Hacking & Security

How have attitudes to privacy changed post-Snowden?

Sophos Naked Security - 16 Prosinec, 2014 - 12:09
A recent survey reports 43% of users avoid certain websites and applications and 39% change their passwords regularly since the Snowden revelations. Is that number low, or is it an encouraging sign of growing sensitivity to privacy issues?

Blackhat – Upcoming Cyber Thriller Movie

The Hacker News - 16 Prosinec, 2014 - 10:55
"Hacking" is not just popular among cyber security experts and criminals, but also is a great interest for movies industries as well. Hollywood movies such as 1995 released Hackers and 2001 released Swordfish are examples of it, and now Chris Hemsworth's new flick Blackhat. Blackhat – An upcoming cyber thriller, directed and co-written by Michael Mann (who also directed Tom Cruise'
Kategorie: Hacking & Security

This Linux grinch could put a hole in your security stocking

LinuxSecurity.com - 16 Prosinec, 2014 - 10:32
LinuxSecurity.com: A grinch may be snatching away some year-end holiday time, forcing Linux system administrators to fill a gaping security hole in their systems.
Kategorie: Hacking & Security

OphionLocker, A New Ransomware uses Elliptic Curve for Encryption

LinuxSecurity.com - 16 Prosinec, 2014 - 10:09
LinuxSecurity.com: A new variety of Ransomware has been discovered by Trojan7Malware researchers. Dubbed as OphionLocker, this Ransomware is very unique in the sense that it uses elliptic curve cryptography for file encryption, and Tor for communication. Another unique signature of OphionLocker is that it uses malvertising campaigns to propagate itself rather then traditional spear phishing methods.
Kategorie: Hacking & Security

Na Root.cz začal vycházet seriál o IT bezpečnosti

CSIRT.cz - 16 Prosinec, 2014 - 10:05

Server Root.cz začal vydávat seriál věnovaný tématům spojeným s internetovou bezpečností. První část tohoto projektu realizovala redakce Root.cz v roce 2013; CSIRT.CZ byl tenkrát hlavním partnerem. Nabídku spolupráce jsme využili i letos. V rámci tohoto pokračování se tak můžete těšit na naše příspěvky věnované OWASP a DNS Amplification útokům.

Kategorie: Hacking & Security

The Importance of POS Threat Analysis for the Retail Sector

InfoSec Institute Resources - 16 Prosinec, 2014 - 01:22

The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers’ financial and personal data. POS systems are increasingly becoming a soft target for hackers, which is why it’s more important than ever to consider the security of these machines and the information [...]

The post The Importance of POS Threat Analysis for the Retail Sector appeared first on InfoSec Institute.

Kategorie: Hacking & Security

The Fascinating Story of DRM: Part Two, The Origin of Launch Week Battle

InfoSec Institute Resources - 16 Prosinec, 2014 - 01:21

In my last piece, I explained how Nintendo’s experiences with piracy and copy protection helped shape the current video game industry, where Sony has been a major player for nearly twenty years now. Technologies like the 10NES lock-out chip didn’t just help Nintendo and authorized thirdparty developers, they also benefitted [...]

The post The Fascinating Story of DRM: Part Two, The Origin of Launch Week Battle appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Google Blacklists WordPress Sites Peddling SoakSoak Malware

Threatpost - 15 Prosinec, 2014 - 20:08
Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign that's pushing malware and multiple exploit kits to the browser.
Kategorie: Hacking & Security

Some 100,000 or more WordPress sites infected by mysterious malware

Ars Technica - 15 Prosinec, 2014 - 19:01

About 100,000 or more websites running the WordPress content management system have been compromised by mysterious malware that turns the infected sites into attack platforms that can target visitors, security researchers said.

The campaign has prompted Google to flag more than 11,000 domains as malicious, but many more sites have been detected as compromised, according to a blog post published Sunday by Sucuri, a firm that helps website operators secure their servers. Researchers have yet to confirm the cause of the infection, but they suspect it's related to a vulnerability in Slider Revolution, a WordPress plugin, that was disclosed in early September. Update: In a new blog post published after Ars went live with this brief, Sucuri says it has confirmed the so-called "RevSlider" vulnerability is the culprit.

The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Mike Mimoso on the Sony Breach

Threatpost - 15 Prosinec, 2014 - 18:25
Dennis Fisher and Mike Mimoso talk about the details of the Sony breach, including the question of attribution, Sony's response to the attack, media outlets publishing the stolen data and the rise of destructive malware attacks.
Kategorie: Hacking & Security

Google Proposes Marking ‘HTTP’ as Insecure in 2015

Threatpost - 15 Prosinec, 2014 - 18:05
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.
Kategorie: Hacking & Security

Sony Pictures calls on media to stop publishing its "stolen information"

Sophos Naked Security - 15 Prosinec, 2014 - 17:48
Sony Pictures Entertainment has warned the media not to publish the details of anything that was stolen in last month's hack by a group calling itself Guardians of Peace (GOP).

Shellshock Worm Exploiting Unpatched QNAP NAS Devices

Threatpost - 15 Prosinec, 2014 - 17:35
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.
Kategorie: Hacking & Security

Červ využívá Shellshock k infikování zařízení NAS od výrobce QNAP

CSIRT.cz - 15 Prosinec, 2014 - 16:52

Ačkoliv záplata pro zařízení QNAP, která řeší známou zranitelnost ShellShock, existuje již od října, stále je mnoho zařízení, na kterých nebyla aplikována. Důvodem je určitá obtížnost tohoto kroku z pohledu běžného uživatele.

Nový červ útočí na skript '/cgi-bin/authLogin.cgi', který je známým vektorem pro Shellshock na zařízeních QNAP. Skript je volán během přihlašování a proto je dostupný bez zalogování. Po útoku se pak jednoduchý shell skript postará o stažení a spuštění dalších kousků malware.

Kromě jiného je na napadeném zařízení na portu 26 spuštěno SSH a je přidán uživatel s administrátorskými právy pojmenovaný "request". Původní zdroj informace je dostupný zde.

Kategorie: Hacking & Security

Honeywell PoS Software Vulnerable to Stack Buffer Overflows

Threatpost - 15 Prosinec, 2014 - 16:13
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell […]
Kategorie: Hacking & Security

Worm exploits nasty Shellshock bug to commandeer network storage systems

Ars Technica - 15 Prosinec, 2014 - 16:09

Criminal hackers are actively exploiting the critical shellshock vulnerability to install a self-replicating backdoor on a popular line of storage systems, researchers have warned.

The malicious worm targets network-attached storage systems made by Taiwan-based QNAP, according to a blog post published Sunday by the Sans Institute. The underlying shellshock attack code exploits a bug in GNU Bash that gives attackers the ability to run commands and code of their choice on vulnerable systems. QNAP engineers released an update in October that patches systems against the vulnerability, but the discovery of the worm in the wild suggests a statistically significant portion of users have yet to apply it.

"The attack targets a QNAP CGI script, /cgi-bin/authLogin.cgi, a well known vector for Shellshock on QNAP devices," Johannes B. Ullrich, dean of research at Sans, wrote. "This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware."

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

In Damage Control, Sony Targets Reporters

Krebs on Security - 15 Prosinec, 2014 - 15:35

Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach.

A letter from Sony’s lawyers.

“SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen information, and to request your cooperation in destroying the Stolen Information,” wrote SPE’s lawyers, who hail from the law firm of Boies, Schiller & Flexner.

This letter reminds me of one that I received several years back from the lawyers of Igor Gusev, one of the main characters in my book, Spam Nation. Mr. Gusev’s attorneys insisted that I was publishing stolen information — pictures of him, financial records from his spam empire “SpamIt” — and that I remove all offending items and publish an apology. My lawyer in that instance called Gusev’s threat a “blivit,” a term coined by the late, great author Kurt Vonnegut, who defined it as “two pounds of shit in a one-pound bag.”

For a more nuanced and scholarly look at whether reporters and bloggers who write about Sony’s hacking should be concerned after receiving this letter, I turn to an analysis by UCLA law professor Eugene Volokh, who posits that Sony “probably” does not have a legal leg to stand on here in demanding that reporters refrain from writing about the extent of SPE’s hacking in great detail. But Volokh includes some useful caveats to this conclusion (and exceptions to those exceptions), notably:

“Some particular publications of specific information in the Sony material might lead to a successful lawsuit,” Volokh writes. “First, disclosure of facts about particular people that are seen as highly private (e.g., medical or sexual information) and not newsworthy might be actionable under the ‘disclosure of private facts’ tort.”

Volokh observes that if a publication were to publish huge troves of data stolen from Sony, doing so might be seen as copyright infringement. “The bottom line is that publication of short quotes, or disclosure of the facts from e-mails without the use of the precise phrasing from the e-mail, would likely not be infringement — it would either be fair use or the lawful use of facts rather than of creative expression,” he writes.

Volokh concludes that Sony is unlikely to prevail — “either by eventually winning in court, or by scaring off prospective publishers — especially against the well-counseled, relatively deep-pocketed, and insured media organizations that it’s threatening,” he writes. “Maybe the law ought to be otherwise (or maybe not). But in any event this is my sense of the precedents as they actually are.”

This is actually the second time this month I’ve received threatening missives from entities representing Sony Pictures. On Dec. 5, I got an email from a company called Entura, which requested that I remove a link from my story that the firm said “allowed for the transmission and/or downloading of the Stolen Files.” That link was in fact not even a Sony document; it was a derivative work — a lengthy text file listing the directory tree of all the files stolen and leaked (at the time) from SPE. Needless to say, I did not remove that link or file.

Here is the full letter from SPE’s lawyers (PDF).

Kategorie: Hacking & Security

US Congress OKs 'unprecedented' codification of warrantless surveillance

Sophos Naked Security - 15 Prosinec, 2014 - 15:22
The US Congress has quietly passed a bill that includes warrantless forfeiture of private communications to local law enforcement and allows for indefinite retention of any encrypted content.

Exploiting MS14-068 - just another pentest

LinuxSecurity.com - 15 Prosinec, 2014 - 14:55
LinuxSecurity.com: This is a short post on how to exploit MS14-068 on Linux. This came up on my recent internal infrastructure engagement. The primary DC was a vulnerable Windows 2008 R2 SP1 server.
Kategorie: Hacking & Security

12 Days competition: Day 11 - Now you see it, now you...ah...still see it

Sophos Naked Security - 15 Prosinec, 2014 - 13:49
Can you work out the answer to our question in Day 11 of our 12 Days of Christmas competition?
Syndikovat obsah