Privacy, Security Archive

Dutch Government Takes Over DigiNotar

So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.

Rogue SSL Certs Were Issued for CIA, MI6, Mossad

The number of rogue SSL certificates issued by Dutch CA DigiNotar has balooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise - including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others.

A Linux Distribution Engineered for Penetration Testing

Linux, which is a very versatile operating environment, caters for an array of different needs of different users. One such specific usage of Linux is in the area of computer security and penetration testing. Among the digital forensic tools available for Linux, BackTrack is well known as an all-in-one platform that offers security professionals all the tools that they may need to carry out various security related tasks.

Researchers Identify First Flaws in AES

Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.

Search Engine Hack Innovation

Hackers armed with a browser and specially crafted search queries are using botnets to generate more than 80,000 daily queries, identify potential attack targets and build an accurate picture of the resources within that server that are potentially exposed. By automating the query and result parsing, the attacker can carry out a large number of search queries, examine the returned results and get a filtered list of potentially exploitable sites in a very short time and with minimal effort. Because searches are conducted using botnets, and not the hacker's IP address, the attacker's identity remains concealed.

A Look Into Black Hat’s Wireless Network

Aruba Networks, which provided and maintained the wireless network for last week's Black Hat USA 2011 conference, today provided some interesting statistics around the network's use. Apple devices were most prevalent at 43.3 percent of all devices (28.4 percent alone for iOS iPad and iPhone, with another 14.9 percent running OS X). Linux users composed 35 percent of the total, while Windows users represented 21.8 percent. While the majority of attendees used the Black Hat PSK network, almost 200 attendees utilized the PEAP/EAP-TLS "secured" network. Aruba captured a huge amount of security events, the most interesting of which were IP spoofing, AP spoofing, Power save DoS attacks and Block ACK attacks. Talk about a hostile environment.

5 Ways To Fight Mobile Malware

A new Trojan horse app has emerged to target Android devices, and this one's particularly creepy. The app records a user's phone calls and then uploads them to a remote server. The app was revealed Tuesday by security researcher Dinesh Venkatesan on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense. While this particular Trojan doesn't appear to be a threat in the wild--at least not for North American users--it's a good reminder of the growing threat of mobile malware.

Security Vendor Applauds LulzSec Attacks

In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. The company's CTO Andy Kemshall said: "I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blase attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"

RSA Admits SecureID Tokens Have Been Compromised

RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman - one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process.

Sony Compromised, Again

"The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group's site. A release posted on LulzSec's page said the group has more, but can't copy all of the information it stole. The group also said none of the information it took from Sony was encrypted."

Mac Protector: Fake AV Targets Mac OS X Users

"A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it. This time, the name of the rogue AV is Mac Protector, and the downloaded Trojan contains two additional packages. As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password."

Microsoft Investigates Current Threat Landscape

Microsoft published volume 10 of the its Security Intelligence Report which provides perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software. Microsoft found out that vulnerabilities in applications versus operating systems or web browsers continued to account for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities declined 22.2 percent from 2009. The exploitation of Java vulnerabilities sharply increased in the second quarter of 2010 and surpassed every other exploitation category that the MMPC tracks, including generic HTML/scripting exploits, operating system exploits, and document exploits.

Sony Suffers Another Major Security Breach

"Nikkei.com on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to Nikkei.com, Sony discovered the possible attack on Sunday."

Honeypot Android App Wreaks Vigilante Justice

If you download and use what appears to be a version of the commercial "Walk and Text" Android app from a file sharing site, you're in for a surprise. When you run it, it shows you that it's being "cracked" but it's really gathering information from your device, in preparation for an e-smackdown. It sends a bunch of personal information (name, phone number, IMEI) off to a server, and, just for lulz, text messages everyone on your contact list: