Here is my collection of security trends for 2012 from different sources:
Windows XP will be the biggest security threat in 2012 according to Sean Sullivan, security advisor at F-Secure: “People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favourite target.”
F-Secure also says also that it might not be long before the cyber criminals turn their attentions to tablet devices. Attacks against mobile devices have become more common and I expect this to continue this year as well.
Americans more susceptible to online scams than believed, study finds. A recent survey from The Ponemon Institute and PC Tools dives into this question and reveals a real gap between how aware Americans think they are of scams and how likely they actually are to fall for them.
Fake antivirus scams that have plagued Windows and Mac OSX during the last couple of years and now it seems that such fake antivirus scams have spread to Android. Nearly all new mobile malware in Q3 2011 was targeted at Android.. When antivirus software becomes a universally accepted requirement (the way it is on Windows is the day), has the platform has failed and missed the whole point of being mobile operating system?
Cyber criminals are developing more sophisticated attacks and the police will counterattack.
Mobile phone surveillance will increase and more details of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices and can monitor everything. Leaked Memo Says Apple Provides Backdoor To Governments: “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices.
Geo-location tagging in smartphones to potentially cause major security risks article says that geo-location tagging security issues are likely to be a major issue in 2012—and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology. When smartphones images to the Internet (to portals such Facebook or Flickr) there’s a strong chance they will also upload the GPS lcoation data as well. This information could be subsequently misused by third parties.
You need to find your balance between freedom and security (
Vapauden ja turvallisuuden tasapaino). Usernames poured out for all to see, passwords and personal identification numbers are published. A knowledge of access management is even more important: who has the right to know when and where the role of functioning? Access, identity and role management are essential for the protection of the whole system. Implementation of such systems is still far from complete.
When designing networked services, the development of safety should taken into account in the planning stage, rather than at the end of execution. Even a secure network and information system can not act as operating a vacuum.
Reliability of the server certificates will face more and more problems. We can see more certificate authority bankruptcies due cyber attacks to them. Certificate attacks that have focused on the PC Web browsers, are now proven to be effective against mobile browsers.
Stonesoft says that advanced evasion techniques (AET) will be a major threat. Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many IDS/IPS systems (including their own, at the time last summer). Using the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.
Rise of Printer Malware is real. Printer malware: print a malicious document, expose your whole LAN says that sending a document to a printer that contained a malicious version of the OS can send your sensitive document anywhere in Internet. Researchers at Columbia University have discovered a new class of security flaws that could allow hackers to remotely control printers over the Internet. Potential scenario: send a resume to HR, wait for them to print it, take over the network and pwn the company. HP does have firmware update software for their printers and HP Refutes Inaccurate Claims; Clarifies on Printer Security. I wonder how many more years until that old chain letter, where some new insidious virus infects everything from your graphics card to your monitor cable, becomes true.
Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. How Do You Protect PCs from BIOS Attacks? The U.S. National Institute of Standards and Technology (NIST) has drafted a new computer-security publication that provides guidance for computer manufacturers, suppliers, and security professionals who must protect personal computers as they start up “out of the box”: “BIOS Integrity Measurement Guidelines,” NIST Special Publication 800-155.
According to Stonesoft security problems threaten the lives and the year 2012 may be the first time when we lose lives because of security offenses. According to the company does this happen remains to be seen, but the risk is due to industrial SCADA systems attacks against targets such as hospitals or automated drug delivery systems. I already posted around month ago about SCADA systems security issues.
849 Comments
Tomi Engdahl says:
WikiLeaks: Our site’s been hit by weeklong attack
http://hosted.ap.org/dynamic/stories/W/WIKILEAKS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2012-08-12-07-41-57
WikiLeaks has said it’s been flooded with 10 gigabits per second of bogus traffic from thousands of different Internet addresses.
“a bit larger” than attacks commonly seen in the past few years.
Tomi Engdahl says:
Federal court rules cops can warrantlessly track suspects via cellphone
http://arstechnica.com/tech-policy/2012/08/federal-court-rules-cops-can-warantlessly-track-suspects-via-cellphone/
In a 2-1 ruling, the U.S. Circuit Court of Appeals for the Sixth Circuit has ruled (PDF) that law enforcement has the right to warrantlessly obtain location data from a cellphone in order to track a suspect.
“There is no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured pay-as-you-go cell phone,” wrote Judge John Rogers, in the majority opinion. “If a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.”
“Here, the monitoring of the location of the contraband-carrying vehicle as it crossed the country is no more of a comprehensively invasive search than if instead the car was identified in Arizona and then tracked visually and the search handed off from one local authority to another as the vehicles progressed,” Judge Rogers added in the decision.
Tomi Engdahl says:
Reuters blogging platform hacked, false Saudi blog posted
http://www.reuters.com/article/2012/08/15/net-us-hacking-reuters-saudi-idUSBRE87E0HU20120815
The blogging platform of the Reuters News website was hacked and a false posting saying Saudi Arabia’s Foreign Minister Prince Saud al-Faisal had died was illegally posted on a Reuters journalist’s blog, the company said on Wednesday.
“Reuters did not report the false story and the post was immediately deleted. We are working to address the problem,” Barb Burg, director of global communications at Reuters News, said in a statement.
On August 3, Reuters was forced to shut the platform temporarily after the appearance of unauthorized, and false, reports
Tomi Engdahl says:
This is the second time in August, when the Reuters blog platform has been invaded by unknown factors. The first time, the attackers released a bogus interview with rebel leader in Syria.
Reuters uses WordPress blog platform. The previous break-in news agencies charged with the substrate using an old version of himself, and thus vulnerable to hacking.
Source: http://www.itviikko.fi/uutiset/2012/08/15/reutersin-blogiin-murtauduttiin–taas/201235718/7?rss=8
Tomi Engdahl says:
Microsoft suspends Windows Phone app submissions
http://www.theinquirer.net/inquirer/news/2198975/microsoft-suspends-windows-phone-app-submissions
SOFTWARE HOUSE Microsoft has suspended publishing additional apps on its Windows Phone Marketplace as it fixes problems with the digital certificates used to sign apps.
Microsoft’s Windows Phone might be used by only relatively few people but the company has spent a great deal of money on stocking the virtual shelves of its Marketplace app store. However yesterday the firm suspended approvals of new apps as it scrambled to fix a problem with the digital certificates used to sign all apps.
According to Microsoft, the problem not only affects new app submissions but some existing apps available to Windows Phone 7.5 users, resulting in users’ inability to install them.
Microsoft, like other firms, signs apps in order to enable users to verify their integrity, and while problems with digital certificates could be caused by events outside of Microsoft’s control
Douglas Hines says:
Appreciate your great write-up, We by no implies uncover superb blog such as this, I’ll assessment after. classifieds
Tomi Engdahl says:
Lose The Burners: Court Okays Prepaid Phone Tracking
http://www.informationweek.com/security/mobile/lose-the-burners-court-okays-prepaid-pho/240005614
Appeals court rules law enforcement agencies don’t need a warrant to “ping” and track prepaid cellphone locations.
Prepaid cellphone users may be tracked by law enforcement agencies at any time, without police first having to obtain a probable-cause warrant.
According to Rogers, “Skinner did not have a reasonable expectation of privacy in the data emanating from his cell phone that showed its location.” Furthermore, according to the court’s ruling, “if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.”
Cellphone data now plays a part in numerous investigations.
The ruling now makes clear what privacy protections prepaid cellphone users can expect, or not.
“Criminals have long believed that the lack of a contract is some magical way of disallowing attribution of a device to a specific person, which is clearly not the case if the device is found upon his person at the time of arrest.”
Tomi Engdahl says:
Deciphering phone and embedded security – Part 3: Unsigned, signed, locked and encrypted bootloaders
http://www.eetimes.com/design/embedded-internet-design/4392153/Deciphering-phone-and-embedded-security—Part-3–Un-signed–signed–locked-and-encrypted-bootloaders
Different Android phone manufacturers handle the bootloader differently, and it can even vary from one software version to the next.
Tomi Engdahl says:
Microsoft resumes publishing Windows Phone apps, all is right with the world
http://www.engadget.com/2012/08/17/microsoft-resumes-publishing-windows-phone-apps/
Microsoft has solved the digital signing problem that prevented app installations on older Windows Phones, as promised, and the flow of new apps is back to a steady stream. It may take a day or two before new titles show up in earnest;
The quick turnaround is no doubt good news for developers. We’d argue that it’s equally good news for Microsoft, too
Tomi Engdahl says:
Malware targeting Google’s Android OS trebled last quarter
http://www.theinquirer.net/inquirer/news/2199327/malware-targeting-googles-android-os-trebled-last-quarter
SECURITY THREATS facing Android devices trebled in the second quarter, Kaspersky Lab reported today.
The report shows that the number of malicious programs targeting Google’s Android mobile operating system rose to over 14900 in the second quarter, up from 5400
When compared to the third quarter of 2011, malware found on Android devices in the second quarter rocketed up by more than 15 times over, demonstrating how virus writers are increasingly focusing on developing malicious programs for mobile devices.
Kaspersky said in the report that a quarter of the Android malware detected in the second quarter were SMS Trojans used to steal money from victims’ accounts via text messages sent to premium rate phone numbers without the owner’s knowledge.
Tomi Engdahl says:
Some dangers of cloud storage have again surfaced:
Symantec’s backup service leaked: the users were offered other user’s files
Security company Symantec has managed to repair the leak Norton Online Backup, a backup service.
Problems due to the manner in which Symantec’ software handled cookies and other “static properties.” As a result, some users received the false, the other service users’ cookies.
Source: http://www.tietoviikko.fi/kaikki_uutiset/symantecin+varmuuskopiopalvelu+vuoti+kayttajille+tarjottiin+muiden+tiedostoja/a829760?s=r&wtm=tietoviikko/-17082012&
Tomi Engdahl says:
Cyber safety—Will more advice to children work?
http://www.eetimes.com/electronics-blogs/communications-designline-blog/4394228/Cyber-safety-Will-more-advice-to-children-work-?Ecosystem=communications-design
I haven’t noticed as much coverage on cyber safety as it relates to children recently
eport from Legal & General’s home insurance team that they just published: Digital Criminal 2012: CyberSafety Report. Their findings are that 88% of consumers polled want more security advice to be given to children using social network sites. Will that work?
They naturally give online safety tips that ultimately not only protect the children, but also the home based on what the children might say online—tipping criminals off regarding vacations, location of valuables, a recent purchase, etc.
While I know that every attempt must be made to get this word across to children, I’ve had my own experiences with how very difficult that can be
Since children are now growing up immersed in technology, in some ways it will be easier to instill safety patterns early on—at least I hope so. I agree that education on safety is critical
Tomi says:
Web Applications are attacked an average once in every three days, the security company’s six-month Imperva Web Application Attack Report says.
Imperva analyzed in the report of 50 publicly available web application (United States or the European Union) traffic in December 2011 and May 2012.
Source: http://www.tietoviikko.fi/kaikki_uutiset/nettisovellukseen+hyokataan+yhtena+paivana+kolmesta/a829813?s=r&wtm=tietoviikko/-19082012&
tomi says:
Windows 8 Changes Host File Blocking
http://tech.slashdot.org/story/12/08/19/1923210/windows-8-changes-host-file-blocking
“Windows 8 has been confirmed to not only ignore, but also modify the hosts file.”
The hosts file was a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites…
But if you are doing your web filtering on the workstation, you were doing it badly, badly wrong.
Tomi Engdahl says:
Resilient “SMSZombie” Exploits China Mobile’s Payment System – Over 500,000 Android Devices Infected, Firm Says.
http://www.securityweek.com/resilient-smszombie-infects-500000-android-users-china
Researchers from mobile security firm TrustGo have recently discovered a new, resilient mobile threat targeting Android phones that is said to have infected roughly 500,000 devices, mainly in China.
SMSZombie Android MalwareCalled “SMSZombie”, the malware is stubborn and hard to remove, but users outside of China have little to worry about with this latest discovery. The prime function of the mobile malware is to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.
SMSZombie has been embedded in several wallpaper apps, many of which flaunt provocative titles and nude photos to encourage users to download and install the apps.
If the evil “Android System Service” is installed, the malware attempts to obtain administrator privileges on the device, a step that Yang says cannot be canceled due to the fact that users are essentially forced to click “Activate” because clicking the “Cancel” button just reloads the same dialog box.
“By waiting to deliver malicious code until after installation, this virus is difficult to detect,” said Xuyang Li, CEO of TrustGo.
The malware can remotely control the infected device, Yang said. It enables hackers to remotely control victims’ mobile SMS payments system, allowing them to secretly authorize payments for amount and at any time. “Our guess is that these malware developers have some connection with these premium services,” Yang said.
“Based on our analysis of the code, the malware will monitor users’ SMS messages,” Yang said. “Once it finds any keywords they have defined in the code, they will send these messages to a third party C&C server.”
Tomi Engdahl says:
World’s biggest oil company hit by cyber attack
Hackers isolated Saudi Aramco’s production systems from infected PC workstations
http://www.theinquirer.net/inquirer/news/2199578/worlds-biggest-oil-company-hit-by-cyber-attack
World’s biggest oil company hit by cyber attack
Hackers isolated Saudi Aramco’s production systems from infected PC workstations
“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Aramco said.
Security vendor McAfee said it is still analysing the threat and believes that it is a largely isolated and targeted attack.
Tomi Engdahl says:
Exhibitionist Shamoon virus blows PCs’ minds
Malware targets some energy sector
http://www.theregister.co.uk/2012/08/17/shamoon_malware_energy/
The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code scrapes data from other systems via network shares, including those not connected to the internet. It then wipes all the data on the target systems and overwrites the master boot record to brick the system.
The attack appears to be fairly localized, and Symantec reports that at least one energy company has been hit by the malware. It’s not known if the code was responsible for the shutdown of the Saudi Arabian Oil Co network on Wednesday
“Nowadays, destructive malware is rare; the main focus of cybercriminals is financial profit.”
Tomi Engdahl says:
Breaking news, literally: Reuters hacked third time this MONTH
Buggy blog blamed
http://www.theregister.co.uk/2012/08/17/reuters_blogs_hacked_again/
Reuters websites were hacked for third time in a fortnight when hackers posted a bogus article falsely claiming that Saudi Arabia’s foreign minister Saud al-Faisal was dead.
The planting of the false report follows two similar attacks earlier this month.
The news agency uses the WordPress platform for blogging. One plausible theory is that a vulnerability in this widely used package was used to pull off the latest attack, but this remains unconfirmed.
Tomi Engdahl says:
Linux kernel purged of five-year-old root access bug
http://www.theregister.co.uk/2010/08/19/linux_vulnerability_fix/
The Linux kernel has finally been purged of a privilege-escalation vulnerability that for at least half a decade allowed untrusted local users to gain unfettered rights to the operating system’s most secure locations.
Maintainers of the central Linux component issued a patch last week that killed the bug, which allowed unprivileged users to gain root access. While Linux overlords stopped short of declaring it a security vulnerability, they stressed that the patch should be installed as soon as possible.
The vulnerability was described as long ago as 2005 by researcher Gael Delalleu, but it remained largely overlooked until Rafal Wojtczuk, a researcher at Invisible Things Lab, started investigating related issues.
“One important aspect the attack demonstrates, is how difficult it is to bring security to a desktop platform, where one of the biggest challenges is to let applications talk to the GUI layer (e.g., X server in case of Linux), which usually involves a very fat GUI protocol (think X protocol, or Win32 GUI API) and a very complex GUI server, but at the same time keep things secure,” Joanna Rutkowska, a fellow security researcher at Invisible Things Lab blogged.
The memory-corruption bug stems from two memory regions of the X server that grow in the opposite directions in the address space, an attribute inherited from the x86 architecture designed by Intel. Attackers can force the two regions to collide, causing critical control data to be replaced with values that allow the X server to be hijacked.
It’s a fairly exotic exploit, and can only be used locally, unless combined with an unrelated vulnerability.
some Linux distributions appear to have issued updates that closed the hole.
But that only begs the question why such a fix was never incorporated in the kernel.
Tomi Engdahl says:
Social networks to meet home secretary over riots
http://www.bbc.com/news/technology-14587502
Facebook, Twitter and Blackberry have all been criticised after it emerged that some rioters may have used them to plan trouble or encourage others.
David Cameron has said the government would look at limiting access to such services during any future disorder.
Prime Minister David Cameron sparked controversy when he suggested that the government might look at disconnecting some online and telecommunications services in the event of further civil disorder.
Police in London said that they managed to thwart attacks on the Olympic site and on Oxford Street based information gathered from Twitter and BBM.
Tomi Engdahl says:
Never trust SMS: iOS text spoofing
http://pod2g-ios.blogspot.co.uk/2012/08/never-trust-sms-ios-text-spoofing.html
a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.
The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4. Apple: please fix before the final release.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text.
In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin.
Why is it an issue ?
pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
one could send a spoofed message to your device and use it as a false evidence.
Tomi Engdahl says:
The Creepy Aspect of Instagram’s New Mapping Feature
http://www.forbes.com/sites/kashmirhill/2012/08/17/the-creepy-aspect-of-instagrams-new-mapping-feature/
Instagram released a major new feature this week: Photo Maps, which is exactly what it sounds like. It pins users’ geo-tagged photos on a map
for two of my friends who have opted-in and filled their maps with 100s of photos, it’s quite an intimate look into their lives — including where they live and where they hang out.
“If you agree to reveal yourself, is that creepy or just TMI?”
There’s nothing wrong with Instagram offering a cool new feature with useful functionality
Countdown starts now for the first “I got robbed because my friend publicly-Instagrammed my awesome jewelry collection” story.
Tomi Engdahl says:
Insight: Experts hope to shield cars from computer viruses
http://www.reuters.com/article/2012/08/20/us-autos-hackers-idUSBRE87J03X20120820
White hats are increasingly looking beyond PCs and data centers for security vulnerabilities that have plagued the computer industry for decades and focusing on products like cars, medical devices and electricity meters that run on tiny computers embedded in those products.
Automobiles are already considered “computers on wheels” by security experts. Vehicles are filled with dozens of tiny computers known as electronic control units, or ECUs, that require tens of millions of lines of computer code to manage interconnected systems including engines, brakes and navigation as well as lighting, ventilation and entertainment.
Cars also use the same wireless technologies that power cell phones and Bluetooth headsets, which makes them vulnerable to remote attacks that are widely known to criminal hackers.
“There is tons of opportunity for attack on car systems,” said Stuart McClure, an expert on automobile security who recently stepped down as worldwide chief technology officer of McAfee to start his own firm.
Tomi Engdahl says:
Wired Answers Reader Questions About Honan Hack and Data Recovery
http://www.wired.com/gadgetlab/2012/08/wired-answers-reader-questions-about-honan-hack-and-data-recovery/
In early August, hackers used exploits in Amazon’s and Apple’s tech support systems to delete Mat Honan’s Google account and remotely wipe his Apple devices. He documented how it happened, and how he was able to recover his data — or most of it, at least
Tomi Engdahl says:
Anonymous takes down UK government websites in Assange attack
http://www.theregister.co.uk/2012/08/20/anonymous_uk_government_atack/
Anonymous is claiming to have begun shutting down UK government websites in protest of the treatment of Julian Assange.
UK Justice Department website went down under a distributed denial of service attack.
Department of Work and Pensions website was also taken offline.
All this activity is unlikely to change the government’s attitude to Julian Assange, however.
Tomi Engdahl says:
Crisis malware infects VMware virtual machines, researchers say
The Windows version of Crisis also infects Windows Mobile devices and USB drives
http://www.computerworld.com/s/article/print/9230457/Crisis_malware_infects_VMware_virtual_machines_researchers_say
The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.
Crisis is a computer Trojan program that targets Mac OS and Windows users.
Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet.
“The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool,” said Symantec researcher Takashi Katsuki in a blog post on Monday. “This may be the first malware that attempts to spread onto a virtual machine.”
“[Its] aim is to get inside as many systems it can to steal the maximum amount of information.”
Tomi Engdahl says:
Why passwords have never been weaker—and crackers have never been stronger
http://arstechnica.com/security/2012/08/passwords-under-assault/
“The danger of weak password habits is becoming increasingly well-recognized,” said Brooks, who at the time blogged about the warnings as the Program Associate for the Center for Democracy and Technology. The warnings, he told me, “show [that] these companies understand how a security breach outside their systems can create a vulnerability within their networks.”
The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study (PDF) from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too.
Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.
Tomi Engdahl says:
F-Secure reports that cyber arms race has begun. State-funded information technology has become an alternative to warfare and diplomacy, such as the boycott of traditional enforcement service.
Accroding to F-Secure’s Chief Research Officer Mikko Hypponen Stuxnet and its successors and Flame Gauss words are simply changed the name of the game.
“States are attacking each other with malicious code”
F-Secure Threat Report H1 2012
http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H1_2012.pdf
Tomi Engdahl says:
Same virus can hit Apple OSX, Windows, Windows Mobile, VMware virtual machines etc…
Crisis for Windows Sneaks onto Virtual Machines
http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines
Symantec reported new malware for Mac last month that we called OSX.Crisis.
The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer.
The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device.
This may be the first malware that attempts to spread onto a virtual machine. Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.
It also has the functionality to spread to Windows Mobile devices by dropping modules onto Windows Mobile devices connected to compromised Windows computers.
Crisis malware has functionality to spread to four different environments: Mac, Windows, virtual machines, and Windows Mobile.
Tomi Engdahl says:
Study: If your antivirus doesn’t sniff ‘new’ malware in 6 days, it never will
But opposing researcher smacks down the finding
http://www.theregister.co.uk/2012/08/23/anti_virus_detection_study/
Mainstream antivirus software only has small window for detecting and blocking attacks, according to a controversial new study.
Host-based intrusion prevention firm Carbon Black found that if an antivirus package had failed to detect a piece of ‘new’ (recently discovered) malware within six days of its first being detected by another firm, the chances were it still wouldn’t detect the sample even 30 days later.
The Carbon Black experiment showed that multiple antivirus products provided better security protection than just one, as expected, but it also showed that if signatures for a malware sample were not added within a few days after the sample first appeared, then they are likely to be permanently absent. “We found that the average new detections per day dropped to nearly zero after day six,” Carbon Black researchers explain in a blog post. “What this means is that, on average, if AV doesn’t detect a piece of malware almost immediately, it likely never would.”
Carbon Black concludes that its research suggests that antivirus firms are struggling to develop signatures for the hundreds of thousands of malware sample they receive every day. Even by using generic detection of malware strains the whole system is inundated, it suggests.
Tomi Engdahl says:
Password hints easily snaffled from Windows PCs
Psst, you might want to encrypt that
http://www.theregister.co.uk/2012/08/23/password_hint/
Punters’ password hints are easily extracted from the latest Microsoft Windows machines, security researchers have discovered.
TrustWave SpiderLabs uncovered a key called “UserPasswordHint” during wider research into how the Redmond operating system stores password hashes. Subsequent studies showed it was easy to extract and decode password hints from the registry on both Windows 7 and Windows 8 machines. The value stored is obscured with the addition of zeros but not encrypted.
So an eight-line script was all it took to determine the clear-text version of password hints. The researchers have integrated user password hint decoding into Metasploit, the widely used computer security tool that has applications in both penetration testing and hacking.
A hint can easily extracted from Mac OS X machines too
Tomi Engdahl says:
FAA Denies Vulnerabilities In New Air Traffic Control System
http://tech.slashdot.org/story/12/08/22/2059207/faa-denies-vulnerabilities-in-new-air-traffic-control-system
“Haines outlined his concerns during a presentation (PDF) he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS-B signals are unauthenticated and unencrypted, and ‘spoofing’ (video) or inserting a fake aircraft into the ADS-B system is easy. The FAA isn’t worried because the system has been certified and accredited.”
Hackers, FAA Disagree Over ADS-B Vulnerability
http://www.ainonline.com/aviation-news/ainalerts/2012-08-21/hackers-faa-disagree-over-ads-b-vulnerability
Haines and hacker Nick Foster demonstrated this by spoofing a fake aircraft into simulated San Francisco airspace, using the Flight Gear simulator program. He said spoofing a target into the real ADS-B system would be a simple matter of transmitting the signal on the ADS-B frequencies.
page says:
It’s appropriate time to make some plans for the future and it’s time to be happy. I have learn this publish and if I may just I wish to counsel you some attention-grabbing issues or suggestions. Perhaps you could write next articles referring to this article. I desire to learn even more issues about it!
Tomi Engdahl says:
Should Developers Be Sued For Security Holes?
http://developers.slashdot.org/story/12/08/23/2211238/should-developers-be-sued-for-security-holes
“A Cambridge academic is arguing for regulations that allow software users to sue developers when sloppy coding leaves holes for malware infection. European officials have considered introducing such a law but no binding regulations have been passed.”
Should developers be sued for security holes?
http://www.techrepublic.com/blog/european-technology/should-developers-be-sued-for-security-holes/1109?tag=main;river-newest
Takeaway: Software makers should face legal action if sloppy coding leads to hackers emptying users’ bank accounts, argues a Cambridge academic.
James said he was sceptical about how successful any new regulations making software makers liable for damage resulting from coding flaws would be, given the number of ways that developers could shift blame to the end-user: for instance by claiming the end-user failed to follow accepted IT security practices.
“There are lots of get-outs that a software developer would look to use to defend against a claim, for example, ‘Has the user updated to the latest version of software that may have closed off some of those vulnerabilities?’,” he said.
Clayton and other supporters of developer liability are facing powerful opposition. Given the potential size of the liability – estimates of malware-related losses are often put at at least billions of dollars annually – the software industry is likely to lobby hard against any such measure.
Perhaps unsurprisingly the software lobby argue that its members already make their software as secure as they can, given the complexity of code underlying applications. When the matter was debated in the House of Lords in 2007, software vendors argued against it by analogy: that when a home is burgled the victim doesn’t usually ask the maker of the door or window to compensate them.
Another rebuttal of liability put forward by some developers is that it would stifle innovation and interoperability between apps, as software makers would stop their apps from interacting with third party code to guard against undesirable results.
There is also the question of who is liable for flaws in open source software where there is no clear individual or group responsible for its development. When the Lords debated the matter it was argued there should be exemption for individuals who voluntarily contribute to such projects.
Tomi Engdahl says:
What To Do To Keep Your Facebook Account Secure
http://www.readwriteweb.com/archives/facebook-has-been-hacked-what-will-you-do.php
Here are basic steps you should take whenever you think your account has been hacked.
Change Your Password
Reclaim Your Account
Update Your Security Software
Trim The App Fat
Tell Your Friends
Tomi Engdahl says:
India: We DO have the BlackBerry encryption keys
RIM: Er, I think you’ll find you don’t
http://www.theregister.co.uk/2012/08/02/rim_keys_india/
Indian government officials have apparently claimed that Research in Motion has handed over the skeleton keys used to encrypt BlackBerry communications – once again ignoring the fact that such keys don’t exist.
According to the Times:
[RIM] has now handed over this infrastructure to Indian agencies, internal government documents reviewed by ET reveal.
Canada-based RIM has, as usual, not only denied handing over any keys but also reiterated that it couldn’t hand over keys that it doesn’t actually have.
Corporate users create their encryption keys when setting up their BES, and communication between the handset and the BES is secured against all but the best-funded of governments. Consumers are issued a key by RIM, and connect to their geographically nearest – and RIM-managed – BlackBerry Enterprise Server (BES).
The Indian government is trying to reassure its population (and voters) that no foreign company will prevent it from intercepting communications, but it risks its own credibility by repeatedly claiming to have access to encryption keys which simply don’t exist.
Tomi Engdahl says:
Hotel keycard firm issues fixes after Black Hat hacker breaks locks
But want customers to pay for them…
http://www.theregister.co.uk/2012/08/24/hotel_keylock_hack/
Hotel lockmaker Onity has developed fixes to safeguard millions of hotel keycard locks against an attack demonstrated at the Black Hat conference last month. But the most comprehensive of the two approaches involves a partial hardware replacement that will cost hotels a substantial amount of cash to apply.
Mozilla software developer turned security researcher Cody Brocious used a Arduino micro-controller costing around $50 to come up with an effective hack against hotel keycard locks, which he demonstrated at last month’s Blackhat security conference in Las Vegas. The hack involved plugging in the homemade device into a data port on the underside of Onity’s locks, reading memory to extract a decryption key, before using this decryption key to fake an “open door” command. Brocious created a cheap rig that spoofed portable programmers, gadgets designed to allow hotels to change the settings on locks supplied by Onity.
The hack is only possible because of two interlinked problems: the ability to read memory locations on vulnerable electro-mechanical locks and flawed cryptography in the key cards system itself.
The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks
The second more rigorous fix involves upgrading the firmware of potentially vulnerable HT and ADVANCE series locks together with manually changing the locks’ circuit boards.
Both fixes will be available from the end of August.
It’s unclear how much Onity’s upgrade of its widely used hotel keycard locks will end up costing either hotel chains or Onity itself.
“Given that it won’t be a low-cost endeavour, it’s not hard to imagine that many hotels will choose not to properly fix the issues, leaving customers in danger,” Brocious said.
Onity’s keycard locks secure access to an estimated four million hotel rooms worldwide.
Tomi Engdahl says:
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/
The next time you stay in a hotel room, run your fingers under the keycard lock outside your door. If you find a DC power port there, take note: With a few hacker tricks and a handful of cheap hardware, that tiny round hole might offer access to your room just as completely as your keycard.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture.
In fact, Brocious isn’t the only one who knows his tricks.
His former employer, a startup that sought to reverse engineer Onity’s hotel front desk system and offer a cheaper and more interoperable product, sold the intellectual property behind Brocious’s hack to the locksmith training company the Locksmith Institute (LSI) for $20,000 last year. LSI students, who often include law enforcement, may already have the ability to open Onity doors at will.
“With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious. “An intern at the NSA could find this in five minutes.”
The ability to access the devices’ memory is just one of the two vulnerabilities Brocious says he found in Onity’s locks. He says the company also uses a weak encryption scheme that allows him to derive the “site code”–a unique numerical key for every facility–from two cards encoded one after another for the same room
Brocious says he stumbled upon the the flaws in Onity’s locks while working as the chief technology officer for a startup called Unified Platform Management Corporation, which sought to compete with bigger players in the hotel lock industry by creating a universal front end system for hotels that used common lock technologies. Brocious was hired to reverse engineer hotel locks, and Onity was his first target. The discovery of Onity’s security vulnerabilities was entirely unintentional, he says.
UPM failed to find customers or investment and soon folded. With the exception of the sale of his exploit methods to LSI–the biggest sale the startup ever achieved–Brocious kept quiet about his discovery, until now.
“This wasn’t the way we wanted to disrupt the business, exactly,” says Brian Thomason, one of UPM’s founders. “But hey, stuff happens, right?”
Tomi Engdahl says:
Onity’s Plan To Mitigate Hotel Lock Hack
http://daeken.com/onitys-plan-to-mitigate-hotel-lock-hack
Blackhat paper
http://daeken.com/blackhat-paper
http://demoseen.com/bhpaper.html
There are several parts to the Onity lock system:
Encoder: This is the device which makes the keycards, but it also stores all the property information (e.g. room listings, time tables, etc) and is used to load the portable programmer.
Portable programmer (or PP): Programs the lock with guest code key values, master codes, time tables, and other information.
Lock: In our context, we’re primarily concerned with the actual circuit board that performs the locking logic for doors. There are multiple lock configurations, e.g. exterior doors and guest room doors, but we’ll be talking mostly about guest room locks.
Sitecode
This is a 32-bit code randomly assigned by Onity. It uniquely identifies a hotel property and is the key to the security of the entire system. The sitecode is used for encrypting/decrypting cards, programming the locks, and opening the locks.
Communications with the lock take place over a bidirectional single-wire protocol. On the bottom of the lock, on the outside of the door, there is a DC barrel connector, more commonly used for power. This carries data on one wire and ground on the other.
On top of this is the high-level protocol enabling the reading of memory and opening the lock. There are several other functions performed by the portable programmer which are not documented within as they’re not relevant to the vulnerabilities outlined in this paper and are not required for an opener device.
Given the ability to read the complete memory of the lock, it is possible to gain access to the master key card codes. With these — in combination with the sitecode for encryption — it is possible to create master cards which will gain access to locks at the property.
Below is the complete Arduino sketch. When connected to the lock, it will immediately open the lock.
http://demoseen.com/bhpaper.html
Tomi Engdahl says:
Saudi Aramco Reveals Cyber Attack Hit 30,000 Workstations
http://politics.slashdot.org/story/12/08/27/063235/saudi-aramco-reveals-cyber-attack-hit-30000-workstations
” The group, calling itself the ‘Cutting Sword of Justice,’ claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers, achieving a 75 percent infection rate of all the company’s systems. ”
(happened mid-August 2012)
Saudi Aramco Oil Producer’s 30,000 workstations victim of Cyber Attack
http://thehackernews.com/2012/08/saudi-aramco-oil-producers-30000.html
Tomi Engdahl says:
The Economics of Spam
http://www.aeaweb.org/articles.php?doi=10.1257/jep.26.3.87
We estimate that American firms and consumers experience costs of almost $20 billion annually due to spam. Our figure is more conservative than the $50 billion figure often cited by other authors
Based on the work of crafty computer scientists who have infiltrated and monitored spammers’ activity, we estimate that spammers and spam-advertised merchants collect gross worldwide revenues on the order of $200 million per year.
Thus, the “externality ratio” of external costs to internal benefits for spam is around 100:1.
the strategic cat-and-mouse game between spammers and email providers
We then put the spam market’s externality ratio of 100 into context by comparing it to other activities with negative externalities.
Tomi Engdahl says:
Mystery malware wreaks havoc on energy sector computers
Like malware that attacked Iran, Shamoon permanently destroys hard disk data.
http://arstechnica.com/security/2012/08/shamoon-malware-attack/
Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer’s hard drive and rendering the machine unusable.
The computer worm, alternately dubbed Shamoon or Disttrack by researchers at rival antivirus providers Symantec and McAfee, contains the string “wiper” in the Windows file directory its developers used while compiling it. Combined with word that it targeted the energy industry, that revelation immediately evoked memories of malware also known as Wiper that reportedly attacked Iran’s oil ministry in April and ultimately led to the discovery of the state-sponsored Flame malware.
Shamoon is unusual because it goes to great lengths to ensure destroyed data can never be recovered, something that is rarely seen in targeted attacks. It has self-propagation capabilities that allow it to spread from computer to computer using shared network disks. It overwrites disks with a small portion of a JPEG image found on the Internet.
World’s largest oil producer falls victim to 30K workstation attack
Saudi Aramco comes clean with some details, resumes network operations today.
http://arstechnica.com/security/2012/08/worlds-largest-oil-producer-falls-victim-to-30k-workstation-attack/
It’s nearly a plot line from the movies: World’s largest oil producer gets hit by a cyber-attack that threatens to wipe away all data from its internal computers. But largely, this is the situation Saudi Aramco described today.
The Saudi Arabia-based, industry leader released a statement confirming that roughly 30,000 workstations were affected via cyber attack in mid-August. Details beyond that were scarce
The company said it cleansed its workstations and resumed operations for its internal network today.
The mid-August attack on Saudi Aramco came during the same week when security researchers identified the Shamoon attacks mentioned above.
Tomi Engdahl says:
Dropbox upgrades security with two-factor authentication
Users who desire a higher level of security can enter a one-time passcode
http://www.computerworld.com.au/article/434685/dropbox_upgrades_security_two-factor_authentication/#closeme
The file-sharing utility Dropbox is now offering two-factor authentication, a system that makes it much harder for hackers to capture valid credentials for a person’s account.
While it is relatively easy for hackers to obtain a person’s user name and password using malware and social engineering, it is much harder for them to intercept one-time passcodes, although it is possible. The codes, sent by SMS (short message service) or generated by a device, expire quickly.
The feature can be turned on through Dropbox’s website on the “security” tab in a person’s account settings. Users can opt to receive the six-digit code sent by SMS to their mobile phone when a new device is used to access their account.
A valid code can also be obtained by using an application that supports the Time-Based One-Time Password protocol
Tomi Engdahl says:
Experts Develop 3rd-Party Patch For New Java Zero-Day
http://developers.slashdot.org/story/12/08/27/1658238/experts-develop-3rd-party-patch-for-new-java-zero-day
“A new exploit for a zero-day vulnerability in Oracle’s Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately.”
You know what would be better idea than patching Java? Uninstalling it.
We were told Java was going to be the answer to all our security problems. No more buffer over flows, and few if any other remote code exploits would be possible with applications written in Java.
Its to bad someone finds a critical vulnerability in the platform every other month seemingly.
There is no good reason to have Java installed in your primary browser. The only reason why it’s everywhere is that it often comes preinstalled for no good reason, and (even worse) the installer shoves its way into all your browsers, for even less reason. If there are specific business sites using Java that you must access, then use IE with Java exclusively for those, and Firefox or Chrome for normal browsing. Using Java on the open web is just asking to get 0wned.
Before HTML5, Java was an acceptable way to implement app-like stuff in the browser. Now with dynamic HTML, Canvas, SVG, and AJAX, Java in the browser has become an anachronism.
Tomi Engdahl says:
Users urged to disable Java as new exploit emerges
All operating systems, browsers vulnerable
http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/
A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle’s Java patch schedule, it may be some time before a fix becomes widely available.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.
Tomi Engdahl says:
Attackers Pounce on Zero-Day Java Exploit
http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/
Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.
Initial reports indicated that the exploit code worked against all versions of Internet Explorer, Firefox and Opera, but did not work against Google Chrome. But according to Rapid 7, there is a Metasploit module in development that successfully deploys this exploit against Chrome (on at least Windows XP).
Also, there are indications that this exploit will soon be rolled into the BlackHole exploit kit.
Windows users can find out if they have Java installed and which version by visiting java.com and clicking the “Do I have Java? link. Mac users can use the Software Update feature to check for any available Java updates.
If you primarily use Java because some Web site, or program you have on your system — such as OpenOffice or Freemind — requires it, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.
How to Unplug Java from the Browser
http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins witht the word “Java” in them. Restart the browser.
Zero-Day Season is Not Over Yet
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
Most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable.
A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems.
It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit.
Java 7 0-Day vulnerability information and mitigation.
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
The Oracle patch cycle is 4 months (middle of February, June, October) with bugfixes 2 months after the patch. The next patch day is October 16 – almost two months away. Oracle almost never issue out-of-cycle patches but hopefully they will do consider it serious enough to do it this time.
The malicious executable name varies and it the future may get replaced by any kind of payload. At this point, it appears to be Poison Ivy RAT variant that is likely to be detected by many antivirus vendors.
This vulnerability affects Java 7 (1.7) Update 0 to 6. Does NOT affect Java 6 and below.
Although older Java is not vulnerable to this attack, downgrading is not recommended due to many other vulnerabilities in the older versions of Java.
Disable Java in your browser, apply the patch
This is not an official patch and had limited testing. In general, it is best to disable Java in your browser
If you are a home user and/or do not need use it to protect users, customers, and networks, please use the workarounds.
Tomi Engdahl says:
Hijacking the news: how hackers are manipulating the press from the inside out
http://www.theverge.com/2012/8/27/3262608/hacks-and-hackers-how-disinformation-is-the-new-hacktivist-weapon-of
Reuters was caught in the middle of an “intensifying conflict in cyberspace between supporters and opponents of Syrian President Bashar al-Assad,” in the words of one of its reporters, as hackers attempted to co-opt the news agency’s credibility in order to support government forces in the Syrian national conflict.
Major news sites have always attracted hackers.
To Americans and anyone accustomed to a free press, it should have been easy to spot the one-sided propaganda in the middle of less histrionic material. But the hackers tried to pass their message off as news. The fake posts were written in a plain, straightforward, newsman-like style, with appropriate headlines (“Riad Al-Asaad: Syrian Free Army pulls back tactically from Aleppo”) accompanied by appropriate photos. “Certainly the attack on Reuters was more subtle than most,” said Richard Wang, a US manager at the computer security firm Sophos. “They tried to put up content that would at least at first glance would be in context for the site.”
Reuters publishes first-responder wire reports that get reprinted or replicated by other publications, making it an ideal origin point for a disinformation campaign. Did the hackers know this?
Thomson Reuters operates one of the most influential news organizations in the world, with 3,000 journalists in almost 200 bureaus filing more than a million stories a year. The company wrote about the threat of cyberattack in the “risk factors” portion of its 2011 annual report — but just in reference to its financial data and trading products. There’s no mention of what might happen if someone tried to hack the news.
Reuters was using the free version of WordPress, which powers many major news sites including parts of the New York Times and CNN sites. WordPress maker Automattic has offered to help investigate the attacks
The odds of identifying the culprits are “generally very small,” Wang said, although a political group may claim credit. “There are a vast number of attacks like this going on. If the guys behind it are competent, then they’ll be hiding where they’re attacking from,”
News sites are vulnerable
“Hackers know information is power. That’s their mantra,”
Part of the opportunity comes from poor security at news media sites as compared to other sectors like financial services and information technology. It took the news media a long time to adapt to publishing on the internet, Song said, and rigorous tech security is just “not in the DNA.”
Editorial staffers usually have individual logins with some level of access to the public-facing site; some often have administrative privileges but may be oblivious to the dangers of using weak or repetitive passwords. Based on this reporter’s experience in the news industry, password security is not always robust. That goes double for cash-strapped local newspapers, many of which have outdated websites.
Even new media sites that tend to be more tech savvy can also be oblivious to the threat of hackers.
There’s more than one way to break news
Clan Vv3, the crew that broke into tech reporter Mat Honan’s personal accounts, wasn’t trying to impersonate a news organization. The hackers told Honan they only wanted his three-character Twitter handle. But one or a few members of Vv3 did hack CNN in May, albeit indirectly.
Tomi Engdahl says:
4G could signal a wave of mobile security threats, Symantec warns
http://www.theinquirer.net/inquirer/news/2200919/4g-could-signal-a-wave-of-mobile-security-threats-symantec-warns
Malware seen on WiFi and wired networks, such as botnets, could appear on mobile devices
THE ROLLOUT OF 4G later this year could give way for more high-risk mobile security implications, Symantec has warned.
“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.
“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”
To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.
4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.
Tomi says:
American University researchers have developed a new type of computer virus that could in the future become a new weapon for the transnational network warfare.
The University of Texas in Dallas, developed the virus has been partially funded by the U.S. Air Force. Virus developers call the computer program, Frankenstein.
Virus is a kind of base building guide that will tell you what kind of tasks to perform on the computer. Instructions of the virus assembles itself from harmless pieces of software code that is already on the computer.
Antivirus programs would be difficult to detect Frankenstein, as it is designed to build itself at all times in a different way, even though the task was carried out be the same.
Source: http://yle.fi/uutiset/itsensa_kokoavasta_viruksesta_ehka_ase_kybersotaan/6271510
Tomi says:
Expert evaluation: “there will always be bugs in Java”
Security company F-Secure’s Chief Research Officer Mikko Hypponen calls for removal of Java, at least from the browser.
- Java can always find new bugs, Hypponen explains rejection.
A recent bug, error, open a hole in your computer against the invaders. The situation is serious. The hole is used for real aim is to use machines. The attackers hit the popular sites.
Although Java is almost each and every computer, most of you got in you can be reached without it.
Java delete in the browser is simple and is done via the settings.
Source: http://www.iltalehti.fi/digi/2012082816012230_du.shtml