Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

Tag Archives: security

Mobile phones – the next malware focus point?

if you use your mobile to manage your finances then you may be putting yourself at risk according to event reports from security experts. The desktop PC has been the exploited tool of choice for malware but the smartphones of today are more powerful than ever and practically mobile computers in their own right. As we carry so much information on these devices and do more on them, it was only a matter of time before they got exploited.

A recent example of this with the new Zeus for the mobile, nicknamed ‘Zitmo’. Zeus on the PC has been a plague on Microsoft for the past four years and now it has surfaced on Android. Zitmo works in a new way; It is downloaded as malware on the desktop PC and sleeps till it recognises that a financial transaction is in place, intercepts the request and informs the user that as part of new security procedures, verification is required via mobile phone. The downloaded software however is simply malware to take control of the phone,

Zeus is just one example of malware on phones and Trojans can get onto phones in a myriad of ways; clicking a link or downloading an attachment with a virus that takes control of the phone. Connecting up to public Wifi spots can leave a phone vulnerable to attack too.

“The mobile phone industry is not fit for purpose, especially for financial transactions,” says Alex Fidgen of MWR InfoSecurity, one of the biggest cybercrime-busting outfits in The UK. “The evidence is irrefutable. You cannot be assured of security with modern smartphones. As soon as the handset is compromised, then any data is up for grabs.”

Android is seen as the most vulnerable of the mobile environments due to the amount of variations in OS versions across phones and because there is no vetting of submitted applications, it is quite trivial to distribute malware in the marketplace. Apple has a much tighter control over the distribution of apps but has no application sandboxing like Android, Jailbreak the device though and the possibility of malware increases. RIM by it’s very nature is deemed as the most secure mobile platform,

Recommendations from MWR on how to stay secure:

  • Don’t trust links or attachments from people you don’t know. If a person you do know has sent you a link or attachment, check with them that it is legitimate before opening it.
  • Don’t use public Wi-Fi, especially for financial transactions or other secure personal transactions.
  • Do apply any updates that are made available for your devices.
  • Do only install applications from reputable publishers.
  • Don’t “jailbreak” your iPhone.
  • Do set an unguessable pin in case your phone is stolen

.

Advertisements

Recent Security attacks

July 12th – Booz Allen Hamilton
Anonymous accessed up to 90,000 emails and password hashes from US military contractor Booz Allen Hamilton. They also claimed that they still had more but had not released them. The information was pulled from an unprotected server.

The release of the email addresses opens the company up to future malware and social engineering attacks and the password hashes are likely to be brute forced offline to allow access to people’s accounts and potentially data.

July 14th 2011 – Pentagon hacked, 24,000 files stolen
Only reported now, the Pentagon was hacked earlier this year in March this year by what was described as ‘foreign intruders’. In this attack 24,000 files were stolen in one of the biggest cyber-attacks ever on the U.S. military, according to a Department of Defense official.

William Lynn, the deputy secretary of defense, acknowledged the brazen theft during a speech while detailing a plan to strengthen the country’s cyber-security; details on what kind of files were stolen was not disclosed.

The aim for the future is aimed less at simply reducing the chances of attack but also to lessen the value of what could be taken:

“Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries’ incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”

18th July 2011 – UK Lady Gaga site hacked.
Retrofuzz, the Manchester firm that designed the UK Gaga site didn’t do a very good job at securing the site as on the 27th June hackers from the Swagsec group broke in and stole thousands of personal details, according to the Guardian. Universal Music told the paper that not financial details were taken but all those affected had been contacted and advised to change passwords

July 19th 2011 – Sun website hacked.
LulzSec disbanded? Think again. Part of the News International group the Sun newspaper were hacked by the AntiSec group who tampered with the news website. Readers were redirected to a hoax story which said Rupert Murdoch had been found dead in his garden. People trying to access thesun.co.uk were taken to new-times.co.uk and a story entitled “Media mogul’s body discovered”.

The group of hackers claimed responsibility via Twitter.

July 21st 2011 – Anonymous hacks NATO
Anonymous members claim to have hacked Nato servers, and to have gained access to restricted documents.
The hacker group claimed to have approximately one gigabyte of Nato data in a Twitter post on Thursday.

“Yes, #NATO was breached. And we have lots of restricted material. With some simple injection. In the next days, wait for interesting data :),” the AnonymousIRC Twitter feed said. “We are sitting on about one Gigabyte of data from NATO now, most of which we cannot publish as it would be irresponsible. But Oh NATO….”

Later that same day NATO replied downplaying the security of the information taken stating that RESTRICTED is the lowest of the five grades of information. The scale runs on up through CONFIDENTIAL to SECRET and then TOP SECRET. Really hot stuff is usually compartmentalised under a special codeword

Bluetooth vulnerability fixed in latest Patch Tuesday update

Microsoft recently fixed an issue that allowed an attacker to exploit a weakness in the Bluetooth stack in Windows 7 and Windows Vista machines which would most likely crash a users machine. A remote code-injection attack would also be possible but difficult to execute. For once Windows XP users are safe as the problem has only existed since the Bluetooth stack was updated in Vista.

The exploit requires the PC to be in Discovery mode (which is not the default setup) which will broadcast the adaptor address out. If executed correctly, an attacker could exploit the vulnerability by constructing a series of specially crafted Bluetooth packets and sending them to the target machine. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights and take complete control of a system without any user notification at any time

There is also the chance of a non-bluetooth enabled laptop or desktop machine being compromised with the insertion of a USB dongle as Vista and Windows 7 come Bluetooth ready and will auto-initiate. If you don’t use Bluetooth and never intend to then the best defence is to totally disable the service.

This vulnerability is of course now fixed but the possibility of drive-by attacks has now been proven. Expect more similar exploits soon.

Security experts describe new botnet as almost ‘indestructible’

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec. Now the Botnets in typical cat and mouse fashion are starting to bring the fight to a new level.

A new Botnet named TDL-4 has been discovered by security experts and described as almost “indestructible”. TDL targets Windows PC’s, is difficult to find and difficult to remove. It is thought that recent Botnet Shutdowns has made the developers of TDL to harden itself against detection and removal with the addition of encryption.

Around 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files. It installs itself in the Windows master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

The changes introduced in TDL-4 made it the “most sophisticated threat today,” said security researchers Sergey Golovanov and Igor Soumenkov at Kaspersky labs. They have written a detailed analysis of the virus.

“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies,”

The majority of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down. Between the addition of a custom encryption system and communicating using public peer-to-peer network TDL-4 is hard to get a significant amount of data to analyse. However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

Computer users, You are the weakest link.

Companies spend vast sums of money year after year erecting firewalls, keeping viruses off the systems and trying to keep the security policies up to date to keep the bad guys out. However, time after time, users show that they are the weakest point in any security breach.

“There’s no device known to mankind that will prevent people from being idiots,” said Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC)

Read more of this post

Recent Tech articles – 20th-26th June 2011

A lot of news this week centers around security issues.. We will start with it, and end with it… We started the week with two biggish issues from Dropbox and WordPress; On the Monday it was reported that a programmer’s error in a code update at Dropbox caused a temporary security breach that allowed any password to be used to access any user account. This was followed in the Tuesday with a release from WordPress when it announced it was forcing users to reset their passwords at WordPress.org after several popular plugins were compromised by hackers.

In Adobe news, to try and get beyond critics comments on their reliance on Flash and the Desktop, released one new product and put out on Preview another; At the beginning of the week they announced that Flash Builder 4.5.1 was ready for release and would allow IOS and Playbook development on top of the already existing Android platform. They then ended the week by announcing the preview of Edge – an HTML5 animation design tool.

On the Wednesday I started hearing on Twitter about an [at that point] unverified story from Cory Doctorow on Boing Boing which was suggesting that the UK Copyright lobby was in closed talks with the British Government on national web censorship… If you are a Net Neutrality follower, it’s worth reading including the BBC followup.

As we head towards Microsoft Office365 cloud offering coming out of Beta, I am sure that they could be doing without BPOS (Business Productivity Online Suite), the suite that 365 will replace, experiencing further outages which was reported midweek last week.

After last weeks release of the Kinect Windows SDK, i picked up some a couple of URLS’s one pointing to a Kinect Hacks site for inspiration on what you can do with it and the other was a series of videos from the Microsoft developers event the previous week.

Gamification is a hot topic at the moment. So what is it and how can it be used in real world situations?

As promised, we end the news of this week with more security news. Firstly, in an international raid called Operation Tribune Herald resulted in multiple equipment seizures of a group spreading scareware malware. And finally after 50 days at sea, LulzSec announces that they are disbanding… Or do they?

Something to play with – I found a new social site last week after hearing it mentioned on Mashable.com. Infostripe – A personal landing page with mobile in mind.

WordPress.org forces users to change passwords

On Tuesday (June 21, 2011) WordPress.org announced it was forcing users to reset their passwords after several popular plugins were compromised by hackers. AddThis, WPtouch and W3 Total Cache were identified as being the plugins affected. These new versions were rolled back and pushed them out as updates very quickly.

Read more of this post

Reasons why we update – June Patch Tuesday and Java vulnerabilities

Patch Tuesday vulnerabilities already being exploited by hackers

Just three days after Microsoft released it’s latest batch of fixes and updates hackers have begun to exploit one of the bugs on un-patched machines reports Symantec. The exploit takes advantage of one of the Internet Explorer issues that was patched this month. This incident only highlights the importance of updating a computer’s files as soon as a patch becomes available because the longer a security hole is left exposed, the more risk there is to the user.

Usually when vulnerabilities are published in Microsoft’s reports regarding Patch Tuesday, there is the expectation that hackers will use that information and usually be successful within 30 days. However in this case, there has been some surprise that the individuals have done it in a significantly less amount of time.

The vulnerability itself stems from Microsoft’s Internet Explorer browser, version 8 and below, that was originally discovered back in January by a bounty hunter according to InfoWorld. The IE bug, which was placed as the most important update on Patch Tuesday by security analysts, causes issues due to its ability to automatically download malicious files. Symantec’s Joji Hamada stated that, “we have only seen limited attacks taking advantage of this vulnerability and believe that the exploit is only being carried out in targeted attacks at present”.

Oracle releases Java 1.6 update 26

Microsoft recreantly released a new piece of software for detecting malware on your machine. Microsoft Safety Scanner is downloaded and run on your PC to detect and remove malware and rootkits. In eight out of ten of the top vulnerabilities had gotten into users’ machines through Java vulnerabilities. Now, Oracle has updated Java 1.6 to Update 26. If you have Java on your machine, then you want to update to this version to prevent the remote execution exploits that have been fixed.

17 vulnerabilities have been patched with nine of those given a 10 out of 10 in terms of security risk – Oracle’s own ranking. This update is available for Windows, Linux, and Solaris. Apple users will have to wait until Apple issues an update to address the flaws.

Microsoft warning of phishers posing as computer security experts in phone scam

In independent research commissioned by Microsoft Trustworthy Computing and conducted by Dynamic Markets Ltd. in April 2011, Microsoft released details of a survey conducted into a phishing scam where some individuals were conned into releasing personal and financial information to fix a non-existent problem on their computer. Not only did these individuals lose money regarding the original call but also the subsequent costs to fix the problems. The survey was conducted across 7,000 people which revealed that 15 percent of them across the UK, US, Ireland and Canada reported receiving a call from scammers. Of these, 22 percent (3% of the total survey population) had been deceived by the phishers and so lost money.
Read more of this post

Recent Tech articles – 30th May-05th Jun

In is past week we start of with news that flows over from the previous week. To start we have seen more news about the MacDefender malware. First we heard that the Trojan had moved over onto attacking through Facebook profiles using the Clickjacking technique. Then Apple finally released the security update to removed old infections and prevent new ones… It was worked around in 8 hours… Since then nothing.

Also from the previous week, Lodsys crawled back into the news by retaliating over Apples letter by bringing forward their litigation timing to 31st May instead of waiting the 21 days originally given.

Moving into this week, Lockheed Martin reported a serious hack attempt on their systems. This prompted both UK and US governments to raise their objectives towards cyber crime,

Shortly after Google announces that they are introducing a new service this summer called Google Wallet… Then gets sued by Paypal shortly after.

At the D9 conference at All things Digital this week, CEO of Twitter, Dick Costello announced some new Twitter enhancements to search and photo. He talked about how they were enhancing their search facility and were releasing a new feature to allow users to upload photos and attach it to a tweet right from

My final article from this week was on buttons… It seems this week that the Internet has gone button crazy with Twitter, Google and LinkedIn talking about their offerings.

%d bloggers like this: