Spyware, Viruses, & Security forum


NEWS - July 11, 2013

by Carol~ Forum moderator / July 11, 2013 2:26 AM PDT
Anatomy of a security hole - Google's "Android Master Key" debacle explained

This month's "computer security elephant in the room" story is the news of a gaping security hole in Android application security.

If you've seen the headlines, you'd be forgiven for thinking that someone just pulled off a giant feat of cryptographic cracking.

Actually, the headlines are down to a smart PR coup (albeit a slighty naughty one) by self-styled mobile security startup Bluebox.

The company published a blog article with a URL that unashamedly proclaimed: bluebox-uncovers-android-master-key.

Bigger still was a headline that unrelentingly bellowed the words UNCOVERING ANDROID MASTER KEY THAT MAKES 99% OF DEVICES VULNERABLE: [Screenshot]

Continued : http://nakedsecurity.sophos.com/2013/07/10/anatomy-of-a-security-hole-googles-android-master-key-debacle-explained/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - July 11, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 11, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
IRS Exposes SSNs in Database of Public Tax Filings
by Carol~ Forum moderator / July 11, 2013 3:13 AM PDT
In reply to: NEWS - July 11, 2013

The Social Security Numbers of tens of thousands of Americans ended up in a searchable public database that provides access to the tax filing applications of Section 527 political organizations on the Internal Revenue Service's website.

According to OpenSecrets.org, 527s are "...tax-exempt group(s) organized under section 527 of the Internal Revenue Code to raise money for political activities including voter mobilization efforts, issue advocacy and the like."

The public information dissemination nonprofit, Public.Resource.Org, wrote a letter to the IRS [PDF] earlier this month requesting that the government's tax collector temporarily remove the forms from their website in order to properly redact the highly sensitive information.

In a phone interview, Carl Malamud, the founder of Public.Resource.Org, told Threatpost that the IRS exposed tens of thousands of Social Security Numbers at the least, and may have in fact exposed more than 100,000.

Continued : http://threatpost.com/irs-exposes-ssns-in-database-of-public-tax-filings/101261

IRS exposed Social Security numbers of tens of thousands of political donors
IRS mistakenly exposed thousands of Social Security numbers

Collapse -
Strange "ransomware" title pushes surveys, knows ..
by Carol~ Forum moderator / July 11, 2013 3:13 AM PDT
In reply to: NEWS - July 11, 2013
... Close Encounters tune

If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics.

Trojan.Shadowlock belongs to a category of malicious software known as ransomware, which typically locks down data and resources until the victim pays a hefty fee. But in this case, according to Symantec researchers, the malware demands the user of the disabled computer complete an online survey. [Screenshot]

Shadowlock isn't as nasty as other ransomware samples that threaten criminal prosecutions based on trumped up charges and then extort fees that can be in the hundreds of dollars. That's because this latest threat, which was created with Microsoft's .Net developer tool, can be easily bypassed. Still, it contains several dormant functions that could be invoked in future versions. The ability to kill Chrome, Internet Explorer, and other browsers is one capability. Eating up disk space and disabling the Windows firewall is another.

Continued : http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-surveys-knows-close-encounters-tune/
Collapse -
DEF CON To Feds: We Need Some Time Apart
by Carol~ Forum moderator / July 11, 2013 3:13 AM PDT
In reply to: NEWS - July 11, 2013

One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is "Spot-the-Fed," a playful and mostly harmless contest to out undercover government agents who attend the show.

But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away.

In a brief blog post published this evening at the DEF CON Web site titled, "Feds, We Need Some Time Apart," DEF CON owner and hacker-in-chief Jeff Moss (a.k.a. "The Dark Tangent") suggested it was probably in the best interests of the feds to make themselves scarce at this year's con.

Continued : http://krebsonsecurity.com/2013/07/def-con-to-feds-stay-home-this-year/

Also: For first time ever, feds asked to sit out Defcon hacker conference

Collapse -
Microsoft gives app developers 180 days to fix bugs
by Carol~ Forum moderator / July 11, 2013 3:14 AM PDT
In reply to: NEWS - July 11, 2013

This month's Patch Tuesday has been a prolific one, and patches for a total of 34 vulnerabilities - six of which critical - have been made available for users. Among them is also a patch for the Windows zero-day recently unearthed by Google researcher Tavis Ormandy, which has apparently been spotted being exploited in the wild.

But the Redmond giant has also announced a change to the Security Policy for its Store Apps, in order to make the apps available on Windows Store, Windows Phone Store, Office Store, and Azure Marketplace safer for users.

"The policy, which is effective immediately, requires developers to fix security vulnerabilities in their apps and enables Microsoft to remove an app from sale if the developer does not provide an effective fix. The requirement applies to all apps available in the online stores, including Microsoft apps," the company explained.

Continued : http://www.net-security.org/secworld.php?id=15211

Collapse -
Who's Behind The Styx-Crypt Exploit Pack?
by Carol~ Forum moderator / July 11, 2013 3:14 AM PDT
In reply to: NEWS - July 11, 2013

Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I'll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service.

As I noted in Monday's story, what's remarkable about Styx is that while most exploit kits are sold on private and semi-private underground forums, Styx has been marketed and sold via a regular Web site: styx-crypt[dot]com. The peddlers of this service took down their site just hours after my story ran, but versions of the site cached by archive.org hold some important clues about who's responsible for selling this product.

At the bottom of the archived styx-crypt homepage, we can see two clickable banners for an account at virtual currency Webmoney to which potential customers of Styx will need to send money in order to purchase a license for the software. The Webmoney account #268711559579 belongs to a Webmoney Purse number Z268711559579. Follow that link and you'll see that the registered username attached to that purse is "Ikar." If we look closer we can see that Ikar's Webmoney purse is connected to another purse at Webmoney account 317426476957, which is this purse belonging to a user named "Nazar."

Continued : http://krebsonsecurity.com/2013/07/whos-behind-the-styx-crypt-exploit-pack/

Collapse -
Facebook scam packs double whammy
by Carol~ Forum moderator / July 11, 2013 7:28 AM PDT
In reply to: NEWS - July 11, 2013

A new phishing / malware delivery scam is doing rounds on Facebook, warns ThreatTrack's Chris Boyd.

The lure is a message saying "I'm serious guys If you people don't stop posting this of me I will be erasing my account. "

Those unfortunate enough to believe that the account holder has posted the message will likely follow the offered link, and end up on a spammy Tumblr that will try to redirect them fake Facebook login page.

The bogus page is very realistic, and asks the victims to enter both their Facebook account credentials as well as the answer to a security question: [Screenshot]

After this information is submitted, the victims are faced with another obstacle to finding out exactly what kind of content their friend finds objectionable: a pop-up telling them that they need to download an update "Youtube Player".

Of course, the offered executable (Flashplayerv10.1.57.108.exe) is not an update, but a malicious file that uses Windows Script Host to run a .VBS file that forces the victims to reboot their computers.

Continued : http://www.net-security.org/malware_news.php?id=2538

Collapse -
'Priyanka' yanks your WhatsApp contact chain on Android mobe
by Carol~ Forum moderator / July 11, 2013 7:42 AM PDT
In reply to: NEWS - July 11, 2013

A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesn't cause much harm.

Priyanka changes all contact groups names to Priyanka as well as contact names. The malware makes no use of exploits and vulnerabilities and only spreads manually. Victims have to accept contact file from a friend, named "Priyanka" and install it for anything untoward to occur. Simply ignoring the dodgy contact request prevents any damage.

Despite its less than ninja-level infection tactics, reports of Priyanka infection began cropping up on social media sites over the last few days, alongside more numerous alerts about the issue. The overall volume of related messages on Twitter is dozens rather than hundreds, the hallmark of a relatively isolated outbreak.

Fortunately recovering from infection is a straightforward matter of deleting the dodgy Priyanka contact before clearing your WhatsApp database, Softonic reports. Users will have to go through the setup process again but at the end of this their previous conversations should be restored.

Continued : http://www.theregister.co.uk/2013/07/10/priyanka_whatsapp_worm/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.