12 total posts
New Details on Skype Eavesdropping
Bruce Scheier @ his "Schneier on Security" Blog:
This article, on the cozy relationship between the commercial personal-data industry and the intelligence industry, has new information on the security of Skype.
'Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.
Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.
A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. ....'
Continued : http://www.schneier.com/blog/archives/2013/06/new_details_on.html
Skype 'Explored Making Government Snooping Easier'
Report: Skype set up Project Chess to enable official snooping
Privacy officials from 6 nations want answers about Google
The privacy officials of six countries and the European Commission have a host of questions about Google Glass, wouldn't mind getting their hands on the devices, and are wondering why, exactly, Google hasn't rung most of them up to hash out the privacy issues.
In an open letter to Google CEO Larry Page, the privacy overseers mused about not being consulted regarding privacy in the internet-enabled head gear:
We understand that other companies are developing similar products, but you are a leader in this area, the first to test your product "in the wild" so to speak, and the first to confront the ethical issues that such a product entails. To date, however, most of the data protection authorities listed below have not been approached by your company to discuss any of these issues in detail.
The letter - signed by 36 worldwide privacy officials from Canada, Australia, New Zealand, Mexico, Switzerland and Israel, several Canadian provinces, and a representative from the EC's privacy-focused Article 29 Working Party - notes that Glass has been the subject of many articles that have "raised concerns about the obvious, and perhaps less obvious, privacy implications of a device that can be worn by an individual and used to film and record audio of other people."
Continued : http://nakedsecurity.sophos.com/2013/06/20/privacy-officials-from-six-nations-want-answers-about-google-glass/
Google Glass: Privacy officials from six nations ask Larry Page for more info
Six Nations Ask For More Privacy Info About Glass
Secret documents reveal extent of NSA domestic surveillance
Secret documents reveal broad extent of NSA domestic surveillance
Two more top secret NSA documents that Edward Snowden shared with reporters of The Guardian have revealed that his claims about what the agency's analysts are authorized to do are true, and have shown that the extent of how much communication from and to U.S. nationals the agency can store is much broader that it was publicly known so far.
The two documents have shown that the NSA keeps "content repositories" holding records of devices associated with U.S. individuals, as well as records of their "electronic communications accounts / addresses / identifiers" that can serve to identify them as U.S. citizens and exempt then from future surveillance.
They also show that despite NSA analysts having been instructed to use "reasonable judgment" when trying to determine if the collected communication is tied to U.S. or non-U.S. persons, they are given a considerable leeway for mistakes.
Continued : http://www.net-security.org/secworld.php?id=15117
Also: Lawmakers introduce new bill to compel gov't to declassify secret court opinions
Wells Fargo Clients Targeted by Fareit Malware;
... Sensitive Info Exposed
Wells Fargo clients are again targeted by data-stealing malware through a well-crafted spam campaign. The Trojan known as Fareit comes packed with a password-stealing component that allows malware writers to gather sensitive details from users' devices, including Facebook and email credentials.
According to Bitdefender data, the systems most infected with this family of Trojans are located in the US, home to Wells Fargo. In the last week, the same type of Trojan has been making rounds in France, Croatia, Italy, Australia, Belgium, Spain, Romania, Egypt, and the United Arab Emirates.
Fareit is a multiple-component malware family that consists of a password-stealing component that grabs sensitive information from the victim's computer and sends it to a remote machine. The malware family also contains a DDoS component that may be controlled to flood other servers in collective attacks. Once installed, the malware also downloads and executes Zbot or Zeus, one of the most notorious and widespread Trojans so far
Continued : http://www.hotforsecurity.com/blog/wells-fargo-clients-targeted-by-fareit-malware-sensitive-info-exposed-6449.html
Google Docs Abused to Protect Malicious Traffic
Researchers at FireEye have spotted a malware campaign using Google Docs to redirect victims and evade callback detection mechanisms.
Connecting the malicious server via Google Docs, offers the malicious communication the protection provided by the legitimate SSL offered by Google, explained FireEye researcher Chong Rong Hwa.
"One possible way to examine the SSL traffic is to make use of a hardware SSL decrypter within an organization," the researcher noted. "Alternatively, you may want to examine the usage pattern of the users. Suppose a particular user accesses Google Docs multiple times a day, the organization's Incident Response team may want to dig deeper to find out if the traffic is triggered by a human or by malware."
According to FireEye, the campaign uses on spear-phishing attacks targeting countries such as Laos, Singapore and Cambodia.
The document used in this attack exploits CVE-2012-0158, and creates a decoy document and a malware dropper named exp1ore.exe, blogged Chong Rong Hwa, a researcher at FireEye. This dropper will then drop wab.exe and wab32res.dll inside the temp folder. By running wab.exe, the malicious DLL will be loaded.
Continued : http://www.securityweek.com/google-docs-abused-protect-malicious-traffic
Scammers Claim Yahoo's Acquisition of Tumblr ..
... "Opens Giveaway Floodgates"
Chris Boyd @ the ThreatTrack Security Lab blog:
A slick looking fake Tumblr staff blog lifting the design of the real thing, which takes advantage of Yahoo's recent acquisition of Tumblr to fool users complete with a posting from Fake David Karp?
Go on then, release the Ask box spam: [Screenshot]
The URL in question is a Whois protected site created on the 19th June 2013 called tumblernews.com (note the misspelling of "Tumblr"), which wraps content hosted at another domain in a frame. The other domain appears to be a cosmetics / skin care site of some description, and also plays host to a fake news page advertising weight loss so it's possible they've been hacked in order to host the rogue content. [Screenshot]
"Thanks to Yahoo!'s recent acquisition, we are opening the giveaway floodgates.
What does this mean for you? It means we're giving back to the community.
Click here to receive your Free $250 Olive Garden Giftcard ....... "
DNS provider's error caused LinkedIn "hack" and affected ..
... 5,000 more
LinkedIn, the professional networking site which had been reported as hacked or hijacked yesterday, was in fact the victim of human error at the company's DNS provider, Network Solutions, an error which appears to have affected up to 5,000 domains in all. Network Solutions has said in a blog posting that while trying to resolve a DDoS (Distributed Denial of Service) attack, it accidentally changed the DNS records of a "small number" of customers.
According to Cisco security researcher, Jaeson Schultz, the 'hijacking' involved the domain's name servers being replaced with name servers at ztomy.com and nearly 5,000 domains may have been affected by the change, including usps.com. Others affected included Fidelity and Yelp. Curiously, several of the domains pointed not at ztomy.com itself but to various sub-domains such as ns1620.ztomy.com, ns2620.ztomy.com, ns1621.ztomy.com, ns2621.ztomy.com and so on. "The fact that so many domains were displaced in such a highly visible way supports Network Solutions' claim that this was indeed a configuration error", says Schultz
Continued : http://www.h-online.com/security/news/item/DNS-provider-s-error-caused-LinkedIn-hack-and-affected-5-000-more-1894413.html
Also: The LinkedIn hack that wasn't
Related to: LinkedIn Suffers Outage Due to DNS Issue
FakeAV holds Android Phones for Ransom
From the Symantec Security Response Blog:
FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a computer and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections. Messages continue to pop up on the desktop until the payment is made or until the malware is removed. This type of fraud, which typically targets computers, began several years ago and has now become a household name. The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices.
One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware. Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files for example, until a payment/ransom is handed over. [Screenshot: FakeAV Android app]
Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system.
Continued (with video) here: http://www.symantec.com/connect/blogs/fakeav-holds-android-phones-ransom
Fake Argos Facebook Page Promises HD TVs ..
Customers of Argos, the popular UK retailer, are warned about a fake Facebook page that scammers use to harvest Facebook "Likes."
According to Hoax Slayer, the bogus Argos page instructs users to "Like" and share the scam, promising them HD TVs.
Of course, no one gets to see any of the promised prizes. Instead, the scammers can make a hefty profit if they trick a large number of users into liking their Facebook page.
That's because they can later sell the page on the black market to other fraudsters who can use it to advertise their shady services and products, or simply to distribute other scams.
Argos is aware of the bogus Facebook page.
Continued : http://news.softpedia.com/news/Fake-Argos-Facebook-Page-Promises-HD-TV-s-in-Exchange-for-Likes-362584.shtml
Love Letter to an NSA Agent