9 total posts
The Perfect Hardware Spy Tool for $35 Plus Change
A new computer espionage tool built on the $35 Raspberry Pi microcomputer has been detailed in a presentation (pdf) at this year's BlackHat conference in Amsterdam. This highly-advanced hardware keylogger is small enough to fit into a laptop docking station and powerful enough to intercept keystrokes, sniff network traffic, take screenshots, and more.
The Raspberry PI is a credit card-sized computer with a 700 MHz ARM processor rigged with 512 MB of RAM - enough to run its own operating system - and is equipped with two USB ports, an Ethernet connection, HDMI and an array of general-purpose ports.
As detailed in the presentation by Andy Davis, the Dell docking station for Latitude E series of laptops provide enough room to cram the Raspberry PI microcomputer along with the cables and, possibly, with a 3G modem that will be used to siphon stolen data. This approach ensures the rogue network traffic does not get detected or blocked in the company network. Screenshots and unauthorized video camera captures can be recorded on a third device such as Videoghost, although this will add some $150 extra to expenses.
Continued : http://www.hotforsecurity.com/blog/the-perfect-hardware-spy-tool-for-35-plus-change-5680.html
Huawei 3G/4G USB sticks put users' security at risk
At the Black Hat Europe conference that is currently in progress, Russian security expert Nikita Tarakanov has presented the results of his analysis of the driver software that Huawei ships with its 3G/4G USB sticks. According to the researcher, the various components - drivers, configuration software, update mechanisms - are all of insufficient quality.
The central update server was identified as a massive attack vector by Tarakanov: the Huawei software installs an application and driver auto-update component on every computer. The researcher said that the service in question will contact a server in the Netherlands and query it for updates every 15 minutes. Apparently, the web server is still running on Microsoft's outdated Internet Information Server (IIS) version 6.0, which is part of Windows Server 2003. Tarakanov pointed out that whoever hacked that machine could infect millions of computers worldwide with malicious software.
After the presentation, three Huawei representatives who had listened eagerly in the first row of the auditorium, written everything down and frantically taken pictures of every presentation slide with a tablet PC told The H's associates at heise Security that they had assumed the update server's security was adequate. Tarakanov didn't give the manufacturer any advance notice of his discoveries.
Continued : http://www.h-online.com/security/news/item/Huawei-3G-4G-USB-sticks-put-users-security-at-risk-1823894.html
Huawei 3G and 4G Modems Leave Consumers Exposed, Researcher Says
3G and 4G USB modems are a security threat, researcher says
'NotCompatible' Android malware rears its ugly head, again
The "NotCompatible" malware, designed to infect Android devices and turn them into unwitting Web proxies, is suddenly showing a sharp uptick in activity, according to mobile security vendor Lookout.
The malware is essentially a simple network proxy, which pretends to be a system update in order to get unwitting users to install it. The idea seems to be gaining access to protected networks through victims' infected Android devices. It was named for its apparent command-and-control server, at notcompatibleapp.eu.
Last weekend saw the number of detections for NotCompatible rise to 20,000 per day as of last Sunday and Monday, wrote researcher Tim Strazzere, who said that the malware had been largely dormant since it was discovered in May 2012.
But while the initial discovery saw the malware being installed by hacked websites, the latest wave of NotCompatible is being spread by email spam. The usual subject line is "hot news," and the infected messages appear to contain links to fake weight-loss articles.
Continued : http://news.techworld.com/security/3435519/notcompatible-android-malware-rears-its-ugly-head-again/
Bank of America on Short List of Scammers' Spam Lures
The dust has barely set on the Bank of America security breach, and crooks unleashed a series of aggressive spam campaigns that include the Bank of America in the title as bait.
In the context of a security breach, the name of the bank was used to catch customers' attention, infect them with malware, have them type in sensitive data or entice them into sending money in advance for a service they will never receive.
"Online Banking Passcode Modified" invites people to click a link to reset their online banking passcode. The same template and con is entirely recycled from a similar attack in November 2012. This new spamvertised malware campaign attempts to get Bank of America customers to click a link to a webpage associated with the Redkit Exploit Kit - a crimeware tool that exploits vulnerabilities in browsers and plugins to silently infect victims' PCs. [Screenshot]
Continued : http://www.hotforsecurity.com/blog/bank-of-america-on-short-list-of-scammers-spam-lures-5668.html
Java Code, Details Released for Potential Sandbox Bypass .
Additional details and code demonstrating a possible security vulnerability in Java were released this morning by a Polish security research company, bringing to a head a three-week long debate between the researcher and Oracle over whether the issue is indeed a vulnerability or an allowed behavior in Java.
Adam Gowdiak of Security Explorations has been back and forth with Oracle since Feb. 25 over the lack of a security check in a certain Java operation that when combined with another vulnerability discovered by the firm can result in a complete Java sandbox bypass.
Oracle has refused to confirm the issue is a security vulnerability and told Gowdiak that it continues to investigate. A request for comment from Oracle was not returned by the time of publication. Gowdiak said he sent Oracle detailed information on Feb. 25 about two vulnerabilities he calls Issue 54 and 55, along with source and binaries for proof of concept code. Oracle confirmed Issue 55 as a vulnerability, but said 54 is an "allowed behavior."
"Security Explorations believes that three weeks (from Feb. 25 to March 18) constitutes enough time for a major software vendor to be able to deliver a final confirmation or denial of a reported security issue," he wrote in a PDF linked to from Full Disclosure.
Continued : https://threatpost.com/en_us/blogs/java-bug-code-details-released-allowed-behavior-issue-031813
AT&T Hacker 'Weev' Sentenced to 3.5 Years in Prison
A hacker charged with federal crimes for obtaining the personal data of more than 100,000 iPad owners from AT&T's publicly accessible website was sentenced on Monday to 41 months in prison followed by three years of supervised release.
The judge handed down the sentence following a minor skirmish in the courtroom when the defendant, Andrew Auernheimer, aka Weev, was pinned and cuffed. Auernheimer was reportedly asked to hand the court a mobile phone he had with him during the hearing, and after handing it to his defense attorney instead, court agents cuffed him.
Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty last November in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization after he and a colleague created a program to collect information on iPad owners that had been exposed by a security hole in AT&T's web site.
The two essentially wrote a program to send Get requests to the web site.
Continued : http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/
Grey-hat gets 41 months in prison for exposing iPad user's privates
Andrew Auernheimer AKA "The AT&T Hacker" Sentenced To 41 Months In Prison, 3 Years Probation And Restitution Of $73K
US hacker gets 41 months prison for AT&T email extraction
Express Shipment Notification emails contain malware
Have you received an email with the subject line "Express Shipment Notification"?
If so, be on your guard - you could be at risk of infecting your Windows computers.
Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users.
Here is what a typical example of an email spammed out in the attack looks like: [Screenshot]
Tracking Notification: 449762627
Custom Reference: 594078O440
Tracking Number: XFLNH94244
Pickup Date: Mon, 18 Mar 2013 12:39:03 +0100
Mon, 18 Mar 2013 12:39:03 +0100 - Processing complete successfully
Refer to attached report for full details.
Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form "DHL reportXXXXXX.zip" (where the 'X's are a random code).
Continued : http://nakedsecurity.sophos.com/2013/03/18/express-shipment-notification-emails-malware/