Spyware, Viruses, & Security forum


NEWS - March 20, 2013

by Carol~ Forum moderator / March 19, 2013 11:29 PM PDT
iOS 6.1.3 fixes passcode bypass and other holes

Apple has released iOS 6.1.3 for iPhone (3GS and later), iPad (2nd generation and later) and iPod touch (4th generation and later) devices. The company says that the update offers improvements as well as bug fixes - including code to fix the vulnerability that has been publicly known for over a month and which allowed potential attackers to bypass the code lock in order to access the telephone app, contacts and photos.

According to the security details Apple has released on iOS 6.1.3, the update closes holes that allowed users to execute unsigned code and determine the address of structures in the kernel and allowed users to change permissions on arbitrary files. According to reports, the update corrects at least one hole that is being exploited by the evasi0n jailbreak.

Apple says that iOS 6.1.3 also improves the map material for Japan. Whether the changes go beyond the new additions that have been integrated on the server side remains unclear. At present, the update appears to only be available for direct installation on devices via Wi-Fi networks, and not via mobile networks. The size of the iPhone 5 update is 18MB. iOS 6.1.3 (build 10B329) is being released gradually on different devices; it may not yet be available everywhere.

Continued : http://www.h-online.com/security/news/item/iOS-6-1-3-fixes-passcode-bypass-and-other-holes-1826343.html

iOS passcode bug squashed once again with iOS 6.1.3 release
Apple iOS 6.1.3 Fixes Evasion Jailbreak Bug, WebKit Flaw
iOS 6.1.3 Update Fixes Lock-Screen Glitch
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 20, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 20, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
South Korean TV Networks, Banks Under Suspect Cyber Attack
by Carol~ Forum moderator / March 20, 2013 1:03 AM PDT
In reply to: NEWS - March 20, 2013

The South Korean military raised its cyber attack warning level Wednesday after computer networks crashed at major TV broadcasters and banks, with initial suspicions focused on North Korea.

The state-run Korea Internet Security Agency said computer networks at three TV broadcasters -- KBS, MBC and YTN -- as well as the Shinhan and Nonghyup banks had been "partially or entirely crippled".

LG Uplus, an Internet service provider, also reported a network crash. An investigator from the specialist cyber wing of the national police agency said the shutdown appeared to have been triggered by a "virus or malicious code", suggesting a concerted hacking operation.

There was no immediate confirmation of who or what was behind the multiple shutdown, which occurred around 2:00 pm (0500 GMT), but the main finger of suspicion is likely to point at Pyongyang.

Wednesday's crash came days after North Korea accused South Korea and the United States of being behind a "persistent and intensive" hacking assault that took a number of its official websites offline for nearly two days.

Continued : http://www.securityweek.com/south-korean-tv-networks-banks-under-suspect-cyber-attack

South Korea: Attacks on the networks of TV broadcasters and banks
South Korean organizations under cyber attack
South Korean TV and banks paralysed in disk-wipe cyber-blitz

Collapse -
Brian Krebs: The Obscurest Epoch is Today
by Carol~ Forum moderator / March 20, 2013 1:04 AM PDT
In reply to: NEWS - March 20, 2013

""History is much decried; it is a tissue of errors, we are told, no doubt correctly; and rival historians expose each other's blunders with gratification. Yet the worst historian has a clearer view of the period he studies than the best of us can hope to form of that in which we live. The obscurest epoch is to-day; and that for a thousand reasons of incohate tendency, conflicting report, and sheer mass and multiplicity of experience; but chiefly, perhaps, by reason of an insidious shifting of landmarks." - Robert Louis Stevenson"

To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I've helped to uncover about those affiliated with the site will come to light. For now, however, I'm content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.

I state upfront that the information in this piece is certainly not the whole story (most news reporting is, at best, a snapshot in time, a first rough draft of history). While the clues I've uncovered thus far point to the role of a single individual, this person is likely part of a larger group involved in hacking and SWATing activity.

Continued : https://krebsonsecurity.com/2013/03/the-obscurest-epoch-is-today/#more-19478

Related :
Same hacker may have targeted Ars, reporter Krebs, and Wired's Honan
Details on the denial of service attack that targeted Ars Technica
Xbox Live accounts hack performed by attackers that hit Krebs and Honan?

Related to:
Brian Krebs tells Ars about hacked 911 call that sent SWAT team to his house
Brian Krebs: The World Has No Room For Cowards

Collapse -
Google Serves Up a Half Slice of Pwnium Cash for Pinkie Pie
by Carol~ Forum moderator / March 20, 2013 1:04 AM PDT
In reply to: NEWS - March 20, 2013

Depending upon your perspective, the third iteration of Google Pwnium at this year's CanSecWest conference was either a mild failure or a huge success. No researchers were able to come up with a full compromise of the Chrome OS, the target in this year's contest, but Google said this week that it did receive a partial qualifying entry from one researcher and awarded him $40,000 for his efforts.

Google first ran the Pwnium contest at last year's CanSecWest conference and received a pair of winning entries, each of which qualified for a $60,000 reward. That contest focused on the Chrome browser. This time around Google was interested in bugs in its Chrome OS, which runs on Chromebook laptops. The company was offering more than $3 million in possible rewards for new vulnerabilities in the oeprating system.

By the end of the contest two weeks ago, Google hadn't received any full winning entries. However, an anonymous researcher known as Pinkie Pie, who had submitted winning entries in each of the previous two Pwnium contests, including one at Hack in the Box last fall, was working on an exploit when time ran out. He demonstrated a partial exploit that worked on several bugs he had discovered, so Google's security team decided to give him a partial payout for his efforts.

Continued : https://threatpost.com/en_us/blogs/google-serves-half-slice-pwnium-cash-pinkie-pie-031913

Also: ChromeOS was unreliably exploited at Pwnium 2013

Collapse -
Massive Chameleon botnet steals $6M a month from advertisers
by Carol~ Forum moderator / March 20, 2013 2:16 AM PDT
In reply to: NEWS - March 20, 2013

Web traffic analytics firm spider.io has discovered a massive botnet that emulates human visitors in order to earn its master(s) over $6 million per month from online advertisers.

Dubbed Chameleon, the botnet numbers over 120,000 hosts located in the US, running Microsoft Windows and accessing the Web through a Flash-enabled Trident-based browser that executes JavaScript.

"Chameleon is a sophisticated botnet," the researchers shared. "Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions."

The company has been tracking the botnet since last December, searching for specific patterns typical of this bot activity, such as crashing and restarting regularly, targeting a specific cluster of 202 websites, simulating the visitation of a number of web pages across a number of websites, and so on.

Continued : http://www.net-security.org/secworld.php?id=14620

Chameleons, botnets and click fraud
Chameleon botnet steals millions from advertisers with fake mouseclicks
Chameleon botnet grabbed $6m A MONTH from online ad-slingers

Collapse -
Exposed Devices Used as Botnet to Scan Internet
by Carol~ Forum moderator / March 20, 2013 2:16 AM PDT
In reply to: NEWS - March 20, 2013

A controversial Internet scanning project has come under fire for illegally accessing and running code on remote machines. The Internet Census 2012 project, revealed Sunday in a post to Seclists.org, discovered 420,000 embedded devices accessible using default credentials. The unnamed researcher behind the project then used the devices as a botnet to scan most of the IPv4 address space.

Although the researcher said in a paper that no changes were made to any of the devices and all were returned to their original state after a reboot, the project is drawing the ire of the security community.

"While the Internet Census 2012 provides interesting data, the way it was collated is highly illegal in most countries," said Mark Schloesser, security researcher at Rapid7 in a statement. "Using insecure configurations and default passwords to gain access to remote devices and run code on them is unethical, and taking precautions to not interfere with any normal operation of the devices being used doesn't make it OK."

Rapid7 CSO and Metasploit creator HD Moore's Critical.io project is a similar large-scale scan of the Internet looking for vulnerabilities in equipment provided by ISPs to customers. Out of this legitimate data-collection project came the exposure of serious Universal Plug and Play (UPnP) vulnerabilities affecting 50 million systems.

Continued : https://threatpost.com/en_us/blogs/exposed-devices-used-botnet-scan-internet-032013

Botnet uses hacked devices to scan the internet
Researcher sets up illegal 420,000 node botnet for IPv4 internet ma

Collapse -
High-End Digital Cameras can Forward Pictures to Attackers
by Carol~ Forum moderator / March 20, 2013 2:50 AM PDT
In reply to: NEWS - March 20, 2013

From Bitdefenders' "HOTforSecurity" blog:

High-end DSLR cameras come with a multitude of features for sharing pictures, but do they really reveal the contents only to their owners? According to security researchers Daniel Mende and Pascal Turbing, digital cameras such as the Canon EOS 1DX can be manipulated to take pictures and upload them without the user's explicit consent.

This particular camera model comes with a built-in server called WFT (Wireless File Transmitter) that can be accessed via a regular browser. It allows the user to control "major functions of the camera," such as getting preview pictures, taking pictures and downloading them on a location the camera has access to.

Access to the server is conditioned by a combination of usernames and password, but its implementation is far from secure.

"On the first visit the web server asks for the credentials configured on the camera via HTTP Basic Auth. The Basic Auth is only performed once and a session id is used afterwards," reads the report. "Now one could complain about not using HTTPS and the authentication being HTTP Basic and not Digest, so a Man-in-the-Middle can sniff either the credentials or the used session id. But in reality its worse, you don't need to be in the data stream, as the session id is just 4 bytes long and containing hex characters." This means that an attacker can get in by brute-forcing 65536 different ids.

Continued : http://www.hotforsecurity.com/blog/high-end-digital-cameras-can-forward-pictures-to-attackers-5696.html

Collapse -
Meet the men who spy on women through their webcams
by Carol~ Forum moderator / March 20, 2013 2:51 AM PDT
In reply to: NEWS - March 20, 2013

"The Remote Administration Tool is the revolver of the Internet's Wild West."

"See! That shit keeps popping up on my fucking computer!" says a blond woman as she leans back on a couch, bottle-feeding a baby on her lap.

The woman is visible from thousands of miles away on a hacker's computer. The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun. He enters a series of shock and pornographic websites and watches them appear on the woman's computer.

The woman is startled. "Did it scare you?" she asks someone off camera. A young man steps into the webcam frame. "Yes," he says. Both stare at the computer in horrified fascination. A picture of old naked men appears in their Web browser, then vanishes as a McAfee security product blocks a "dangerous site."

"I think someone hacked into our computer," says the young man.

Far away, the hacker opens his "Fun Manager" control panel, which provides a host of tools for messing with his RAT victims. He can hide their Windows "Start" button or the taskbar or the clock or the desktop, badly confusing many casual Windows users. He can have their computer speak to them. Instead, he settles for popping open the remote computer's optical drive.

Continued : http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/

Hat tip to R. Proffitt!

Collapse -
Android Malware Spams Victim's Contacts
by Carol~ Forum moderator / March 20, 2013 2:51 AM PDT
In reply to: NEWS - March 20, 2013

From the Symantec Security Response Blog:

SMS messages attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes are circulating in Japan. This type of spam is usually sent by the malware authors themselves, but in this case the authors have developed an app to send the spam messages by SMS to phone numbers stored in the device's Contacts. This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. If a friend is recommending an app, why would you not at least try it out, right? [Screenshot]

The site where the link takes the user to introduces an app called Infrared X-Ray that supposedly allows the user to see through clothes when viewed through the device's camera and of course also allows pictures to be taken. [Screenshot]

Once the app is executed, details stored in the device's Contacts are uploaded to a predetermined server. Not surprisingly, the app does not work as per advertised and a picture of man holding up his middle finger stating that the victim is a pervert is displayed. [Screenshot]

Continued : http://www.symantec.com/connect/blogs/android-malware-spams-victim-s-contacts

Collapse -
The end of MSN Messenger, the beginning of attacks
by Carol~ Forum moderator / March 20, 2013 2:51 AM PDT
In reply to: NEWS - March 20, 2013

From the Kaspersky Labs Weblog:

Microsoft recently announced the shutdown of its popular IM client MSN Messenger, which will be replaced by Skype, but its end represents the beginning of malicious attacks posing as the installer of the software. Cybercriminals already started to use this fact in their attacks, registering malicious domains, buying sponsored links on search engines, tricking users to download and install a malware masquerade as the MSN installer.

MSN Messenger is still very popular in several countries; Microsoft informed that the service has more than 100 million users worldwide, approximately 30.5 million of them in Brazil. As an escalated migration of all users is planned, it's getting harder to find the installer of the program and this is the window of opportunity exploited by Brazilian cybercriminals aiming to infect users looking for the software.

In a simple search on Google for "MSN messenger" the first result displayed is sponsored link of a malicious domain aiming to distribute the fake installer, which is actually a Trojan banker: [Screenshot]

Continued : http://www.securelist.com/en/blog/208194178/The_end_of_MSN_Messenger_the_beginning_of_attacks

Collapse -
Dubious Developers Cash In On Candy Crush
by Carol~ Forum moderator / March 20, 2013 6:30 AM PDT
In reply to: NEWS - March 20, 2013

From the Trendlabs Security Intelligence Blog:

As expected, shady developers are now taking advantage of Candy Crush, one of the hottest gaming apps in both social networks and Android.

Recently, Candy Crush grabbed the top spot from FarmVille 2 as the most popular gaming app on Facebook. This boost in popularity, however, has its perils. In particular, Candy Crush's popularity made it the perfect target for dubious developers and cybercriminals who want to lure and profit from fans of the game - similar to what happened with other popular mobile apps and games like Instagram, Bad Piggies, and Temple Run in the past.

In a development that surprised no one, we discovered fake Candy Crush apps online, proving that cybercriminals are indeed hoping to capitalize on the game's current trending status. These apps contain code for the Leadbolt and Airpush ad networks; apps containing said code were some of the most prevalent found last year. (We detect these as ANDROIDOS_LEADBLT.HRY and ANDROIDOS_AIRPUSH.HRXV.) [Screenshot]

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/dubious-developers-cash-in-on-candy-crush/

Collapse -
Android Banking Trojans Target Italy and Thailand
by Carol~ Forum moderator / March 20, 2013 6:31 AM PDT
In reply to: NEWS - March 20, 2013

From McAfee Labs Blog:

A very profitable line for mobile malware developers is Android banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as South Korea and India. We have already seen this type of malware posing as mobile applications from banks in Spain and Portugal. Now a new threat distributed via phishing links targets users of banks in Italy and Thailand using the following icons: [Screenshot]

When the malware runs, it asks the user to input a password and confirm it. If the passwords do not match, the app will show an error message: [Screenshot]

However, unlike Android/FakeToken, this malware does not send the password to the attacker via the Internet or SMS. Instead, it sends an SMS to a specific number in Russia with the text "Ya TuT Happy " ("I am here," in Russian) or "init" the first time that the application is executed. If the passwords match, the application shows the traditional fake security token seen in other families of Android banking Trojans: [Screenshot]

Continued: http://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand

Collapse -
UK Metropolitan Police Warns Elderly Citizens About Courier.
by Carol~ Forum moderator / March 20, 2013 6:31 AM PDT
In reply to: NEWS - March 20, 2013
.. Fraud

Today, March 20, has been appointed by the UK Metropolitan Police Service (MPS) as the Courier Fraud Awareness Day. Activities are being carried out to raise awareness regarding these scams which, in two years' time, have made over 2,200 victims, most of which elderly citizens.

Since January 2011, authorities have arrested 130 fraudsters and have charged 93. Two of them, brothers, have been sentenced to over 10 years in prison after stealing almost 250,000 GPB ($390,000 / 292.000 EUR) from over 200 victims.

So how do these scams work?

The fraudster calls up the victims pretending to be from the police, the bank or the Serious Fraud Office. He tells them that their bank accounts have been compromised and informs them that their payment cards must be collected.

To make everything more legitimate-sounding, the crooks instruct the victim to hang up and call the police or the bank to verify everything. However, the caller doesn't hang up the phone so, after the victim dials the number of the legitimate organization, he/she is talking to the same fraudster.

Continued : http://news.softpedia.com/news/UK-Metropolitan-Police-Warns-Elderly-Citizens-About-Courier-Fraud-338941.shtml
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.