×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

msm1267 hasn't commented recently.

Submissions

top

Tor Blacklisting Exit Nodes Vulnerable to Heartbleed

msm1267 msm1267 writes  |  2 days ago

msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 vulnerable to Heartbleed where he was able to retrieve plaintext user traffic.

Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."

Link to Original Source
top

Phase 1 of TrueCrypt Audit Turns up No Backdoors

msm1267 msm1267 writes  |  4 days ago

msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase.

A report on the first phase of the audit was released today by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."

Link to Original Source
top

One Billion Android Devices Open to Privilege Escalation

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks.

Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges.
The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.

The researchers said they found a half-dozen different Pileup flaws within Android’s Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said."

Link to Original Source
top

Wide Gap Between Attackers, BIOS Forensics Research

msm1267 msm1267 writes  |  about 1 month ago

msm1267 (2804139) writes "Advanced attackers who target BIOS and firmware with bootkits and other malware have a decided edge on security research and defense in this discipline. These attacks are dangerous because they enable persistence on a PC or server that is difficult to repair without bricking a machine. Researchers at MITRE and chip companies, however, are trying to reverse that trend with research into vulnerabilities in hardware and firmware as well as developing tools that help analyze problems present in BIOS."
Link to Original Source
top

CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "A presenter at this week’s CanSecWest security conference has withdrawn his scheduled talk for fear the information could be used to attack critical infrastructure worldwide.
Eric Filiol, scientific director of the Operational Cryptology and Virology lab. CTO/CSO of the ESIEA in France, pulled his talk on Sunday, informing organizer Dragos Ruiu via email. Filiol, a 22-year military veteran with a background in intelligence and computer security, said he has been studying the reality of cyberwar for four months and came to the decision after discussions with his superiors in the French government.
Filiol said he submitted the presentation, entitled “Hacking 9/11: The next is likely to be even bigger with an ounce of cyber,” to CanSecWest three months ago before his research was complete. Since his lab is under supervision of the French government, he was required to review his findings with authorities.
“They told me that this presentation was unsuitable for being public,” Filiol said in an email. “It would be considered as an [incentive] to terrorism and would give precise ideas to terrorists on the know-how (the methodology) and the details regarding the USA (but also how to find weaknesses in other countries).”"

Link to Original Source
top

HTTPS Traffic Attacks Leak Sensitive Surfing Details

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "Researchers have built new attack techniques against HTTPS traffic that have been effective in learning details on users' surfing habits, leaking sensitive data that could impact privacy.
They tested against 600 leading healthcare, finance, legal services and streaming video sites, including Netflix. Their attack, they said in a research paper, reduced errors from previous methodologies more than 3 ½ times. They also demonstrate a defense against this attack that reduces the accuracy of attacks by 27 percent by increasing the effectiveness of packet level defenses in HTTPS, the paper said.

“We design our attack to distinguish minor variations in HTTPS traffic from significant variations which indicate distinct traffic contents,” the paper said. “Minor traffic variations may be caused by caching, dynamically generated content, or user-specific content including cookies. Our attack applies clustering techniques to identify patterns in traffic.”"

Link to Original Source
top

GnuTLS Goto Bug is Not Same as Apple Goto Fail

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "The similarities between the GnuTLS bug and Apple’s goto fail bug begin and end at their respective failure to verify TLS and SSL certificates. Otherwise, they’re neither siblings, nor distant cousins.
The GnuTLS bug is very different, though like Apple’s infamous goto fail error, it will also treat bogus digital certificates as valid.
“This one was more of a dumb coding mistake, whereas Apple could have been a cut-and-paste error. It looks like [GnuTLS] failed to cast a return variable correctly. C is hard," said cryptographer Matthew Green of Johns Hopkins University.
While the goto command appears in the buggy code in both vulnerabilities, the GnuTLS bug veers off in a different direction. Goto fail, for example is a standard C paradigm for error handling. Goto, in this case, is being used correctly, said Melissa Elliott, a security researcher with Veracode. The problem, she said, is related to variable typing and an improper mixing of error codes that led to this mess."

Link to Original Source
top

Hackers Paying Attention to Microsoft EMET Bypasses

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "Exploits bypassing Microsoft’s Enhanced Mitigation Experience Toolkit, or EMET, are quickly becoming a parlor game for security researchers. With increasing frequency, white hats are poking holes in EMET, and to its credit, Microsoft has been quick to not only address those issues but challenge and reward researchers who successfully submit bypasses to its bounty program.

The tide may be turning, however, if the latest Internet Explorer zero day is any indication. An exploit used as part of the Operation SnowMan espionage campaign against U.S. military targets contained a feature that checked whether an EMET library was running on the compromised host, and if so, the attack would not execute.

That’s not the same as an in-the-wild exploit for EMET, but that may not be too far down the road, especially when you take into consideration two important factors: Microsoft continues to market EMET as an effective and temporary zero-day mitigation until a patch is released; and the impending end-of-life of Windows XP in three days could spark a surge in EMET installations as a stopgap."

Link to Original Source
top

Complete Microsoft EMET Bypass Developed

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning at the Security BSides conference explaining how the company’s researchers were able to bypass all of the memory protections offered within the free Windows toolkit.

The work is significant given that Microsoft has been quick to urge customers to install and run EMET as a temporary mitigation against zero-day exploits targeting memory vulnerabilities in Windows or Internet Explorer.

The exploit bypasses all of EMET’s mitigations, unlike previous bypasses that were able to beat only certain aspects of the tool. Researchers took a real-world IE exploit and tweaked it until they had a complete bypass of EMET's ROP, heap spray, SEHOP, ASLR and DEP mitigations."

Link to Original Source
top

Bitcoin Trojan Found on Popular Download Sites

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Phony Bitcoin ticker apps hosted on popular sites Download.com and MacUpdate.com are fronts for the OSX/CoinThief Trojan, which was built to steal Bitcoin wallet credentials and keys, and to date has drained a small number of accounts.New variants of the Trojan targeting Mac OS X users were found on the sites and also include a browser extension for Firefox. Previous versions of CoinThief spread through a GitHub page that has since been taken down and included extensions for Safari and Google Chrome only."
Link to Original Source
top

Adobe Zero Day Targets China; No 'Mask' Connection

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Exploits for a newly reported zero-day vulnerability in Adobe’s Flash Player drop a password-grabbing Trojan that targets the email and social media accounts of users and organizations in China, researchers at Kaspersky Lab said today.
The attacks appear to be an isolated campaign and there is no connection between these exploits and a new advanced espionage campaign called The Mask that Kaspersky researchers are expected to unveil next week at the company’s Security Analyst Summit."

Link to Original Source
top

New iframe Attack Leverages PNG Metadata

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.
The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply engrained in the image’s metadata."

Link to Original Source
top

Honey Encryption Tricks Hackers with Decryption Deception

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Researchers are ready to unveil Honey Encryption, an encryption system that pulls a bit of deception against hackers who have stolen encrypted data. The tool produces a ciphertext, which, for every wrong guess a hacker tries presents a plausible-looking yet incorrect plaintext password or encryption key. With traditional encryption, an attacker making an incorrect guess gets gibberish in return to their request. With Honey Encryption, the hacker gets something that looks like real context. An attacker would have no way of knowing which plausible-looking value is the correct one."
Link to Original Source
top

Java-Based DDoS Bot Hits Windows, Mac, Linux Computers

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "A malicious Java application that infects Windows, Mac and Linux machines for the purpose of building a DDoS botnet has been discovered. The botnet communicates over IRC and can carry out distributed denial of service attacks using either HTTP or UDP flood attacks. Researchers said today that the malicious Java application exploits a patched Java vulnerability,"
Link to Original Source
top

Hasbro, Cracked Still Owned; Providing Zombies for Botnets?

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Hasbro[.]com, a leading toy and game distributor in the United States, is infected and serving malware to visitors of the site. Researchers at Barracuda Networks said the site remained infected and Hasbro has not responded to an email from the security firm disclosing the issue.
The Java-based attack is similar to one conducted against popular humor website cracked[.]com, which was found in November to also be hosting a drive-by download attack, and as of two weeks ago, was again serving up malware in drive-by attacks.
Like Cracked, Hasbro is a popular website that, based on traffic analysis from Alexa.com from 2013, gets upwards of 215,000 daily visitors. Barracuda estimates that given current Java installations and patching levels, the site could potentially be infecting up to 20,000 visitors a day. While the Cracked and Hasbro attacks don’t seem to be related, Barracuda research scientist Daniel Peck said, the possibility exists that these compromises are recruiting zombie endpoints for a botnet."

Link to Original Source
top

Electric Cybersecurity Regulations Have a Serial Problem

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "A class of SCADA vulnerabilities discussed at a recent conference is getting attention not only for the risks they pose to master control systems at electric utilities, but also for illuminating a dangerous gap in important critical infrastructure regulations."
Link to Original Source
top

Cutwail-Like Trojan Hides In Its Own Traffic

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "A new spambot has been discovered that generates copious amounts of network traffic in an attempt to disguise what it’s really up to and throw off the scent of detection capabilities. The spambot, identified as Wigon.PH_44, is being served on compromised websites hosted on the WordPress platform. To date, there are up to 200 sites serving the malicious executable and there have been 15,000 hits in the wild on the malware signature, most of those in the United States."
Link to Original Source
top

APT Espinonage Campaign Hit 3 US Oil Companies

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "The Icefog cyberespionage malware campaign uncovered last September was originally thought to be limited to the military supply chain, primarily in Japan and South Korea. But new details emerged today that a Java-based version of the malware exists and infected three US-based oil and gas companies. All three have been notified; two have removed the infections so far."
Link to Original Source
top

Victim Groups in Target Breach 'Not Linked'

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Giant retailer Target has clarified that the partial personal information--including names, addresses, phone numbers and email addresses--of another 70 million individuals was also stolen during a two-week long breach of its systems starting the day before Thanksgiving. Target said: "These are two distinct groups and are not linked. While there may some overlap between the two groups (the 40 million and the 70 million) but we don’t know to what extent at this time.""
Link to Original Source
top

Mobile Banking Apps for iOS Woefully Insecure

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Mobile banking applications fall short on their use of encryption, validation of digital certificates and two-factor authentication, putting financial transactions at risk worldwide. An examination of 40 iOS mobile banking apps from 60 leading banks worldwide revealed a slew of security shortcomings that also included hard-coded development credentials discovered during a static analysis of app binaries. It's a mess, and to date, most of the banks have been informed and none of provided feedback indicating the vulnerabilities were patched."
Link to Original Source

Journals

msm1267 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...