Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).
Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.
Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.
2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.
Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.
Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.
DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.
There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.
The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.
Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.
Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.
In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.
Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.
3,382 Comments
Tomi Engdahl says:
What CIOs can learn from the biggest data breaches
http://www.networkworld.com/article/2846429/security0/what-cios-can-learn-from-the-biggest-data-breaches.html
A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead of hackers.
Lesson From Adobe: Build Better Systems
Topping the list is the Adobe Systems breach, which the company calls a “sophisticated attack” of its network and involved stealing 153 million customer records.
David Schoenberger, CIO at CertainSafe, says the hacker probably broke in using various methods, including SQL injections or fake IP addresses. He says the answer is to build better systems – use stronger passwords and deploy better firewalls.
Lessons From eBay: Encrypt Data, Educate Employees
There are few clues about how the attack actually took place, but Weller says it was likely a phishing scam or a social engineering attack that tricked employees into giving out their logins. The best preventive measures, he adds, would have been encrypting all user data and educating employees about phishing scam dangers.
Lesson From JP Morgan Chase: Invest in Intrusion Detection
it’s possible, based on unconfirmed reports, that the JP Morgan Chase breach of 83 million customers’ persona data happened after hackers obtained a list of the applications that run on the bank’s internal servers.
Tendler says analytics tools could have noticed the intrusions at specific times of the day and looked for login anomalies.
Lesson From Target: Find the Most Critical Vulnerabilities
Target became one of the latest victims of a phishing email campaign. Kevin Conklin, a spokesperson for the IT security company Prelert, believes the Target breach was a result of a hacker using authorized login credentials obtained using an email phishing campaign targeting a specific contractor.
Conklin says the twist is that Target security tools detected the breach and issued alerts, but the attackers likely kept manually attempting to login.
Lesson From Home Depot: Well-Configured Firewalls
Most security experts say Home Depot was the victim of a spearphishing attack
Turner says the real hack isn’t the intrusion but, rather, the fact that the malware could “call home” and carry out further instructions. Firewalls configured to block both incoming and outgoing attacks would have helped, he adds.
Tomi Engdahl says:
Microsoft Buys Israeli Hybrid Cloud Security Startup Aorato In $200M Deal
http://techcrunch.com/2014/11/13/microsoft-buys-israeli-hybrid-cloud-security-startup-aorato-in-200m-deal/
Microsoft today confirmed that it has acquired Aorato, an Israel-based maker of security solutions co-founded by veterans of the Israeli defense forces, which only exited from stealth earlier this year. Aorato’s focus is on enterprise services in the cloud and in hybrid on-premise and cloud environments, using machine learning to detect suspicious patterns.
“With Aorato we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”
The deal taps into a couple of different trends, within Microsoft and the larger enterprise world.
More generally, an acquisition in the area of enterprise security is a move to make sure Microsoft stays relevant to what businesses are needing today. Security has become a key area for research and investment — particularly with the rise of cloud-services, BYOD devices and use of apps that are in general harder for IT managers to control; not to mention the rise in data breaches that tap into all of these things.
Tomi Engdahl says:
BlackBerry, Samsung Join Forces on Mobile Security
Partnership Could Help Both Companies Win More Enterprise Customers
http://online.wsj.com/news/article_email/blackberry-samsung-partner-on-mobile-security-1415898091-lMyQjAxMTI0NTEwMzAxMTMwWj
BlackBerry Ltd. and Samsung Electronics Co. agreed to sell each other’s mobile-security technology in an effort to win more enterprise customers.
The deal was the highest-profile of several partnership and distribution agreements BlackBerry announced Thursday to drive sales of its new mobile-security software—dubbed BlackBerry Enterprise Service 12. BES12 is the anchor of the company’s strategy to double revenue from software sales to $500 million and return to profitability in its next fiscal year by winning back corporate and government business.
In an interview, Mr. Chen also said more than 90% of BES12 licenses will sell as subscriptions to ensure a source of recurring revenue. “I want a business that is not only growing but predictable,” he said.
Samsung, meanwhile, stands to benefit from BlackBerry’s stronger reputation for mobile security. That could help the South Korean electronics company accelerate its efforts to expand in the enterprise market, where it has struggled to gain traction.
Samsung and BlackBerry are often characterized as rivals in the enterprise market, but their security technologies can be complementary. Samsung’s security platform, Knox, comes embedded in certain Samsung Galaxy devices, allowing users to separate personal and work data to ensure corporate security and employee privacy. Meanwhile, BlackBerry’s technology allows companies to remotely manage devices to prevent security breaches and data loss as content and applications move between those devices and corporate networks.
Tomi Engdahl says:
Apple downplays Masque threat, ‘not aware’ of any users affected
http://www.mercurynews.com/business/ci_26934627/apple-statement-masque-attack-is-vulnerability-not-aware
In Apple’s first statement since a vulnerability in its popular mobile devices was described by security specialists, the company said Thursday that it was unaware of any user actually being hacked through the “Masque Attack” technique.
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,’ an Apple spokesman said in an emailed statement. “We’re not aware of any customers that have actually been affected by this attack.”
In a blog post Monday, researchers with Milpitas security firm FireEye described a path through which hackers could take over a legitimately downloaded iOS mobile application and potentially siphon personal information. The malicious software would be delivered through an app downloaded from the Web, which Apple and FireEye strongly warned against.
Tomi Engdahl says:
Americans’ Cellphones Targeted in Secret U.S. Spy Program
Devices on Planes that Mimic Cellphone Towers Used to Target Criminals, but Also Sift Through Thousands of Other Phones
http://online.wsj.com/news/article_email/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533-lMyQjAxMTI0NTEwMzAxMTMwWj
The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.
The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.
Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.
Tomi Engdahl says:
Poll trolls’ GCHQ script sock puppets manipulate muppets
Stop and Thinkst: Is that really the Most Popular story or did haxxors Bash it out?
http://www.theregister.co.uk/2014/11/14/poll_trolls_script_sock_puppets_manipulate_muppets/
A group of security professionals/online miscreants have found and themselves created thousands of online accounts to manipulate forum posts, popular news articles and mailing lists using techniques pioneered by the UK’s GCHQ spy agency.
Researchers Azhar Desa, Harron Meer and Marco Slaviero of Thinkst found posts created around controversial topics such as the Israeli-Palestinian conflict were being heavily manipulated by commentary developed by bash scripts using newly-registered accounts.
The fake accounts were designed as supporters of Palestine and Islam, and opponents to Israel, Syria, Christianity and US President Barack Obama.
Researchers also found separate puppet armies influencing articles on Reddit, CNN, Al Jazeera and the Jerusalem Post generated by simplistic means that admins appeared unable to identify.
“We used one line in bash that allowed us to trivally create hundreds of [Disqus] accounts in a matter of seconds. The accounts are ordered by the number of likes so we could very easily bring a commebt to the top or down to the bottom.”
Tomi Engdahl says:
Internet Voting Hack Alters PDF Ballots In Transmission
http://politics.slashdot.org/story/14/11/13/1937208/internet-voting-hack-alters-pdf-ballots-in-transmission
Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren’t where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called ‘Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering’ that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority.
Internet Voting Hack Alters PDF Ballots in Transmission – See more at: http://threatpost.com/internet-voting-hack-alters-pdf-ballots-in-transmission/109333#sthash.x1DZ0kqp.dpuf
Tomi Engdahl says:
Facebook Gives Its Privacy Policy a Makeover
http://blogs.wsj.com/digits/2014/11/13/facebook-gives-its-privacy-policy-a-makeover/
Updating our Terms and Policies: Helping You Understand How Facebook Works and How to Control Your Information
http://newsroom.fb.com/news/2014/11/updating-our-terms-and-policies-helping-you-understand-how-facebook-works-and-how-to-control-your-information/
Tomi Engdahl says:
Facebook’s New Privacy Rules Clear the Way for Payments Push and Location-Based Ads
http://recode.net/2014/11/13/facebooks-new-privacy-rules-clear-the-wear-for-a-payments-push-and-location-based-ads/
Facebook is updating its privacy policies and adding tools that are supposed to make it easier for you to understand them and to opt out of certain kinds of ad targeting.
It’s very likely that if you use Facebook, you don’t care.
At some point you accepted, consciously or not, that Facebook is interested in turning your attention and personal information into advertising dollars. And if you didn’t like that idea, you stopped using Facebook.
If you’re interested in tracking the evolution of Facebook as a business, though, it’s worth noting two things that Facebook itself is highlighting in its new text: Language that spells out its ambitions to sell you stuff and to serve you ads based on your location.
Tomi Engdahl says:
Harry Reid Moves for Senate Vote on NSA Reform
The Senate majority leader is hoping to move the bulk data-collection bill before his party returns to the minority.
http://www.nationaljournal.com/tech/harry-reid-moves-for-senate-vote-on-nsa-reform-20141112
Senate Majority Leader Harry Reid on Wednesday moved to advance a bill that would usher in sweeping reforms to the government’s most controversial domestic-spying program, more than a year after Edward Snowden’s leaks exposed it publicly.
The bill, the USA Freedom Act, would effectively end the government’s bulk collection of metadata—the numbers and time stamps of phone calls but not their actual content. Phone companies such as Verizon would instead retain those records, which intelligence agencies could obtain only after being granted approval from the Foreign Intelligence Surveillance Court.
Tomi Engdahl says:
Hackers exploit NFC phone payment technology
http://www.bbc.com/news/technology-30036137
Several bugs in Near Field Communication (NFC) payment systems have been found by security experts.
NFC allows people to pay for goods and services by touching their handset to a payment terminal.
But the inclusion of the technology on phones has proved useful to hackers seeking a stealthy way to take over a mobile phone.
In most cases the bugs would give an attacker complete access to a device’s data.
The security experts demonstrated the weaknesses in NFC technology at an event in Tokyo organised by Hewlett Packard. Called Mobile Pwn2Own the competition involves researchers and developers using bugs in an attempt to subvert a series of handsets.
Tomi Engdahl says:
F-Secure’s Hypponen: the internet is Panopticon
“We will lose our freedom to the network. We’re losing it voluntarily, because we want to appear as obedience citizens,” Mikko Hypponen says.
He refers to the philosopher Jeremy Bentham 1700s to create a theory of how at the same time to monitor a large number of citizens of, for example, prisoners or employees. The idea was to hold a job, for example, in such a way that it is circular, so that all employees are displayed to the tower in the middle of the building.
Source: http://summa.talentum.fi/article/tv/uutiset/109444
Tomi Engdahl says:
BlackBerry comeback: BES12 server revealed – it will manage ALL THE THINGS
Windows Phone, iOS, Android… oh, and BlackBerry 10
http://www.theregister.co.uk/2014/11/14/blackberry_comeback_bes12_revealed_will_manage_absolutely_every_thing/
Turnaround artiste John Chen marked one year as BlackBerry boss with an avalanche of enterprise software news related to the firm’s new BES12 server, which can manage enterprise mobe devices running Android, iOS, Windows Phone – and of course, BB’s own mobile OS.
BlackBerry wants to manage absolutely everything: PCs, Macs, sensor-based M2M devices in the mythical “Internet of Thingies” and more… and the firm is even making nice with Samsung.
Chen wants to grow the $250m software side into a $500m business, and claimed carriers will be selling BES12 as a hosted deal.
Of note to businesses is tech that allows an enterprise to give employees a work phone number on their own BYOD device. So, for example, a new starter can keep the phone they already acquired personally, and run a virtual company phone number alongside it. All usage from this virtual number, including data, will be billed to the company.
The company made much of the security threats out there: even the US government’s security screening contractor has been hacked, said COO Marty Beard. These threats are only likely to worsen as poorly secured embedded devices begin to access corporate clouds.
BlackBerry is also making friends with Samsung, which 18 months ago announced its Knox security stack for Android, going after BlackBerry’s core proposition very aggressively.
Knox partitions an iOS or Android device into secure and non-secure partitions – something BlackBerry does out of the box on its own BB10 devices with its Balance feature. BES12 will manage Knox – and also Salesforce sites, but the pricing for the connector wasn’t revealed at the event.
Tomi Engdahl says:
EMV Chips: The Good and the Bad
EMV Chips: The Good & the Bad
https://centurybizsolutions.net/news/emv-chips-good-bad/
How will the impending migration affect you?
If you go out in public, you’ve probably seen a couple of them. And, if you man a storefront and deal with the public giving you credit cards for payment, you’ve undoubtedly seen a few. But, in late 2015, they’re going to be a necessity. The question is: will the United States be able to take on the EMV chip as a credit card requirement by October 2015?
Tomi Engdahl says:
Mobile Pwn2Own 2014: Windows Phone’s sandbox resists attack
http://www.net-security.org/secworld.php?id=17640
The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.
Competitors were encouraged to come at the phones from a variety of sides – via the mobile web browser, through mobile app and OS holes, via Bluetooth, Wi-Fi or NFC, messaging services or, in limited cases, via baseband.
More details about the exploits can be expected in the coming weeks, as the vendors patch the bugs and the contestants are given leave to discuss their attacks publicly.
Tomi Engdahl says:
AT&T Stops Using Undeletable Phone Tracking IDs
http://www.propublica.org/article/att-stops-using-undeletable-phone-tracking-ids
Verizon remains committed to its program of inserting a tracking number into its customers’ cellphone transmissions.
AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity.
“It has been phased off our network,” said Emily J. Edmonds, an AT&T spokeswoman.
The move comes after AT&T and Verizon received a slew of critical news coverage for inserting tracking numbers into their subscribers’ Internet activity, even after users opted out.
Tomi Engdahl says:
For a year, gang operating rogue Tor node infected Windows executables
Attacks tied to gang that previously infected governments with highly advanced malware.
http://arstechnica.com/security/2014/11/for-a-year-one-rogue-tor-node-added-malware-to-windows-executables/
Risk Assessment / Security & Hacktivism
For a year, gang operating rogue Tor node infected Windows executables
Attacks tied to gang that previously infected governments with highly advanced malware.
by Dan Goodin – Nov 14 2014, 5:30pm S
Share
Tweet
49
Enlarge / A flowchart of the infection process used by a malicious Tor exit node.
F-Secure
Three weeks ago, a security researcher uncovered a Tor exit node that added malware to uncompressed Windows executables passing through it. Officials with the privacy service promptly shut down the Russia-based node, but according to new research, the group behind the node had likely been infecting files for more than a year by that time, causing careless users to install a backdoor that gave attackers full control of their systems.
What’s more, according to a blog post published Friday by researchers from antivirus provider F-Secure, the rogue exit node was tied to the “MiniDuke” gang, which previously infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden. MiniDuke was intriguing because it bore the hallmark of viruses first encountered in the mid-1990s, when shadowy groups such as 29A engineered innovative pieces of malware for fun and then documented them in an E-zine of the same name.
“OnionDuke,” as the malware spread through the latest attacks is known, is a completely different malware family, but some of the command and control (C&C) channels it uses to funnel commands and stolen data to and from infected machines were registered by the same persona that obtained MiniDuke C&Cs.
Tomi Engdahl says:
Encrypting Azure Virtual Machines with CloudLink SecureVM
http://azure.microsoft.com/blog/2014/11/13/encrypting-azure-virtual-machines-with-cloudlink-securevm/
The CloudLink SecureVM Agent for Windows provides integration with CloudLink Center for management of disk encryption. CloudLink SecureVM leverages the native BitLocker encryption functionality in Windows to fully protect Azure Virtual Machines.
Tomi Engdahl says:
How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2)
http://www.wired.com/2014/11/oldest-drug-market-is-russian/
Silk Roads come and Silk Roads go. But after every law enforcement crackdown shakes the dark web, one Russian black market always seems to survive.
For more than two and a half years, the Russian Anonymous Marketplace, or RAMP, has maintained a thriving business in the Dark Web drug trade, offering one of the Internet’s widest arrays of narcotics to its Russian-speaking clientele.
RAMP, which like those sites runs on the anonymity software Tor, has outlived its western counterparts to amass more than 14,000 members.
RAMP functions less like an eBay-style e-commerce site than a loose-knit, Craigslist-like web forum where buyers and sellers can find one another.
While RAMP does offer a Silk-Road-style escrow system to help users avoid fraud in high-value transactions, most sellers seem to seal their deals informally beyond the forum. They often communicate over the encrypted instant-messaging system known as Off-The Record messaging and pay in bitcoin or with the Russian payment service QIWI.
“Make your business successful with RAMP! Immediate sales!” the site’s advertisement to potential dealers reads in Russian. “Sellers of quality hashish, amphetamine, and cocaine in Moscow, we’re waiting for you.”
It isn’t exactly clear how RAMP has managed to avoid the same fate as Silk Road and its successors.
Darkside has laid down a strict series of rules for the site’s users: RAMP allows no weapons, stolen credit cards, counterfeit documents, or even legal pornography to be sold on the site. That’s far more restrictive than Agora (which sells weapons) and Evolution (which sells both weapons and stolen credit cards).
Tomi Engdahl says:
81% of Tor users can be de-anonymised by analysing router information, research indicates
http://thestack.com/chakravarty-tor-traffic-analysis-141114
Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.
Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network.
Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux – hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.
https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf&
Tomi Engdahl says:
EVERYTHING needs crypto says Internet Architecture Board
Calls for all new protocols to protect privacy, all the time, everywhere
http://www.theregister.co.uk/2014/11/16/net_gurus_face_off_against_spooks_encrypt_everything/
The Internet Architecture Board (IAB) has called for encryption to become the norm for all internet traffic.
Last Friday, the IAB issued a statement saying that since there is no single place in the Internet protocol stack that offers the chance to protect “all kinds of communication”, encryption must be adopted throughout the protocol stack.
The statement reflects earlier, more piecemeal moves in the Internet Engineering Task Force (IETF) to start “spook-proofing” the Internet.
Rather than looking at a particular protocol proposal, the IAB statement is designed to lay down a fundamental principle for designers: encryption, the board says, should be “the norm for Internet traffic.”
Tomi Engdahl says:
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
http://www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/
The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco’s NetFlow tool.
A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively reveal Tor users’ identity with a false-positive rate of six percent, while an autonomous system could reveal about 39 percent of users.
Chakravarty’s research, run on a high performance research server within the University, worked in part due to the low-latency design of Tor.
“To achieve acceptable quality of service, [Tor] systems attempt to preserve packet interarrival characteristics, such as inter-packet delay,”
“Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections.
“Although the capacity of current networks makes packet-level monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco’s NetFlow, to mount large-scale traffic analysis attacks.”
“Our method revealed the actual sources of anonymous traffic with 100 percent accuracy for the in-lab tests, and achieved an overall accuracy of about 81.4 percent for the real-world experiments, with an average false positive rate of 6.4 percent.
Tomi Engdahl says:
Firing range for infosec testing opens in Canberra
University of New South Wales will let students attack ALL THE CYBERS in safety
http://www.theregister.co.uk/2014/06/17/training_for_whitehats_kicks_off_in_canberra/
After six months’ of preparation, the University of New South Wales has opened a cyber-security research centre in Canberra it says is designed to bring together academia, government, defence and business expertise.
Sensibly, instead of having students with black-hat tendencies an interest in computer security practise on anything they can get a network connection to, the ACCS (Australian Centre for Cyber Security) will have a “practise range” for cyber attacks – and this will be outside the classified environment.
The ACCS’s research specialities are to include “computer and network security, risk management, international politics and ethics, law, and big data analytics for security”.
Tomi Engdahl says:
Finnish cyber security company Nixu will be listed – issue of shares will begin on Thursday
Cyber security company Nixu has today submitted an application on the Nasdaq OMX Helsinki Oy, the company’s share admission to trading on First North Finland marketplace.
“Digitalized society is increasingly vulnerable to cyber threats of the new front. Nixu mission is to ensure the functioning of society heavily digitized in the world. The high-profile data breaches increasing number of the need for more versatile cyber security knowledge to grow,” says President and CEO Petri Kairinen release.
Cyber security services size in Europe is estimated at about nine billion in 2014. T
Source: http://www.tivi.fi/kaikki_uutiset/kyberturvayhtio+nixu+listautuu++osakeanti+alkaa+torstaina/a1029090
Tomi Engdahl says:
National Security
State Department shuts down its e-mail system amid concerns about hacking
http://www.washingtonpost.com/world/national-security/state-department-shuts-down-its-e-mail-system-amid-concerns-about-hacking/2014/11/16/92cf0722-4815-41ca-b602-9bfe8ecdb256_story.html
The State Department scrambled over the weekend to secure its unclassified e-mails, shutting down the entire e-mail system after finding evidence suggesting a hacker may have been been poking around.
A senior State Department official said technicians recently detected “activity of concern” in portions of the system handling unclassified e-mail.
The shutdown affected the State Department’s unclassified e-mail traffic and access to parts of its public Web site, the official said.
The breach is the latest of a series of electronic intrusions first detected last month on government computer systems at a variety of agencies, from the White House to the U.S. Postal Service to the National Weather Service. The suspected hackers of the White House’s computer network were believed to be working for the Russian government.
Tomi Engdahl says:
Mobile Pwn2Own 2014: Windows Phone’s sandbox resists attack
http://www.net-security.org/secworld.php?id=17640
The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.
More details about the exploits can be expected in the coming weeks, as the vendors patch the bugs and the contestants are given leave to discuss their attacks publicly.
Tomi Engdahl says:
VXers Shellshocking embedded BusyBox boxen
It’s 2014 and some people are still using default user names and passwords
http://www.theregister.co.uk/2014/11/17/vxers_get_busy_shellshocking_busybox_boxen/
Malware writers have crafted new wares to attack embedded devices running BusyBox and not yet patched against the ShellShock vulnerability, researcher Rhena Inocencio says.
Miscreants’ tool of choice for such attacks is malware called “Bashlite” that, once executed on a victim machine, probes for devices such as routers and Android phones running BusyBox to brute force logins through a preset list of usernames and passwords.
Trend Micro’s Inocencio said the variant would download and run bin.sh and bin2.sh scripts to gain control over Busybox systems once a connection was established.
“Remote attackers can possibly maximise their control on affected devices by deploying other components or malicious software into the system depending on their motive,” Inocencio said.
“As such, a remote attacker can issue commands or download other files on the devices thus compromising its security.”
Attackers attempted to log in using user names ‘root’, ‘admin’ and ‘support’ and common and default passwords ‘toor’, ‘password’, ’123456′ and so on.
Tomi Engdahl says:
BASHLITE Malware Uses ShellShock to Hijack Devices Running BusyBox
http://www.securityweek.com/bashlite-malware-uses-shellshock-hijack-devices-running-busybox
A new version of the BASHLITE malware is designed to scan compromised networks for devices that use BusyBox and attempts to gain control of them by leveraging the recently disclosed GNU Bash vulnerability referred to as ShellShock.
ELF_BASHLITE.A checked to see if infected devices were running BusyBox, a set of programs needed to run a Linux system. BusyBox is designed for embedded operating systems such as the ones running on routers.
A newer version of BASHLITE spotted by Trend Micro researchers (ELF_BASHLITE.SMB) is designed not only to identify systems running BusyBox, but to also hijack them.
The malware first scans the network for BusyBox devices and attempts to access them by using a predefined list of usernames and passwords. The list of passwords includes “root,” “admin,” “12345,” “pass,” “password” and “123456.”
“Once a connection is established, it runs the command to download and run bin.sh and bin2.sh scripts, gaining control over the Busybox system,”
Trend Micro advises administrators to make sure they change the default credentials on their network devices and disable remote shell if possible.
Earlier this week, the cross-browser testing service BrowserStack revealed that cybercriminals breached an unpatched server using ShellShock and ultimately gained access to customer information.
Tomi Engdahl says:
Open Source Self-Healing Software For Virtual Machines
http://linux.slashdot.org/story/14/11/16/1846227/open-source-self-healing-software-for-virtual-machines
Computer scientists have developed Linux based software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. If a virus or attack stops the service, A3 could repair it in minutes without having to take the servers down.
Self-repairing software tackles malware
http://www.sciencedaily.com/releases/2014/11/141113140011.htm
Computer scientists have developed software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from ever infecting the computer again.
University of Utah computer scientists have developed software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from ever infecting the computer again.
A3 is a software suite that works with a virtual machine — a virtual computer that emulates the operations of a computer without dedicated hardware. The A3 software is designed to watch over the virtual machine’s operating system and applications, says Eric Eide, University of Utah research assistant professor of computer science leading the university’s A3 team with U computer science associate professor John Regehr. A3 is designed to protect servers or similar business-grade computers that run on the Linux operating system. It also has been demonstrated to protect military applications.
The new software called A3, or Advanced Adaptive Applications, was co-developed by Massachusetts-based defense contractor, Raytheon BBN, and was funded by Clean-Slate Design of Resilient, Adaptive, Secure Hosts, a program of the Defense Advanced Research Projects Agency (DARPA). The four-year project was completed in late September.
There are no plans to adapt A3 for home computers or laptops, but Eide says this could be possible in the future.
“A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet,” he says.
https://www.flux.utah.edu/project/a3
Virtual-machine introspection (VMI) allows a monitoring agent on the “outside” of a virtual machine to obtain information about the state of the system that is running on the “inside” of the virtual machine. The Flux Group is developing a VMI framework that is the basis of many of the A3 environment’s detection, prevention, and repair capabilities. For example, VMI allows A3 to observe significant events during replay executions, and thus helps to close the semantic gap between the “inside” and “outside” views of a system’s behavior.
By observing and maintaining the state of the application within the A3 container, A3 can protect the application against threats.
Tomi Engdahl says:
Wirelurker site in China taken down, suspects arrested
http://www.zdnet.com/wirelurker-site-in-china-taken-down-suspects-arrested-7000035867/
Summary: The Mac/iOS malware was able to install on non-jailbroken iOS devices, but was quickly neutered. Three suspects are in custody.
Tomi Engdahl says:
TRUSTe Settles FTC Charges it Deceived Consumers Through Its Privacy Seal Program
Company Failed to Conduct Annual Recertifications, Facilitated Misrepresentation as Non-Profit
http://www.ftc.gov/news-events/press-releases/2014/11/truste-settles-ftc-charges-it-deceived-consumers-through-its
TRUSTe, Inc., a major provider of privacy certifications for online businesses, has agreed to settle Federal Trade Commission charges that it deceived consumers about its recertification program for company’s privacy practices, as well as perpetuated its misrepresentation as a non-profit entity.
TRUSTe provides seals to businesses that meet specific requirements for consumer privacy programs that it administers. TRUSTe seals assure consumers that businesses’ privacy practices are in compliance with specific privacy standards like the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework.
“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,”
Tomi Engdahl says:
Facebook, Google and Apple lobby for curb to NSA surveillance
http://www.theguardian.com/technology/2014/nov/17/facebook-google-apple-lobby-senate-nsa-surveillance
A coalition of the biggest names in consumer technology have backed a US bill that would limit surveillance and prevent bulk email collection
Tomi Engdahl says:
Fitbit Data Now Being Used In The Courtroom
http://www.forbes.com/sites/parmyolson/2014/11/16/fitbit-data-court-room-personal-injury-claim/
Personal injury cases are prime targets for manipulation and conjecture. How do you show that someone who’s been in a car accident can’t do their job properly, and deserves thousands of dollars in compensation? Till now lawyers have relied on doctors to observe someone for half an hour or so and give their, sometimes-biased opinion. Soon, they might also tap the wealth of quantifiable data provided by fitness trackers. A law firm in Calgary is working on the first known personal injury case that will use activity data from a Fitbit to help show the effects of an accident on their client.
The lawyers aren’t using Fitbit’s data directly, but pumping it through analytics platform Vivametrica, which uses public research to compare a person’s activity data with that of the general population.
Tomi Engdahl says:
Google has free speech right in search results, court confirms
https://gigaom.com/2014/11/17/google-has-free-speech-right-in-search-results-court-confirms/
A San Francisco court ruled last week that Google has the right to arrange its search results as it pleases, which confirms the company’s long-held position, while underscoring the stark difference in how U.S. and European authorities seek to regulate the search giant.
Tomi Engdahl says:
Keen to get CRITICAL PAYMENT systems up QUICKLY after HACK?
Be prepared to lose forensic evidence
http://www.theregister.co.uk/2014/11/18/critical_payment_system_crashes/
Restoring payment systems after disruptive cyber attacks could involve compromising analysis of incidents, says report
A new report on cyber resilience in financial market infrastructures has highlighted potential conflicts between legal obligations on the reporting of cyber security or data breaches and the need to restore services quickly following those incidents, an expert has said.
One of the principles requires FMI operators to “ensure a high degree of security and operational reliability” of systems and “aim for timely recovery of operations … in the event of a wide-scale or major disruption”.
In practice, FMI operators’ business continuity plans must “be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events” and that there can be “complete settlement” of transactions “by the end of the day of the disruption, even in the case of extreme circumstances”.
n its new report, the CPMI said that operators of FMIs had “identified challenges to achieving” the two-hour recovery time objective (2h-RTO) “in an extreme cyber scenario”. However, it said senior managers at the organisations “understand and support” the two-hour target.
The CPMI said that FMI operators had said there are some “near-term steps” they can take to achieve their two hour or end-of-day recovery time and settlement targets under the FMI principles, even in “an extreme cyber event”.
Tomi Engdahl says:
Gee THANKS: Cryptoscum offer a free decrypt in latest ransomware racket
Backup! Backup! Backup! Backup!
http://www.theregister.co.uk/2014/11/18/gee_thanks_cryptoscum_offer_a_free_decrypt_in_latest_ransomware_racket/
Ransomware thieves are tacking a leaf from the greasy salesperson’s handbook and offering customers victims a free decryption of a file of their choosing, malware researcher Tyler Moffitt says.
Scammers would foist the CoinVault ransomware on victims through a variety of attack vectors and encrypt their files only supplying a key on payment of half a Bitcoin (AUD$223), a fee which increased by about $100 every 24 hours.
The latest version allowed users to pick any file they wished to decrypt in what appeared to be a means to prove the legitimacy of the ransom demand.
“I suspect that this freebie will increase the number of people who will pay.”
Tomi Engdahl says:
Swedish ISP protects customers from surveillance with free VPN
https://gigaom.com/2014/11/17/swedish-isp-protects-customers-from-surveillance-with-free-vpn/
Last month I reported on the case of Bahnhof, a Swedish ISP that is resisting the country’s revival of its data retention law. Bahnhof CEO John Karlung said at the time that he had a “Plan B” in mind that would mitigate the effects of storing customer data for the benefit of spies and law enforcement, and here it is: free VPN.
On Sunday, Bahnhof said it would comply with a court’s November 24 deadline for storing customers’ communications data — in particular, details of which websites they’re visiting — but would at the same time start giving all those customers a way to anonymize their traffic, in the form of free access to a virtual private network called LEX Integrity.
As a result, the data Bahnhof will collect (and store in its ex-nuclear-bunker data center) will become meaningless for the purpose of surveillance — assuming customers take up the offer.
The VPN will be run by a digital rights group called the 5th of July Foundation, which noted in a Sunday blog post that, not being an ISP, Sweden’s data retention law doesn’t force it to store customer data
Sweden’s data retention law was based on an EU-wide law that has since been struck down on privacy grounds.
Tomi Engdahl says:
Want to find out all the things Google knows about you? Here are 6 links that will show you some of the data Google has about you
http://blog.cloudfender.com/post/102607665327/6-links-that-will-show-you-what-google-knows-about-you
Tomi Engdahl says:
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
http://www.theregister.co.uk/2014/11/18/usb_coding_anarchy_consider_all_sticks_licked/
Thumb drives are so inconsistently manufactured it is all but impossible to know if any unit could be reprogrammed to own computers, researcher Karsten Nohl says.
The conditions that determined if a unit could be hacked varied not only between vendors but also within product unit lines due to manufacturers buying different hardware components due to fluctuating prices.
“As long as USB controllers are reprogrammable, USB peripherals should not be shared with others,” the team said.
“Once infected through USB, malware can use peripherals as a hiding place, hindering system clean up.”
It was bad news for the most security conscious organisations and individuals and good news for attackers, notably given the release last month of BadUSB attack code.
Android phones they said were the simplest BadUSB attack platforms due to its pre-configured ethernet over USB setup.
The team also detailed attacks booting hidden rootkits using a BadUSB that could determine Windows, from Mac and Linux, and a large number of attacks including keyboard emulation, and network card spoofing.
Whitelisting USBs was hindered due to lack of serial numbers and mechanisms to apply the measure, while malicious firmware could easily spoof its legitimacy to foil malware scans.
Tomi Engdahl says:
ATTACK OF THE DRONES: ‘Nefarious’ private use rising, says top Blighty copper
Met big boy admits most info on the subject comes from ‘net
http://www.theregister.co.uk/2014/11/18/attack_of_the_drones_nefarious_private_use_rising_says_top_blighty_copper/
A House of Lords committee has been told that while civilians are “undoubtedly” using drones to get up to no good, it was pretty difficult to do anything about it.
Chief Inspector Nick Aldworth of the Metropolitan Police told the EU Internal Market, Infrastructure and Employment sub-committee that drones, known as Remotely Piloted Aircraft Systems (or RPAS) in Blighty’s official parlance, had been used maliciously in the country, but the cops only really found out about it from the internet.
“Certainly we are looking at the emergence of this technology, that we believe undoubtedly creates opportunities for negligent, reckless or malicious use,” he said.
“Our intelligence feed into that activity at the moment is the internet, and material posted on the internet, often showing the offences after they’ve actually occurred, thereby leaving us very little opportunity to subsequently investigate,”
Answorth pointed out that the UK doesn’t have a criminal privacy law, although he said that laws such as the Sexual Offences Act could cover crimes including voyeurism where drones were “hovering outside people’s bedrooms for whatever nefarious reason”.
Other laws concerning flight and navigation would cover issues such as flying over crowded areas, where a sudden loss of power could cause serious injury if a 7kg drone dropped out of the sky.
Tomi Engdahl says:
IEEE taps nationally recognized scientist to chair cybersecurity initiative
http://www.cablinginstall.com/articles/2014/11/ieee-new-cybersecurity-chair.html
IEEE and the Carnegie Mellon University Software Engineering Institute (SEI) announced that nationally recognized scientist and security expert Dr. Greg Shannon has been named chair of the IEEE Cybersecurity Initiative.
Shannon is chief scientist for the CERT Division at the SEI where he regularly partners with government, industry, and academia to develop advanced methods and technologies to counter sophisticated cyber threats.
In his new role as chair of the IEEE Cybersecurity Initiative, the consortium says that Shannon will shape and lead a technical agenda that brings unique solutions to cybersecurity challenges by providing tools and data for computer security education, provides guidance on secure software coding and software assurance engineering, and facilitates adoption throughout the cybersecurity industry. “Many of the cybersecurity exploits that continue to make the daily news feeds come from avoidable engineering and operational mistakes that result in large-scale coordinated cyber attacks on netizens, critical infrastructures and nations,” comments Shannon.
Tomi Engdahl says:
Microsoft Releases Out-of-Band Security Patch For Windows
http://tech.slashdot.org/story/14/11/18/1514230/microsoft-releases-out-of-band-security-patch-for-windows
Microsoft has announced today that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company’s major platforms, is rated ‘critical’ and it is recommended that you install the patch immediately. The patch is rated ‘critical’ because it allows for elevation of privileges and will require a restart.
Microsoft Security Bulletin Advance Notification for November 2014
https://technet.microsoft.com/en-us/library/security/ms14-nov.aspx
Tomi Engdahl says:
Tor eyes crowdfunding campaign to upgrade its hidden services
http://www.dailydot.com/technology/tor-crowdfunding-hidden-services/
The Tor Project is currently considering a crowdfunding campaign to overhaul the network’s anonymous websites after years of design and security criticisms, Tor executive director Andrew Lewman told the Daily Dot.
The world’s most popular anonymity network has continually resurfaced in the headlines, and not all of them have been positive. Operation Onymous, an international police bust of at least 17 hidden services like Silk Road 2.0 and Doxbin, is the only latest notch on the belt of law enforcement agencies that have been closely watching Tor users for years.
In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened.
This uncertainty hasn’t stopped others from filling the void left by the seized websites. A site called Evolution has already replaced its shuttered competitors
OpenBazaar, the next generation of decentralized commerce, is also commanding vast attention.
Tomi Engdahl says:
State Department Pulls Email System Offline Amidst Hacking Incident
http://www.techtimes.com/articles/20406/20141117/state-department-hack-shutters-email-system.htm
After reporting its unclassified email servers where taken offline for maintenance, the U.S. Department of State has confirmed the effort was in response to a potential security breach.
The department’s classified email system is believed to have remained secure. The unclassified system is expected to be back up and running soon, after receiving security enhancements.
The hacking incident comes roughly a week after the U.S. Postal Service reported several of its internal systems had been compromised by hackers and weeks after hackers breached the White House network.
Hackers backed by the Russian government are believed to have launched the attack against the White House’s computer systems.
“This is consistent with espionage activity,” said Stephen Ward, senior director at software security firm iSight. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”
Tomi Engdahl says:
Northern Ireland website leaves front door open, spills users’ data
No theft necessary, just search …
http://www.theregister.co.uk/2014/11/18/northern_ireland_website_leaves_back_door_open_to_users_data/
The creators of this Irish government website may be fluent in Irish, but they are distinctly unversed in data security.
The Líofa (Fluent) website – a Department of Culture, Arts and Leisure project – suffered not so much a data breach as a data giveaway! Users’ personal information such as names, addresses, emails and phone numbers were published on the site and easily uncovered using the site’s search function.
has been shut down while “accredited IT security experts to establish the full extent of the website’s vulnerabilities”.
Tomi Engdahl says:
Home Depot ignored staff warnings of security fail laundry list
‘Just use cash’, former security staffer warns friends
http://www.theregister.co.uk/2014/09/22/home_depot_ignored_staff_warnings_of_security_fail_laundry_list/
Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals.
Executives reportedly told pleading staff that “we sell hammers”.
The failings if true appear to place Home Depot in breach of PCI DSS which require regularly third party audits of security systems protecting card data.
Some estimates suggest the stolen credit cards being flogged online could resulting $3 billion in fraud.
Tomi Engdahl says:
Link Found in Staples, Michaels Breaches
http://krebsonsecurity.com/2014/11/link-found-in-staples-michaels-breaches/
The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation.
Multiple banks interviewed by this author say they’ve received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014.
Sources briefed on the ongoing investigation say it involved card-stealing malicious software that the intruders installed on cash registers at approximately 100 Staples locations.
A source close to the investigation said the malware found in Staples stores was communicating with some of the same control networks that attackers used in the intrusion at Michaels, another retail breach that was first disclosed on this blog.
Tomi Engdahl says:
Home Depot: Hackers Stole 53M Email Addresses
http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/
As if the credit card breach at Home Depot didn’t already look enough like the Target breach: Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses.
Home Depot said the crooks initially broke in using credentials stolen from a third-party vendor. The company said thieves used the vendor’s user name and password to enter the perimeter of Home Depot’s network, but that these stolen credentials alone did not provide direct access to the company’s point-of-sale devices. For that, they had to turn to a vulnerability in Microsoft Windows that was patched only after the breach occurred, according to a story in Thursday’s Wall Street Journal.
Tomi Engdahl says:
Nov 14
Adobe, Microsoft Issue Critical Security Fixes
http://krebsonsecurity.com/2014/11/adobe-microsoft-issue-critical-security-fixes-3/
Adobe and Microsoft today each issued security updates to fix critical vulnerabilities in their software. Microsoft pushed 14 patches to address problems in Windows, Office, Internet Explorer and .NET, among other products. Separately, Adobe issued an update for its Flash Player software that corrects at least 18 security issues.
Microsoft announced 16 bulletins, but curiously two of those are listed as pending. Topping the list of critical updates from Microsoft is a fix for a zero-day vulnerability disclosed last month that hackers have been using in targeted cyber espionage attacks.
Tomi Engdahl says:
Network Hijackers Exploit Technical Loophole
http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-loophole/
Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges.
According to several security and anti-spam experts who’ve been following this activity, Mega-Spred and the other hosting provider in question (known as Kandi EOOD) have been taking advantage of an administrative weakness in the way that some countries and regions of the world keep tabs on the IP address ranges assigned to various hosting providers and ISPs. Neither Kandi nor Mega-Spred responded to requests for comment.
IP address hijacking is hardly a new phenomenon. Spammers sometimes hijack Internet address ranges that go unused for periods of time. Dormant or “unannounced” address ranges are ripe for abuse partly because of the way the global routing system works: Miscreants can “announce” to the rest of the Internet that their hosting facilities are the authorized location for given Internet addresses. If nothing or nobody objects to the change, the Internet address ranges fall into the hands of the hijacker.