Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - FREAK Attack Threatens SSL Clients->

Submitted by msm1267
msm1267 (2804139) writes "For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack.

Researchers recently discovered that some SSL clients, including OpenSSL, will accept weak RSA keys–known as export-grade keys–without asking for those keys. Export-grade refers to 512-bit RSA keys, the key strength that was approved by the United States government for export overseas. This was an artifact from decades ago and it was thought that most servers and clients had long ago abandoned such weak ciphers.

The vulnerability affects a variety of clients, most notably Apple’s Safari browser. The bug was discovered by a large group of researchers from Microsoft Research and the French National Institute for Research in Computer Science and Control, and they found that given a server that supports export-grade ciphers and a client that accepts those weak keys, an attacker with a man-in-the-middle position could force a client to downgrade to the weak keys. He could then take the key and factor it, which researchers were able to do in about seven and a half hours, using Amazon EC2. And because it’s resource-intensive to generate RSA keys, servers will generate one and re-use it indefinitely."

Link to Original Source

+ - Pharming Attack Targets Home Router DNS Settings->

Submitted by msm1267
msm1267 (2804139) writes "Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim’s web traffic to a hacker-controlled webserver, generally through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email.

Proofpoint yesterday reported on the latest iteration of this attack, also based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country’s largest telecommunications companies."

Link to Original Source

+ - ICS-SCADA Hackers Want Operational Intelligence->

Submitted by msm1267
msm1267 (2804139) writes "Advanced attackers targeting critical infrastructure aren't seeking intellectual property the way some APT gangs are. Instead, they want operational intelligence, stealing documents and files that give them an understanding of the inner workings of ICS infrastructure. The end game is sabotage, the weaponization of malware and other attacks that will ultimately lead to some kind of disruption of manufacturing, oil production or power distribution."
Link to Original Source

+ - Inside the Equation APT Persistence Module ->

Submitted by msm1267
msm1267 (2804139) writes "Module nls_933w.dll is the ultimate cyberweapon, the best indicator of the capabilities of the group behind the Equation cyberespionage platform, according to researchers at Kaspersky Lab. The module is the most advanced persistence module ever uncovered, and it's used rarely and only against very high-value targets."
Link to Original Source

+ - Massive, Decades-Long Cyberespionage Framework Exposed

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods, including interdicting physical media such as CDs and inserting their custom malware implants onto the discs.

Some of the techniques the group has used are closely associated with tactics employed by the NSA, specifically the interdiction operations and the use of the LNK vulnerability exploit by Stuxnet.

The Equation Group has a massive, flexible and intimidating arsenal at its disposal. Along with using several zero days in its operations, the attack crew also employs two discrete modules that enable them to reprogram the hard drive firmware on infected machines. This gives the attackers the ability to stay persistent on compromised computers indefinitely and create a hidden storage partition on the hard drive that is used to store stolen data. At the Security Analyst Summit here Monday, researchers at Kaspersky presented on the Equation Group’s operations while publishing a new report that lays out the inner workings of the crew’s tools, tactics and target list. The victims include government agencies, energy companies, research institutions, embassies, telecoms, universities, media organizations and others. Countries targeted by this group include Russia, Syria, Iran, Pakistan, China, Yemen, Afghanistan, India but also US and UK, between and several others."

+ - Female Skype Avatar Sinks Syria Opposition Fighters->

Submitted by msm1267
msm1267 (2804139) writes "It’s a tried-and-true plotline for many a corny movie: the lonely soldier on the front lines falling for a girl who turns out to be the enemy. If you apply a 2015 reality to that scenario, you have the lonely soldier Skyping with an alluring woman who turns out to be an enemy hacker dropping custom malware on your Android device or PC.

In the latter case, this is an all-too-real script for opposition fighters taking on the forces of Syrian leader Bashar al-Assad.

Researchers found a cache of stolen strategic and tactical documents, plans, maps and personal information belonging to opposition fighters stolen by an unknown group using social engineering and a custom version of the DarkComet remote access Trojan to learn the secrets of opposition forces.

Victims in Syria, Turkey, Lebanon, Jordan, Egypt and elsewhere in the Middle East and even Europe, fell for the same scam. In most cases, contact information from stolen Skype account databases were used to reach out to other opposition fighters over Skype. The hackers, using a female avatar who went by the name of Iman, would engage with the fighters over time, building a rapport, before enticing them with a malware-laden photograph of the supposed female. There were also corresponding Facebook and other social media accounts belonging to the same female avatar with links to malware-laden websites."

Link to Original Source

+ - WordPress, PHP Apps, Subject to Ghost glibc Attacks->

Submitted by msm1267
msm1267 (2804139) writes "Less than 48 hours after the disclosure of the Ghost vulnerability in the GNU C library (glibc), researchers have uncovered that PHP applications, including the WordPress content management system, could be another weak spot and eventually in the crosshairs of attackers.

Ghost is a vulnerability in glibc that attackers can use against only a handful of applications right now to remotely run executable code and gain control of a Linux server. The vulnerability is a heap-based buffer overflow and affects all Linux systems, according to experts, and has been present in the glibc code since 2000.

“An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback’s post URL,” wrote Sucuri research Marc-Alexandre Montpas in an advisory published Wednesday. “And it does so by using gethostbyname(). So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.”"

Link to Original Source

+ - Ghost Vulnerability in glibc Affects All Linux Systems->

Submitted by msm1267
msm1267 (2804139) writes "A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines.

The issue stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls.

“A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application,” said an advisory from Linux distributor Red Hat.

The vulnerability, CVE-2015-0235, has already been nicknamed GHOST because of its relation to the _gethostbyname function. Researchers at Qualys discovered the flaw, and say it goes back to glibc version 2.2 in Linux systems published in November 2000.

According to Qualys, there is a mitigation for this issue that was published May 21, 2013 between patch glibc-2.17 versions and glibc-2.18. The patch, however, was not labeled a security fix at the time."

Link to Original Source

+ - Proposed CFAA Amendments Could 'Chill" Security Research->

Submitted by msm1267
msm1267 (2804139) writes "Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama’s proposed amendments to the Computer Fraud and Abuse Act (CFAA) is expected to be debated and sorted out as it makes its way through the legislature.

The amendments come with stiffer penalties for those convicted of hacking, with some sentences doubled and some offenses elevated to felonies.

One amendment to the CFAA contains language that is a redefinition of what it means to exceed authorized access; it broadens the scope of the CFAA considerably.

From section six in the amendment: ” ‘exceeds authorized access’ means to access a computer with authorization and to use such access to obtain or alter information in the computer (a) that the accesser is not entitled to obtain or alter; or (b) for a purpose that the accesser knows is not authorized by the computer owner.”"

Link to Original Source

+ - Phony USB Charger Masquerades as Wireless Keylogger-> 3

Submitted by msm1267
msm1267 (2804139) writes "Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.

The device is known as KeySweeper and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself and a handful of other bits. When it’s plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web."

Link to Original Source

+ - Encryption is Not the Enemy

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There are few things scarier these days than a politician stepping in front of a microphone, taking a deep breath and opening his mouth to pontificate on security. A long list of American elected officials have reinforced this, and on Monday, UK Prime Minister David Cameron jumped to the head of this undistinguished line with his dangerous statement that encrypted communications shouldn’t be allowed.

Cameron, speaking in the wake of the terror attack in Paris last week, said at an event Monday that the UK government can’t allow any form of communication that can’t be read.

“Are we going to allow a means of communications which it simply isn’t possible to read?” Cameron said, according to the New York Times. “My answer to that question is: ‘No, we must not.’ “

Aside from the specter of attackers identifying and exploiting an intentional backdoor, there is the problem of trying to bend software makers to the will of the government. Even if by some miracle the backdoor proposal succeeds, the government still would face the hurdle of getting software makers such as Apple to prevent secure communications apps from showing up in their app store. Apple does what Apple wants and generally not much else. And, as Doctorow says, how would Cameron address the global open source community, which produces much of the secure communications software?

These kinds of systems just flat don’t work.

“It won’t work. The basic problem with these proposals is they work against regular people who don’t care. But to make it work, you have to close the loopholes,” cryptographer Bruce Schneier, CTO of Co3 Systems, said in an interview. “If you can’t do that, you don’t hurt the bad guys, you only hurt the good guys. It plays well on TV to someone who doesn’t understand the tech. Everything works against my grandmother, but nothing works against professionals.”"

+ - Mainstream Support of Windows 7 Ends-> 1

Submitted by jones_supa
jones_supa (887896) writes "The mainstream support of Microsoft Windows 7 ends today. The operating system leaving mainstream support means no more platform updates, no new features, and end of free support. Windows 7 will now enter extended support, which means that security updates will keep coming, and support will be offered for charge. The final end of support for Windows 7 will be reached January 14, 2020."
Link to Original Source

+ - Inside North Korea's Naenara Browser->

Submitted by msm1267
msm1267 (2804139) writes "Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness.

The Naenara browser is part of the Red Star operating system used in North Korea and it’s a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

“Here’s where things start to go off the rails: what this means is that all of the DPRK’s national network is non-routable IP space. You heard me; they’re treating their entire country like some small to medium business might treat their corporate office,” Hansen wrote in a blog post detailing his findings. “The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists. Apparently not!”"

Link to Original Source

The next person to mention spaghetti stacks to me is going to have his head knocked off. -- Bill Conrad

Working...