×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Phony USB Charger Masquerades as Wireless Keylogger

msm1267 Re:Title has it backwards (3 comments)

True, hopefully the editor can fix if they post it to the front page. Thx

about two weeks ago

Submissions

top

Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE

msm1267 msm1267 writes  |  4 days ago

msm1267 (2804139) writes "Bypasses have been demonstrated for two new memory-corruption protections present in Internet Explorer since last summer, Heap Isolation and Delay Free. The mitigations were designed to prevent successful exploits of use-after-free vulnerabilities."
Link to Original Source
top

Proposed CFAA Amendments Could 'Chill" Security Research

msm1267 msm1267 writes  |  about two weeks ago

msm1267 (2804139) writes "Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama’s proposed amendments to the Computer Fraud and Abuse Act (CFAA) is expected to be debated and sorted out as it makes its way through the legislature.

The amendments come with stiffer penalties for those convicted of hacking, with some sentences doubled and some offenses elevated to felonies.

One amendment to the CFAA contains language that is a redefinition of what it means to exceed authorized access; it broadens the scope of the CFAA considerably.

From section six in the amendment: ” ‘exceeds authorized access’ means to access a computer with authorization and to use such access to obtain or alter information in the computer (a) that the accesser is not entitled to obtain or alter; or (b) for a purpose that the accesser knows is not authorized by the computer owner.”"

Link to Original Source
top

Phony USB Charger Masquerades as Wireless Keylogger

msm1267 msm1267 writes  |  about two weeks ago

msm1267 (2804139) writes "Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.

The device is known as KeySweeper and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself and a handful of other bits. When it’s plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web."

Link to Original Source
top

Inside North Korea's Naenara Browser

msm1267 msm1267 writes  |  about two weeks ago

msm1267 (2804139) writes "Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness.

The Naenara browser is part of the Red Star operating system used in North Korea and it’s a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

“Here’s where things start to go off the rails: what this means is that all of the DPRK’s national network is non-routable IP space. You heard me; they’re treating their entire country like some small to medium business might treat their corporate office,” Hansen wrote in a blog post detailing his findings. “The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists. Apparently not!”"

Link to Original Source
top

Inside Cryptowall 2.0 Ransomware

msm1267 msm1267 writes  |  about three weeks ago

msm1267 (2804139) writes "If you need more evidence that ransomware is here to stay, and could turn into cybercriminals’ weapon of choice, look no further than Cryptowall.

Researchers at Cisco’s Talos group today published an analysis of a Cryptowall 2.0 sample, peeling back many layers of known commodities around this threat, such as its use of the Tor anonymity network to disguise command-and-control communication.

But perhaps more telling about the commitment around ransomware is the investment attackers made in its capabilities to detect execution in virtual environments, building in many stages of decryption present before the ransomware activates, and its ability to detect 32- and 64-bit architectures and executing different versions for each."

Link to Original Source
top

Misfortune Cookie Home Router Vulnerability Discovered

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man-in-the-middle position on traffic going to and from home routers from just about every leading manufacturer.

Mostly ISP-owned residential gateways manufactured by D-Link, Huawei, TP-Link, ZTE, Zyxel and several others are currently exposed. Researchers at Check Point Software Technologies reported the flaw they’ve called Misfortune Cookie, to all of the affected vendors and manufacturers, and most have responded that they will push new firmware and patches in short order.

The problem with embedded device security is that, with consumer-owned gear especially, it’s up to the device owner to find and flash new firmware, leaving most of the devices in question vulnerable indefinitely.

In the case of the RomPager vulnerability, an attacker need only send a single packet containing a malicious HTTP cookie to exploit the flaw. Such an exploit would corrupt memory on the device and allow an attacker to remotely gain administrative access to the device."

Link to Original Source
top

Manufacturer Backdoor Found on Popular Chinese Android Smartphones

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent.

The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor’s control system.

The CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user’s permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad.

The manufacturer has also taken steps via modifications to its version of Android to keep the backdoor hidden from users and security software that could be installed on the phone. For example, Olson said Coolpad has disabled the long-press system that allows a user to find out what application generated an pop-up advertisement or notification, for example."

Link to Original Source
top

Shellshock Worm Exploiting Unpatched QNAP NAS Devices

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "A worm exploiting network attached storage devices vulnerable to the Bash flaw is scanning the Internet for more victims.

The worm opens a backdoor on QNAP devices, but to date it appears the attackers are using the exploit to run a click-fraud scam, in addition to maintaining persistence on owned boxes.

“The goal appears to be to backdoor the system, so an attacker could come back later to install additional malware,” said Johannes Ullrich, head of the Internet Storm Center at the SANS Institute.

QNAP of Taiwan released a patch in October for the Bash vulnerability in its Turbo NAS products. Like many other vulnerable products and devices, owners may not be aware that Bash is present and exposed. Bash was among a litany of Internet-wide vulnerabilities uncovered this year; the flaw in Bash, or Bourne Again Shell, affects Linux and UNIX distributions primarily, but also Windows in some cases. Bash is accessed, often quietly, by any number of functions which makes comprehensive patching difficult even though all major Linux distributions and most vendors have issued patches."

Link to Original Source
top

'Lax' Crossdomain Policy Puts Yahoo Mail At Risk

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "A researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that put email message content, contact information and much more at risk. The researcher said the weakness is relatively simple to exploit and puts users at high risk for data loss, identity theft, and more.

Yahoo has patched one issue related to a specific .swf file hosted on Yahoo’s content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. While the patch fixed this specific issue, the larger overall configuration issue remains, meaning that other vulnerable .swf files hosted outside the Yahoo CDN and on another Yahoo subdomain could be manipulated the same way."

Link to Original Source
top

Destover Malware Signed with Legit Sony Certificate

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony.

The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it’s representative of the genre of malware that doesn’t just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords.

The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware."

Link to Original Source
top

DOJ Launches New Cybercrime Unit, Claims Privacy Top Priority

msm1267 msm1267 writes  |  about 1 month ago

msm1267 (2804139) writes "Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice announced on Thursday the creation of a new team within its Computer Crime and Intellectual Property Section (CCIPS) during a talk at a Georgetown Law conference titled, “Cybercrime 2020: The Future of Online Crime and Investigations.” Known as the Cybercrime Unit, the team is tasked with enhancing public-private security efforts.

A large part of the Cybersecurity Unit’s mission will be to quell the growing distrust many Americans have toward law enforcement’s high-tech investigative techniques. Even if that lack of trust, as Caldwell claimed, is based largely on misinformation about the technical abilities of the law enforcement tools and the manners in which they are used.

“In fact, almost every decision we make during an investigation requires us to weigh the effect on privacy and civil liberties, and we take that responsibility seriously,” Caldwell said. “Privacy concerns are not just tacked onto our investigations, they are baked in.""

Link to Original Source
top

Regin Attack Platform Targets GSM Networks Too

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators in order to launch additional attacks.

Kaspersky Lab published a report this morning that explains this aspect of the Regin attack platform, which has been detected on the Windows computers of 27 victimized organizations in 14 countries, most of those in Asia and the Middle East. In addition to political targets, Kaspersky Lab researchers identified Belgian cryptographer Jean Jacques Quisquater as one of its specific victims, along with an unnamed research institution that was also infected with other dangerous espionage malware including Mask/Careto, Turla, Itaduke and Animal Farm."

Link to Original Source
top

Open Source Detekt Antispyware Tool Exposes Surveillance

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Human rights workers, political activists and journalists working in oppressed parts of the world now have an open source detection tool that helps them triage their computers and scan for the worst of the worst state-sponsored spyware.

Detekt, built by independent white hat Claudio Rainieri in partnership with the EFF, Amnesty International and others, scans for FinFisher and HackingTeam spyware, as well as the most prevalent remote access Trojans, such as BlackComet and Extreme.

It's not meant as a substitute for antivirus, but more about giving someone under state surveillance--a desperate, emergency situation--a free utility to figure out what's happening on their machine and how to proceed next."

Link to Original Source
top

Microsoft Releases Emergency Patch for Kerberos Bug Under Attack

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Microsoft today released an out-of-band security bulletin patching a critical vulnerability in Kerberos implementations that is being exploited in targeted attacks. The vulnerability enables a hacker to escalate privileges on a compromised computers to domain administrator.

Originally, Microsoft planned to release the patch for this vulnerability, MS14-068, on Nov. 11, with the rest of the month’s Patch Tuesday fixes. However, the patch was not included in that release. No reason was given for the omission, but in the past Microsoft has delayed patches that weren’t ready yet or caused problems in testing. The MS14-068 vulnerability is rated critical and the company is urging users to install the patch right away."

Link to Original Source
top

Internet Voting Hack Alters PDF Ballots in Transmission

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren’t where they should be.

Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called “Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering” that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority.

The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes."

Link to Original Source
top

Microsoft Patches OLE Zero-Day Vulnerability

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities.

Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements."

Link to Original Source
top

WireLurker Mac OS X Malware Shut Down

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "WireLurker is no more. After causing an overnight sensation, the newly disclosed family of Apple Mac OS X malware capable of also infecting iOS devices has been put to rest. Researchers at Palo Alto Networks confirmed this morning that the command and control infrastructure supporting WireLurker has been shut down and Apple has revoked a legitimate digital certificate used to sign WireLurker code and allow it to infect non-jailbroken iOS devices.

Researchers at Palo Alto Networks discovered and dubbed the threat WireLurker because it spreads from infected OS X computers to iOS once the mobile device is connected to a Mac via USB. The malware analyzes the connected iOS device looking for a number of popular applications in China, namely the Meitu photo app, the Taobao online auction app, or the AliPay payment application. If any of those are found on the iOS device, WireLurker extracts its and replaces it with a Trojanized version of the same app repackaged with malware.

Patient zero is a Chinese third-party app store called Maiyadi known for hosting pirated apps for both platforms. To date, Palo Alto researchers said, 467 infected OS X apps have been found on Maiyadi and those apps have been downloaded more than 350,000 times as of Oct. 16 by more than 100,000 users."

Link to Original Source
top

Researcher Takes Wraps Off Undisclosed Bash Vulnerabilities

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff.

Researcher Michal Zalewski, a longtime bug-hunter, has been front and center on some of the Bash research and last week said he had found two additional bugs in the Bourne Again Shell, details of which he’d kept to himself until yesterday.

Zalewski took the wraps off the vulnerabilities, one of which, CVE-2014-6278, mimics the original vulnerability reported Sept. 24 but affects only systems patched against the original Bash vulnerability, CVE-2014-6271.

Like the original vulnerability, CVE-2014-6278 allows an attacker to remotely drop executable code by exploiting a weaknesses in environment variables in Bash, which is the most common command line shell used by Linux, UNIX and Mac OS X servers."

Link to Original Source
top

SNMP DDoS Scans Spoof Google DNS Server

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "The SANS Internet Storm Center is seeing SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic.

“The traffic is spoofed, and claims to come from Google’s DNS server. The attack is however not an attack against Google. It is likely an attack against misconfigured gateways,” said Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center.

Ullrich said the ISC is still investigating the scale of the possible attacks, but said the few packets that have been submitted target default passwords used by SNMP. In an update posted last night, Ullrich said the scans are sequential, indicating someone is conducting an Internet-wide scan looking for vulnerable routers and devices that accept certain SNMP commands."

Link to Original Source
top

Inside a Critical Webmin Vulnerability

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "The University of Texas information security office yesterday disclosed the details on a critical vulnerability in Webmin that was patched in May, days after it was reported.

The bug in the UNIX remote management tool provided remote root access to a host server. Authenticated users would then be able to delete files stored on the server. Researcher John Gordon published a report yesterday on the UT ISO website explaining that the problem was discovered in the cron module’s new environment variable. Gordon wrote that an attacker would have been able to use directory traversal and null byte injection techniques to force Webmin to delete any file stored on the system.

The vulnerability, Gordon said, likely cannot be flipped into an attack granting someone remote shell access or code execution on a standard Linux server, for example."

Link to Original Source

Journals

msm1267 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?