Security trends for 2013

Year 2013 will be year of cyber security. CNN expects more cyber wars this year. Cybercrime is on the rise, and last year we saw more and more computer virus attacks. Security company Kaspersky Lab warns of more new cyber-threats against enterprises and mobile devices. Cyber security also relates to mobile.

Security becomes an increasingly important issue. Year 2013 is the year of cyber security. Security company Stonesoft predicts we will face a more targeted launch cyber-attacks, cyber espionage and hactivism. Cyber security is the fastest growing trend in information security and its importance will increase in the future. According to Stonesoft the current security systems are unable to provide adequate protection against targeted attacks: we require proactive cyber protection and willingness to face the unknown threats.

Hacktivism will continue. According to article Anonymous: ‘Expect us 2013′ the hacking group boasted its cyberattacks against the U.S., Syrian, and Israeli governments in 2012. They are also warning people to continue to expect this type of activity.

SCADA security was hit hard in 2012. Some of the big manufacturers hit hard have learned their lessons and test their devices more now. But how are some smaller manufacturers security testing? Metasploit has special category for SCADA
devices.
Good idea to test your devices against it.

There is still work to do on Cyber security standards and SCADA standards. For example in very widely used automation security standard IEC 61508 security is addresses only in informative way (NOT MANDATORY. IEC 62443-2-4: A Baseline Security Standard for Industrial Automation Control Systems is a good starting point when thinking on SCADA systems security.

Nowadays you need to think about SCADA system security more then some years ago. Previously, it was thought that it is sufficient to isolate factory process automation system from the office networks and the Internet. This is no longer enough. Nowadays you need to think about information security of production of automation systems. You can’t keep the automation systems isolated from Internet. Accidental connections to Internet from isolated networks happen. Malware can spread through USB memory sticks (Stuxnet did that). And nowadays there are more and more business reasons to connect process automation systems to other networks. So automations system do not anymore live in complete isolation from rest of the world.

Systems with SCADA vulnerabilities have become easier to find. Hackers tap SCADA vuln search engine article tells a search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering. Search engine Shodan easily pinpoints shoddy industrial controls. Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. The search engine can also be used to identify systems with known vulnerabilities. Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults.

Thousands of SCADA Devices Discovered On the Open Internet article tells that there are all the time news of the continuing poor state of security for industrial control systems. The pair of researchers with found found not only devices used for critical infrastructure such as energy, water and other utilities, but also SCADA devices for HVAC systems, building automation control systems, large mining trucks, traffic control systems, red-light cameras and even crematoriums. Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget.

Researchers have also found crippling flaws in GPS receivers. Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones. GPS system is also used to generate accurate clocks in SCADA system and smart grid devices. Researchers showed that they could permanently de-synchronise the date of Phasor Measurement Units used in smart grid and cause UNIX epoch rollover in a few minutes. The overall landscape of GPS vulnerabilities is startling.

crystalball

Happy now? Mobiles, cloud, big data now ‘a growing security risk’ article tells that innovations in mobile and cloud computing, social technology and the use of “big data” present an emerging risk to organisations’ IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for “most of the innovation expected in the area of IT” and warned that with their emergence would come an associated increased cyber threat. ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over “poorly secured … or unsecured channels”. The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices. Cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.

Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash. The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code. Exploits are sold for considerable amount of money and quickly included into exploit kits.

Africa’s Coming Cyber-Crime Epidemic article tells that last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world’s fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected and lax law enforcement is a perfect petri dish for increased cybercrime.

European wide cyber police started. EU’s new European Cybercrime Centre (EC3) was just opened few days ago. The facility will act as the “focal point” in the EU’s fight against cybercrime, against both businesses and private citizens. EC3 will act as a hub where crime-fighters can pool expertise and information, support criminal investigations and help develop and spread best practice. It will work with industry to develop threat assessments. It will work closely with the FBI and the US Secret service, in addition to other foreign agencies.

1,930 Comments

  1. Tomi Engdahl says:

    Akamai Buys DDoS Prevention Specialist Prolexic For $370M To Ramp Up Security Offerings For Enterprises
    http://techcrunch.com/2013/12/02/akamai-buys-ddos-prevention-specialist-prolexic-for-370m-to-ramp-up-security-offerings/

    The holiday season e-commerce rush is in full swing, and so are malicious hackers that will hope to profit from the increased activity online. Timely news, then, that Akamai, the specialist in optimising web site performance and content distribution, is making a big acquisition to beef up its security offerings: it is buying Prolexic, a U.S.-based provider of cloud-based security solutions for protecting data centers and enterprise IP applications from distributed denial of service (DDoS) attacks. Akamai will be paying approximately $370 million for Prolexic.

    The deal is expected to close in the first half of 2014, the companies say.

    Before today, Akamai already offered security solutions to those with public-facing web sites and web apps. What this acquisition will give Akamai is a solution that is more centered towards enterprise business – specifically to help protect data centers and enterprise IP applications.

    “Today, business is defined by the availability, security and latency of Internet-facing applications, data and infrastructure,” he said in a statement. “Being able to rely on one provider for Internet performance and security greatly simplifies resolution of network availability issues and offers clients clear lines of accountability. We believe that, together, we will be able to deliver an unprecedented level of network visibility and protection.”

    Reply
  2. Tomi Engdahl says:

    “Even more than ten grand landing” – In Finland, two problems with the phone thefts

    Finns want to keep the phone with one European country. For dozens of Finnish users have come up with thousands of dollars of phone bills after the theft.
    Theft of smart phones has become quite a pain in the ass, for example, in the United States. The authorities are taking steps to theft and robbery. One example is the recently completed database of stolen phones, which helps prevent the use of stolen equipment.
    Virkki says that almost all of these cases have occurred in Spain, and premium rate numbers are generally in Africa.

    In Finland, the smartphone theft is caused mainly by two problems, both of which could be easily prevented.

    Sim card taken out and transferred to another phone. Now comes the card pin code. Often, it is, unfortunately, been left to the default format, such as 1234 or 0000. When a criminal gets access open, and he can immediately call the expensive premium rate numbers.

    The problems could thus prevent the phone security code, and changing the sim card pin code in second place. And if you lose your phone, it should inform the operator immediately when the connection to be closed.

    If your phone is stolen, your subscription will be inflicted on the bill is not the only threat. If the phone is not protected, the information in it may end up in the wrong hands.

    Elisa Jan Virkki points out that the smartphone may include, for example, a large amount of the employer’s e-mails with attachments. Their end of the criminal or public distribution of the Internet could cause problems.

    Theft of smart phones has become quite a pain in the ass, for example, in the United States. The authorities are taking steps to theft and robbery. One example is the recently completed database of stolen phones, which helps prevent the use of stolen equipment.

    According to the singer, Finland has been the so-called stolen equipment “black list”.

    Source: http://www.tietokone.fi/artikkeli/uutiset/jopa_yli_kymppitonnin_lasku_suomessa_kaksi_ongelmaa_puhelinvarkauksista

    Reply
  3. Tomi Engdahl says:

    Potentially Unwanted Miners – Toolbar Peddlers Use Your System To Make BTC
    http://blog.malwarebytes.org/fraud-scam/2013/11/potentially-unwanted-miners-toolbar-peddlers-use-your-system-to-make-btc/

    Potentially Unwanted Programs or PUPs as we like to call them, are things like Toolbars, Search Agents, etc. Unnecessary junk for your desktop that usually involves monitoring your surfing/shopping habits and slowing down your system with their sub-par software that ends up hurting you much more than helping.

    A recent and unfortunate discovery by some of our users revealed that some of these programs do more than just cover your desktop in ads, they also steal your systems resources for mining purposes.

    Reply
  4. Tomi Engdahl says:

    D-Link patches critical vulnerability in older routers
    http://www.net-security.org/secworld.php?id=16030

    D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October.

    “Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router’s administrative web interface,” D-Link explained in a security advisory.

    Vulnerable devices include D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers.

    The patched firmware has been offered for some of them, but not all.

    Reply
  5. Tomi Engdahl says:

    Class0Firewall
    https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en

    Class0Firewall is a Proof of Concept app that protects you against an SMS attack discovered by Bogdan Alecu. He also came up with the idea for the defense. The attack (and the defense using this app) is demonstrated at the Defcamp security conference.

    ATTENTION: Due to the SMS API change in Android 4.4 KitKat the Firewall has no effect and your device is still vulnerable. I will try to find a way around.

    Reply
  6. Tomi Engdahl says:

    Government moves to end nicked phone bill shocks
    Also promises to eliminate roaming charges by 2016
    http://www.theinquirer.net/inquirer/news/2316623/government-moves-to-end-nicked-phone-bill-shocks

    THE UK GOVERNMENT and mobile service providers will take steps to prevent criminals from using stolen phones to make calls and run up bills.

    “We are ensuring hardworking families are not hit with shock bills through no fault of their own. Families can be left struggling if carefully planned budgets are being blown away by unexpected bills from a stolen mobile or a mid-contract price rise,” said Miller.

    “Most people now place large parts of their lives on their mobile phones – from friends and loved ones’ numbers, to photos of great nights out. The last thing you need after the hassle of a stolen mobile is to find that someone has used it and landed you with a sky high bill too,” added Consumer Affairs Minister Jo Swinson.

    Reply
  7. Tomi Engdahl says:

    Apple discloses what it’s sharing with governments
    http://www.pcworld.com/article/2061290/apple-discloses-what-its-sharing-with-governments.html

    We’ve been hearing a lot lately about the US government secretly gathering information from Google, Yahoo, and other tech giants.

    But what about Apple?

    The Cupertino-based corporation, not yet caught up in the NSA scandals, has decided to take disclosure into its own hands. They’ve issued a report detailing what type of information they are sharing with what national governments.

    “We have reported all the information we are legally allowed to share,” the seven-page .pdf explains, “and Apple will continue to advocate for greater transparency about the requests we receive.”

    The heart of the report is a table listing 31 countries that have demanded and received information.

    “At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed.”

    Reply
  8. Tomi Engdahl says:

    India seeks US help to intercept chats from online platforms
    http://economictimes.indiatimes.com/news/politics-and-nation/india-seeks-us-help-to-intercept-chats-from-online-platforms/articleshow/26759440.cms

    NEW DELHI: India will ask the US to share its technology on how to decrypt conversations over various services like Viber, Whatsapp, Skype, Wechat and Blackberry messenger while complaining about service providers in US who invariably reject New Delhi’s request for co-operation in investigating cyber crimes

    “The availability of their web servers in India is required for legal interception of communications in real time for timely action by security and intelligence agencies. The communication over these services is encrypted and the encryption-decryption technologies available with the service providers will be required by security agencies even if the facility for lawful interception of these communications is extended to security agencies in India. The technology in use by US agencies may be an area of co-operation,” the agenda note said. India has been pressing the said chatting services to share decryption keys with the agencies. Intelligence Bureau has inputs that anti-social elements and terrorists may be using such chatting services to draw up plans and conspiracies.

    India will complain to US that services providers like Hotmail, Google, Facebook and Twitter

    Reply
  9. Tomi Engdahl says:

    How does the NSA break SSL?
    http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html

    A few weeks ago I wrote a long post about the NSA’s ‘BULLRUN’ project to subvert modern encryption standards.

    You see, the NSA BULLRUN briefing sheet mentions that NSA has been breaking quite a few encryption technologies, some of which are more interesting than others. One of those technologies is particularly surprising to me, since I just can’t figure how NSA might be doing it. In this extremely long post I’m going to try to dig a bit deeper into the most important question facing the Internet today.

    First, I’m well aware that NSA can install malware on your computer and pwn any cryptography you choose. That doesn’t interest me at all, for the simple reason that it doesn’t scale well.

    For the same reason, we’re not going to worry about man-in-the-middle (MITM) attacks. While we know that NSA does run these, they’re also a very targeted attack.

    Attacks that use Known Techniques

    Theft of RSA keys. The most obvious way to ‘crack’ SSL doesn’t really involve cracking anything. Why waste time and money on cryptanalysis when you can just steal the keys? This issue is of particular concern in servers configured for the TLS RSA handshake, where a single 128-byte server key is all you need to decrypt every past and future connection made from the device.

    Of course, even where NSA doesn’t resort to direct measures, there’s always the possibility of obtaining keys via a remote software exploit. The beauty is that these attacks don’t even require remote code execution. Given the right vulnerability, it may simply require a handful of malformed SSL requests to map the full contents of the OpenSSL/SChannel heap.

    Suborning hardware encryption chips. A significant fraction of SSL traffic on the Internet is produced by hardware devices such as SSL terminators and VPN-enabled routers. Fortunately we don’t have to
    speculate about the security of these devices — we already know NSA/GCHQ have been collaborating with hardware manufacturers to ‘enable’ decryption on several major VPN encryption chips.

    Side channel attacks.
    These ‘side channels’ — which include operation time, resource consumption, cache timing, and RF emissions — can often be used to extract secret key material.
    The good news is that most of these channels are only exploitable when the attacker is in physical proximity to a TLS server. The bad news is that there conditions in which the attacker can get close.
    A second class of attack uses remote timing information to slowly recover an RSA key.

    Weak random number generators. Even if you’re using strong Perfect Forward Secrecy ciphersuites, the security of TLS depends fundamentally on the availability of unpredictable random numbers. Not coincidentally, tampering with random number generator standards appears to have been a particular focus of NSA’s efforts.
    Random numbers are critical to a number of elements in TLS

    Esoteric Weaknesses in PFS systems. Many web servers, including Google and Facebook, now use Perfect Forward Secrecy ciphersuites like ephemeral Diffie-Hellman (DHE and ECDHE). In theory these ciphersuites provide the best of all possible worlds: keys persist for one session and then disappear once the connection is over. While this doesn’t save you from RNG issues, it does make key theft a whole lot more difficult.

    The Tinfoil Hat Spectrum

    The following list begins with the most ‘likely’ theories and works towards the truly insane.

    Breaking RSA keys. There’s a persistent rumor in our field that NSA is cracking 1024-bit RSA keys. It’s doubtful this rumor stems from any real knowledge of NSA operations. More likely it’s driven by the fact that cracking 1024-bit keys is highly feasible for an organization with NSA’s resources.

    Cracking RC4. On paper, TLS supports a variety of strong encryption algorithms. In practice, about half of all TLS traffic is secured with the creaky old RC4 cipher. And this should worry you — because RC4 is starting to show its age. In fact, as used in TLS it’s already vulnerable to (borderline) practical attacks.
    Unfortunately the problem with this theory is that we simply don’t know of any attack that would allow the NSA to usefully crack RC4!

    New side-channel attacks. For the most part, remote timing attacks appear to have been killed off by the implementation of countermeasures such as RSA blinding, which confound timing by multiplying a random blinding factor into each ciphertext prior to decryption. In theory this should make timing information essentially worthless. In practice, many TLS implementations implement compromises in the blinding code that might resurrect these attacks

    Goofy stuff. Maybe NSA does have something truly amazing up its sleeve. The problem with opening this Pandora’s box is that it’s really hard to get it closed again.

    Conclusion

    We don’t know and can’t know the answer to these things, and honestly it’ll make you crazy if you start thinking about it.

    Reply
  10. Tomi Engdahl says:

    Why does the web still run on RC4?
    http://bristolcrypto.blogspot.fi/2013/08/why-does-web-still-run-on-rc4.html

    RC4 is a stream cipher designed in 1987 by Ron Rivest, was a trade secret of RSA until it was leaked in ’94, and is in widespread usage in a variety of commercial cryptosystems. Without going into too much detail here, essentially RC4 takes a 128-bit key and uses it to generate pseudo-random keystream bytes that you then XOR with your plaintext. It also fast, simple enough to implement, and being a stream cipher doesn’t require you to fiddle around with things like modes of operation, IVs or padding.

    The problem with RC4 is that the first few keystream bytes you generate aren’t really up to scratch with their pseudo-randomness.

    RC4′s biases have been exploited more than once: perhaps most prominently the WEP protocol was broken by Fluhrer, Mantin and Shamir, who leveraged biases in the first few keys to recover the long-term key using a fairly small amount of message encryptions.

    If TLS is the current whipping boy of the security community, RC4 is the latest in a fairly long line of sticks (said sticks being BEAST, CRIME, TIME, Lucky13) it’s been hit with. Just last week Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt presented an attack on TLS (and WPA-TKIP) using RC4 at Usenix.

    RC4 is a particularly nice symmetric algorithm to come across when trying to attack web applications by observing their TLS traffic.

    A recent history of TLS

    The obvious question is that given we have all these attacks, why are we still using RC4? The first thing to mention is that we’re actually using it in a big way: Adam’s statistics put the RC4 ciphersuites (e.g. RC4-SHA1, ECDHE-RC4-SHA) at a combined 50% market share of Internet traffic.

    There are a bazillion different ciphersuite options in the various flavours of SSL/TLS, ranging from the ‘woah there’ (RC2, DES) to the very modern (AES-GCM). RC4 is one of them, and disregarding other factors it’s understandable given its relative speed and ease of deployment to see it being used.

    The recent spate of TLS vulnerabilities has created a bit of a ping-pong game between ciphersuites: in 2011 Duong and Rizzo unleashed the BEAST, which exploited vulnerabilities in CBC mode.
    In the absence of an immediate solution, the best option for a worried website owner was to simply drop usage of CBC mode and switch to the best alternative—RC4.

    Along comes 2013 and we hit a new snag—AlFardan et al’s attack on TLS exploiting RC4 biases. This really does put us between a rock and a hard place; the two most commonly supported TLS 1.0 ciphersuite options are either RC4 or CBC mode based. Meaning only those webserver owners savvy enough to keep their SSL libraries sufficiently up-to-date to be able to switch to something like AES-GCM can say they’re in the clear, and everyone else has to decide whether they’re more scared of the BEAST or the why-doesn’t-this-have-a-snappy-name RC4 attack.

    So what now?

    This is where Adam introduced his ‘three steps for getting your crypto stuff deployed in practice’:

    1. Take your solution, and make sure you have stable high-speed, public domain implementations of it in as many products as possible.
    2. Wait some, the longer the better.
    3. Go break the old stuff you want to replace.

    Adam suggests that right now we’re going through this with TLS: RC4 and CBC are now broken, and the question is really what we’re going to replace them with. AES-GCM seems like a natural candidate: it’s an AEAD block cipher mode that has pretty much got steps 1 & 2 covered, and comes with some handy hardware support from Intel.

    Reply
  11. Tomi Engdahl says:

    Do this if the program requires a ransom for extortion

    The program captures the tension machine hostage and demands money for its release. Diabolically ingenious idea is spreading quickly among online pirates, so now it must be particularly vigilant.

    A couple of years ago, the Internet began to spread malicious software, which locks the computer and look on the screen supposedly forthcoming from the police for a notification. Message indicates that the computer has found banned files, so that the victim will have to pay a fine.

    This is an international scam that is tailored to different countries

    Cheating in a basic version of the machine seems to go into the lock and the victim is required to pay a fine of one hundred euro soon. Credit cards cash flows should be easy to track down, so the robbers are using internet-based payment technologies.

    In Finland, the R-kiosks to sell Paysafecard offers 10, 25, 50 and 100 Euro pre-paid cards with a 16-digit PIN code. The lock should be released, when the victim to enter the buy 100 euro card code window. But this did not happen.

    Multi-going cheap, either because the program is impressive-looking, or because the scammer to pay to get out of an embarrassing situation.

    Scammer is never worth the cost, and in this case it is not even useful, because the lock is not removed after the transfer of the money either. Instead, the malware can be removed from the machine by hand or using a suitable cleaning program.

    Encryption to enhance hoax

    The hoax is the latest version, CryptoLocker, it is more treacherous. Instead of child pornography computer program claims to have found copyrighted material.

    In addition to unlocking your work will be encrypted, so they can not be used. At worst, the damage is extensive, with a few longer be able to make back up files for removable media. Your work will be copied to the cloud, a job or a USB flash drive that is attached to the machine at all times.

    The malware encrypts all the files it finds, so the cloud or a usb backups do not help. Fortunately, the cloud can typically restore files older, unencrypted versions.

    If your Windows shadow copy feature is enabled, the old versions can be returned to a local hard disk. Scammers are turning to debit cards instead of bitcoin-currency.

    The program is usually spread through e-mail attachment. In some cases, it may also be a hacked web pages in your browser, or if the extensions are security holes. Keep software up to date and update applications on a regular basis. Do not open the foreign attachments unless you are sure of their purity.

    The police would never lock the machine and ask for money via the web! All such requirements, are guaranteed scams and racketeers should never pay. The police, the Finnish Communications Regulatory Authority and F-Secure have developed in conjunction with the site http://www.ransomware.fi, which shares information. At the moment, the content is still quite limited.

    Source: http://www.tietokone.fi/artikkeli/uutiset/tee_nain_kun_kiristysohjelma_vaatii_lunnaita

    Reply
  12. Tomi Engdahl says:

    How to Skyjack Drones In an Hour for Less Than $400
    http://threatpost.com/how-to-skyjack-drones-in-an-hour-for-less-than-400/103086

    The skies may soon be full of drones–some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time.

    Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn’t require the use of any exploit or security vulnerability.

    The drone platform that Kamkar built uses readily available components such as a Raspberry Pi and open-source software he developed. He said that, using the detailed instructions he’s published, anyone with a familiarity with Linux could build a Skyjack drone of his own in under an hour.

    Reply
  13. Tomi Engdahl says:

    SkyJack
    http://samy.pl/skyjack/

    SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control.

    Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.

    Reply
  14. Tomi Engdahl says:

    Must try HARDER, infosec lads: We’re RUBBISH at killing ZOMBIES
    Botnet decap should be a team effort – ex-detective infosec bod
    http://www.theregister.co.uk/2013/12/04/botnet_takedowns/

    Botnet takedowns need to be improved if the industry is to avoid the risk of creating more problems than it solves every time its decapitates a zombie network, according to a former Scotland Yard detective turned security researcher.

    Adrian Culley, a technical consultant at infosec firm Damballa* who served with the Met Police for 13 years until 2003, told El Reg that more co-ordination and better strategies are needed in botnet takedowns.

    As things stand, botnet takedowns are frequently an exercise in whack-a-mole: as one zombie network is taken down, another springs up. Zombie networks are created by both organised crime and intelligence agencies. “Botnets are a blended threat,” Culley told El Reg. “Criminal, commercial and government elements are all involved and sometimes it’s tough to see where one stop and the other begins.”

    Culley named China, Russia and Israel (which he described as the example “no one talks about”) as the countries whose spooks have turned to creating botnets. Recent Snowden revelations have shown that elements of the NSA are running botnets too.

    Organised crime and other elements are upping their game by using P2P architectures for command and control networks or rotating domain changing algorithms (hyper-fluxing) used by zombie drones to contact command nodes.

    Reply
  15. Tomi Engdahl says:

    That toolbar you downloaded is malware? Tough, read the EULA
    CPU-and-bandwidth-munching Bitcoin miners buried in freeware
    http://www.theregister.co.uk/2013/12/01/dont_like_our_malware_tough_read_the_eula/

    Security software vendor Malwarebytes has highlighted what it says is an increasing trend for malware authors to embed Bitcoin mining into things like browser toolbar helpers and search agents. That’s not so new, but its latest observation is that the malware-peddlers are trying to tie up suckers with their license agreements.

    Reply
  16. Tomi Engdahl says:

    The Nordic countries were almost self-report be last – the reason for the money

    EMC’s global IT Trust Curve According to the report, nearly half (45 percent) of the directors did not trust that their IT infrastructure is at a sufficiently high level of data availability and protection of.

    Nordic countries, the result was even more miserable, as the reading rose to here per cent. One in five Nordic business leaders to keep their information technology as a whole unreliable.

    The survey asked 3,200 business and IT managers on how well they believe their own company’s IT infrastructure to recover from a variety of difficulties, such as outages, security breaches and data loss

    The Nordic countries have often been considered as progressive use of information technology, but the report says the other 16 countries and territories in the control group was ranked second to last, or fifteenth.

    The main culprit of IT problems of the respondents chose the money. Nordic 44 per cent of respondents blamed the limits of the budget that the data availability, security, verification and recovery from failure conditions can not be adequately prepared for. Other reasons include a lack of planning and foresight (32 percent), limited knowledge and skills (30 percent), as well as the resources and workload (27 per cent).

    “Information Technology four megatrends of cloud, big data, mobile devices, and security. These ripe for use by business needs confidence – it means confidence that the data is safely available in the cloud, that it is lost or stolen, and that it always works. The higher the trust, the more quickly and efficiently get to take advantage of the new. It’s the new potential has a direct impact on the competitiveness, “said EMC’s Country Manager Finland Oula Maijala says the release.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/pohjoismaat+jaivat+itselvityksessa+lahes+viimeisiksi++syyna+raha/a951943

    Reply
  17. Tomi Engdahl says:

    Microsoft: Anonymous hacktivists DDoSed us? Really?
    So Anonymous, we didn’t even register their, ahem, ‘total domain takedown’
    http://www.theregister.co.uk/2013/12/05/ms_anon_ddos_palavar/

    Microsoft has denied it was affected in any way by a claimed attack against its systems by elements of the rag-tag hacktivist collective Anonymous.

    In a post to Pastebin last week, an individual claiming affiliation to Anonymous boasted that a DDoS attack against Japanese Microsoft (domain) websites and servers on or around 23 November had had a much wider affect than intended.

    Many sites on Microsoft’s cloud did go down but this happened on 21 November, two days before hacktivists beat a packet to Microsoft’s door. In any case, the problems with sites on Microsoft’s Azure cloud on 21 November (Xbox One worldwide launch day) have been diagnosed as being the result of a DNS-related issue. Sites most particularly affected included Xbox.com and Outlook.com.

    Reply
  18. Tomi Engdahl says:

    NSA tracking cellphone locations worldwide, Snowden documents show
    http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html

    The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

    The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

    The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

    One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones.

    U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets.

    The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

    CO-TRAVELER and related tools require the methodical collection and storage of location data on what amounts to a planetary scale.

    “One of the key components of location data, and why it’s so sensitive, is that the laws of physics don’t let you keep it private,”

    The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate.

    “It’s awkward for us to try to provide any specific numbers,”

    Reply
  19. Tomi Engdahl says:

    The Official Microsoft Blog
    Protecting customer data from government snooping
    http://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/protecting-customer-data-from-government-snooping.aspx

    Many of our customers have serious concerns about government surveillance of the Internet.

    We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.

    Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data.

    In light of these allegations, we’ve decided to take immediate and coordinated action in three areas:

    · We are expanding encryption across our services.
    · We are reinforcing legal protections for our customers’ data.
    · We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.

    Reply
  20. Tomi Engdahl says:

    Obama says he’s not allowed iPhone for ‘security reasons’
    http://www.reuters.com/article/2013/12/05/us-usa-obama-apple-idUSBRE9B402Y20131205

    The troubled mobile phone maker BlackBerry still has at least one very loyal customer: U.S. President Barack Obama.

    At a meeting with youth on Wednesday to promote his landmark healthcare law, Obama said he is not allowed to have Apple’s smart phone, the iPhone, for “security reasons,” though he still uses Apple’s tablet computer, the iPad.

    Obama fought to keep his BlackBerry after coming to the White House in 2009

    Reply
  21. Tomi Engdahl says:

    Microsoft’s General Counsel: N.S.A. Hacks Were an ‘Earthquake’ for Tech
    http://bits.blogs.nytimes.com/2013/12/05/microsofts-general-counsel-n-s-a-hacks-were-an-earthquake-for-tech/?_r=0

    Microsoft is the latest company to try to protect its data from its own government.

    An article on Thursday indicates that Microsoft is in the process of expanding and strengthening the encryption for popular services including the email service Outlook.com, Office 365 apps, the Azure cloud-computing service and Skydrive online storage. It is also adding an encryption technology, called Perfect Forward Secrecy, that thwarts eavesdropping.

    The company is also scrambling the links between its data centers in an effort to assure users and foreign governments that their data is not free for the National Security Agency’s taking.

    The company says encryption and Perfect Forward Secrecy will become the default setting for users by the end of 2014.

    Microsoft will also open up so-called transparency centers, where governments can inspect its products code for back doors.

    “The idea that the government may be hacking into corporate data centers was a bit like an earthquake, sending shock waves across the tech sector,” Mr. Smith said in an interview. “We concluded that we better assume that there might be such an attempt at Microsoft, or has already been.”

    And therein lies the rub. Microsoft’s efforts — and for that matter Google’s, Twitter’s, Mozilla’s, Facebook’s and Yahoo’s — still do not prevent the government from gaining access to their data through a court order. And some security experts point out that even if companies like Microsoft allow outsiders to inspect their code, that only eliminates one mode of attack; snoops could still find holes in other parts of the system.

    Lavabit and Silent Circle, two secure message providers, have been lobbying major Internet companies to adopt a new Dark Mail e-mail protocol that would encrypt user data and metadata in such a way that it would leave the keys with the user, not the provider. Dark Mail would thereby force governments, or hackers, to go straight to the user to unscramble their data.

    “The real friction point is that Yahoo, Google and Microsoft make money mining off free email,” Mr. Janke said in an interview. “They say they’re concerned about user privacy. Now we’ll see if they really care.”

    Reply
  22. Tomi Engdahl says:

    Hear that? It’s the sound of BadBIOS wannabe chatting over air gaps
    LANs-free prototype mimics notorious rootkit
    http://www.theregister.co.uk/2013/12/05/airgap_chatting_malware/

    Computer scientists have brewed up prototype malware that’s capable of communicating across air gaps using inaudible sounds.

    The mesh network capable of covertly communicating without wireless or wired connections was developed by Michael Hanspach and Michael Goetz. It borrows its founding principles from established systems for robust underwater communication.

    the abstract of a paper for a recent edition of the Journal of Communications explains.

    “Two computers that are not connected to each other via established types of network interfaces (e.g. IEEE 802.3 Ethernet [2] or IEEE 802.11 WLAN [3]) or that are prohibited from communicating with each other over these established types of network interfaces are, nevertheless, able to communicate with each other by using their audio input and output devices (microphones and speakers).”

    A painfully slow speed of just 20 bps was achieved using the method but nonetheless it might be workable for a keylogger, providing there’s no external interference.

    The possibility of malware that can communicate over air-gapped machines, or worse still, spread onto them, is a nightmare scenario for those in charge of otherwise well designed ultra-secure networks (think some military systems, power plants etc). Why? Because a “covert acoustical mesh network” wouldn’t respond to any of the well-established security measures typically taken by organisations, and disabling the audio components is not always feasible.

    The type of malware outlined by the researchers bears an uncanny resemblance to features of the BadBIOS malware said to have afflicted machines run by computer security researcher Dragos Ruiu.

    Dubbed BadBIOS, the mysterious rootkit can supposedly jump over air gaps, screw with a number of different operating systems

    Reply
  23. Tomi Engdahl says:

    Two Million Passwords Compromised By Keylogger Virus
    http://it.slashdot.org/story/13/12/04/235221/two-million-passwords-compromised-by-keylogger-virus

    “CNN is reporting that over two million passwords from web service companies such as Google, Facebook, Twitter and Yahoo have been captured via a key logging virus.”

    Reply
  24. Tomi Engdahl says:

    2 million Facebook, Gmail and Twitter passwords stolen in massive hack
    http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html

    Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

    The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

    On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands.

    Trustwave notified these companies of the breach. They posted their findings publicly on Tuesday.

    “We don’t have evidence they logged into these accounts, but they probably did,” said John Miller, a security research manager at Trustwave.

    Among the compromised data are 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6,000 remote log-ins.

    Reply
  25. Tomi Engdahl says:

    In Letter To 20 Automakers, Senator Demands Answers On Cybersecurity
    http://tech.slashdot.org/story/13/12/04/2238229/in-letter-to-20-automakers-senator-demands-answers-on-cybersecurity

    “Cyber attacks on ‘connected vehicles’ are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles.”

    Reply
  26. Tomi Engdahl says:

    China Prefers Sticking With Dying Windows XP To Upgrading
    http://tech.slashdot.org/story/13/12/05/032202/china-prefers-sticking-with-dying-windows-xp-to-upgrading

    “China says it wants Microsoft to extend support for Windows XP because that will help in its fight to stop proliferation of pirated Microsoft software.”

    Reply
  27. Tomi Engdahl says:

    Ron Paul: Bitcoin could ‘destroy the dollar’
    http://money.cnn.com/2013/12/04/technology/bitcoin-libertarian/index.html?iid=s_mpm

    Imagine a world in which you can buy anything in secret. No banks. No fees. No worries inflation will make today’s money worth less tomorrow.

    The digital currency Bitcoin promises all these things. And while it’s far from achieving any of them — its value is unstable and it’s rarely used — some have high hopes.

    “There will be alternatives to the dollar, and this might be one of them,” said former U.S. congressman Ron Paul. If people start using bitcoins en masse, “it’ll go down in history as the destroyer of the dollar,” Paul added.

    It’s unlikely that Bitcoin would replace the dollar or other government-controlled currencies. But it could serve as a kind of universal alternative currency that is accepted everywhere around the globe

    Reply
  28. Tomi Engdahl says:

    Guardian: We have published 1 pct of Snowden leak
    http://www.bigstory.ap.org/article/guardian-we-have-published-1-pct-snowden-leak

    The editor of the Guardian said Tuesday his newspaper has published just 1 percent of the material it received from former National Security Agency contractor Edward Snowden, and denied the paper had placed lives or national security at risk.

    The Guardian helped spark a global debate on privacy and security by publishing a series of stories based on leaks from Snowden disclosing the scale of telephone and Internet surveillance by spy agencies in the U.S. and Britain.

    Rusbridger said the leak amounted to about 58,000 files, and the newspaper had published “about 1 percent” of the total.

    “I would not expect us to be publishing a huge amount more,” he said.

    Reply
  29. Tomi Engdahl says:

    Digital spy tech could face same regulation as weapons in international treaty
    http://www.theverge.com/2013/12/4/5176238/digital-spy-tech-could-face-same-regulation-as-weapons

    A consortium of international governments are working on an update to a nearly 18-year-old agreement in order to limit the export of various electronics security technologies. Citing sources familiar with the talks, The Financial Times says the UK government in particular wants to limit the movement of “complex surveillance and hacking software and cryptography,” as part of the 1996 Wassenaar Arrangement.

    One such concern are programs designed to scan for hidden or otherwise obfuscated computer code in data that’s crossing a network.

    The move could affect companies that sell cyberspying software internationally.

    Reply
  30. Tomi Engdahl says:

    10 mistakes companies make after a data breach
    http://www.csoonline.com/slideshow/detail/128442?source=ifwartcso

    In a recent presentation for The International Association of Privacy Professionals (IAPP) Privacy Academy, Michael Bruemmer of Experian Data Breach Resolution outlined some the common mistakes his firm has seen as organizations deal with the aftermath of a breach.

    No external agencies secured
    Sometimes a breach is too big to deal with in-house

    No engagement with outside counsel
    “Enlisting an outside attorney is highly recommended,”

    No single decision maker
    “While there are several parties within an organization that should be on a data breach response team, every team needs a leader,”

    Lack of clear communication
    Related to the lack of a single decision maker, a lack of clear communication is also a problem. Miscommunication can be the key driver to mishandling a data breach

    No communications plan
    “Companies should have a well-documented and tested communications plan in the event of a breach”

    Waiting for perfect information before acting
    Dealing with the aftermath of a data breach often requires operating with incomplete or rapidly changing information, due to new information learned by internal or external security forensics teams.

    Micromanaging the Breach
    “Breach resolution requires team support, and often companies fail when micromanaging occurs.”

    No remediation plans post incident
    There should be plans in place that address how to engage with customers and other audiences once the breach is resolved, as well as the establishment of additional measures to prevent future incidents.

    Not providing a remedy to consumers
    Customers should be put at the center of decision making following a breach. This focus means providing some sort of remedy, including call centers

    Failing to practice
    “Above all, a plan needs to be practiced with the full team”

    Reply
  31. Tomi Engdahl says:

    Obama refused to accept NSA chief’s resignation after Snowden leaks
    http://rt.com/usa/alexander-nsa-snowden-resign-271/

    Reply
  32. Tomi Engdahl says:

    Obama: NSA leaks identified some areas of concern
    http://www.msnbc.com/hardball/nsa-leaks-raised-legitimate-concerns

    Reply
  33. Tomi says:

    Venezuela cyber crackdown ensnares Web’s Bitly
    http://hosted.ap.org/dynamic/stories/L/LT_VENEZUELA_CYBER_CRACKDOWN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-12-05-12-54-36

    Venezuelans have been scrambling for dollars for weeks, taking refuge in the greenback as their own currency is in free fall. Rather than address the economic imbalances behind the bolivar’s plunge, the government is going after the bearers of the bad news – it’s blocking websites people use to track exchange rates on the black market.

    Cyber-activists say the crackdown goes to absurd lengths, even targeting Bitly, the popular site for shortening Web addresses to make it easier to send them as links via Twitter and other social media.

    The New York company says such restrictions have only previously been seen in China, which has one of the worst records for Internet freedom, and even then not for such an extended period.

    Reply
  34. Tomi says:

    New cybersecurity boom arrives in Silicon Valley
    http://www.latimes.com/business/la-fi-silicon-valley-cybersecurity-20131206,0,1934079.story#axzz2mhOZn3Iz

    Venture capital firms are pumping funding into security start-ups, which are getting gobbled up by big companies that see cybersecurity as a source of new revenue.

    Nefarious cybercrime syndicates and villainous state-sponsored hackers are making the digital world an increasingly dangerous place.

    That’s bad news for companies suffering growing losses from relentless cyberattacks. But it’s good news for Silicon Valley, where cybersecurity has suddenly become the hot new-old thing.

    The security industry has been around for decades and produced giants such as McAfee and Symantec in the 1990s. But over the last decade it was mostly overlooked by venture capitalists and entrepreneurs, who didn’t see much opportunity for big returns.

    That’s all changed now that the volume and sophistication of attacks are increasing, forcing victims to open their wallets.

    The result is a digital arms race against wily hackers that has Silicon Valley battling to provide the weapons to the good guys. Venture capital firms are pumping funding into security start-ups, which are getting gobbled up by big companies that see cybersecurity as a source of new revenue.

    In a region where tech trends go in cycles, cybersecurity is a particularly mouthwatering investment prospect because no matter how much security equipment or software gets sold, the problem never gets completely solved.

    “The primary demand is finally there,” Meftah said. “If we had built a company of this size five years ago, the awareness of the problem was not there.”

    “One of the things that is endemic in the investment community is that there’s a herd mentality,” Ackerman said. “But these problems are very complex. This is not like building an iPhone app.”

    “There’s a lot of runway ahead for this industry,”

    The cybersecurity boom is not without irony. Silicon Valley has done more than any other place to create the technologies that have made the world a more connected place. But that’s also what has made it a more dangerous place, creating a new opportunity for the valley to fix the problems it helped spawn.

    Reply
  35. Tomi Engdahl says:

    There’s a £60m Bitcoin heist going down right now, and you can watch in real-time
    http://www.newstatesman.com/future-proof/2013/12/theres-%C2%A360m-bitcoin-heist-going-down-right-now-and-you-can-watch-real-time

    Sheep Marketplace closed down over the weekend after someone got away with 96,000 bitcoins – and angry users are chasing him around the internet.

    One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins – that’s roughly £60m as of the time of writing – was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

    Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

    Here’s what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site’s administrators realised what was happening and shut everything down.

    Originally it was thought that only 5,200BTC – or £3m – was taken

    A couple of reddit users realised that the sheer size of the heist makes “tumbling” the coins – the normal method of laundering bitcoins – impossible, as long as they kept on their toes.

    reddit user TheNodManOut managed to track where the first bunch of transfers out of Sheep wen

    A major problem with tumblers is that they only work with lots of bitcoins coming and going from a lot of different sources – if a tumbler is taking in 96,000 bitcoins, those will massively outnumber all other bitcoins being tumbled and it’ll be easy to spot them coming out the other end.

    This counts as one of the largest robberies in history at Bitcoin’s current market value, ranking in the same company as real-life thefts like the $108m diamond theft at the Harry Winston store in Paris in 2008.

    Reply
  36. Tomi Engdahl says:

    This Whole Bitcoin Thing Could Be Big, Says Bank of America
    http://news.slashdot.org/story/13/12/05/2342208/this-whole-bitcoin-thing-could-be-big-says-bank-of-america

    “Bank of America has issued a research report suggesting that the crypto-currency Bitcoin could become ‘a major means of payment for e-commerce’ on its way to emerging as ‘a serious competitor to traditional money transfer providers.”

    “‘ Without a ‘central counterparty’ to verify transactions and thus mitigate that risk, Bitcoin could fail to break into wider use.”

    Reply
  37. Tomi Engdahl says:

    As engineers, we must consider the ethical implications of our work
    Engineers are behind government spying tools and military weapons. We should be conscious of how our designs are used
    http://www.theguardian.com/commentisfree/2013/dec/05/engineering-moral-effects-technology-impact

    One aspect of Edward Snowden’s revelations in the Guardian about the NSA’s surveillance activities has received less attention than it should. The algorithms that extract highly specific information from an otherwise impenetrable amount of data have been conceived and built by flesh and blood, engineers with highly sophisticated technical knowledge. Did they know the use to which their algorithms would be put? If not, should they have been mindful of the potential for misuse? Either way, should they be held partly responsible or were they just “doing their job”?

    One could ask similar questions about engineers who build technologies of violence. Although in the west, we use the euphemism “defence” – and weapons often do serve this purpose – arms are just as likely to be used for furthering less-than-honourable goals

    Technology as a means of social progress is arguably the common good that engineers pursue.

    Today, our profession seems to have preserved the sense that technology is almost by necessity a force for good. We are focused on the technical and managerial sides of technology – how to design algorithms; how to build machines – but not so much on the context of its deployment or its unintended consequences. We are not very interested in the politics and social dynamics.

    Engineers need the resources of government and industry to do their work, far more than doctors do.

    In the US, freelance consultant engineers – who appear to have controlled the American Society of Civil Engineers in the late 19th century, and created a strong and autonomous professional identity – were swept away by a corporate model in which most engineers became paid employees of industry. Today, engineering in the English-speaking world largely sees itself as a tool of industry. There are many advantages to this of course, including more resources at our disposal to do our work. But one major drawback is that engineers, as a result, have far less intellectual and practical autonomy than they should.

    Our ethics have become mostly technical: how to design properly, how to not cut corners, how to serve our clients well. We work hard to prevent failure of the systems we build, but only in relation to what these systems are meant to do, rather than the way they might actually be utilised, or whether they should have been built at all. We are not amoral, far from it; it’s just that we have steered ourselves into a place where our morality has a smaller scope.

    There have been encouraging attempts in the engineering profession aiming for a bigger, less reductionist vision of engineering: some mission statements have been written, codes of ethics redrafted and engineering curricula redesigned. However, we are still essentially producing what industry requires: engineers able to carry out technically complex projects, rather than professionals with an in-depth understanding of the social complexity of technology. In fact, we need both.

    Engineers have, in many ways, built the modern world and helped improve the lives of many. Of this, we are rightfully proud. What’s more, only a very small minority of engineers is in the business of making weapons or privacy-invading algorithms.

    While there are no easy answers to the questions raised here, we can certainly do better.

    Reply
  38. Tomi Engdahl says:

    Fiendish CryptoLocker ransomware survives hacktivists’ takedown
    Proper post-op analysis would have killed it for good, says ex-rozzer
    http://www.theregister.co.uk/2013/12/06/cryptolocker_takedown_fizzles/

    An attempt by security researchers to take down command and control nodes associated with the infamous CryptoLocker malware appears to have been unsuccessful in its ultimate aim of putting the Bitcoin-hungry crooks behind the scam out of business.

    Activists from the group Malware Must Die put together a list of scores of domains associated with communications channels for the malware, which encrypts files on infected machines before demanding a ransom of up to 2 BTC (worth just over $2,000 at the time of writing), before beginning a takedown operation on Sunday (1 December).

    Most of the 138 targeted domains were suspended but failed to kill off CryptoLocker, which was quickly resurrected, according to anti-botnet firm Damballa.

    “It is no surprise that the announcements of the death of CryptoLocker appear to have been somewhat premature. An essential part of the process is post-takedown analysis, which may turn out to be a post-mortem, or a triage of the zombie remnants of a botnet, or may indeed confirm that the botnet is very much still alive and kicking.”

    Reply
  39. Tomi Engdahl says:

    Microsoft, Europol, FBI and industry partners disrupt notorious ZeroAccess botnet that hijacks search results
    5 Dec 2013 3:00 PM
    http://blogs.technet.com/b/microsoft_blog/archive/2013/12/05/microsoft-europol-fbi-and-industry-partners-disrupt-notorious-zeroaccess-botnet-that-hijacks-search-results.aspx

    For the third time this year, Microsoft’s Digital Crimes Unit has successfully disrupted a dangerous botnet that has impacted millions of innocent people. Today, we’re pleased to announce that Microsoft, in conjunction with Europol’s European Cybercrime Centre (EC3), the Federal Bureau of Investigation and technology industry leaders such as A10 Networks, has taken action against the rampant Sirefef botnet, also known as ZeroAccess. The ZeroAccess botnet has infected nearly two million computers all over the world and cost online advertisers upwards of $2.7 million each month.

    ZeroAccess targets all major search engines and browsers, including Google, Bing and Yahoo!. The majority of computers infected with ZeroAccess are located in the U.S. and Western Europe.

    Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today, and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers. Most often, computers become infected with ZeroAccess as a result of “drive-by-downloads,” where the cybercriminals create a website that downloads malware onto any unprotected computer that happens to visit that site.

    Because of the sophistication of the threat, Microsoft and its partners do not expect to fully eliminate the ZeroAccess botnet.

    Reply
  40. Tomi Engdahl says:

    Expert: Botnet takedowns are about garnering press, have no lasting impact
    Damballa CTO finds that takedowns do not reduce risk of infection online, suggests ulterior motive
    http://www.csoonline.com/article/743489/expert-botnet-takedowns-are-about-garnering-press-have-no-lasting-impact

    Working backwards, Symantec announced in September that they used a vulnerability within the ZeroAccess botnet’s code to take down a significant part of it. Their actions gained headlines, because ZeroAccess has existed since 2010, and had a foothold on millions of systems globally.

    In a similar situation, Microsoft took out 88 percent of the Citadel botnet this summer

    In a blog post, brought to CSO’s attention on Monday, Damballa’s CTO, Brian Foster, says that botnet takedowns often don’t meet their stated goals of reducing the risk of infection online. In fact, he says, it’s something else entirely.

    “It makes me wonder if these efforts are for the sole purpose of garnering press, because they certainly don’t have any lasting impact on end user safety,” Foster wrote.

    Supporting his theories, Foster listed three reasons that botnet takedowns are ineffective.

    To start, he noted, most takedowns are done haphazardly. In most cases, only a small percentage of the command and control servers for a given botnet ware grabbed by the do-gooders.

    Further, takedowns do not account for secondary communication methods such as P2P channels, or domain generation algorithms (DGA) that may be used by malware.

    Finally, he noted, the takedowns themselves do not result in the arrest of the person(s) behind the botnet itself.

    “Bottom line: If security researchers and their organizations are doing takedowns for marketing reasons, then it doesnt matter how they go about it.”

    Reply
  41. Tomi Engdahl says:

    SkyJack: A Drone to Hack All Drones
    http://hackaday.com/2013/12/06/skyjack-a-drone-to-hack-all-drones/

    Quadcopters are gradually becoming more affordable and thus more popular; we expect more kids will unwrap a prefab drone this holiday season than any year prior. [Samy's] got plans for the drone-filled future. He could soon be the proud new owner of his own personal army now that he’s built a drone that assimilates others under his control.

    The build uses a Parrot AR.Drone 2.0 to fly around with an attached Raspberry Pi, which uses everybody’s favorite Alfa adapter to poke around in promiscuous mode. If the SkyJack detects an IEEE-registered MAC address assigned to Parrot, aircrack-ng leaps into action sending deauthentication requests to the target drone, then attempts to take over control while the original owner is reconnecting.

    make sure you see the video

    Reply
  42. Tomi Engdahl says:

    Snowden and Greenwald: The Men Who Leaked the Secrets
    How two alienated, angry geeks broke the story of the year

    Read more: http://www.rollingstone.com/politics/news/snowden-and-greenwald-the-men-who-leaked-the-secrets-20131204#ixzz2mrpduiUV
    Follow us: @rollingstone on Twitter | RollingStone on Facebook

    Reply
  43. Tomi Engdahl says:

    Google says 91.4% of non-spam emails sent to Gmail users are now authenticated using antiphishing standards
    http://thenextweb.com/google/2013/12/06/google-says-91-4-authenticated-non-spam-emails-sent-gmail-users-now-using-antiphishing-standards/#!pd2Qo

    Google today declared that after almost a decade of fighting phishing emails, the Internet-wide efforts are finally paying off. The company revealed that 91.4 percent of the authenticated non-spam emails sent to Gmail users come from senders that have adopted at least one of these two email authentication standards: DomainKey Identified Email (DKIM) or Sender Policy Framework (SPF).

    The email industry has been working on email authentication standards that can prevent email impersonation, with the hope of making sure an email’s sending and receiving domains can check that the email came from the correct sender. This helps email providers like Gmail to filter billions of impersonating email messages a year, ensuring they never enter users’ inboxes in the first place.

    Reply
  44. Tomi Engdahl says:

    Smooth operators: why phone companies don’t fight the NSA
    Will AT&T and Verizon ever push back against NSA surveillance? Don’t bet on it
    http://www.theverge.com/2013/11/13/5099400/why-att-verizon-dont-fight-the-nsa

    20
    inShare

    Last week, the New York Times unearthed a troubling twist to the endless stream of bad surveillance news. Not only is AT&T handing over bulk call records to the CIA, but they’re getting paid for it, to the tune of $10 million each year. In a statement in response, AT&T said only, “we ensure that we maintain customer information in compliance with the laws of the United States,” emphasizing the law and giving little reassurance to customers that the company was looking out for them.

    But why does it have to be that way? From afar, it seems like there’s an enormous niche for a smaller carrier to compete on privacy.

    This line of argument is usually trotted out to explain why customer service is so bad or text messaging is so expensive — but for surveillance, the effects are even worse. If the FBI or CIA wanted to put pressure on a telecom, they’d have plenty of options.

    Making enemies in Washington is scarier than a few angry customers

    For anyone worried about surveillance, the moral of the story is even worse. There are plenty of encryption schemes, plenty of services that will promise to safeguard your data, and the recent transparency push could make them even safer.

    Reply
  45. Tomi Engdahl says:

    Check if you’re the victim of a database breach with ‘Have I Been Pwned?’
    http://grahamcluley.com/2013/12/check-youre-victim-database-breach-pwned/

    It seems to me that there is almost always a website making the news headlines, attempting to explain to innocent users that hackers breached its security, and stole the email addresses and passwords of innocent users.

    So, the first thing you want to know when there is a big database breach is if you are impacted.

    That’s not always easy to determine. After all, the internet has a long memory and it’s possible that you – say – created an Adobe account years ago to download a product, and have long forgotten about it.

    Enter sites like “Have i been pwned?”, created by computer scientist Troy Hunt.

    Have I Been Pwned makes it easy for you to search for your email address amongst the hundreds of millions of accounts exposed, following breaches at Adobe, Gawker, Yahoo and others.

    as more stolen user databases are publicly disclosed and made known to him, Troy says he plans to add to the list

    Reply
  46. Tomi Engdahl says:

    ‘;–have i been pwned?
    Check if you have an account that has been compromised in a data breach

    http://haveibeenpwned.com/

    Reply
  47. Tomi says:

    North Korea stirs up cyber-conflickt – “There is nothing to lose”

    North Korea has been the increased use of cyber warfare struggle against South Korea and its allies, the U.S. and Japan against the pressure. South Korea and its allies have called on North Korea to abandon its nuclear program.

    Cyber ​​war would enable North Korea seeks to create in South Korea political confusion, to spread propaganda and interfere with the operation of the Board, says the two Koreas expert Steven Kim, who teach the Asia Pacific Center for Security Studies for the plant.

    Kim, the Korean peninsula will take place at the moment cyber-war for which there is no equivalent anywhere else in the world.

    Communist dictatorship sees the cyber security of South Korea as a major weakness. While South Korea is one of the world’s countries, networked, North Korea, the situation is reversed.

    “North Korea has nothing to lose cyber war. While South Korea was willing to fight back, they have nothing to attack, ”

    In the past, North Korea has provoked its neighbors in the traditional military means

    Cyber ​​War has proven to be an effective means of, and North Korea has developed a cyber attack capabilities from 90′s.

    So far, North Korea has been accused of forced entry, for example, a total of 400 South Korean government computer, denial of service attacks to websites and attacks on the South Korean banking system.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/pohjoiskorea+lietsoo+kyberkonfliktia++quotei+mitaan+havittavaaquot/a952176

    Reply
  48. Tomi says:

    Inside the Effort to Kill a Web Fraud ‘Botnet’
    Working With Law Enforcement, Team Cuts Off Servers for Zombie Computers
    http://online.wsj.com/news/articles/SB10001424052702303722104579240151385337672

    For months, investigators at Microsoft Corp. hunkered down in front of their computer monitors, patiently stalking the shadowy figures behind what the company says is a major Web ad-fraud machine.

    Criminals for years had used the ZeroAccess “botnet,” which combines the power of more than 2 million hijacked computers—or bots—around the world, to fraudulently bill some $2.7 million a month from online advertisers, company investigators say.

    Microsoft has good reason to finance its own digital detectives. It owns multiple targets for infection, including the Bing search engine; the Bing Ads exchange; and the Windows operating system, which runs on many of the Web-enabled computers around the world. Going after ZeroAccess helps defend its brand and reputation, the company said.

    Reply
  49. Tomi says:

    Cellphone data spying: It’s not just the NSA
    http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/

    Local police are increasingly able to scoop up large amounts of cellphone data using new technologies, including cell tower dumps and secret mobile devices known as Stingrays. Here’s a closer look at how police do it.

    Police maintain that cellphone data can help solve crimes, track fugitives or abducted children — or even foil a terror attack.

    The National Security Agency isn’t the only government entity secretly collecting data from people’s cellphones. Local police are increasingly scooping it up, too.

    Reply
  50. Tomi says:

    Google: Tell the feds they have to get a warrant for us to hand over your stuff
    Though that’s no guarantee you’ll ever find out
    http://www.theregister.co.uk/2013/12/06/google_petition_warrant_emails/

    Google is promoting a White House petition to reform the Electronic Communications Privacy Act that would force government agencies to get a warrant before rifling through emails and other electronic communications.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*