Security trends for 2014

Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).

Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.

Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.

2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.

crystalball

Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.

Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.

DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.

There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.

The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.

Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.

Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made ​​from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.

In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.

Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.

3,382 Comments

  1. Tomi Engdahl says:

    Cloudflare: 500 Gbps DDoS attack, largest in history, carried out against independent Hong Kong news sites — The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites — The intense skirmishes inside Hong Kong’s Occupy Central protests haven’t just taken place on the streets, but online too.

    The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites
    http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/

    The intense skirmishes inside Hong Kong’s Occupy Central protests haven’t just taken place on the streets, but online too. The largest cyber attack in history has been carried out against independent media sites in Hong Kong over the past few months, according to the company protecting them, increasing in their intensity each time pro-democracy activists announced new activities or developments.

    The distributed denial of service (DDoS) attacks have been carried out against independent news site Apple Daily and PopVote, which organised mock chief executive elections for Hong Kong. Now the content delivery network Cloudflare, which protects Apple Daily and PopVote, says the DDoS attacks have been unprecedented in scale, pounding the sites with junk traffic at a remarkable 500 gigabits per second.

    It’s been “many times larger” than the Spamhaus cyber attacks last year that were credited with slowing down Internet speeds across the globe, and which saw 300 Gbps of attack traffic. The record since then had been a 400 Gbps DDoS attack in Europe, reported in February.

    Reply
  2. Tomi Engdahl says:

    Glenn Greenwald / The Intercept:
    The US Congress won’t limit the NSA: individuals, courts, and other nations must step up

    Congress Is Irrelevant on Mass Surveillance. Here’s What Matters Instead.
    https://firstlook.org/theintercept/2014/11/19/irrelevance-u-s-congress-stopping-nsas-mass-surveillance/

    The “USA Freedom Act”—which its proponents were heralding as “NSA reform” despite its suffocatingly narrow scope—died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate and move on to an up-or-down vote. All Democratic and independent senators except one (Bill Nelson of Florida) voted in favor of the bill, as did three tea-party GOP Senators (Ted Cruz, Mike Lee, and Dean Heller).

    On Monday, the White House had issued a statement “strongly supporting” the bill.

    The “debate” among the Senators that preceded the vote was darkly funny and deeply boring, in equal measure.

    So the pro-NSA Republican senators were actually arguing that if the NSA were no longer allowed to bulk-collect the communication records of Americans inside the U.S., then ISIS would kill you and your kids.

    All of that illustrates what is, to me, the most important point from all of this: the last place one should look to impose limits on the powers of the U.S. government is . . . the U.S. government. Governments don’t walk around trying to figure out how to limit their own power, and that’s particularly true of empires.

    Reply
  3. Tomi Engdahl says:

    Ian Urbina / New York Times:
    Passwords don’t just protect data, they reveal our hopes, dreams, secrets, fears, and memories
    http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?_r=0

    Reply
  4. Tomi Engdahl says:

    AP Exclusive: Before Snowden, a debate inside NSA
    http://bigstory.ap.org/article/acc54fc0c64c4c3eae29b8ac380cc065/ap-exclusive-snowden-debate-inside-nsa

    Years before Edward Snowden sparked a public outcry with the disclosure that the National Security Agency had been secretly collecting American telephone records, some NSA executives voiced strong objections to the program, current and former intelligence officials say. The program exceeded the agency’s mandate to focus on foreign spying and would do little to stop terror plots, the executives argued.

    The 2009 dissent, led by a senior NSA official and embraced by others at the agency, prompted the Obama administration to consider, but ultimately abandon, a plan to stop gathering the records.

    Reply
  5. Tomi Engdahl says:

    Regin: Top-tier espionage tool enables stealthy surveillance
    http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

    An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.

    An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen.

    Regin infections have been observed in a variety of organizations between 2008 and 2011, after which it was abruptly withdrawn. A new version of the malware resurfaced from 2013 onwards. Targets include private companies, government entities and research institutes. Almost half of all infections targeted private individuals and small businesses. Attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure.

    Regin’s developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years.

    Reply
  6. Tomi Engdahl says:

    Symantec Uncovers Sophisticated, Stealthy Computer Spying Tool
    November 23, 2014, 9:00 AM PST
    https://recode.net/2014/11/23/symantec-uncovers-sophisticated-stealthy-computer-spying-tool/

    Computer security researchers at Symantec say they have discovered a sophisticated piece of malware circulating the world that appears to be used for spying at Internet service and telecommunications companies, and was likely created by a government agency. And while its origin is unclear, a short list of capable countries would include the U.S., Israel and China.

    The team has dubbed this newly found Trojan “Regin” according to a Symantec blog post

    The researchers said Regin has been used in what appears to be an ongoing spying operation that started in 2008, stopped suddenly in 2011, and then resumed in 2013.

    The campaign was carried out against government organizations, businesses, researchers and private individuals. About 100 Regin infections have been detected, the researchers said, with most — a combined 52 percent — in Russia and Saudi Arabia. The remainder have occurred in Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. No infections have yet been detected in the U.S. or China.

    “We know it was a government that is technically advanced. … This has been a huge spying campaign dating back at least to 2008 and maybe even as early as 2006.”

    Regin attacks systems running Microsoft Windows. It attacks in stages and requires five pieces. Only the first stage is detectable– it opens the door for the subsequent stages, each of which decrypts and executes the following stage. In this way it’s similar to Stuxnet and its sibling Trojan, Duqu which was designed to gather intelligence on a target by stealing massive amounts of data.

    There are dozens of these payloads. One seen in several cases is a remote access tool, or RAT, which gives an attacker the ability to take control of a computer remotely — copy files from the hard drive, turn on the Web cam, turn on the microphone. RATs are also good for capturing keystrokes, a good way to steal passwords.

    Reply
  7. Tomi Engdahl says:

    Now e-cigarettes can give you malware
    http://www.theguardian.com/technology/2014/nov/21/e-cigarettes-malware-computers

    Better for your lungs, worse for your hard drives, e-cigarettes can potentially infect a computer if plugged in to charge

    E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer – electronic cigarettes have become the latest vector for malicious software, according to online reports.

    Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer – but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.

    “The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”

    Reply
  8. Tomi Engdahl says:

    Think sandboxing will stop malware? Here’s why you’re wrong, Apple
    Matthew Baxter-Reynolds
    http://www.theguardian.com/technology/blog/2011/nov/08/sandboxing-malware-failure

    Reply
  9. Tomi Engdahl says:

    Amazon hosting most of the net’s malware, says security firm
    http://www.theguardian.com/technology/2014/jan/16/amazon-hosting-net-malware-security-cloud-google-godaddy

    Report says net’s large cloud providers, including Google and GoDaddy, are unknowingly harbouring ‘on-demand’ malware

    Amazon web services are the biggest malware server in the world along with GoDaddy and Google, as malware producers take advantage of the cloud, according to a new report.

    The report from security firm Solutionary claims that malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to oblivious internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider like Amazon.

    Reply
  10. Tomi Engdahl says:

    Worst WordPress hole for five years affects 86% of sites
    Trio of XSS turns attackers into admins
    http://www.theregister.co.uk/2014/11/24/worst_wordpress_hole_for_five_years_affects_86_of_sites/

    An estimated 86 per cent of WordPress websites harbour a dangerous cross-site scripting (XSS) hole in the popular comment system plugin, in what researcher Jouk Pynnonen calls the most serious flaw in five years. The bug could provide a pathway for attacking visitors’ machines.

    The WP-Statistics plugin lets attackers inject JavaScript into comments, which can then infect reader computers or those of administrators.

    The flaw has existed for about four years affecting versions between 3.0 to 3.9.2 but not version 4.0 which handles regular expressions differently.

    Version 4.0.1 patched a separate and also critical set of XSS flaws discovered by the internal security team, along with a cross-site request forgery hole.

    “An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication,” Pynnonen said.

    “Program code injected in comments would be inadvertently executed in the blog administrator’s web browser when they view the comment. The rogue code could then perform administrative operations by covertly taking over the administrator account.

    Reply
  11. Tomi Engdahl says:

    Sony quietly POODLE-proofs Playstations
    Innocuous ‘system software stability’ update brings no patch, no surf, regime
    http://www.theregister.co.uk/2014/11/24/sony_playstation_update_spells_death_knell_for_poodle/

    Sony has patched the POODLE SSL vulnerability in its Playstation 3 and 4 gaming consoles.

    The rolling patch, introduced over the last fortnight, brings Transport Layer Security into Playstation’s browsers and apps. SSL 3.0 is dispelled, off the Padding Oracle on Downgrade Legacy Encryption attack.

    Reply
  12. Tomi Engdahl says:

    Cloud unicorns are extinct so DiData cloud outage was YOUR fault
    Applications need to be built to handle TITSUP incidents
    http://www.theregister.co.uk/2014/11/24/didata_cloud_outage_was_partly_your_fault/

    Last July, Dimension Data’s Australian cloud went down for over 24 hours. Now the company says its assessment of the incident found those who suffered the most had themselves to blame, to a degree.

    Speaking today at the launch of the company’s new government cloud, cloud general manager David Hanrahan said those impacted by the outage fell into two categories.

    Those who felt most pain, he said, “had not architected for availability” by replicating data and applications to either their own premises or to other clouds.

    Customers who had “taken an enterprise architecture approach approach and mapped their applications from top to bottom and planned accordingly” experienced less pain as a result of the outage.

    Hanrahan’s mostly right: it is possible to architect an application so that when a supplier fails a cloud provider redundant systems will kick in to protect customers applications and data. But the need to do so is not often mentioned in the rush to point out cloud’s low price, elasticity and speed of deployment.

    Reply
  13. Tomi Engdahl says:

    Crypto protocols held back by legacy, says ENISA
    EU takes the microscope to security
    http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/

    The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto designers they’re doing it wrong, in two reports released late last week.

    At the protocol level, cryptography suffers from the tyranny of the installed base, the group writes in Study on cryptographic protocols

    The report states that “cryptographic protocols suffer more from legacy issues than the underlying cryptographic components”, and notes that even when a protocol meets the demands of formal proofs, it can easily be broken by a developer with an eye to improving things:

    “Designers and implementers should refrain from “optimising” well studied protocols to achieve some specific application need; unless they are prepared to revisit and re-evaluate the above security proofs. Small insignificant changes in protocols can result in invalidating the guarantees of such proofs”, the study notes.

    Study on cryptographic protocols
    https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/study-on-cryptographic-protocols/at_download/fullReport

    Reply
  14. Tomi Engdahl says:

    Algorithms, key size and parameters (PDF), adds consideration of side-channel attacks (both in hardware and software) and presents some suggestions for countermeasures.
    https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/at_download/fullReport

    Reply
  15. Tomi Engdahl says:

    Here’s How a Dark Market Bot Sent Ecstasy to an Art Gallery
    http://www.coindesk.com/heres-dark-market-bot-sent-ecstasy-art-gallery/

    Last week, a padded envelope was delivered to the Kunst Halle St Gallen, a contemporary art gallery in St Gallen, the city known as the gateway to the Swiss Alps.

    The envelope contained a DVD case, which held a vacuum-sealed aluminium foil packet. Inside the packet was a transparent plastic pouch containing 10 yellow tablets stamped with the Twitter logo, a fluttering bird.

    The tablets were ‘Yellow Twitter’ ecstasy pills purportedly made of pure MDMA, the acronym for the compound’s chemical name.

    The pills were ordered by a shopping bot that paid in bitcoin. It was written by the art group !Mediengruppe Bitnik, called Random Darknet Shopper, that’s part of an installation at the gallery.

    “The idea behind the Random Shopper was to make a direct connection between these darknet shops and the exhibition space [...] We wanted to talk about how trust is built in anonymous networks. We felt it would be most visible in a marketplace, where you need to build trust.”

    Random Darknet Shopper has four weeks left to run. It has already purchased eight items off Agora, which it selects randomly, and which have to fit into its weekly $100 bitcoin budget. The bot is programmed to buy one item each week

    “Our lawyer said there is a sort of higher [public] interest reason for arts experiments. Because it is a reality, and I think the arts have a very specific duty to show reality,” he said.

    The group makes no attempt to hide its identity on the dark markets.

    «The Darknet –
    From Memes to Onionland.
    An Exploration»
    In cooperation with !Mediengruppe Bitnik and :digital brainstorming
    http://www.kunsthallesanktgallen.ch/en/exhibitions/current.html

    Reply
  16. Tomi Engdahl says:

    ‘New Stuxnet’: Government-grade SOFTWARE WEAPON ‘Regin’ described
    ‘A degree of technical competence rarely seen’
    http://www.theregister.co.uk/2014/11/24/regin/

    A highly advanced malware instance said to be as sophisticated as the famous Stuxnet and Duqu has has been detected attacking the top end of town. “Regin” has security researchers opining it may be nastier than both.

    The “Regin” malware is thought to be developed by a nation-state because of the financial clout needed to produce code of this complexity. The malware targets organisations in the telecommunications, energy and health sectors.

    Symantec malware reversers found attackers have foisted Regin on targets using mixed attack vectors including one unconfirmed zero-day in Yahoo! Messenger.

    “Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen,” Symantec’s researchers wrote.

    Reply
  17. Tomi Engdahl says:

    Malware’s new target: your password manager’s password
    Citadel trojan attempts to grab your master key.
    http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-victims-master-passwords/

    Cyber criminals have started targeting the password managers that protect an individual’s most sensitive credentials by using a keylogger to steal the master password in certain cases, according to research from data-protection company IBM Trusteer.

    The research found that a configuration file, which attackers use to tailor the Citadel trojan for specific campaigns, had been modified to start up a keylogger when the user opened either Password Safe or KeePass, two open-source password managers. While malware has previously targeted the credentials stored in the password managers included in popular Web browsers, third-party password managers have typically not been targeted.

    While the current impact of the attack is low, the implications of the attacker’s focus is that password managers will soon come under more widespread assault, Dana Tamir, director of enterprise security for IBM Trusteer, told Ars Technica.

    “Once the malware captures this master key, then they can use that master key to exercise complete control over the machine and any of the user’s online accounts,” she said.

    Reply
  18. Tomi Engdahl says:

    Using a password manager on Android? It may be wide open to sniffing attacks
    Proof-of-concept exploit against LastPass could easily be extended to other apps.
    http://arstechnica.com/security/2014/11/using-a-password-manager-on-android-it-may-be-wide-open-to-sniffing-attacks/

    In early 2013, researchers exposed some unsettling risks stemming from Android-based password managers. In a paper titled “Hey, You, Get Off of My Clipboard,” they documented how passwords managed by 21 of the most popular such apps could be accessed by any other app on an Android device, even those with extremely low-level privileges. They suggested several measures to help fix the problem.

    “Besides the insecurity of it, what annoyed me was that I was never told any of this while I was signing up or setting up the LastPass app,” Clark wrote in an e-mail. “Instead, I got the strong impression from LastPass that everything was very secure, and I needn’t worry about any of it. If they at least told users the security issues using these features brings, then the users themselves could decide on their own trade-off between usability and security. Not mentioning it at all strikes me as disingenuous.”

    Asked if LastPass has ever notified users of the risk, company CEO Joe Siegrist didn’t give a yes or no answer. Instead, he responded, “This is an any clipboard activity problem [his emphasis] and impacts any password manager involving the clipboard (100% of them)—the way all password managers have consistently allowed you to enter your password into other apps since Android has existed. This demonstration is aimed at LastPass, but it’s the whole of Android that must be addressed.”

    Reply
  19. Tomi Engdahl says:

    How CSOs Can Help CIOs Talk Security to the Board
    http://www.cio.com/article/2850855/security0/how-csos-can-help-cios-talk-security-to-the-board.html

    CIOs aren’t necessarily security experts, but that doesn’t mean they can’t speak intelligently to the company’s board of directors. The key is getting a little coaching from the CSO about how and what to communicate.

    Most CIOs are not security experts, but in the board room they need to be. Thanks to the CSO, they don’t have to go it alone. Behind the scenes, they can help prepare the CIO, offering advice on how to interpret the company’s threat levels, boiling down the most relevant information and communicating it, early and often, so the C-suite will pay attention.

    “The challenges when you take on the CIO role or an executive role are that you don’t think all about security,” said Michael Hart, vice president and CIO of Petwell Partners, during a panel discussion at CIO Perspectives Houston last week. “You rely on the CISO.”

    The panelists, which included IT and security executives, discussed common assumptions about security risks, ways to get your business colleagues to take those risks seriously and best practices to use at your companies.

    “Address past, present and future — and make a case for the CEO. Get on his radar with a weekly report and education,” said Michael Oberlaender, global security expert, author and former security executive. He also said it’s important to create a program that C-suite executives can follow and include clear policies for employees to abide by. “Your company will have a breach sooner or later,” he said. “So educate your executives that you can do something about it.”

    Lastly, it’s critical to involve the legal department, which, Sutton says, can never happen too early. “Please get legal folks involved early on before your data is on fire,” he said. “Help us, help you.”

    Reply
  20. Tomi Engdahl says:

    Webcam hack enabled by ‘laziness’ says website creator
    http://www.telegraph.co.uk/technology/internet-security/11246286/Webcam-hack-enabled-by-laziness-says-website-creator.html

    The creator of a website which invaded the privacy of hundreds of Britons who had failed to properly secure their security cameras says that his actions were supposed to educate the “lazy and IT-ignorant” about the dangers of weak passwords

    The hacker who invaded the privacy of hundreds of Britons by creating a website which broadcast private scenes such as children sleeping in bed has told The Telegraph that he did it to “explain” that they were vulnerable – and takes credit for 120,000 cameras now being secured.

    Now the creator of that site – who has chosen to remain anonymous – has given the Telegraph an exclusive interview over email. He said that the hack was enabled by “laziness and IT ignorance” on the part of the public.

    The problem stems from internet-connected security cameras and webcams which have a feature enabling the owner to log-in remotely and check that their home or business is secure. This is a useful ability, but also one that is open to abuse if a strong password is not used.

    Many people choose to leave the default password in place when they buy the devices – something which is exploitable by people who scan the internet for such devices and attempt to log in.

    The website, which became national news this week when the Information Commissioner Christopher Graham demanded on Radio 4 that it be removed from the internet, pulls together streams from those devices and lists them in an index by country and location.

    Asked if he believes that people deserve privacy in their own homes, the anonymous creator of the site said “sure” and added that he had no other way to convince people about the importance of changing their default passwords.

    Originally the site had access to 160,000 cameras because they were using default passwrods, he said, but after the intense media coverage of the issue in recent days, many of the people owning the devices have changed their settings to increase security – thereby removing themselves from the website.

    Reply
  21. Tomi Engdahl says:

    Businessman takes Google to High Court to block online abuse from search results
    Wants search giant to wipe traces of anonymous postings
    http://www.theregister.co.uk/2014/11/24/case_for_google_to_remove_traces_of_online_abuse_opens/

    The case of former Morgan Stanley banker Daniel Hegglin, who is attempting to compel Google to block anonymous abusive posts against him, opened in the High Court today.

    The defamatory postings amount to a campaign of anonymous abuse against Hegglin

    Google has asked Hegglin to provide a list of web links to be removed, but the court will hear if the search giant should do more.

    The injunction is for Google “to take all reasonable and proportionate technical steps” to ensure “the material does not appear as snippets in Google search results”. And to “prevent the processing of personal data of the claimant which is inaccurate and/or which is causing or is likely to cause him substantial damage or substantial distress”.

    Reply
  22. Tomi Engdahl says:

    Google case over online abuse settled in High Court
    http://www.bbc.com/news/uk-30172110

    A UK businessman who took Google to court over malicious web postings about him appearing in its search results has reached a settlement with the firm.

    Daniel Hegglin said he had been wrongly called a murderer, a paedophile and a Ku Klux Klan sympathiser by an unknown internet troll.

    Mr Hegglin’s lawyer told a High Court judge that Google had made “significant efforts” to remove abusive material.

    The details of the settlement, reached on Sunday, have not been disclosed.

    “The settlement includes significant efforts on Google’s part to remove the abusive material from Google-hosted websites and from its search results. Mr Hegglin will now concentrate his energies on bringing the person responsible for this campaign of harassment to justice.”

    “Google provides search services to millions of people and cannot be responsible for policing internet content,”

    Reply
  23. Tomi Engdahl says:

    The problem with NTP
    http://engineering.bergcloud.com/2014/08/problem-with-ntp/

    Little Printer ships with a Bridge which connects via Ethernet and forwards messages between our cloud servers any printers within radio range. Under the hood the Bridge runs a small Linux kernel and communicates securely with out servers using SSL, and because of this dependence on SSL, it requires a synchronised clock.

    Unfortunately for us, the traditional and most widespread method for clock synchronisation (NTP) has been caught up in a DDoS issue which has recently caused some ISPs to start blocking all NTP communication.

    I’d recommend you read Cloudflare’s great writeup, but the upshot is that when an ISP blocks NTP traffic

    Understanding and mitigating NTP-based DDoS attacks
    http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks/

    Reply
  24. Tomi Engdahl says:

    UK Government Pushes IP-Matching In Latest Digital Counter-Terror Measure
    http://techcrunch.com/2014/11/23/ip-matching/

    ISPs and mobile operators will be forced to retain information linking IP addresses to individuals for 12 months under U.K. government counter-terrorism plans expected to be detailed next week.

    The IP-matching measure will be included in the government’s forthcoming Anti-Terrorism and Security Bill. This follows another failed attempt by the government last year to push through a so-called ‘Snoopers’ Charter’ — aka the Communications Data Bill.

    That legislation would have forced companies to retain data about people’s online conversations, social media activity, calls and texts for 12 months but the coalition’s junior partner, the Liberal Democrats, baulked at supporting what they dubbed an “illiberal” bill.

    The Home Office claims IP-matching will help police and security services identify terror suspects and organized criminals who are using the Internet to communicate. It is also talking this up as a way to help identify other types of Internet users — including hackers, cyber bullies and even vulnerable individuals using social media to discuss taking their own life. That latter scenario is a rather odd inclusion, given the Conservative Party’s usual allergic reaction to anything that can be perceived as ‘nanny state-ish’.

    Beyond that sort of function creep, there is a huge can of worms being unboxed here, given the logical fallacy of equating an IP address with an individual. Politicians failing to grasp the intricacies of technology is, however, nothing new.

    Reply
  25. Tomi Engdahl says:

    Secret Malware in European Union Attack Linked to U.S. and British Intelligence
    https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/

    Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

    Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

    Reply
  26. Tomi Engdahl says:

    Sony Pictures hacked, entire computer system reportedly unusable
    http://thenextweb.com/insider/2014/11/24/sony-pictures-hacked-employee-computers-offline/

    Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack.

    According to the Reddit thread, an image appeared on all employee’s computers reading “Hacked by #GOP” and demanding their “requests be met” along with links to leaked data.

    The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers.

    A source within Sony has anonymously confirmed to TNW that the hack and image that have appeared on computers inside Sony Pictures is real. They said that “a single server was compromised and the attack was spread from there.”

    Reply
  27. Tomi Engdahl says:

    Regin Cyberespionage Platform Also Spies on GSM Networks
    http://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-networks/109539

    Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators in order to launch additional attacks. – See more at: http://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-networks/109539#sthash.C1fWnH3M.dpuf

    Reply
  28. Tomi Engdahl says:

    Sony Paralyzed By Computer Hacker Attack With Ominous Message
    http://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295288/

    UPDATE: While it seems that a world-leading tech company would be the last to be brought down by a hacker, this Sony thing is serious.

    EXCLUSIVE: Things have come to a standstill at Sony today, after the computers in New York and around the world were infiltrated by a hacker. As a precaution, computers in Los Angeles were shut down while the corporation deals with the breach. It has basically brought the whole global corporation to an electronic standstill. I’d heard that this began with a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening. There is no reason given why this is happening, and no specific demands.

    Reply
  29. Tomi Engdahl says:

    How a virus demanding a bitcoin ransom almost destroyed a public radio station’s archives
    But for a fluke in its system, Missouri’s KBIA could’ve lost all its files dating back to 2006.
    http://www.niemanlab.org/2014/11/how-a-virus-demanding-a-bitcoin-ransom-almost-destroyed-a-public-radio-stations-archives/

    It was the first Saturday in November when Patrick Neelin, the lead engineer at the University of Missouri’s public radio station KBIA, got an emergency call from the station’s programming director.

    “He said, ‘Patrick, I’m trying to open some of our files up on our shared storage and every file comes up with a warning that it’s been corrupted,’” Neelin recalled. And alongside the corrupted files were documents demanding $500 in bitcoin to unlock the files.

    “I was kind of in a panic at that point,” Neelin said.

    As soon as Neelin got to the station that Saturday, the first thing he did was shut down all the computers on the network to try and figure out where the attack came from and how to stop it from spreading or infiltrating KBIA’s backup system. The timing was particularly bad for KBIA

    KBIA stores essentially all its archives dating back to 2006 on its shared drives: raw interviews, stories, scripts. The station’s entire music library is also saved there. And outside of the newsroom, sales and donation information is also on the network. To put it simply, the ransomware could’ve been a disaster for KBIA.

    KBIA got lucky: Because of a quirk in its backup system, the vast majority of the station’s files were recoverable. The station has two backup systems, and while the first system backed up the corrupt files, the second did not because it could only backup files it could read — and since the files were all corrupted it couldn’t read them. As a result, only about two weeks’ worth of work was lost, said Austin Federa, KBIA’s content director.

    A number of different ransomware viruses that have proliferated in recent years, but an August report by Dell’s SecureWorks Counter Threat Unit called CryptoWall the “largest and most destructive ransomware threat on the Internet.” There were about 625,000 systems infected globally by CryptoWall between mid-March and August 24, CTU reported. In that time, more than 5.25 million files were corrupted.

    Reply
  30. Tomi Engdahl says:

    Experts Call for Secure Sensors
    http://www.eetimes.com/document.asp?doc_id=1324733&

    Sensor nodes are the most vulnerable point of attack in an Internet of Things ecosystem, so securing the trillions of sensors industry experts expect is of the utmost concern.

    “Once you get the sensor data out to the gateway, everything behind that is as good as any enterprise security. Now that we’re moving to such a large number of sensors, the problem is expanding quite a bit,” Sandhiprakash Bhinde, director of innovation and future IoT solutions at Intel, said at the TSensors Summit. “There are 50 billion devices and most of them are unprotected. Every time something gets hacked it’s a loss of economic value.”

    Bhinde pointed to a 2012 malware attack on Saudi Arabia national oil firm Aramco that halted 30,000 network workstations, as well as a physical attack on a Pacific Gas & Electric substation in California — those networks presumably were more fallible than expected.

    “I think, bottom line, this is just the tip of the iceberg,” Bhinde told attendees, adding that home devices aren’t safe either. “Most houses have a lot of different types of devices and I think the problem really amplifies when… you don’t know who’s looking at them or what data is coming out of those devices.”

    Software-based sensor attack rates are rising as sensor data is often unprotected by APIs, creating a number of challenges for both end-user devices and larger network systems. In-system memory buffers and sensors with always-on capabilities allow for easy access to sensor data, Bhinde said.

    Reply
  31. Tomi Engdahl says:

    Regin: The super-spyware the security industry has been silent about
    NSA fingered as likely source of complex malware family
    http://www.theregister.co.uk/2014/11/24/regin_the_supersecret_spyware_the_security_industry_has_been_silent_about/

    A public autopsy of sophisticated intelligence-gathering spyware Regin is causing waves today in the computer security world.

    But here’s a question no one’s answering: given this super-malware first popped up in 2008, why has everyone in the antivirus industry kept quiet about it until now? Has it really taken them years to reverse engineer it?

    On Sunday, Symantec published a detailed dissection of the Regin malware, and it looks to be one of the most advanced pieces of spyware code yet found.

    The software targets Windows PCs, and a zero-day vulnerability said to be in Yahoo! Messenger, before burrowing into the kernel layer. It hides itself in own private area on hard disks, has its own virtual filesystem, and encrypts and morphs itself multiple times to evade detection. It uses a toolkit of payloads to eavesdrop on the administration of mobile phone masts, intercept network traffic, pore over emails, and so on.

    Reply
  32. Tomi Engdahl says:

    How secure is Docker? If you’re not running version 1.3.2, NOT VERY
    UPGRADE NOW to fix vuln found in all previous versions
    http://www.theregister.co.uk/2014/11/25/docker_vulnerabilities/

    A nasty vulnerability has been discovered in the Docker application containerization software for Linux that could allow an attacker to gain elevated privileges and execute code remotely on affected systems.

    The bug, which has been corrected in Docker 1.3.2, affects all previous versions of the software.

    “No remediation is available for older versions of Docker and users are advised to upgrade,” the company said in a security advisory on Monday.

    The flaw, which has been assigned CVE-2014-6407, relates to how the Docker engine handles file-system image files. Previous versions of the software would blindly follow symbolic and hard links in image archives, which could have allowed an attacker to craft a malicious image that wrote files to arbitrary directories on disk.

    Reply
  33. Tomi Engdahl says:

    New ‘Internet Security Council’ struggling to get off the ground
    With just 10 nominations, and one contribution, are people voting with their feet?
    http://www.theregister.co.uk/2014/11/25/netmundial_initiative_struggling/

    Plans for a new internet governance body are struggling to get off the ground after blowback from the internet community itself.

    The NetMundial Initiative was formally launched three weeks ago as an open source platform that would enable people to collaborate on internet governance issues.

    Just a week later, the Internet Society – one of the organizations that had been offered a permanent seat – blasted the initiative saying it was “concerned” about “the way in which the NETmundial Initiative is being formed” and noting that it “does not appear to be consistent with the Internet Society’s longstanding principles.” It refused to take up the offer the seat.

    So far at least, ICANN/NetMundial is not giving ground on its plans. And so the internet and business communities are simply refusing to engage. As techies are fond of saying: “The ‘net interprets censorship as damage and routes around it.”

    Reply
  34. Tomi Engdahl says:

    Who’s been writing in my apps? Googlilocks builds new apps-tracker
    Google offers new dashboards for Work and frees Zix crypto
    http://www.theregister.co.uk/2014/11/25/google_employs_security_wizard_for_apps_drops_intel_panels/

    Google has bolstered the security of its Apps platform with new reports providing insight into the number of devices accessing the account over the past month.

    The Devices and Activity dashboard displayed all devices active on an account in the last 28 days and those still signed in.

    Security director and mentalist Eran Feigenbaum said admins could quickly change passwords and lock own accounts if suspicious access was noticed.

    “To make your job a bit easier, today we’re announcing new security tools to help Google Apps users take more control of their security online,” Feigenbaum said.

    “This tool prioritises all administrator settings for security features that end users are permitted to turn on.”

    Reply
  35. Tomi Engdahl says:

    Google Chrome will block all NPAPI plugins by default in January, drop support completely in September
    http://venturebeat.com/2014/11/24/google-chrome-will-block-all-netscape-plugin-api-plugins-in-january-drop-support-completely-in-september/

    Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser’s security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September

    For context, Google first announced in September 2013 that it was planning to drop NPAPI.

    In April 2015, this will no longer be an option as NPAPI support will be disabled by default in Chrome and Google will unpublish extensions requiring NPAPI plugins from the Chrome Web Store. That being said, Google will provide an override for advanced users (via an “enable-npapi” flag) and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI.

    Web developers who use or build these plugins can find out more information in the NPAPI deprecation guide.

    Reply
  36. Tomi Engdahl says:

    Book Review: Bulletproof SSL and TLS
    http://books.slashdot.org/story/14/11/23/1647228/book-review-bulletproof-ssl-and-tls

    If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn’t wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security.

    SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU’s were much slower. With better CPU’s and the optimization techniques the book shows, there is no reason not to use TLS.

    The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard.

    As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly.

    Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.
    https://www.ssllabs.com/

    Reply
  37. Tomi Engdahl says:

    Owner of site streaming webcam feeds ‘seeks new job’
    http://www.bbc.com/news/technology-30176359

    A website containing live links to thousands of baby monitors, web cams and CCTV has shut down.

    Its administrator now appears to be using the page to look for work.

    “Programmer looking for a good remote job” is now the only content on the site, along with a list of skills and an email address.

    The Russian-based site, called Insecam, was streaming footage from systems using either default passwords or no log-in codes at all.

    The site owner told the BBC over email that he did not consider himself to be a hacker as he had not infiltrated any security settings.

    “An analogy best describing this would be just because someone leaves their window open it does not give permission for an unauthorized individual to set up a camera outside their window and broadcast the feed worldwide,” said Foscam chief operating officer Chase Rhymes.

    The companies all urged camera owners to change their passwords regularly.

    Reply
  38. Tomi Engdahl says:

    Slack now letting employers tap workers’ private chats
    The company hopes to attract more businesses with the optional feature
    http://www.itworld.com/article/2851993/slack-now-letting-employers-tap-workers-private-chats.html

    The feature seems at odds with the company’s own branding. “Private things stay private, so just the right people see them,” Slack’s website says.

    Slack is offering the feature to accommodate businesses that are required by law to have access to and store all employee communications, the company said in a blog post describing the feature.

    Financial services and securities trading firms regulated under the Financial Industry Regulatory Authority are two examples. So too are companies that, due to litigation concerns, must store all employee communications, Slack says.

    Reply
  39. Tomi Engdahl says:

    Sony Pictures in IT lock-down after alleged hacker hosing
    Data caches uploaded as hackers deface internal staff boxes
    http://www.theregister.co.uk/2014/11/25/sony_pictures_in_it_lockdown_after_alleged_hacker_hosing/

    Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem.

    The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from the Sony network and shut down virtual private networks.

    Sony Pictures Targeted by Apparent Hack Attack to Corporate Systems
    http://variety.com/2014/biz/news/sony-targeted-by-apparent-hack-attack-to-corporate-systems-1201363734/

    According to a source at Sony Pictures, the company is telling employees that the situation may take anywhere from one day to three weeks to resolve. The source said a photo appeared on company computers Monday morning with an image of a skeleton and a message saying “Hacked by #GOP.” The message then says, “Warning: We’ve already warned you, and this is just the beginning… We have obtained all your internal data including secrets and top secrets.”

    The SPE attack is being linked to a group called “Guardians of Peace,” Bloomberg reported, citing an anonymous source.
    In August, hackers claimed they took down Sony’s PlayStation Network via a denial-of-service attack,

    Reply
  40. Tomi Engdahl says:

    The Intercept:
    Regin malware found on Belgacom, plus networks of European Commission, Council, Parliament, and others linked to GCHQ, NSA operations — U.S. and British Intel Agencies Attacked European Union With Malware — Complex malware known as Regin is the suspected technology behind sophisticated …

    Secret Malware in European Union Attack Linked to U.S. and British Intelligence
    https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/

    Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

    Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

    The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

    Reply
  41. Tomi Engdahl says:

    A Top Twitter Executive Just Had A Massive Direct Message Fail
    http://www.buzzfeed.com/mattlynley/a-top-twitter-executive-just-had-a-massive-direct-message-fa

    It looks like Twitter’s finance chief Anthony Noto thought he was messaging another Twitter executive about buying a company. Anthony Weiner, a prominent victim of the DM Fail, was quick to step in and offer support.

    Reply
  42. Tomi Engdahl says:

    Hackers shut down Sony Pictures’ computers and are blackmailing the studio
    http://www.theverge.com/2014/11/24/7277451/sony-pictures-paralyzed-by-massive-security-compromise

    Today, employees across the Sony Pictures offices were greeted with a strange picture as they tried to login to their computers. Since this afternoon, computers at the company have been completely unresponsive

    The group appears to have obtained a number of sensitive documents from Sony Pictures

    In the meantime, the compromise seems to have brought day-to-day work at the studio to a crashing halt. Employees are reportedly unable to send email, use their computers, or even answer phones. As one employee told Deadline, “We are down, completely paralyzed.” In the official statement, Sony used more measure language: “We are investigating an IT matter.”

    Reply
  43. Tomi Engdahl says:

    Hack at Sony Pictures shuts computer system
    http://www.latimes.com/business/la-fi-sony-hack-20141125-story.html

    Sony Pictures Entertainment suffered a widespread hack that rendered the film studio’s computer systems useless, in a twist right out of a cybersecurity thriller movie.

    Employees of the Culver City-based studio who tried to log on to their work computers Monday were greeted with an ominous warning. An image of a sneering red skeleton appeared on the screen under “Hacked By #GOP,” reportedly short for “Guardians of Peace,” and a list of threats.

    Then the system went dark.

    The hacker group’s warning that popped up on computers had overtones of blackmail to Sony

    Cybersecurity experts said little was known about the hackers, and it was not known whether the FBI or other government agencies were involved.

    This would not be the first time the Tokyo-based electronics and entertainment giant has been the target of cybercriminals. Sony’s PlayStation Network was the victim of a 2011 hack that stole 77 million user accounts from the online gaming service. Hackers in August overwhelmed the network with “denial of service” attacks, taking it down.

    The Sony film unit is only the latest company to get hit. Retail giant Target Corp. last year had to face the Black Friday theft of a huge swath of customer information, including some 40 million credit card numbers.

    Millions of customers have seen their information stolen in other recent attacks on companies including Home Depot and JPMorgan Chase & Co. Banks and retailers are popular targets because of the access they have to consumer financial information.

    A recent report from the consulting firm PricewaterhouseCoopers estimated that more than 117,000 cyberattacks hit businesses each day, but few are on the scale of the blow dealt to Sony

    “It’s obvious from the scope of what’s been done that the intruders owned the entire environment,” Lieberman said. “Sony lost control of their environment.”

    He said similar attacks have unfolded in this way: A hacker gains access to login information for an IT administrator, then uses those credentials to sniff around the network. “Ransom-ware,” like that appearing on Sony employees’ computers, is installed.

    One Sony employee, who did not want to be named because of the sensitivity of the situation, said the hack has disrupted everyone’s workflow.

    Reply
  44. Tomi Engdahl says:

    Lee Rigby: internet firms providing safe haven for terrorists, says PM
    David Cameron makes claim as he responds to official inquiry into intelligence agencies’ actions before killing of fusilie
    http://www.theguardian.com/uk-news/2014/nov/25/lee-rigby-report-internet-firms-safe-haven-terrorists-pm

    Internet companies are allowing their networks to be used to plot “murder and mayhem”, David Cameron has said in response to the official inquiry into the intelligence agencies’ actions before the killing of Lee Rigby.

    He demanded that internet companies live up to their social responsibilities to report potential terror threats and said there was no reason for such firms to be willing to cooperate with state agencies over child abuse but not over combatting terrorism.

    Reply
  45. Tomi Engdahl says:

    Top Counter-Strike Players Embroiled In Hacking Scandal
    http://games.slashdot.org/story/14/11/25/1728253/top-counter-strike-players-embroiled-in-hacking-scandal

    Counter-Strike: Global Offensive is one of the world’s fastest growing eSports, but the community has been rocked by scandal in the last week, with several top players being banned by Valve for using various hacking tools to improve their performance.

    How to spot a hacker in Counter-Strike
    Hacking is rife in CS:GO and even pro players are being banned, so how do we stop it?
    http://www.redbull.com/en/esports/stories/1331691928609/counter-strike-hacker-spotting-guide

    Over the weekend, Valve had a little autumnal clearout of their suspected Counter-Strike: Global Offensive cheater list. In among the script kiddies and third accounts being handed Valve Anti-Cheat (VAC) bans were some familiar names to those who follow pro

    Reply
  46. Tomi Engdahl says:

    Adobe tries again to fix Flash vulnerability
    http://www.pcworld.com/article/2852412/adobe-tries-again-to-fix-flash-vulnerability.html

    Adobe released an emergency patch on Tuesday to fix a Flash Player vulnerability that was fixed last month but was quickly exploited again.

    The company had issued a patch for the flaw, called CVE-2104-8439, but attackers soon found a way around that fix.

    The latest update to Flash adds a “mitigation” for CVE-2104-8439, a vulnerability that could lead to the installation of malware.

    The latest version for Windows and Apple’s Mac OS is 15.0.0.239, and the latest for Linux is 11.2.202.424. Flash Player for Google’s Chrome and Microsoft’s Internet Explorer browsers should automatically update, but the update also can be installed manually from Adobe.

    Reply
  47. Tomi Engdahl says:

    Flash vulnerability being exploited in large-scale attacks, mere days after patch
    http://www.pcworld.com/article/2836732/one-week-after-patch-flash-vulnerability-already-exploited-in-largescale-attacks.html

    If you haven’t updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

    The vulnerability, which is being tracked as CVE-2014-0569 in the Common Vulnerabilities and Exposures (CVE) database, was fixed in Flash Player updates last week.

    The bundling of an exploit for CVE-2014-0569 in an attack tool that’s sold on underground markets is unusual, especially since the vulnerability was privately reported to Adobe through Hewlett-Packard’s Zero Day Initiative (ZDI) program, meaning its details should not be public.

    The creators of exploit kits like Fiesta typically reuse proof-of-concept exploits published online by researchers or included in legitimate penetration testing tools like Metasploit. That’s because reverse engineering patches to discover where vulnerabilities are located and then writing reliable exploits for them requires advanced knowledge and is generally done by professionals.

    Reply
  48. Tomi Engdahl says:

    Edward Snowden’s Privacy Tips: “Get Rid Of Dropbox,” Avoid Facebook And Google
    http://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/?ncid=rss&cps=gravity

    According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google.

    He added that on an individual level, people should seek out encrypted tools and stop using services that are “hostile to privacy.” For one thing, he said you should “get rid of Dropbox,” because it doesn’t support encryption, and you should consider alternatives like SpiderOak. (Snowden made similar comments over the summer, with Dropbox responding that protecting users’ information is “a top priority.”)

    “When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights.”

    [Update: In a June blog post related to Snowden, Dropbox actually says, “All files sent and retrieved from Dropbox are encrypted while traveling between you and our servers,” as well as when they’re “at rest on our servers,” and it points to other security measures that the company is taking. The difference between Dropbox and SpiderOak, as explained elsewhere, is that SpiderOak encrypts the data while it’s on your computer, as opposed to only encrypting it “in transit” and on the company’s servers.]

    He also suggested that while Facebook and Google have improved their security, they remain “dangerous services” that people should avoid.

    Reply
  49. Tomi Engdahl says:

    Finnish IT-house server crashes strangely – the reason for the State of spyware
    Very advanced Regin-spyware rose on Monday, the news headlines around the world. F-Secure’s Mikko Hyppönen by Regin is this year’s most important news of the malware

    Spyware Regin became the world’s awareness of the security company Symantec said on Sunday, in its report haitakkeen existence. However, it took a while before the score components were combined with each other.

    “One and a half days after it was realized that Regin is this year’s most important news of the malware,” said F-Secure’s Chief Research Officer Mikko Hypponen

    Regin was CGHQ the UK and the US Security Agency NSA’s project, which was the mention of Edward Snowden leaking into the documents. NSA’s spying tools työkalukatalogissa spoken names Unitedrake and Straitbizzare. Regin name comes from the fact that the program will save a lot of information in the Windows registry (in the registry).

    This malware destroys an active components, which it does not. Thus, it is difficult for researchers to get an overall picture of Reginin activities.

    Security Houses have studied Regin for a long time. F-Secure explored Regin for the first time in 2009. The company’s client had a Finnish IT house called F-Secure to explain why one servers crashes continuously.

    “We did not think that there would have been a state with spyware. Yes, we saw that there was a rootkit, which had had time to have a server days of the year, “Hypponen said.

    Snowden documents is also apparent from the information on how the British CGHQ has been successfully tested Spyware Program on operator Belgacom. Belgacom works as GRX hub. This means that it is all the mobile data connection point. It is also not any Belgian operator, as the company is also responsible for the communication of the European Parliament.

    British intelligence carried out a so-called computer network attacks exploit that allows the operator tried to executives and network structure. CGHQ gained access to six operator workstations.

    Reginin victims had spyware on their computer, for example, visiting on LinkedIn. But LinkedIn page has not at any time been broken.

    Source: http://summa.talentum.fi/article/tv/uutiset/112863

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*