Here is my collection of security trends for 2012 from different sources:
Windows XP will be the biggest security threat in 2012 according to Sean Sullivan, security advisor at F-Secure: “People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favourite target.”
F-Secure also says also that it might not be long before the cyber criminals turn their attentions to tablet devices. Attacks against mobile devices have become more common and I expect this to continue this year as well.
Americans more susceptible to online scams than believed, study finds. A recent survey from The Ponemon Institute and PC Tools dives into this question and reveals a real gap between how aware Americans think they are of scams and how likely they actually are to fall for them.
Fake antivirus scams that have plagued Windows and Mac OSX during the last couple of years and now it seems that such fake antivirus scams have spread to Android. Nearly all new mobile malware in Q3 2011 was targeted at Android.. When antivirus software becomes a universally accepted requirement (the way it is on Windows is the day), has the platform has failed and missed the whole point of being mobile operating system?
Cyber criminals are developing more sophisticated attacks and the police will counterattack.
Mobile phone surveillance will increase and more details of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices and can monitor everything. Leaked Memo Says Apple Provides Backdoor To Governments: “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices.
Geo-location tagging in smartphones to potentially cause major security risks article says that geo-location tagging security issues are likely to be a major issue in 2012—and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology. When smartphones images to the Internet (to portals such Facebook or Flickr) there’s a strong chance they will also upload the GPS lcoation data as well. This information could be subsequently misused by third parties.
You need to find your balance between freedom and security (
Vapauden ja turvallisuuden tasapaino). Usernames poured out for all to see, passwords and personal identification numbers are published. A knowledge of access management is even more important: who has the right to know when and where the role of functioning? Access, identity and role management are essential for the protection of the whole system. Implementation of such systems is still far from complete.
When designing networked services, the development of safety should taken into account in the planning stage, rather than at the end of execution. Even a secure network and information system can not act as operating a vacuum.
Reliability of the server certificates will face more and more problems. We can see more certificate authority bankruptcies due cyber attacks to them. Certificate attacks that have focused on the PC Web browsers, are now proven to be effective against mobile browsers.
Stonesoft says that advanced evasion techniques (AET) will be a major threat. Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many IDS/IPS systems (including their own, at the time last summer). Using the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.
Rise of Printer Malware is real. Printer malware: print a malicious document, expose your whole LAN says that sending a document to a printer that contained a malicious version of the OS can send your sensitive document anywhere in Internet. Researchers at Columbia University have discovered a new class of security flaws that could allow hackers to remotely control printers over the Internet. Potential scenario: send a resume to HR, wait for them to print it, take over the network and pwn the company. HP does have firmware update software for their printers and HP Refutes Inaccurate Claims; Clarifies on Printer Security. I wonder how many more years until that old chain letter, where some new insidious virus infects everything from your graphics card to your monitor cable, becomes true.
Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. How Do You Protect PCs from BIOS Attacks? The U.S. National Institute of Standards and Technology (NIST) has drafted a new computer-security publication that provides guidance for computer manufacturers, suppliers, and security professionals who must protect personal computers as they start up “out of the box”: “BIOS Integrity Measurement Guidelines,” NIST Special Publication 800-155.
According to Stonesoft security problems threaten the lives and the year 2012 may be the first time when we lose lives because of security offenses. According to the company does this happen remains to be seen, but the risk is due to industrial SCADA systems attacks against targets such as hospitals or automated drug delivery systems. I already posted around month ago about SCADA systems security issues.
849 Comments
Tomi Engdahl says:
German gov’t endorses Chrome as most secure browser
http://www.computerworld.com/s/article/9223957/German_gov_t_endorses_Chrome_as_most_secure_browser
Federal security agency touts sandbox, silent update as features that keep citizens safer online
Tomi Engdahl says:
Symantec warns of Android Trojans that mutate with every download
A new Android Trojan employs server-side polymorphism to generate unique variants
http://www.techworld.com.au/article/414311/symantec_warns_android_trojans_mutate_every_download
Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.
A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.
“As with malware that affects traditional computing devices, the level of sophistication of the polymorphism used can affect how easy or difficult the threat is to detect,” said Vikram Thakur, the principal security response manager at Symantec. “More complicated polymorphism requires more intelligent countermeasures.”
Tomi says:
http://www.tietoviikko.fi/kaikki_uutiset/tietoturvallisuusmies+quothaktivismi+on+ajan+ilmio++on+hyvaksyttava+etta+ikavia+asioita+tapahtuuquot/a771770?s=r&wtm=tietoviikko/-06022012&
Information Security Guy: “Hacktivism is the time phenomenon – have to accept that bad things happen”
“It is accepted that bad things happen. Company must be able to identify the problem quickly, to limit its effects, fix it and find out the extent of the damage as quickly as possible,” security consultancy specializing in Nixu advisory services unit leader Jari Jay says.
Nixu anticipate haktivismin of political and ideological reasons of security attacks to continue for at least last year. Trend is expected to cause headaches for companies.
“Hacktivismi is a time phenomenon, which will accelerate and grow.
In most companies have accepted that the long partner threads of that the time and place independent of the availability of the entire IT environment of difficulty mean that the company never fully secure.
Tomi Engdahl says:
Anonymous May Have Completely Destroyed This Military Law Firm
http://gizmodo.com/5882717/anonymous-may-have-completely-destroyed-military-law-firm
Anonymous’ gutting of Puckett & Faraj, the firm that defended the Marines behind the Haditha Killing, might have been more than a major embarrassment. The hack attack might have killed the group entirely.
“Not sure how this will affect the business of the firm going forward,” says namesake attorney Neal Puckett, “but for now, we’re not able to do any business.”
“This may completely destroy the Law Firm,” laments Marcy Atwood, the Pucket & Faraj’s business manager.
Tomi Engdahl says:
Facebook’s ‘man in the middle’ attack on our data
Is Facebook secretly using your data for nefarious purposes? Privacy advocate Eben Moglen says yes.
http://www.itworld.com/it-managementstrategy/247344/facebooks-man-middle-attack-our-data
Moglen likens Facebook to a hacker who launches a “man in the middle” (MITM) attack — intercepting an apparently private communication between two parties and using that information for his own nefarious purposes.
The fact is, anybody can add your name to a photo on Facebook and there’s nothing you can do about it. All you can do is keep these pictures off your own personal timeline and tell Facebook to not “suggest” that your friends tag you when it recognizes your mugshot.
Read also discussion at
Moglen: Facebook Is a Man-In-The-Middle Attack
http://yro.slashdot.org/story/12/02/06/1828231/moglen-facebook-is-a-man-in-the-middle-attack
Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other “social” media) is a man-in-the-middle attack; it’s just not a technical hack but a social hack. Best 20 second explanation ever.
Google might very well join them soon – if they use profiling on gmail conversations.
It amazes me that people think Moglen is overstating the case. He is not. Let’s forget the datamining for commerce. Let’s just think about what a simple post on a social network can do with ones life
Sorry, but I attended an FBI presentation last week, and the SA told us point-blank that Facebook was the greatest investigative aid ever. It used to take a warrant and months of hard work to figure out who someone was, what they did, who they hung out with, what kinds of things they talk about over drinks, and who supplies the dope to the party. Now it’s a browser away and they don’t even need a warrant.
Tomi Engdahl says:
Hackers wanted $50,000 to keep Symantec source code private
http://news.cnet.com/8301-1009_3-57372308-83/hackers-wanted-$50000-to-keep-symantec-source-code-private/
An e-mail exchange revealing the extortion attempt posted to Pastebin today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code.
“We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated Thursday. “However, we need assurances that you are not going to release the code after payment.
A Symantec representative confirmed for CNET the extortion attempt in this statement: In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession.
Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product’s source code.
Tomi Engdahl says:
Avast! Mobile Security
http://www.reghardware.com/2012/02/07/app_of_the_week_android_avast/
The security or lack thereof of the Android platform – real or imagined – is a common topic of conversation at the moment so it seems like a good time to take a look for a comprehensive security app. My preferred choice is Avast!.
Avast! for Android is free and carries no advertising, making it perfect for anyone who is just a little worried about mobile security but thinks that it could be a case of a lot of smoke but very little fire.
Tomi Engdahl says:
Anonymous releases Symantec code
http://www.theinquirer.net/inquirer/news/2144387/anonymous-releases-symantec-code
The group has danced with Symantec for some time, but now that dance is over. A tweet from the @AnonymousIRC account links to Pirate Bay and Pastebin releases.
The Bittorrent link takes users to a download of PCanywhere source code
Symantec’s official line is that no customer data is affected and that it has fixed any vulnerabilities that its code might have.
Tomi Engdahl says:
Cyber attacks are named in top five global risks
http://www.theinquirer.net/inquirer/news/2137275/cyber-attacks-named-global-risks
A REPORT put out by the World Economic Forum rates cyber attacks as the fourth most likely risk to occur over the next 10 years.
“With over five billion mobile phones coupled with internet connectivity and cloud-based applications, daily life is more vulnerable to cyber threats and digital disruptions,” said the report.
The report said, “Companies are increasingly aware of cyber threats but are not necessarily sure how to address them.”
Tomi Engdahl says:
‘Nothing is certain. Nothing is secure,
Tomi Engdahl says:
Hackers spunk ‘pcAnywhere source’ after negotiation breakdown
‘Fed posing as Symantec worker’ offered $50k to activists
http://www.theregister.co.uk/2012/02/07/pcanywhere_shenanigans/
Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec’s pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and “a federal agent posing as a Symantec employee”.
Symantec has confirmed that a dialogue had taken place between the hacktivists and “a law enforcement official”, saying it had turned the case over to the Feds as soon as the hackers had contacted it.
A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed.
PCAnywhere and Norton Antivirus totaling 2350MB in size (rar)
Symantec was not immediately able to confirm whether the source code torrent was genuine.
Tomi Engdahl says:
Hacker releases Symantec source code
http://www.reuters.com/article/2012/02/07/us-symantec-hackers-idUSTRE8160KB20120207
A hacker released the source code for antivirus firm Symantec’s pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.
Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security.
Tomi Engdahl says:
Move over cybercrims, DDoS now protesters’ weapon of choice
http://www.theregister.co.uk/2012/02/08/ddos_attack_trends/
Ideological hacktivism has replaced cybercrime as the main motivatation behind DDoS attacks, according to a study by Arbor Networks.
Up until last year, DDoS attacks were typically financially driven – either for reasons of competition or outright extortion – but the activities of Anonymous and related groups have changed that. The plethora of readily available DDoS attack tools (such as LOIC, a sometime favourite of Anonymous) means that anyone can launch an attack and any business could potentially be targeted.
Arbor, which specialises in supplying DDoS mitigation and traffic management tools to telcos and ISPs, describes the rise of hacktivism as a “sea-change in the threat landscape”.
The single largest reported DDoS attack during the survey period hit 60 Gbps,
Around half of respondents reported application-layer attacks on their networks. More than 40 per cent of network operators quizzed by Arbor reported an inline firewall and/or IPS failing due to a DDoS attack.
For the first time, a respondent to Arbor’s survey observed a native IPv6 DDoS attack on their network.
“Based on fourth quarter statistics, Prolexic predicts that 2012 will feature DDoS attacks that will be shorter in duration, but much more devastating in terms of packet-per-second volume,”
Tomi Engdahl says:
Home webcams’ security vulnerability leads to public viewing
http://www.theinquirer.net/inquirer/news/2144598/home-webcams-security-vulnerability-leads-public-viewing
HOME SECURITY webcam firm Trendnet is struggling to fix an error that allowed anyone on the internet to view live footage without a password.
According to the BBC, internet addresses linking to the video streams have been posted to message board web sites
Trendnet security cam flaw exposes video feeds on net
http://www.bbc.co.uk/news/technology-16919664
Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.
US-based Trendnet says it is in the process of releasing updates to correct a coding error introduced in 2010.
Tech news website The Verge first publicised the issue last week after discovering a blog which had published details of the vulnerability on 10 January.
The author discovered that after setting up one of the cameras with a password, its video stream became accessible to anyone who typed in the correct net address.
The firm – whose slogan is “networks that people trust” – said it had halted shipments of affected products to retailers
TRENDnet IP Camera Vulnerability
TRENDnet (2/7/2012)
http://www.trendnet.com/press/view.asp?id=1958
However, we recently became aware of a vulnerability with several TRENDnet SecurView IP cameras purchased since April 2010.
TRENDnet SecurView Cameras bought between April of 2010 to the present may have a firmware vulnerability.
Tomi Engdahl says:
Keep in mind good passwords:
Anonymous Hacks Syrian President’s Email. The Password: 12345
http://mashable.com/2012/02/07/anonymous-assad-email-password/
Syrian President Bashar al-Assad has been under fire from world leaders to step down this week. He’s also under fire from hacktivist group Anonymous, who leaked hundreds of his office’s emails on Monday.
the passwords commonly used by Assad’s office accounts: 12345. The string of consecutive numbers is the second-weakest password according to a 2011 study.
Tomi Engdahl says:
Facebook criticised for ‘hurting’ cybercrime investigation
A major internet security firm has criticised Facebook for identifying the alleged members of the gang behind the Koobface worm, a piece of malicious software designed to hijack users’ computers.
http://www.telegraph.co.uk/technology/facebook/9068166/Facebook-criticised-for-hurting-cybercrime-investigation.html
In an unusual step, Facebook last month named six Russian men it said had been running the $2m scam against its members since for three years. It publicised photographs of the group and pinpointed their office in central St Petersburg.
The anti-virus firm Kaspersky Lab criticised Facebook’s strategy at a cyber security conference.
“Naming and shaming can stop companies like Facebook really dealing with things like Koobface,” he said.
“I’m questioning whether these guys will ever get arrested now.”
“If they [cyber criminals] don’t get caught before they quit they will probably never get caught.”
Facebook’s Continued Fight Against Koobface
https://www.facebook.com/notes/facebook-security/facebooks-continued-fight-against-koobface/10150474399670766
Tomi Engdahl says:
Have your accounts been compromised? Find out.
https://www.pwnedlist.com/
PwnedList is a tool that allows an average person to check if their accounts have been compromised.
Tool has developed a network security expert Alan Puzic in July last year. The list is now almost five million e-mail addresses that are suspected to have been a victim of a data breach.
Just enter an email address or username associated with any of your accounts to see if it’s on our list.
Don’t trust us? You can also use a SHA-512 hash of your email/username as input.
Tomi Engdahl says:
secure your computer and surf fully #anonymous BLACK-HAT STYLE
http://pastebin.com/sp6YAvGb
This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But its not only for noobs, it contains a lot of tips most people will find pretty helpfull. It is explained so detailed even the biggest noobs can do it
Tomi Engdahl says:
F-Secure is seeking a cloud
Information security is no longer enough
http://www.3t.fi/artikkeli/uutiset/teknologia/tietoturva_ei_enaa_riita
Traditional security changes when software security is getting better and better. This will force the F-Secure’s new look for the future growth of cloud services
Security Business is changing, when the operating system security is improved.
For more than ten years of Windows XP operating system has been making a lot of money for Security Software companies.
Security software purchase as shop packed software has ended in many countries. As much as 61 percent of sales is through telecommunications operators.
Tomi Engdahl says:
The dark side of the cloud
http://www.cloudpro.co.uk/cloud-essentials/cloud-security/2791/dark-side-cloud?page=0,0
As cloud-borne threats grow, anti-malware companies look to the cloud for solutions.
“If you’re sharing information via the cloud it is bound to be a vector for infection,” claimed Leon Ward, a field marketing manager at Sourcefire – the anti-malware company responsible for study.
“Cybercriminals use exactly the same tools as legitimate businesses, and are becoming more proficient,” added Michael de Crespigny, CEO of the Information Security Forum (ISF). And with allegations rife that hackers based in China, Russia and elsewhere are state-sponsored, he reminded us “Government espionage units have the same access to those tools” as well.
“Nobody can stop 100 per cent of threats, it is just not possible,” he said.
“90 per cent of malware comes through spam – that’s anything that requires a click on any vector,” he claimed. “Anything else is a technical problem.”
“Maybe instead of talking about 100 per cent protection, we should accept that eventually something will break, and talk about how to make things harder for the attacker and minimise the risk.”
“Internet technologies were designed for an ideal world and a trusted environment,” he said. “You have to design things for the real world – for example Windows 8 will allow security checks during application installation, which adds mitigation opportunities.”
“Internet technologies were designed for an ideal world and a trusted environment,” he said. “You have to design things for the real world – for example Windows 8 will allow security checks during application installation, which adds mitigation opportunities.”
“Cyber resilience is more than just incident response. It’s a business issue, not an IT issue, and it’s having a very strong organisation that responds not just technically but also in respect of customers, shareholders and so on, and it’s about responding faster.”
“They need to be aware of what is being done online in order to be aware of the possible consequences.”
Looking forward, Royal Holloway’s Cavallaro warned the versatility and mobility of the cloud will make these assessments ever more complex.
“Mobile and cloud malware will be hot,” he said,
Tomi Engdahl says:
It seem that even big intelligence agencies are not safe from hacktivism:
‘Anonymous’ Knocks CIA Site Offline
http://techland.time.com/2012/02/10/anonymous-knocks-cia-site-offline/?iid=tl-article-latest
Hacking group Anonymous has apparently claimed credit for knocking the Central Intelligence Agency’s website offline.
The group also recently intercepted a conference call between the FBI and Scotland Yard, which entailed cybercrime investigators discussing Anonymous’ activities.
Anonymous has recently claimed takedowns of sites belonging to the Boston Police Department, the FBI, the DOJ, the U.S. Copyright Office and two of Brazil’s largest banks.
Tomi Engdahl says:
Israel tops cyber-readiness poll but China lags behind
http://www.bbc.co.uk/news/technology-16787509
Israel, Finland and Sweden are seen as leading the way in “cyber-readiness”, according to a major new security report.
The McAfee-backed cyberdefence survey deemed China, Brazil and Mexico as being among the least able to defend themselves against emerging attacks.
Tomi Engdahl says:
Traveling Light in a Time of Digital Thievery
http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?_r=1&pagewanted=all
When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.
He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns.
In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely.
He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
Both China and Russia prohibit travelers from entering the country with encrypted devices unless they have government permission
McAfee, the security company, said that if any employee’s device was inspected at the Chinese border, it could never be plugged into McAfee’s network again. Ever. “We just wouldn’t take the risk,” said Simon Hunt, a vice president.
In the meantime, companies are leaking critical information, often without realizing it.
Tomi Engdahl says:
Best Practice: Travel Light To China
http://it.slashdot.org/story/12/02/13/0158207/best-practice-travel-light-to-china
What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return.
‘Everybody knows that if you are doing business in China, in the 21st century, you don’t bring anything with you,’ says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. ‘That’s “Business 101″ — at least it should be.’”
Tomi Engdahl says:
Trustwave 2012 Global Security Report
https://www.trustwave.com/global-security-report
For the second year, the food & beverage industry made up the highest percentage of investigations at nearly 44%.
Industries with franchise models are the new cyber targets: more than a third of 2011 investigations occurred in a franchise business.
Data harvesting techniques continued to target data “in-transit” within victim environments as was seen in 62.5% of 2011 investigations.
The most common password used by global businesses is “Password1″ because it satisfies the default Microsoft Active Directory complexity setting.
Tomi Engdahl says:
Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade
http://it.slashdot.org/story/12/02/14/1947254/chinese-hackers-had-unfettered-access-to-nortel-networks-for-a-decade
Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]
… Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents.
Nortel hit by suspected Chinese cyberattacks for a decade
http://www.cbc.ca/news/business/story/2012/02/14/nortel-chinese-hackers.html
Hackers based in China enjoyed widespread access to Nortel’s computer network for nearly a decade, according to a report.
The hackers – who appeared to be based in China – had unfettered access to the former telecommunications giant as far back as 2000, according to Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports.
They “had access to everything”, Shields told the Journal. “They had plenty of time. All they had to do was figure out what they wanted.”
According to the internal report, Nortel “did nothing from a security standpoint” about the attacks.
China has rejected allegations of cyberspying
According to Shields, Nortel discovered the hacking in 2004, and the company’s silence put acquiring companies at risk.
Nortel, currently selling off assets as part of a 2009 bankruptcy filing, failed to disclose the attacks to potential buyers of its patents and business units, according to the Journal.
Tomi Engdahl says:
Unauthorized iOS Apps Leak Private Data Less Than Approved Ones
http://apple.slashdot.org/story/12/02/15/0036242/unauthorized-ios-apps-leak-private-data-less-than-approved-ones
In the wake of news that the iPhone app Path uploads users’ entire contact lists without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users’ private data.
one in five of the free apps in Apple’s app store upload private data back to the apps’ creators that could potentially identify users
programs in Cydia, the most popular platform for unauthorized apps that run only on ‘jailbroken’ iPhones, tend to leak private data far less frequently than Apple’s approved apps.
Your address book is mine: Many iPhone apps take your data
http://venturebeat.com/2012/02/14/iphone-address-book/
Path got caught red-handed uploading users’ address books to its servers and had to apologize. But the relatively obscure journaling app is not alone. In fact, Path was crucified for a practice that has become an unspoken industry standard.
Facebook, Twitter, Instagram, Foursquare, Foodspotting, Yelp, and Gowalla are among a smattering of iOS applications that have been sending the actual names, email addresses and/or phone numbers from your device’s internal address book to their servers, VentureBeat has learned. Several do so without first asking permission, and Instagram and Foursquare only added permissions prompts after the Path flare-up.
iOS apps and the address book: who has your data, and how they’re getting it
http://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know
Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.
The way to tell if an app is uploading any data to a server is simply to watch all the outgoing data that it is sending
In almost all of the cases we tested, that data was fairly-well encrypted as it connected via a secure HTTPS connection instead of an insecure HTTP connection. Also, in most cases, data was submitted via a “post” command, though in some cases data was submitted via a “get” command, which is roughly equivalent to typing a URL into a browser.
The policy fix failed, it’s time for a technical one
Apple is the company that most obviously attempts to curate its app selection in order to protect users. In fact, Apple’s own App Store Guidlines have explicitly forbidden this type of behavior since 2010
However, even Apple cannot fully vet every single app for all the information it uploads, as has been demonstrably proven by Path, Hipster, Foursquare, and quite possibly others. The App Store policy is not a scalable solution
The proper technical solution is for iOS to limit access to the contacts database for all apps, so that an app must ask the user for explicit permission to access it. Apple already does this for location information.
Tomi Engdahl says:
99.8% Security For Real-World Public Keys
http://it.slashdot.org/story/12/02/14/2322213/998-security-for-real-world-public-keys
If you grab all the public keys you can find on the net, then you might expect to uncover a few duds — but would you believe that 2 out of every 1000 RSA keys is bad? This is one of the interesting findings in the paper ‘Ron was wrong, Whit is right’
Security researcher Dan Kaminsky has commented on the paper, saying that while the survey work itself is good, it doesn’t necessarily support the paper’s thesis. He writes, “On the most basic level, risk in cryptography is utterly dominated, not by cipher selection, but by key management. The study found 12,720 public keys. It also found approximately 2.94 million expired certificates. And while the study didn’t discuss the number of certificates that had no reason to be trusted in the first place (being self signed), it did find 5.4M PGP keys. It does not matter the strength of your public key if nobody knows to demand it.”
Tomi Engdahl says:
Magic Quadrant for Enterprise Network Firewalls
http://www.renaissance.co.nz/sites/default/files/investor-news/gartner-magic-quadrant-2011.pdf
The enterprise network firewall market is undergoing a period dynamic
evolution, as effective next-generation firewalls are now increasingly
necessary. Vendors that have addressed advanced targeted threats have
seen gains in the market.
The enterprise firewall market is one of the largest and most mature security markets. It is populated with both mature vendors and some more recent entrants. Changes in threats, as well as increased enterprise demand for mobility, virtualization and use of the cloud, have increased demand for new firewall features and capabilities.
Firewalls long ago became a “check the box” requirement in most
compliance regimes for securing trust boundaries. Throughout the years, firewalls have continued to evolve to add deeper and more flexible inspection and enforcement capabilities as threats advanced, and to run at faster and faster throughput rates as network speeds increased.
Skepticism about next-generation firewalls is finally ending according to the new Gartner firewall Magic Quadrant. Now as enterprises implement the new technology
Tomi Engdahl says:
Senate cybersecurity bill leaves Internet alone, exempts tech companies from oversight
http://arstechnica.com/tech-policy/news/2012/02/senate-cybersecurity-bill.ars
The Senate Homeland Security Committee has introduced the broad cybersecurity legislation promised late last year by Senate majority leader Harry Reid (D-NV). But contrary to the fears of many—or perhaps because of them—the bill’s scope is tightly restrained, excluding the vast majority of commercial systems and Internet infrastructure itself from coverage.
The bill still does give DHS a broad new set of powers and responsibilities over industries that fall under the header of “critical”: those with infrastructure that, if attacked, could interrupt critical services, damage the economy, or threaten national security.
But the bill would also allow critical infrastructure companies to figure out how to best meet DHS’s security standards and to “self-certify” their compliance annually. And the bill gives organizations a protection from litigation, protecting them from punitive damages for outages or incidents triggered by a cyber-attack if they are deemed to have met DHS’s standards.
Tomi Engdahl says:
Whistleblower: Decade-long Nortel hack ‘traced to China’
They had access to everything
http://www.theregister.co.uk/2012/02/15/nortel_breach/
Nortel went bankrupt three years ago, back in 2009. It allegedly failed to disclose the breach on its network to prospective buyers of its assets around the time it went under.
“Organisations need to ensure they have the proper tools at the perimeter and within their networks, and aggressive monitoring to detect outbound traffic and suspicious activity in the event of a breach. The Aurora attacks, the RSA breach and others demonstrate that Fortune 500 companies and other large enterprises are under constant threat from nation states such as China seeking shortcuts to technological advances.”
The prevalence of breaches is likely to prompt tougher rules on breach disclosure, according to Roiter.
“Perhaps more disturbing, if the report is accurate, is the failure of Nortel to respond when the breach was discovered, and, less surprisingly, their failure to disclose it. Perhaps the danger was less clear eight years ago than it is now, but the continued failure of what was viewed as an innovative and sophisticated IT company to appreciate and address the risk is puzzling. We expect that the new SEC guidelines will result in more disclosures, such as the recent revelation of the VeriSign breach in 2010, and that companies will be more up front about these events for the sake of the business community at large.”
Tomi Engdahl says:
Report: Nortel Breached by Hackers for Almost 10 Years
http://www.pcmag.com/article2/0,2817,2400242,00.asp
The hack was carried out via seven stolen passwords that belonged to Nortel executives, the Journal said. Evidence suggests that the attacks originated in China and started in 2000. The cyberscammers managed to access “technical papers, research-and-development reports, business plans, employee emails and other documents,” thanks to installed spyware.
The Journal was made aware of the intrusions by Brian Shields, a former Nortel employee who led the investigation into the hacks.
Sophos analyst Graham Cluley warned not to immediately point the finger at China, an easy target.
“It’s very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium,” he wrote. “It’s all too easy to point a finger, but it’s dangerous to keep doing so without proof.”
Tomi Engdahl says:
Apple: App Access to Contact Data Will Require Explicit User Permission
http://allthingsd.com/20120215/apple-app-access-to-contact-data-will-require-explicit-user-permission/
After a week of silence, Apple has finally responded to reports that dozens of iOS applications have been accessing, transmitting and storing user contact data without explicit permission.
Apple has faced growing criticism that it has given iOS developers far too much access to address book information without requiring a user prompt.
Today, the company agreed with that assessment, and said that soon, apps that use address book data will require explicit user permission to do so.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines*,” Apple spokesman Tom Neumayr told AllThingsD.
Apple has faced growing criticism that it has given iOS developers far too much access to address book information without requiring a user prompt.
Today, the company agreed with that assessment, and said that soon, apps that use address book data will require explicit user permission to do so.
So Apple has done the right thing, arguably something it should have done long ago: Assure users that no app can read their contact data without their permission.
Tomi Engdahl says:
http://www.tietokone.fi/uutiset/varo_suomalaisista_digi_tv_laitteista_loydetty_tuholaisia
CERT-FI, says that the Finns equipment contamination is detected the malware generated network traffic. Authority will evaluate the infestation of a few dozen.
A television apparatus involved in criminal attacks
An attacker may order the unit to take part in, for example, denial of service attack. The devices can also be the victim of some of the Internet to scan ranges of IP addresses to find new victims.
http://www.cert.fi/tietoturvanyt/2011/12/ttn201112121551.html
And viruses do not have a computer problem. Became aware of cases in which the digital set top boxes are scanned through a systematic web-addresses for receipt of malware infection.
Most of the new digital tuners, televisions and other consumer electronics devices can be connected to the Internet, in which case they can be used for various network services, and the device can also upgrade to the server directly from the manufacturer. Devices typically include a stripped version of the Linux operating system, onto which the device functions to manage the software has been implemented.
The sheer home router to address translation (NAT) to improve the situation significantly, if the entertainment devices are the so-called home network “private addresses”, which are not routed over the Internet.
The device of malware detection is difficult and can really only by analyzing network traffic. If your Internet provider appears on the home interface’s IP address on the future from malicious traffic, you should also take into account the possibility that there is some other device to your computer.
If you suspect malware infection, you should first check your firewall or router settings, and then turn the power off for a moment the suspicious device.
Tomi Engdahl says:
‘Predictably random’ public keys can be cracked – crypto boffins
Battling researchers argue over whether you should panic
http://www.theregister.co.uk/2012/02/16/crypto_security/
Cryptography researchers have discovered flaws in the key generation that underpins the security of important cryptography protocols, including SSL.
Two teams of researchers working on the problem have identified the same weak key-generation problems. However, the two teams differ in their assessment of how widespread the problem is – and crucially which systems are affected.
EFF group: It could lead to server-impersonation attacks
An audit of the public keys used to protect HTTPS connections, based on digital certificate data from the Electronic Frontier Foundation’s SSL Observatory project, found that tens of thousands of cryptography keys offer “effectively no security” due to weak random-number generation algorithms.
Poor random-number generation algorithms led to shared prime factors in key generation. As a result, keys generated using the RSA 1024-bit modulus, the worst affected scheme, were only 99.8 per cent secure.
Michigan group: It just affects embedded devices
Another set of security researchers working on the same problem were able to remotely compromise a higher percentage: about 0.4 per cent of all the public keys used for SSL web site security. They said: “The keys we were able to compromise were generated incorrectly – using predictable ‘random’ numbers that were sometimes repeated.”
There’s no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers.
4.1% of the SSL keys in our dataset, were generated with poor entropy.
Tomi Engdahl says:
Google’s iPhone Tracking
Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy
http://online.wsj.com/article_email/SB10001424052970204880404577225380456599176-lMyQjAxMTAyMDEwNjExNDYyWj.html
Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.
The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users
A Sad State of Internet Affairs: The Journal on Google, Apple, and “Privacy”
http://battellemedia.com/archives/2012/02/a-sad-state-of-internet-affairs-the-journal-on-google-apple-and-privacy.php
Now, the headline certainly is attention-grabbing, but the news alert email had a more sinister headline: “Google Circumvented Web-Privacy Safeguards.”
Wow! What’s going on here?
Turns out, no one looks good in this story, but certainly the Journal feels like they’ve got Google in a “gotcha” moment. As usual, I think there’s a lot more to the story
Now, from what I can tell, the first part of that story is true – Google and many others have figured out ways to get around Apple’s default settings on Safari in iOS – the only browser that comes with iOS, a browser that, in my experience, has never asked me what kind of privacy settings I wanted, nor did it ask if I wanted to share my data with anyone else (I do, it turns out, for any number of perfectly good reasons). Apple assumes that I agree with Apple’s point of view on “privacy,” which, I must say, is ridiculous on its face, because the idea of a large corporation (Apple is the largest, in fact) determining in advance what I might want to do with my data is pretty much the opposite of “privacy.”
But to the point, Google circumvented Safari’s default settings by using some trickery described in this WSJ blog post, which reports the main reason Google did what it did was so that it could know if a user was a Google+ member, and if so (or even if not so), it could show that user Google+ enhanced ads via AdSense.
In short, Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers. Was Google’s “normal approach” wrong?
Since this story has broken, Google has discontinued its practice, making it look even worse, of course.
In this case, what Google and others have done sure sounds wrong – if you’ve going to resort to tricking a browser into offering up information designated by default as private, you need to somehow message the user and explain what’s going on. Then again, in the open web, you don’t have to – most browsers let you set cookies by default.
t’s one more example of the sad state of the Internet given the war between the Internet Big Five. And it’s only going to get worse, before, I hope, it gets better again.
How Google Tracked Safari Users
http://blogs.wsj.com/digits/2012/02/16/how-google-tracked-safari-users/
How have they been able to do it? Well, first they made Safari think the user was submitting an invisible form associated with the ad.
That technique allowed the companies to then place a “cookie”
By default, Apple’s Safari browser accepts cookies only from sites that a user visits;
Google disabled its code after being contacted by The Wall Street Journal.
Microsoft blasts Google over iPhone browser tracking, pushes IE9 while it’s at it
http://thenextweb.com/microsoft/2012/02/17/microsoft-blasts-google-over-iphone-browser-tracking-pushes-ie9-while-its-at-it/
With Google acknowledging that it utilised features in its services to bypass Apple’s built-in security measures in its Safari mobile browser to track users, Microsoft has taken the opportunity to join the debate, condemning the search giant and using it as a platform to tout the security of its own browser, Internet Explorer 9.
Remarking that Google’s tracking practices are “not new”, Microsoft’s blog post entitled ‘Browse Without Being Browsed’ accuses the company of circumventing the privacy protections in Apple’s mobile browser “in a deliberate, and ultimately, successful fashion.”
Microsoft then proceeds to list how its Internet Explorer 9 browser has some of the “strongest privacy protection in the industry,” highlighting its Tracking Protection feature and how it puts users in control of their actions online.
Browse Without Being Browsed
http://windowsteamblog.com/ie/b/ie/archive/2012/02/16/browse-without-being-browsed.aspx
The Internet Big Five By Product Strength
http://battellemedia.com/archives/2012/01/the-internet-big-five-by-product-strength.php
Tomi Engdahl says:
In the Cloud, a Data Breach is Only As Bad As Your Contract
http://www.cio.com/article/700343/In_the_Cloud_a_Data_Breach_is_Only_As_Bad_As_Your_Contract
Loss of control is one of the main things that gives people pause when they think about putting their data in the cloud. We’ve all seen how painful a data breach can be, and it can seem almost like asking for trouble to put your data in the hands of someone else. It’s hard enough to prepare for a breach when you’re in control. How do you do it when you put someone else in charge?
Tomi Engdahl says:
Google Didn’t “Track” iPhones, But It Did Bypass Safari’s Privacy Settings
http://marketingland.com/google-didnt-track-iphones-but-it-did-bypass-safaris-privacy-settings-6247
The Wall Street Journal is out with a story about how Google has been “bypassing the privacy settings of millions of people” who use Apple’s Safari web browser, along with a headline about “Google’s iPhone tracking.” More accurately, Google’s been bypassing Safari’s default privacy settings that block certain types of cookies rather than overriding what people specifically set.
As said, the Wall Street Journal found that Google, along with the ad networks of Vibrant Media, Media Innovation Group and PointRoll, were all getting around these blocks on third-party cookies.
To do this, the companies were making it seem as if the person visiting a web site had filled out some type of form, even though no form was actually shown to the person.
In Google’s case, the company said this was being done as a way to allow its +1 buttons on ads it distributes through its AdSense network to other sites to work within Safari.
Google also pushed back fairly hard against the WSJ’s story, being quoted within it saying:
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.
But Privacy Settings Were Bypassed, And That’s Bad
Tomi Engdahl says:
Leaky Cellphone Nets Can Give Attackers Your Location
http://yro.slashdot.org/story/12/02/20/010216/leaky-cellphone-nets-can-give-attackers-your-location
“GSM cellular networks leak enough location data to give third-parties secret access to cellphone users’ whereabouts, according to new University of Minnesota research. ‘We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim’s device.
Attackers have all they need from leaky cellphone networks to track you down
http://www.networkworld.com/news/2012/0217120-gsm-cellphone-privacy-leak-minnesota-256293.html
GSM cellular networks leak enough location data to give third-parties secret access to cellphone users’ whereabouts, according to new University of Minnesota research.
“We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim’s device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,” write the authors, from the College of Science and Engineering, in a paper titled “Location Leaks on the GSM Air Interface.”
Location Leaks on the GSM Air Interface
http://www-users.cs.umn.edu/~foo/research/docs/fookune_ndss_gsm.pdf
Tomi Engdahl says:
Android Malware Grew 3,000 Percent in 2011: Report
http://www.eweek.com/c/a/Security/Android-Malware-Grew-3000-Percent-in-2011-Report-575050/
Mobile malware developers targeted Google’s Android more than any other mobile operating system in 2011. However, cyber-crooks also abused Apple’s iOS, RIM’s BlackBerry and Symbian.
Malware that specifically targeted mobile operating systems increased in 2011 as smartphones became more popular with enterprise users, as well as consumers. These cyber-criminals also developed affection for the Google Android OS, which saw the biggest jump in malware during the past 12 months, according to a new report from Juniper Networks.
Juniper Mobile Security Report 2011 – Unprecedented Mobile Threat Growth
http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011-Unprecedented-Mobile-Threat/ba-p/129529
Today, the Juniper Networks Mobile Threat Center (MTC) released its 2011 Mobile Threats Report, which shows evidence of a new level of maturity in security threats targeting mobile devices.
In 2011, we saw unprecedented growth of mobile malware attacks with a 155 percent increase across all platforms. Most noteworthy was the dramatic growth in Android Malware from roughly 400 samples in June to over 13,000 samples by the end of 2011. This amounts to a cumulative increase of 3,325 percent. Notable in these findings is a significant number of malware samples obtained from third-party applications stores, which do not enjoy the benefit or protection from Google’s newly announced Android Market scanning techniques.
Looking ahead, 2012 also promises to be a remarkable year for mobile device security, with the projected rapid increase in malware already being seen. Other notable trends include the targeting of online banking and financial transactions, browser-based exploits including drive-by downloads and the targeting of third-party applications installed on the device.
You can find copy of the full report at http://www.juniper.net/us/en/security/
Tomi Engdahl says:
Security Tool HijackThis Goes Open Source
http://news.slashdot.org/story/12/02/19/1543245/security-tool-hijackthis-goes-open-source
The popular free security tool HijackThis has been open sourced by its owner, Trend Micro. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems. Downloaded over 10 million times, HijackThis generates reports to help users analyze and fix an infected or problem computer.
Trend Micro Migrates Security Tool HijackThis to Open Source
https://www.securityweek.com/trend-micro-migrates-security-tool-hijackthis-open-source
Trend Micro today announced that is has open sourced the code to its popular free security tool, HijackThis. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems.
Cupertino, California based Trend Micro acquired the tool from creator Merijn Bellekom in 2007, and has offered it for free ever since, but now is making the code available to the public. The code, originally written in Visual Basic, is now officially available at Sourceforge at http://sourceforge.net/projects/hjt/
Tomi Engdahl says:
Did the 2006 Symantec Breach Expose RSA’s SecurID?
http://www.infosecisland.com/blogview/20137-Did-the-2006-Symantec-Breach-Expose-RSAs-SecurID.html
This is an invitation for both Symantec and EMC to clarify whether or not any of the code contained in public leaks of Symantec source code has been remediated in order to protect current customers since I see it as a liability for EMC’s RSA division unless there’s a valid explanation for what I’ve discovered, and that I’m wrong about the potential impact.
And given the RSA break in last year to obtain valid “keys” to use to infiltrate so many government and corporate systems using SecurID, I can’t help but wondering if this code was stolen back in 2006 or thereabouts, could this possibly be the reason why the attackers had such widespread success?
Having the source code headers for the libbsafe library would certainly give them everything they’d need as long as they could gather enough keys to figure out the rest of the algorithm given the sources in my estimation.
Tomi Engdahl says:
Gauging The Long-Term Effects Of RSA’s Breach
http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231903015/gauging-the-long-term-effects-of-rsa-s-breach.html
Worries still linger of future attacks, but experts hope the event shook industry out of black-and-white security mentality
To this day, RSA still won’t confirm what exactly was stolen from its systems, but speculation has run high that the token seeds were compromised in some way.
“Since there’s no such thing as perfect security, it’s impossible to predict what could happen. Nevertheless, we worked proactively and openly with customers immediately after the attack in March and continue to do so,”
“We still don’t know what we don’t know,” Moy says. “I think it’s hard to say without knowing how many of the tokens that RSA has replaced. There very well could be additional incidents out there. It’s hard to close the book on it because they haven’t really come forth with details.”
As the attack on RSA shows, all of that information for every customer can prove a tantalizing target for hackers.
“I think one of the things that this incident shows us is that a business model where an enterprise is trusting a third party to hold their seeds is potential very risky,” Moy says. “There’s a certain amount of risk that they have to calculate. If you’re a small organization or don’t have the resources to do it better in-house, you’re going to probably go that route. If you’re a large organization, you might want to look to other alternatives. There are other models where you don’t have to give your seeds to someone else.”
Tomi Engdahl says:
How to Avoid One of the Biggest Email Hacking Threats
http://www.entrepreneur.com/article/222788?cm_mmc=Market-_-Outbrain-_-NA-_-NA
About one in every 300 emails in 2011 was a phish, according to security software maker RSA, a unit of EMC Corp.
You might have heard of something called “spear phishing.” It’s an attempt to hack your computer or your accounts, or to con you out of money, by using an email message that’s tailored to you or your company.
Spear phishing emails can be alarmingly effective.
Use technology as the first line of defense.
Teach employees how to spot these phishing emails.
About 50 percent of people will fall for a reasonably good phish
But they say employee education can whittle that number down to 10 percent or less.
Training programs usually start with sending employees fake phishing messages. If they fall for the ruse, they are given immediate online training
You also can encourage employees to use instant messaging and work together on documents using collaboration software, he says, making your company less reliant on unsecure email.
Tomi Engdahl says:
More Sneaky Business From Google: It Bypasses Internet Explorer Privacy Settings, Too
Google does not honor a default privacy setting in Microsoft’s Internet Explorer 9 Web browser, but instead uses a trick to get around it.
Read more: http://www.businessinsider.com/more-sneaky-business-from-google-it-bypasses-internet-explorer-privacy-settings-too-2012-2?op=1#ixzz1mzo2rk2c
–
Microsoft Accuses Google of Violating Internet Explorer’s Privacy Settings
http://tech.slashdot.org/story/12/02/20/2127250/microsoft-accuses-google-of-violating-internet-explorers-privacy-settings
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx
When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.
We’ve found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.
Not just Google: Facebook also bypasses privacy settings in IE
http://www.zdnet.com/blog/facebook/not-just-google-facebook-also-bypasses-privacy-settings-in-ie/9302
Summary: Google isn’t the only one bypassing Microsoft Internet Explorer’s privacy settings: Facebook does it too, as do tens of thousands of other companies. So, who is to blame?
Google responds to Microsoft over privacy issues, calls IE’s cookie policy ‘widely non-operational’
http://www.theverge.com/2012/2/20/2813225/google-responds-microsoft-internet-explorer-privacy-bypass
Earlier today, Microsoft accused Google of manipulating Internet Explorer’s default privacy restrictions in order to “bypass user preferences about cookies.” Google’s just responded with a lengthy rebuttal, arguing that Microsoft’s P3P cookie technology is “widely non-operational,” and that the issue has been around since 2002. The response also points to other offenders, citing a 2010 Carnegie Mellon research paper that says over 11,000 websites don’t use valid P3P policies.
Google’s also specifically bringing Facebook and Amazon into the fracas, citing their similar use of the P3P bypass.
Both Facebook and Google say that P3P doesn’t support their modern web services — Google says that “newer cookie-based features are broken by the Microsoft implementation in IE,” and Facebook’s policy states that “the P3P standard is now out of date and does not reflect technologies that are currently in use on the web.”
Tomi Engdahl says:
Anonymous threatens to darken the entire Internet
http://www.tietokone.fi/uutiset/anonymous_uhkaa_pimentaa_koko_internetin
Activist group Anonymous threatening the entire Internet to “Operation Global Blackout” project. The network is a weak point at which the total internet can theoretically “black out”. Anonymous threatens to do so, March 31 day.
Operation Global Blackout
http://pastebin.com/NKbnh8q8
“To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
bankers who are starving the world for their own selfish needs out of
sheer sadistic fun, On March 31, anonymous will shut the Internet down.”
“In order to shut the Internet down, one thing is to be done. Down the
13 root DNS servers of the Internet.”
“Reflective DNS Amplification DDoS tool to be used for
this attack.”
Anonymous threatens to DDOS root Internet servers
The threat from the hacktivist group is unlikely to be successful, said an expert
http://www.computerworld.com/s/article/9224404/Anonymous_threatens_to_DDOS_root_Internet_servers
An upcoming campaign announced by the hacking group Anonymous directed against the Internet’s core address lookup system is unlikely to cause much damage, according to one security expert.
“They might affect a few of the root DNS servers, but it’s unlikely they could take all of them down, at least for any period of time,” Graham wrote. “On the day of their planned Global Blackout, it’s doubtful many people would notice.”
There are hundreds of other servers worldwide that hold the same data as the root servers, which increase the resiliency of DNS.
Lastly, root DNS servers are closely watched.
Tomi Engdahl says:
First IPv6 Distributed Denial of Service Internet attacks seen
http://www.zdnet.com/blog/networking/first-ipv6-distributed-denial-of-service-internet-attacks-seen/2039
Summary: You know IPv6 must finally be making it: The first IPv6 Distributed Denial of Service Internet attacks have been spotted in the wild.
We could have expected this. Besides human nature, Arbor Network’s Worldwide Infrastructure Security Report had predicted IPv6 DDoS attacks. “This is a significant milestone in the arms race between attackers and defenders,” stated the report. “We believe that the scope and prevalence of IPv6 DDoS attacks will gradually increase over time as IPv6 is more widely deployed.” And, now, they’ve started.
Tomi Engdahl says:
Alert on Hacker Power Play
U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities
http://online.wsj.com/article_email/SB10001424052970204059804577229390105521090-lMyQjAxMTAyMDIwMDEyNDAyWj.html
The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
The group has never listed a power blackout as a goal, but some federal officials believe Anonymous is headed in a more disruptive direction. An attack on a network would be consistent with recent public claims and threats by the group.
“The industry is engaged and stepping up widely to respond to emerging cyber threats,” said one electric-industry official. “There is a recognition that there are groups out there like Anonymous, and we are concerned, as are other sectors.”
U.S. intelligence officials already have found what they say is evidence of Chinese and Russian cyberspies snooping in computer systems that run the electric grid
“It’s a real threat,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies
“Some hacker, next thing you know, could be into our electrical grid. We have to get after this.”
Tomi Engdahl says:
Future Chrome Version May Choose Your Passwords, and Change Them When You’ve Been Hacked
http://www.webmonkey.com/2012/02/future-chrome-version-may-choose-your-passwords-and-change-them-when-youve-been-hacked/
Google’s Chrome development team is working on a system to automatically generate passwords, which would help users secure their online identities with passwords that would be diversified across different sites, and are randomized and thus harder to guess.
Initial versions of the system would create passwords on an individual basis, at the user’s request. But Google’s development team states that “At some point in the future it might also be possible for us to automatically change all of a user’s passwords when we realize that their account is hijacked.”
Chrome can already store passwords, a common feature in modern browsers, and it syncs them across computers, with the passwords encrypted in transit and at rest in Google data centers
Tomi Engdahl says:
Anonymous denounces internet DNS attack
Lights off for Op Global Blackout
http://www.theinquirer.net/inquirer/news/2153951/anonymous-denounces-internet-dns-attack
HACKING COLLECTIVE Anonymous is not behind a threat to attack main root servers in an attempt to knock the internet offline.
Reports about the potential attack have been bubbling for some time now
Anonymous has denied that it is behind the attack and the messages that support it.
“GlobalBlackOut is another Fake Operation. No intention of #Anonymous to cut Internet,”