Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).
Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.
Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.
2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.
Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.
Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.
DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.
There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.
The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.
Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.
Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.
In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.
Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.
3,382 Comments
Tomi Engdahl says:
Linking to a website doesn’t infringe copyright, Europe’s Court of Justice says
http://www.pcworld.com/article/2097660/no-authorisation-required-for-hyperlinks-to-copyright-works-cjeu-says.html
The owner of a website does not require authorization of the copyright holder to link to freely accessible copyright works on another site, even if Internet users get the impression that the work is appearing on the site that contains the link, the Court of Justice of the European Union (CJEU) said Thursday.
Tomi Engdahl says:
Exclusive: Snowden Swiped Password From NSA Coworker
http://www.nbcnews.com/news/investigations/exclusive-snowden-swiped-password-nsa-coworker-n29006
A civilian NSA employee recently resigned after being stripped of his security clearance for allowing former agency contractor Edward Snowden to use his personal log-in credentials to access classified information, according to an agency memo obtained by NBC News.
In addition, an active duty member of the U.S. military and a contractor have been barred from accessing National Security Agency facilities
Tomi Engdahl says:
Linksys Routers Exploited By “TheMoon”
http://hardware.slashdot.org/story/14/02/13/1944248/linksys-routers-exploited-by-themoon
“A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is being used to mass-exploit various Linksys routers right now.”
Linksys Worm (“TheMoon”) Captured
https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Captured/17630
Tomi Engdahl says:
New IE 10 Zero-Day Used in Watering Hole Attack Targeting U.S. Military
http://www.securityweek.com/new-ie-10-zero-day-used-watering-hole-attack-targeting-us-military
Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars’ website.
Dubbed “Operation SnowMan” by FireEye, the attack targets IE 10 with Adobe Flash.
Tomi Engdahl says:
Thought mobe banking apps were safe from nasties? THINK AGAIN
Fake SSL certs let cybercrooks hoover up login creds and redirect transactions
http://www.theregister.co.uk/2014/02/14/fake_ssl_cert_peril/
Fake SSL certificates in the wild for Facebook, Google and Apple’s iTunes store create a grave risk of fraud for people who bank online using their smartphones.
Analysis outfit Netcraft said it has found “dozens” of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. The counterfeit credentials create a ready means for attackers to run man-in-the-middle attacks against the customers of affected companies.
Tomi Engdahl says:
A Key You Can Photograph Is A Key That Can Be Copied
http://gizmodo.com/any-key-you-can-photograph-is-a-key-that-can-be-copied-1522264272
If you take a picture of a car or house key, could you use that picture to get a copy made? Yes—quite trivially, actually.
the specific measurements for any common brand of lock can be found online, and, with a little experience, you can hand-file keys in only a few minutes.
You should think of your keys like you think of your passwords: don’t show them off to the world!
Tomi Engdahl says:
5 alarming things that can be undeleted from your phone using police software
http://www.stumbleupon.com/su/2XYKmT#
one of the biggest concerns within the field was when software used by the police called forensic data retrieval was officially made available to the general public
Software like Oxygen Forensic and AccessData allows anyone to recover data from phones and other mobile devices even after it has been deleted or undergone a factory reset.
1. Images and videos
2. Bank details on apps
3. SMS and email messages (sent and received)
4. Web browsing history
5. Geo-positioning and location sensors
A military-standard data wipe is the only known way to properly erase not just the data paths but the data itself.
Tomi Engdahl says:
THOUSANDS of Tesco.com logins and passwords leaked online
http://www.theregister.co.uk/2014/02/14/tesco_login_details_leaked/
Thousands of Tesco customers have had their emails and passwords posted online after hackers got their hands on the login details.
It’s believed that the usernames and passwords were acquired from hacks on other sites and then tried out on Tesco.com by the hackers.
Tomi Engdahl says:
Understanding and mitigating NTP-based DDoS attacks
http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers.
it is a simple UDP-based protocol that can be persuaded to return a large reply to a small request
This blog post explains how an NTP-based attack works and how web site owners can help mitigate them.
DNS Reflection is so 2013
NTP-based attacks use similar techniques, just a different protocol.
Tomi Engdahl says:
UR-CERT Alert (TA14-017A)
UDP-based Amplification Attacks
https://www.us-cert.gov/ncas/alerts/TA14-017A
A Distributed Reflective Denial of Service (DRDoS) attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic.
Certain UDP protocols have been identified as potential attack vectors:
DNS
NTP
SNMPv2
NetBIOS
SSDP
CharGEN
QOTD
BitTorrent
Kad
Quake Network Protocol
Steam Protocol
Tomi Engdahl says:
Bitcoin-Stealing Mac Malware Distributed via Download.com and MacUpdate
http://news.softpedia.com/news/Bitcoin-Stealing-Mac-Malware-Distributed-via-Download-com-and-MacUpdate-426284.shtml
So far, the malware, dubbed OSX/CoinThief, has been spotted as BitVanity and StealthBit on GitHub and as Bitcoin Ticker TTM and Litecoin Ticker on Download.com and MacUpdate.
“The browser extensions watch your web traffic, looking for specific headers for bitcoin-related websites.”
Tomi Engdahl says:
Enterprise cloud services: Who’s responsible?
http://searchcloudapplications.techtarget.com/opinion/Enterprise-cloud-services-Whos-responsible
There’s not enough security in cloud environments said over 32% of the nearly 1,300 business and IT respondents to TechTarget’s first quarter 2013 Cloud Pulse survey. About 34% were put off by not having enough control over cloud environments, certainly a related topic.
In “Security in 2013,” the security responsibilities of Amazon Web Services and customers were spelled out:
AWS: facilities; physical security; physical infrastructure; network infrastructure; virtualization infrastructure.
AWS customer: operating system; application; security groups; network ACLs; network configuration; account management.
Amazon takes care of security for its in-house systems and infrastructure, “but they don’t want to be in the database [security] business,” said “Security in 2013″ speaker Sherry.
Cloud Security Configurations: Who is responsible?
http://blogs.gartner.com/kyle-hilgendorf/2013/04/02/cloud-security-configurations-who-is-responsible/
Tomi Engdahl says:
The New Normal: 200-400 Gbps DDoS Attacks
http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/
Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet — a nearly 200 Gpbs assault leveraging a simple attack method that industry experts say is becoming alarmingly common.
Matthew Prince, the CEO of Cloudflare — a company that helps Web sites stay online in the face of huge DDoS attacks — blogged Thursday about a nearly 400 Gbps attack that recently hit one of the company’s customers and leveraged NTP amplification. Prince said that while Cloudflare “generally [was] able to mitigate the attack, it was large enough that it caused network congestion in parts of Europe.”
The shocking thing about these DDoS-for-hire services is that — as I’ve reported in several previous stories — a majority of them are run by young kids who apparently can think of no better way to prove how cool and “leet” they are than by wantonly knocking Web sites offline and by launching hugely disruptive assaults.
Tomi Engdahl says:
Hackers circulate thousands of FTP credentials; New York Times among those hit
A list of compromised FTP credentials is circulating in underground forums
http://www.computerworld.com/s/article/print/9246334/Hackers_circulate_thousands_of_FTP_credentials_i_New_York_Times_i_among_those_hit
The hackers obtained credentials for more than 7,000 FTP sites and have been circulating the list in underground forums, said Alex Holden, chief information security officer for Hold Security
The attackers may have obtained the credentials through malware installed on other computers at the affected organizations
The default application for accessing FTP servers is usually a Web browser, which can log into an FTP site automatically if supplied with a link containing the proper credentials. Hackers could therefore embed links in spam emails, for example, and the name of a familiar company might give victims the confidence to trust a link and click on it.
FTP applications can also be used to update files on a Web server, meaning hackers could potentially use the credentials to make changes to a company’s website.
Tomi Engdahl says:
Will your clothing spy on you?
http://tech.fortune.cnn.com/2014/02/13/will-your-clothing-spy-on-you/
A scholar warns of the potential for wearable technology to annihilate privacy for good.
Tomi Engdahl says:
WhatsApp cops shared crime pics with outsider
http://www.thelocal.se/20140214/whatsapp-cops-shared-crime-pix-with-outsider
A sextet of unsuspecting Stockholm cops accidentally included a professor in their WhatsApp chat where they bandied about sensitive case details, including images and crime register excerpts.
Tomi Engdahl says:
Fiendish Internet Explorer 10 zero-day targets US soldiers
Malware blizzard timed to coincide with snowstorms
http://www.theregister.co.uk/2014/02/14/ie10_0day/
Cyberspies have used an unpatched vulnerability in Internet Explorer 10 in an exploit which appears to target US military personnel.
“The vulnerability is a use-after-free bug that gives the attacker direct memory access at an arbitrary address using a corrupted Adobe Flash file,”
Tomi Engdahl says:
Linksys router users are hit by ‘The Moon’ worm
Could turn out to be a bot
http://www.theinquirer.net/inquirer/news/2329073/linksys-router-users-are-hit-by-the-moon-worm
THOSE THAT HAVE Linksys Routers should beware, as they are potentially at risk from a computer worm that is exploiting an authentication bypass vulnerability on the devices’ firmware, security researchers at the SANS Institute’s Internet Storm Center (ISC) have warned.
affecting Linksys E-series
infected router then scans for other victims
Tomi Engdahl says:
Kickstarter hacked, with data stolen for an unknown number of customers
http://www.theverge.com/2014/2/15/5414970/kickstarter-hacked-with-data-stolen-for-an-unknown-number-of-customers
Hackers breached Kickstarter’s defenses and stole the information of an unspecified number of customers, the company disclosed today.
No credit card data was accessed, the popular crowdfunding site said, but hackers did gain access to usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.
Tomi Engdahl says:
Internet Trolls Are Actually Sadists, Study Finds
Trolls are susceptible to sadism, psychopathy, and Machiavellianism.
Read more: Internet Trolls Are Sadists and Psychopaths, Psychologist Report Finds | TIME.com http://newsfeed.time.com/2014/02/13/internet-trolls-are-actually-sadists-study-finds/#ixzz2tWTHRrgV
Tomi Engdahl says:
Merkel, Hollande to discuss European communication network avoiding U.S.
http://www.reuters.com/article/2014/02/15/us-germany-france-idUSBREA1E0IG20140215
German Chancellor Angela Merkel said on Saturday she would talk to French President Francois Hollande about building up a European communication network to avoid emails and other data passing through the United States.
“We’ll talk with France about how we can maintain a high level of data protection,” Merkel said.
“We’ve got to do more for data protection in Europe, there’s no doubt about it,” Merkel said on Saturday.
Tomi Engdahl says:
Google acquires Israeli security startup SlickLogin
http://www.geektime.com/2014/02/16/google-acquires-slicklogin/
The Israeli startup behind a new smart identification solution (Two-Factor Authentication) for end users that uses high frequency sounds as pass keys, is expected to be integrated into Google’s latest user identification security parameters
Tomi Engdahl says:
With Porn Filters Going Oh So Well, UK Roars Ahead In Expanding Them To Include ‘Extremist’ Content
from the things-are-getting-a-little-dystopian dept
http://www.techdirt.com/articles/20140211/19014226192/uk-govt-goes-extraterritorial-to-clean-up-web-ministers-looking-to-block-extremist-videos-foreign-websites.shtml
Just as child porn is used to justify broader porn filters, beheading videos appear to be the magic bullet into scaring people into accepting filters that move well beyond porn.
Granted what is deemed “extremist” will likely be entirely arbitrary, and as we’ve seen with the porn filters, there’s probably no limit to the number of entirely legal and legitimate websites UK citizens will find suddenly inaccessible.
Tomi Engdahl says:
Syrian Electronic Army Attacks Forbes Website, Steals User Info
February 14, 2014, 2:46 PM PST
http://recode.net/2014/02/14/syrian-electronic-army-attacks-forbes-web-site-steals-user-info/
The Syrian Electronic Army has broken into the website of business magazine Forbes and claims to have made off with a million user account names and passwords, according to statements and screenshots posted on the group’s Twitter feed.
A person familiar with the situation, but who asked not to be named, confirmed to Re/code that sign-ins for Forbes’ WordPress blogging system have been disabled for all outside contributors for now.
SEA, based on what it shows in its screenshots, appears to have tried to edit stories on the Forbes.com website.
Forbes isn’t sharing any details as to how the hack was carried out
The breach comes at a delicate moment for Forbes.
It has been a busy February for the Syrian Electronic Army. Last week it tried but failed to hijack Facebook’s domain name and redirect its traffic to another site.
Tomi Engdahl says:
The Economist explains
Why South Korea is really an internet dinosaur
http://www.economist.com/blogs/economist-explains/2014/02/economist-explains-3
SOUTH KOREA likes to think of itself as a world leader when it comes to the internet. It boasts the world’s swiftest average broadband speeds (of around 22 megabits per second). Last month the government announced that it will upgrade the country’s wireless network to 5G by 2020
Yet in other ways the futuristic country is stuck in the dark ages. Last year Freedom House, an American NGO, ranked South Korea’s internet as only “partly free”. Reporters without Borders has placed it on a list of countries “under surveillance”, alongside Egypt, Thailand and Russia, in its report on “Enemies of the Internet”. Is forward-looking South Korea actually rather backward?
Tomi Engdahl says:
The troublesome history of the bitcoin exchange MtGox
https://anders.io/the-troublesome-history-of-the-bitcoin-exchange-mtgox/
Most, if not all, of the people interested in the bitcoin phenomenon have heard of MtGox, the Japanese bitcoin exchange. I’ll look in to some of the issues they’ve run into over the handful of years they’ve existed.
The problem is that someone in the bitcoin network could maliciously alter the transaction by keeping the signature valid, but giving it a new transaction id (hash). The transactions would only differ by the hash, not which bitcoin is being spent. The miners could confirm either of the transactions, which validates that the sender had access to the coins. The second transaction would never be validated, since the coins will already have been spent by the first transaction.
Tomi Engdahl says:
Australia, US accessing Indonesian telephone data, leaked documents show
Newly disclosed documents from former US intelligence contractor Edward Snowden have revealed that Australian intelligence efforts against Indonesia do not just target suspected terrorists or key political figures but involve massive penetration of Indonesia’s phone networks and data collection on a huge scale.
Australian Signals Directorate obtained nearly 1.8 million encrypted master keys, which are used to protect private communications, from the Telkomsel mobile telephone network in Indonesia, and developed a way to decrypt almost all of them.
Read more: http://www.smh.com.au/national/australia-us-accessing-indonesian-telephone-data-leaked-documents-show-20140216-32td8.html#ixzz2tZNiXR9O
Tomi Engdahl says:
Linksys vuln confirmed as a HNAP1 bug
Router-maker’s pants pulled down by ‘moon’ malware
http://www.theregister.co.uk/2014/02/17/linksys_vuln_confirmed_as_a_hnap1_bug/
The worm called “The Moon”, which began spreading between Linksys home broadband kit last week, has been confirmed as a problem with the devices’ HNAP1 implementation, and an exploit has been made public.
Tomi Engdahl says:
New password system lets planet Earth do the hard work
Think of a place, any place…
http://www.theregister.co.uk/2014/02/17/new_password_system_lets_planet_earth_do_the_hard_work/
ZSS-Research of Ras Al Khaimah in the UAE has developed a system which requires users to choose a favourite place anywhere on the planet and then draw a virtual boundary around that location.
the permutations are enormous but the password (ie the location) is easy to remember for the user.
Tomi Engdahl says:
Devs angrily dismiss Absolute Computrace rootkit accusation
This was sorted five years ago, rages anti-theft software haus
http://www.theregister.co.uk/2014/02/17/kaspersky_computrace/
Developers have denied accusations that their Computrace anti-theft software poses a remote wipe risk for the computers the program is designed to protect.
Absolute’s Computrace agent resides in the firmware, or ROM BIOS (Basic Input/Output System), of millions of laptops and desktop PCs from manufacturers including Dell, Fujitsu, HP, Lenovo, Samsung, and Toshiba.
According to Kaspersky’s Security Network, there are approximately 150,000 users who have the Computrace agent running on their machines
The network protocol used by the Computrace Small Agent provides basic features for remote code execution. The protocol doesn’t require using any encryption or authentication of the remote server, creating many opportunities for remote attacks, according to security researchers at the Russian security software firm.
Tomi Engdahl says:
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
11 Feb 2014
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers
New threat actor: Spanish-speaking attackers targeting government institutions, energy, oil & gas companies and other high-profile victims via cross-platform malware toolkit
Today Kaspersky Lab’s security research team announced the discovery of “The Mask” (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS (iPad/iPhone).
The main objective of the attackers is to gather sensitive data from the infected systems. These include office documents, but also various encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by the Remote Desktop Client to automatically open a connection to the reserved computer)
Tomi Engdahl says:
A Scary New Malware Is Tearing Up The Internet And No One Knows Where It Came From
http://www.businessinsider.com/careto-malware-2014-2#ixzz2taj17gV9
“Careto”
It sends out emails designed to look as though they were sent legitimately from news sources like The Guardian and others.
It works against Windows, OS X and Linux systems, and there may be iOS and Android versions on the way.
Tomi Engdahl says:
The Careto/Mask APT: Frequently Asked Questions
http://www.securelist.com/en/blog/208216078/The_Careto_Mask_APT_Frequently_Asked_Questions
The main targets of Careto fall into the following categories:
Government institutions
Diplomatic offices and embassies
Energy, oil and gas companies
Research institutions
Private equity firms
Activists
Although the exact number of victims is unknown, we observed victims at more than 1000 IP addresses in 31 countries
Tomi Engdahl says:
Syrian Electronic Army Attacks Forbes Website, Steals User Info
February 14, 2014, 2:46 PM PST
http://recode.net/2014/02/14/syrian-electronic-army-attacks-forbes-web-site-steals-user-info/
Tomi Engdahl says:
Report: Valve anti-cheat scans your DNS history
http://www.playerattack.com/news/2014/02/17/report-valve-anti-cheat-scans-your-dns-history/
Valve is looking at your browsing history right now, if a recent report is to be believed. It seems that the company’s Valve Anti Cheat system (VAC) reportedly looks at all the domains you have visited, and if it finds that you’ve frequented hack sites, who knows what actions it will take.
The new functionality has been slammed by gamers, who claim it is “more like spyware than anti-cheat”. Valve has not responded to the allegations
Tomi Engdahl says:
Exploit released for vulnerability targeted by Linksys router worm
http://www.pcworld.com/article/2098520/exploit-released-for-vulnerability-targeted-by-linksys-router-worm.html
Technical details about a vulnerability in Linksys routers that’s being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.
The initial report from SANS ISC said the vulnerability is located in a CGI script that’s part of the administration interface of multiple Linksys’ E-Series router models.
“I was hoping this would stay under wraps until a firmware patch could be released, but it appears the cat is out of the bag,” Rew wrote in the exploit notes.
Tomi Engdahl says:
Iranian hack of US Navy network was more extensive and invasive than previously reported
By Rich McCormick on February 18, 2014 03:29 am
http://www.theverge.com/2014/2/18/5421636/us-navy-hack-by-iran-lasted-for-four-months-say-officials
In September of 2013, it was reported the US Navy’s largest unclassified computer network was hacked by a group either “working directly for Iran’s government [or] acting with the approval of Iranian leaders.” Now US officials say that the network infiltration was far more extensive than previously thought, and lasted much longer than previously reported.
they also note that the attack was “more invasive” than reported, with the infiltrators able to make their way into the “bloodstream” of the network
Tomi Engdahl says:
How to Hide Your Genome
http://news.sciencemag.org/biology/2014/02/how-hide-your-genome
As the cost of genetic sequencing plummets, experts believe our genomes will help doctors detect diseases and save lives. But not all of us are comfortable releasing our biological blueprints into the world. Now, cryptologists are perfecting a new privacy tool that turns genetic information into a secure yet functional format. Called homomorphic encryption and presented here today at the annual meeting of AAAS, which publishes Science, the method could help keep genomes private even as genetic testing shifts to cheap online cloud services.
Tomi Engdahl says:
Merkel Backs Plan to Keep European Data in Europe
http://www.nytimes.com/2014/02/17/world/europe/merkel-backs-plan-to-keep-european-data-in-europe.html?hp&_r=0
Chancellor Angela Merkel of Germany has embraced proposals to create European data networks that would keep emails and other communications on the European side of the Atlantic, farther from prying American eyes, and said she would raise the matter this week with President François Hollande of France.
“We will, above all, discuss which European providers we have who offer security for our citizens,” Ms. Merkel said on Saturday in her weekly podcast.
Tomi Engdahl says:
US Plunges To 46th In World Press Freedom Index
http://yro.slashdot.org/story/14/02/17/1518246/us-plunges-to-46th-in-world-press-freedom-index
World press
freedom index 2014
http://rsf.org/index2014/en-index2014.php
The 2014 World Press Freedom Index spotlights the negative impact of conflicts on freedom of information and its protagonists. The ranking of some countries has also been affected by a tendency to interpret national security needs in an overly broad and abusive manner to the detriment of the right to inform and be informed. This trend constitutes a growing threat worldwide and is even endangering freedom of information in countries regarded as democracies.
Tomi Engdahl says:
This iPhone-Sized Device Can Hack A Car, Researchers Plan To Demonstrate
http://www.forbes.com/sites/andygreenberg/2014/02/05/this-iphone-sized-device-can-hack-a-car-researchers-plan-to-demonstrate/
Auto makers have long downplayed the threat of hacker attacks on their cars and trucks, arguing that their vehicles’ increasingly-networked systems are protected from rogue wireless intrusion. Now two researchers plan to show that a few minutes alone with a car and a tiny, cheap device can give digital saboteurs all the wireless control they need.
At the Black Hat Asia security conference in Singapore next month, Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to present a small gadget they built for less than $20 that can be physically connected to a car’s internal network to inject malicious commands affecting everything from its windows and headlights to its steering and brakes
They call their creation the CAN Hacking Tool, or CHT.
“It can take five minutes or less to hook it up and then walk away,”
Tomi Engdahl says:
Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/
Top-secret documents from the National Security Agency and its British counterpart reveal for the first time how the governments of the United States and the United Kingdom targeted WikiLeaks and other activist groups with tactics ranging from covert surveillance to prosecution.
The efforts – detailed in documents provided previously by NSA whistleblower Edward Snowden – included a broad campaign of international pressure aimed not only at WikiLeaks founder Julian Assange, but at what the U.S. government calls “the human network that supports WikiLeaks.”
The attempt to target WikiLeaks and its broad network of supporters drew sharp criticism from the group and its allies.
Tomi Engdahl says:
Smart phone stealing more common than wallet stealing
Detective Chief Inspector Jouni Niskanen from the Helsinki Police Department tells the magazine that last year at night in Helsinki restaurants made to pickpocket up to 60 per cent of the cases were taken only the mobile phone. Only 20 per cent of thefts were for wallets.
Thieves are particularly interested in stealing iPhones and Nokia smartphones.
- Smart phones will go more and more. The same trend is strengthened elsewhere in Europe.
Three out of four during the restaurant and night club pocket-picking victims are women. Victims are often young people, 20-30 years of age.
To avoid stealing men should be kept valuable property in in trouser front pockets.
Women should keep valuables inside the handbag in a closed inside pocket.
Police remind that the phone must not be left unattended, even if it is located in close proximity on the table.
Source: Iltalehti
http://www.iltalehti.fi/uutiset/2014021818049305_uu.shtml
http://www.iltalehti.fi/uutiset/2014021818050621_uu.shtml
Tomi Engdahl says:
Password leak in WeMo devices makes home appliances susceptible to hijacks
Belkin devices can be remotely commandeered using firmware update mechanism.
http://arstechnica.com/security/2014/02/password-leak-in-wemo-devices-makes-home-appliances-susceptible-to-hijacks/
Security researchers have taken the unusual step of recommending that people stop using Belkin’s WeMo home automation products after uncovering a variety of vulnerabilities that attackers can exploit to take control of home networks, thermostats, or other connected devices.
The malware gains unfettered root access to the WeMo device and allows attackers to send commands to connected appliances. Attackers can also change the state of a connected device
The vulnerabilities pose a risk because they could allow attackers to tamper with motion sensors used in home security systems, IOActive said.
IOActive reported the vulnerabilities to the US-CERT, which issued a separate advisory outlining the weaknesses. IOActive said it decided to recommend that people immediately stop using WeMo devices after Belkin representatives failed to respond to several private notifications CERT made about the threats.
Tomi Engdahl says:
Vulnerability Note VU#656302
Belkin Wemo Home Automation devices contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/656302
Belkin Wemo Home Automation devices contain multiple vulnerabilities.
A remote unauthenticated attacker may be able to sign malicious firmware, relay malicious connections, or access device system files to potentially gain complete access to the device.
We are currently unaware of a practical solution to this problem.
Tomi Engdahl says:
EU hunts down online cross-border lawbook bureaucra-snaggles
But are they dangerous to biz? Commish to ‘assess’ risks
http://www.theregister.co.uk/2014/02/19/eu_to_assess_risks_of_conflicting_laws_that_apply_online/
The European Commission is to conduct an “in-depth review” of the risks present in conflicting laws and jurisdictions that apply online.
The Commission’s communication also called for a change in the way the internet is governed. It called for the globalisation of ICANN, the body that oversees the identification of websites, and IANA, the body that is responsible for responsible internet protocol resources such as domain names and IP addresses.
EU Commissioner Neelie Kroes said: “Some are calling for the International Telecommunications Union to take control of key Internet functions.”
Tomi Engdahl says:
As soon as you start having something poking holes through your firewall to allow inbound traffic, this is pretty much a predictable outcome.
The internet of things, smart home monitoring, and thermostats you can adjust from the web … all of these are things which are going to cause security problems, because most companies doing these kinds of things seem to completely ignore security, or when they try, still do a piss poor job.
I view the whole thing as a big “what did you expect?”.
Source:
http://it.slashdot.org/story/14/02/18/1756251/oops-security-holes-in-belkin-home-automation-gear
Tomi Engdahl says:
Zeus Trojan stole the data from the cloud
The Zeus Trojan has long been plagued banks and steal their customers’ online banking. Now the trojan has been encountered in a new place: it was used as a cloud service, for stealing data from Salesforce customer relationship management.
When the victim signed the service, the malware collected a large amount of business-related information to wade through the data stored in the service.
Source: Tietoviikko
http://www.tietoviikko.fi/kaikki_uutiset/troijalainen+varasti+dataa+pilvesta/a968785
Tomi Engdahl says:
You cell phone can be used to targer drone on you:
How the NSA uses SIM cards to mistakenly kill civilians
Former drone operator’s testimony echoes information in leaked NSA documents
http://www.electronicproducts.com/Electromechanical_Components/Motors_and_Controllers/How_the_NSA_uses_SIM_cards_to_mistakenly_kill_civilians.aspx
The latest reports indicate that data extracted from NSA surveillance programs are used to carry out drone strikes, sometimes killing the wrong victim.
As soon as the US military and CIA identify the target using the NSA’s phone-tracking capabilities and metadata analysis, a drone air-strike is launched; however, the identity is never confirmed on the ground. And while the program has effectively dispatched many terrorists, innocent people have absolutely been killed, he declares.
Whistleblower: NSA targets SIM cards for drone strikes, ‘Death by unreliable metadata’
http://blogs.computerworld.com/privacy/23511/whistleblower-nsa-targets-sim-cards-drone-strikes-death-unreliable-metadata
The “NSA has played an increasingly central role in drone killings over the past five years,” according to a former drone operator for the Joint Special Operations Command’s (JSOC) High Value Targeting task force who has also worked with the NSA.
“People get hung up that there’s a targeted list of people. It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”
The NSA’s Secret Role in the U.S. Assassination Program
https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/
The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people.
In one tactic, the NSA “geolocates” the SIM card or handset of a suspected terrorist’s mobile phone, enabling the CIA and U.S. military to conduct night raids and drone strikes to kill or capture the individual in possession of the device.
Tomi Engdahl says:
Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/