Forgot your password?

+ - Internet Explorer 0-day attacks on US nuke workers hit 9 other sites->

Submitted by SternisheFan
SternisheFan (2529412) writes "Ars reports:

Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.

The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.

A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.

CrowdStrike researchers seemed to concur with their counterparts from Invincea, who—as Ars reported on Friday—said the attacks at least in part targeted people working on sensitive government programs. Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy. But they went on to say the campaign could be much broader.

"The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium," CrowdStrike said. "Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector."

Such "watering hole" attacks—which plant malware exploits on websites that are frequented by specific groups or people—have become a common technique in targeted attacks. Once compromised by the IE zero-day, computers are infected with a version of Poison Ivy, a backdoor tool that has been widely used in past espionage campaigns. The command-and-control servers used to communicate with infected machines show signs that they were set up by a Chinese hacking crew known as DeepPanda.

Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks, so anyone who can upgrade to one of the latest two versions should do so immediately or switch to a different browser. For anyone who absolutely can not move away from IE 8, company researchers recommend the following precautions:

Set Internet and local intranet security zone settings to "High" to block ActiveX

Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Users can also install EMET—short for Enhanced Mitigation Experience Toolkit—which adds a variety of exploit mitigations and security defenses and is especially useful for users of older versions of Windows, such as XP.

Technical details about the "use after free" bug are available here from Rapid7. The security firm has already folded attack code exploiting the vulnerability into the Metasploit framework used by security professionals and hackers. Researchers at FireEye have also delved into the exploit circulating online. They found it uses "return oriented programming," a technique used to defeat data-execution prevention and other exploit mitigations. The FireEye researchers said they also verified the exploit works against IE8 on Windows 7.

Microsoft's advisory on Friday said researchers were still investigating the vulnerability. When the inquiry concludes, they will decide whether to release an unscheduled update or provide a fix as part of the company's regular patching cycle. Story updated to add details from FireEye in second-to-last paragraph"

Link to Original Source

Comment: Re:Some are also destroyed/lost (Score 1) 438

by stonefoz (#41711929) Attached to: Vast Bulk of BitCoins Are Hoarded, Not Used

Flash chips do not normally contain JTAG. The WRT54G and phones using ARM have TJAG in the processor. It's for recovery and debugging, allowing the processor to be stopped and manipulated from a computer. If the processor works, TJTAG and USB could be an option.

I would have to recommend against using JTAG. The cheap adapters cost something which is more than free included USB. It is also dog slow. My much older phone would take over 30hours to copy across JTAG with a speed of 256KBs. USB running at full speed still takes around 10min. Newer phones ship with Gigabytes worth of flash, making JTAG alone unreasonable.

Comment: Re:Some are also destroyed/lost (Score 2) 438

by stonefoz (#41696259) Attached to: Vast Bulk of BitCoins Are Hoarded, Not Used

As for your phone. If any part of the proccessor/usb still works you can copy out the flash. It works well for software bricks and could help if at least some of the hardware still works.
If you have to recover the flash by its self, jigs to do so are costly.

Comment: How big is small office? (Score 1) 224

by stonefoz (#41557055) Attached to: Ask Slashdot: Open Communications Set-Up For Small Office?

How many handsets and how far away to you make calls. For less than 5 handsets or mostly local calls, a simple, simple hardware pbx is still king. It's just not worth the trouble of setting up several thousand dollars worth of gear just to have options you're probably not going to use. Samsung and Tadaran make simple boxes that don't randomly crash or require hours and hours of setup and maintenance.
Voip starts to make sense when you need to have access to phones outside of the office. Asterisk does a good job of patching into any other PBX as a voicemail service and routing calls in/out to voip. Normal calls don't get dropped and VOIP is still a less reliable but still functioning option.
Voip only makes sense when there are many phone in many places with many changes. It's a up front cost of testing all network gear for working QOS. Routers, switches and you're ISP has to have working QOS. When you need everything to talk with everything else, there when you have many many handsets in many places, then worry about having open communications.
For small business though, simple hardware pbx with a few extra ports give options to open it up later.

Comment: Re:Theft? (Score 1) 244

by stonefoz (#41478937) Attached to: Regarding Identity Theft:

Without removing you in the process, how can you're identity be stolen. Stolen identity is surely possible while breaking a multitude of other laws. How is lying to the creditor, to receive illicit gains, not just fraud? If I tell the bank I'm the damn Queen of England, it surely isn't a problem for the Queen of England is it?

Comment: Re:Ubuntu doesn't run on pre-USB boot systems anyw (Score 1) 488

by stonefoz (#37956868) Attached to: Ubuntu 12.04 LTS Won't Fit On a CD

Nope, Ubuntu is targeted heavily at desktop use, as such you're using the wrong time-frame.

Desktops don't do things by hours, they, and even the very very old ones work at times that are much faster than you. A desktop system works at 1/60 of a second. I push a button, I click a mouse, I wave at a camera. All of those things happen and then 1/60 of a second later the display get updated. Most of the time a desktop is usually doing nothing, nothing and nothing a 1/60 at a time. It takes much less shiny shit to fill a 1/60 than you think

Comment: Do you actually need a universal programer? (Score 1) 165

by stonefoz (#37890202) Attached to: Ask Slashdot: Best EEPROM Programmer For a Hobbyists?

They are not cheap and whomever you buy it from will burn you on the software next year. If you only have a handful of chips, most newish thing are serial and have a cheap programmer consisting of a micro and usb converter. SPI, I2C would be best done with a cheap newish design. As for the multi-pin package programmers, it's going to cost, if you value you're sanity at all. I've owned the Willem set and now a Wellon and can't go without having the chip test feature. Willem programmers are simply flaky as they don't do any test until after programing the entire chip.

Can't stress this enough, find a programmer that does test the chip on insertion.

Comment: Imitation Watches at Replica Watches (Score 2, Funny) 69

by stonefoz (#37634664) Attached to: The State of Hacked Accounts

Imitation Watches at Replica Watches

TOP grade Replica Watches of high quality at wholesale prices!
Join the wise shoppers to let your dreams come true.
BEST deals of imitation watches plus FREE shipping!

You are receiving this email because you or some one with your email has subscribed in our website.We have No aim of spamming and at any time if you want to stop receiving email from us,Just use the unsubscribe button At the end of the email,But you will Lose out our Special offers and Make money online news

Unsubscribe me from this list


"Farming" Amoebas Discovered 49

Posted by samzenpus
from the rise-of-amoeba-agriculture dept.
Researchers from Rice University have found a type of amoeba that practices a sort of "primitive farming behavior." When their bacteria food become scarce, the Dictyostelium discoideum will group together and form a "fruiting body" that will disperse bacteria spores to a new area. From the article: "The behavior falls short of the kind of 'farming' that more advanced animals do; ants, for example, nurture a single fungus species that no longer exists in the wild. But the idea that an amoeba that spends much of its life as a single-celled organism could hold short of consuming a food supply before decamping is an astonishing one. More than just a snack for the journey of dispersal, the idea is that the bacteria that travel with the spores can 'seed' a new bacterial colony, and thus a food source in case the new locale should be lacking in bacteria." It's good to know that even a single celled creature is not immune to the pull of Farmville.

Installing Linux On ARM-Based Netbooks? 179

Posted by timothy
from the super-easy dept.
An anonymous reader writes "I am sure that many other Slashdotters have noticed an increase in ARM-based netbooks over the past several months. For example, the Augen E-Go. It is a widely touted theory that it is impossible to install Linux on one of these notebooks, replacing the commonly installed Windows CE operating system. The sub-$100 netbooks carry decent specs, including 533MHz ARM processor; 128MB DDR RAM; and a 2GB Flash drive, as well as most expected netbook components (USB, Wi-Fi, etc.). I find it hard to believe that a computer with these specs is impossible to hack and install Linux to, but Google searches have been largely unsuccessful in finding proper information. Do any Slashdot readers have experience in installing ARM Linux distros to these cheap netbooks like this? If so, what distros do they recommend?" (In particular, I wonder if anyone can comment on Ubuntu on ARM.)

Apple Reverses iPad "No Cash Purchase" Policy 377

Posted by timothy
from the so-it's-free-now dept.
ZipK writes "After a few days of bad publicity, Apple has reversed its no cash purchase policy, explaining that the policy was originally implemented to limit the number of iPads an individual could buy during the introductory period of short supply. Now that supply has caught up with demand — and the story has hit front pages and gained national attention — Apple has reversed its policy, and taken the opportunity to put a bow on the story by giving the formerly scorned Diane Campbell a free iPad."
Role Playing (Games)

Aion Servers To Merge, XP Grind Softened 108

Posted by Soulskill
from the now-only-takes-one-and-a-half-eternal-souls dept.
Massively reports that NCSoft's fantasy MMO Aion will soon be getting a round of server mergers to balance player populations and shore up in-game economies. A newsletter from Aion producer Chris Hager also brought word that character transfers will be an option starting in June, and NCSoft will be "offering them to all of our players for free for a limited time." This is happening in the lead-up to the game's 1.9 patch, due on June 2, which contains a number of measures to make the XP grind a bit less harsh (among other things; patch notes). They're creating more quests, increasing XP rewards from existing quests, and implementing a system that "grants you experience bonuses as you continue to play."

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"