writes: Multitudes of software packages that make use of the ICU Project C/C++ and Java libraries may need to update after a pair of memory-based vulnerabilities were discovered and subsequently patched.

Version 55.1 of the ICU Project ICU4C library, released yesterday, addresses separate heap-based buffer overflow and integer overflow bugs in versions 52 through 54. Older versions of the library could also be affected, said researcher Pedro Ribeiro of Agile Information Security, who discovered the vulnerabilities while fuzzing LibreOffice, one of the numerous open source and enterprise software packages that are built using the library.

Link to Original Source

+ - OpenSSL Past, Present and Future->

Submitted by msm1267
msm1267 writes: Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and human resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
Link to Original Source

+ - Congress and Its Crypto Craziness

Submitted by Trailrunner7
Trailrunner7 writes: Crazy is never in short supply in Washington. Through lean times and boom times, regardless of who is in the White House or which party controls the Congress, the one resource that’s reliably renewable is nuttery.

This is never more true than when that venerable and voluble body takes up a topic with some technical nuance to it. The appearance of words such as “Internet”, “computers” or “technology” in the title of a committee hearing strike fear into the hearts of all who use such things. This is the legislative body, after all, that counted among its members the late Sen. Ted Stevens, who so eloquently described the Internet as a series of tubes.

And so when a panel with the wonderfully Orwellian name of the House Committee on Oversight and Government Reform announced a hearing titled “Encryption Technology and Potential U.S. Policy Responses”, the expectations in the security and crypto communities were for plenty of crazy. And it delivered in spades, but perhaps not in the way observers had expected.

The committee hearing was a response to the recent conversations in Washington circles about the need for backdoors in encryption technologies to enable lawful access by the FBI and other agencies. Cryptographers have said consistently that such systems simply don’t work, as they inevitably will allow access for attackers as well as law enforcement, never mind the huge technical challenges of implementing them.

That fact that the decisions by Apple and Google are a result of the NSA's actions did not get past Rep. Ted Lieu (D-Calif.), a man with computer science and law degrees and a clear grasp of the issue at hand.

“I take great offense to your testimony today,” Lieu said to Conley. “It’s a fundamental misunderstanding of the problem. Why do you think companies like Apple and Google are doing this? It’s not to make less money. It’s because the public is asking for it.

“This is a private sector response to government overreach. Let me make another statement, that somehow these technology companies aren’t credible because they collect private data. Here’s the difference: Apple and Google don’t have coercive powers. District attorneys do. The FBI does. The NSA does. And to me it’s very simple to draw the privacy balance when it comes to law enforcement privacy. Just follow the damn Constitution. And because the NSA and other law enforcement agencies didn’t do that, you’re seeing a vast public reaction to this."

+ - Coordinated Takedown Puts End to Simda Botnet->

Submitted by msm1267
msm1267 writes: The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies.

Thirteen command and control servers in four countries were seized, putting an end to a malware family that has infected more than 90,000 computers since January of this year alone.

Simda distributed several types of malware including financial Trojans and illicit software, and has been active since the end of 2012. The keepers of Simda make frequent functionality updates and constantly enhance its capabilities to evade detection by researchers and security software, making it an attractive option for cybercriminals, who buy only access to Simda-infected machines and then install additional malicious code on the machines.

The takedown was coordinated by the INTERPOL Global Complex for Innovation in Singapore, the Cyber Defense Institute, the FBI, the Dutch National High Tech Crime Unit (NHTCU), Microsoft, Kaspersky Lab and Trend Micro. Not only were officials able to seize command and control servers and domains, but were also able to sinkhole Simda traffic. That traffic shows a diverse set of victims in more than 40 countries, officials said.

Link to Original Source

+ - TrueCrypt Alternatives Step Up Post-Cryptanalysis-> 1

Submitted by msm1267
msm1267 writes: What's next for TrueCrypt now that a two-phase audit of the code and its cryptography uncovered a few critical vulnerabilities, but no backdoors? Two alternative open source encryption projects forked TrueCrypt once its developers decided to abandon the project in early 2014, giving rise to VeraCrypt and CipherShed--and both are ready to accelerate growth, compatibility and functionality now that the TrueCrypt code has been given a relative clean bill of health.
Link to Original Source

+ - Students Build Open Source Web-Based Threat Modeling Tool->

Submitted by msm1267
msm1267 writes: Students at St. Mary’s University in Nova Scotia, Canada, participating in Mozilla’s Winter of Security 2014 project, built a browser-based threat modeling tool that simplifies visualization of systems and data flows, and where soft spots might be introduced during design.

The tool, called Seasponge, has been made available on Github and its developers are hoping to not only get feedback and feature suggestions, but also hope to encourage developers to introduce threat modeling into SDLs in order to fix bugs while in design when it’s cheap to do so.

Link to Original Source

+ - How Malvertising Abuses Real-Time Bidding on Ad Networks->

Submitted by msm1267
msm1267 writes: Dark corners of the Internet harbor trouble. They’re supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors?

That’s the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes.

Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

Link to Original Source

+ - MIT Debuts Integer Overflow Debugger->

Submitted by msm1267
msm1267 writes: Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems.

Researchers from the school’s Computer Science and Artificial Intelligence Laboratory (CSAIL) last week debuted the platform dubbed DIODE, short for Directed Integer Overflow Detection.

As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors. Four of the 11 overflows the team found are apparently still lingering in the wild, but the developers of those apps have been informed and CSAIL is awaiting confirmation of fixes.

Link to Original Source

+ - BIOS Rootkit Implant To Debut at CanSecWest->

Submitted by msm1267
msm1267 writes: Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.

The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.

Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails’ built-in protections, including its capability of wiping RAM.

Link to Original Source

+ - Persistent DLL Hijacking Works Against OS X->

Submitted by msm1267
msm1267 writes: DLL hijacking has plagued Windows machines back as far as 2000 and provides hackers with a quiet way to gain persistence on a vulnerable machine, or remotely exploit a vulnerable application. And now it’s come to Apple’s Mac OS X.

This week at the CanSecWest conference in Vancouver, a researcher will explain different attacks that abuse dylibs in OS X for many of the same outcomes as with Windows: persistence; process injection; security feature bypass (in this case, Apple Gatekeeper); and remote exploitation.

Source code for a scanner that discovers apps that are vulnerable to the attack is also expected to be released. Using the script, the researcher was able to find 144 binaries vulnerable to different flavors of the dylib hijacking attacks, including Apple’s Xcode, iMovie and Quicktime plugins, Microsoft Word, Excel, and PowerPoint, and third-party apps such as Java, Dropbox, GPG Tools and Adobe plugins.

Link to Original Source

+ - Incomplete Microsoft Patch Left Machines Exposed to Stuxnet LNK Vulnerability->

Submitted by msm1267
msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010.

Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010.

“That patch didn’t completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch,” said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.

The vulnerability was submitted to ZDI by German researcher Michael Heerklotz.

Link to Original Source

+ - New Technique Complicates Mutex Malware Analysis->

Submitted by msm1267
msm1267 writes: Malware analysts have had a measure of success using static mutex values as a fingerprint for detecting and blocking malicious code. Malware writers, however, may have caught on to this fingerprinting technique.

A SANS Institute instructor said a malware sample he was examining dynamically generates the name of a mutex object by using the product ID associated with the software, lessening its predictability and complicating detection.

“Given that malware analysts know to look for mutex names for ‘fingerprinting’ malicious software, it’s natural that authors of such programs will start shifting their techniques,” Lenny Zeltser said. “The technique that this malware used to generate the mutex name wasn’t especially elaborate, but it made it harder for the defenders to use this attribute for defending or investigating the system.”

Link to Original Source

+ - Firefox 37 to check security certificates via blocklist->

Submitted by Anonymous Coward
An anonymous reader writes: The next version of Firefox will roll out [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/] a ‘pushed’ blocklist of revoked intermediate security certificates, in an effort to avoid using 'live' Online Certificate Status Protocol (OCSP) checks. The 'OneCRL' feature is similar to Google Chrome's CRLSet [https://dev.chromium.org/Home/chromium-security/crlsets], but like that older offering, is limited to intermediate certificates, due to size restrictions in the browser. OneCRL will permit non-live verification on EV certificates, trading off currency for speed. Chrome pushes its trawled list of CA revocations every few hours, and Firefox seems set to follow that method and frequency. Both Firefox and Chrome developers admit that OCSP stapling would be the better solution, but it is currently only supported in 9% of TLS certificates.
Link to Original Source

It is your destiny. - Darth Vader

Working...