tsu doh nimh - Slashdot User

Submission + - Bit9 Hacked, Stolen Certs Used to Sign Malware (krebsonsecurity.com)

Submitted by tsu doh nimh on Friday February 08, 2013 @06:27PM

tsu doh nimh writes: Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known "safe" files from computer viruses and other malicious software. A leading provider of "application whitelisting" services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software.

Submission + - Washington Post: We Were Also Hacked by the Chinese (washingtonpost.com)

Submitted by tsu doh nimh on Saturday February 02, 2013 @10:10AM

tsu doh nimh writes: A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months.

Submission + - Apple Discontinues Mac Pro in EU (macworld.co.uk)

Submitted by jones_supa on Saturday February 02, 2013 @03:32AM

jones_supa writes: Apple has been forced to remove the Mac Pro from sale in European Union after an amendment to a safety regulation left the machines incompliant. The updated electronics safety standard IEC 60950-1 increases requirements around electrical port protection and the fan guards in the system. Apple does not plan to modify their machines and will simply pull them from market in the EU. Apple wishes to warn customers and partners about the change so that they would have sufficient time to order Mac Pro units and meet any needs prior to 1 March, when the amendment comes into effect.

Submission + - Dozens suspended in Harvard University cheat scandal (news.com.au)

Submitted by johnsnails on Saturday February 02, 2013 @12:22AM

johnsnails writes: AROUND 60 students at Harvard University have been suspended and others disciplined in a mass cheating scandal at the elite college, the campus newspaper reports.

The Harvard Crimson quoted an email from Faculty of Arts and Sciences dean Michael Smith that said more than half of the cases heard by administrators in the scandal, which erupted last year, had resulted in suspension orders.

Submission + - Ask Slashdot: What to do about patent trolls seeking Wifi license fees? 2

Submitted by Anonymous Coward on Friday February 01, 2013 @11:06PM

An anonymous reader writes: My company has been contacted by certified letter by Delaware law firm “Stamatios & Weinblatt LLC”. They are seeking license fees for a Wifi patent. I believe this is a patent troll (not that this matters in relation to dealing with this issue). This is a newly formed law firm less than 4 months old. They are representing “Wyncomm LLC” in regards to a “Wifi patent”. This patent is U.S. Patent No. 5,506,866. This patent covers equipment and method related to the transmission of information involving the multiplexing information into a stream of signal points (and demultiplexing the same), and related technology. They have “offered” to license this patent with no amounts specified. Unfortunately we are a small free software company. The company is setup as a sole proprietorship. I'm not asking for legal advise from the Slashdot community. The question is where might one look for “legal counsel” with the expertise to answer these types of legal questions as it relates to this inquiry. I would prefer to avoid legal fees, court cases, or license fees running the company into the ground. The company is registered in New Jersey.

Submission + - Java Zero-Day Vulnerability Rolled into Exploit Packs (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday January 10, 2013 @10:41AM

tsu doh nimh writes: The miscreants who maintain Blackhole and Nuclear Pack â" competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware â" say theyâ(TM)ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname âoePaunch,â announced yesterday on several Underweb forums that the Java zero-day was a âoeNew Yearâ(TM)s Gift,â to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month.

Submission + - Turkish Registrar Enabled Phishing Attacks Against Google (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday January 03, 2013 @06:58PM

tsu doh nimh writes: Google and Microsoft today began warning users about active phishing attacks against Google's online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by TURKTRUST Inc., a Turkish domain registrar. Google said that on Dec. 24, 2012, its Chrome Web browser detected and blocked an unauthorized digital certificate for the ".google.com" domain. "TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates," Google said in a blog post today. Microsoft issued an advisory saying it is aware of active attacks using one of the fraudulent digital certificates issued by TURKTRUST, and that the fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against virtually any domain. The incident harkens back to another similar compromise that happened around the same timeframe. In September 2011, Dutch certificate authority Diginotar learned that a security breach at the firm had resulted in the fraudulent issuing of certificates.

Submission + - Cookie-stealing Yahoo.com Exploit on Sale for $700 (krebsonsecurity.com)

Submitted by tsu doh nimh on Tuesday November 27, 2012 @11:57AM

tsu doh nimh writes: A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. Krebsonsecurity.com writes that the exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account.

Submission + - Infamous Chinese Hacker Heads Antivirus Startup (krebsonsecurity.com)

Submitted by tsu doh nimh on Wednesday November 14, 2012 @01:09PM

tsu doh nimh writes: Questions about who is in charge at an antivirus company startup called Anvisoft prompted an investigation into the company's history. Digging through the company's registration records and other clues, Krebsonsecurity.com offers compelling evidence that the firm is headed by Tan Dailin, an infamous Chinese hacker "Wicked Rose," who once ran a Chinese government-sponsored hacking group that developed zero-day Microsoft Office exploits for use against U.S. Defense Department contractors.

Submission + - $50,000 Zero-Day Exploit Smashes Adobe Reader Sandbox (krebsonsecurity.com) 1

Submitted by tsu doh nimh on Thursday November 08, 2012 @09:43AM

tsu doh nimh writes: Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground, Krebsonsecurity.com writes. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyâ(TM)ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because â" beginning with Reader Xâ" Adobe introduced a âoesandboxâ feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims.

Submission + - Ask Slashdot: How to find a programmer? 3

Submitted by merde on Thursday November 08, 2012 @09:32AM

merde writes: I am the programmer for a small company in West London. The workload is going up so we need to find another programmer. Ideally, we want someone with enthusiasm for technology rather than someone who writes code because it earns them a salary. We have tried recruiting via agencies, but almost all the people they send us seem to be too specialised or just in it for the cash. How do we go about finding a programmer who is bright, versatile, happy to be programming I/O at register level one day and at application level the next?

Any hints, clues, ideas very welcome!

Submission + - Craigslist Price Gouging Probed By NY AG After Sandy (huffingtonpost.com) 1

Submitted by

helix2301

on Thursday November 08, 2012 @09:23AM

helix2301 writes: "Attorney General Eric Schneiderman's investigation of price gouging fuel on craiglist following Hurricane Sandy. Schneiderman's office is investigating some 600 price gouging complaints from New York City, Westchester County and Long Island."

Submission + - Insurance for Cybercriminals (krebsonsecurity.com)

Submitted by tsu doh nimh on Tuesday October 09, 2012 @11:37AM

tsu doh nimh writes: Brian Krebs follows up on a recent Slashdot discussion about a cybercrime gang that is recruiting botmasters to help with concerted heists against U.S. financial institutions. The story looks at the underground's skeptical response to this campaign, which is being led by a criminal hacker named vorVzakone ("thief in law"), who has released a series of videos about himself. vorVzakone also is offering a service called "insurance from criminal prosecution," in which miscreants can purchase protection from goons who specialize in bribing or intimidating Russian/Eastern European police into scuttling cybercrime investigations. For $100,000, the service also claims to have people willing to go to jail in place of the insured. Many in the criminal underground view the entire scheme as an elaborate police sting operation.

Submission + - Maker of Smart-Grid Control Software Hacked (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday September 27, 2012 @09:48AM

tsu doh nimh writes: Telvent, a multinational company whose software and services are used to remotely administer and monitor large sections of the energy and gas industries began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Brian Krebs reports that the attacker(s) installed malicious software and stole project files related to one of Telvent's core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies. A follow-up story from Wired.com got confirmation from Telvent, and includes speculation from experts that the "project files" could be used to sabotage systems. "Some project files contain the 'recipe' for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off. If you’re going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it, and they’re not running what they think they’re running.”

Submission + - Experts Develop 3rd-Party Patch for New Java 0day (krebsonsecurity.com)

Submitted by tsu doh nimh on Monday August 27, 2012 @11:22AM

tsu doh nimh writes: A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devise and are selectively releasing an unofficial patch for the flaw.

Slashdot Top Deals