11 total posts
Pentagon remains vulnerable to cyber-attacks
A senior defense official has acknowledged that the US Department of Defense (DoD) is "capability-limited" within the cyber realm.
??Indeed, DARPA Acting Director Kaigham "Ken" J. Gabriel told the Senate Armed Services subcommittee on emerging threats and capabilities that attackers are currently capable of infiltrating DoD networks - putting defense supply chain and physical systems at risk.
"Our approach to cybersecurity is dominated by a strategy that layers security onto a uniform architecture. This approach is not convergent with a growing and evolving threat. That's the defensive picture," Gabriel explained.
"[In terms of] cyber offense, modern warfare demands the effective use of cyber and kinetic means... [Meaning], the tasks required for military purposes are sufficiently different that we cannot simply scale intelligence-based cyber capabilities and adequately serve the needs of DoD."??
According to Gabriel, while DARPA-developed technologies are widely deployed in the military, intelligence and commercial realm, much remains to be done in terms of ensuring security in a world of evolving threats.
Continued : http://www.tgdaily.com/security-features/62262-pentagon-remains-vulnerable-to-cyber-attacks
Also: DARPA: The Pentagon's Cyber Capabilities Are Limited
Mobile Malware: Beware Drive-by Downloads on Your Smartphone
While Jeff Schmidt, the CEO of JAS Global Advisors, was surfing the Web on his new Android smartphone (his first Android phone) earlier this year, what appeared to be an ad popped up on his screen. The "ad" looked like the prompt that appears when his phone rings. He clicked the button on the ad to pick up the putative call, and the ad began downloading a binary file--malware--onto his Android phone. Schmidt had been hit by a drive-by download, a program that automatically installs malicious software on end-users' computers--and increasingly, smartphones--without them knowing.
"I'm a pretty paranoid and sophisticated user," says Schmidt, whose firm provides information security and risk management services. "I didn't think I'd be vulnerable to this sort of thing, but because I wasn't familiar with the user interface, I clicked on the ad. It really surprised me."
Fortunately, Schmidt halted the download when he realized what was going on and caught it before anything bad happened to his phone. He's not sure what the malware would have installed on his phone, but he suspects it could have been some kind of spyware, such as a keystroke logger, or some other application that would turn his computer into a spam-mailing bot or otherwise compromise his security and privacy.
Corrupt call center workers selling private info for pennies
"Corrupt call center workers selling your private information for pennies"
According to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.
Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.
Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).
The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the IT
"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We've been dealing so long we can tell the bank by just the card number."
They claimed to information on mortgages, loans, insurance policies, mobile phone contracts and television subscriptions. Much of the information was "fresh", or less than 72 hours old.
Continued : http://nakedsecurity.sophos.com/2012/03/22/corrupt-call-center-workers-selling-your-private-information-for-pennies/
In Australia, secure your Wi-Fi or face a visit from police
"Police in one Australian state have undertaken a campaign to get people to password-protect their Wi-Fi routers"
If you live in the Australian state of Queensland and have an insecure Wi-Fi router, you may get a visit from the police.
In a bid to raise awareness about cybercrime, police in the northeastern state plan to "wardrive," or cruise the streets, scanning for Wi-Fi routers that are not password protected or use an aging, weak security protocol.
Australian consumers and businesses don't need to worry about a fine: Police just plan distributing information on how they can better secure their routers in their mailboxes.
Wardriving is a term that has been applied to hackers who drive around neighborhoods looking for open Wi-Fi connections. The dangers are well known: a router that is not password protected means traffic exchanged with the router is sent in the clear, which could easily be spied on.
Miscreants could also hop on the insecure network to send spam or conduct other illegal activity online, with the Wi-Fi router's owner on the hook for the activity.
Continued : http://www.itworld.com/security/261356/australia-secure-your-wi-fi-or-face-visit-police
Also: War Driving Project: Australian Police to Secure Wi-Fi Connections
Lawmakers ask app makers for privacy information
Lawmakers sent letters on Thursday requesting information from more than 30 popular iPhone applications developers as part of an inquiry into how software companies collect private consumer data.
Recipients of the letter, including Twitter, Facebook, Foursquare and Path, were asked to provide information about the user data that is collected when consumers download their apps -- and how that data is used.
The letter came after several popular apps, including Path, the social networking tool, were found accessing and uploading address book data from users' iPhones without permission, sparking a massive online controversy last month.
Representatives Henry Waxman and G.K. Butterfield, two Democrats on the House Energy and Commerce Committee, sent the letter to 33 developers that had apps listed under the "iPhone Essential" area, a digital storefront curated by Apple in its App Store. The app makers have until April 12 to respond.
Apple, which was included as a recipient to the most recent letter, has also been tarnished by the scrutiny cast on its app makers; the iPhone and iPad maker has long said it subjects its app developers to a strict review before allowing new products into the App Store.
Continued : http://www.reuters.com/article/2012/03/22/us-privacy-apps-idUSBRE82L18S20120322
Also: US lawmakers demand Apple iPhone app data from Twitter and Facebook
Are you having a (Mac) Flashback?
From the F-Secure Antivirus Research Weblog:
On Monday, I provided steps on how to avoid your Mac being compromised by the Flashback trojan. Today I will provide information on how to locate a Flashback infection.
To better understand the steps below, it is better to also know a bit about Flashback. It's an OS X malware family that modifies the content displayed by web browsers. To achieve this, it interposes functions used by the Mac's browsers. The hijacked functions vary between variants but generally include CFReadStreamRead and CFWriteStreamWrite: [Screenshot]
The webpages that are targeted and changes made are determined based on configurations retrieved from a remote server. The following is an example of configuration data: [Screenshot]
When decoded, you can see the targeted webpage (in red) and the injected contents (in yellow): [Screenshot]
This ability more or less makes it some sort of a backdoor. Because of this, and the fact that the malware initially relied on tricking users by pretending to be a Flash Player installer, it was dubbed Flashback. It has however evolved since then and has started incorporating exploits to spread in recent variants. In all the cases that I've seen, they at least target Google which causes me to believe that it is actually the next evolution of Mac QHost.
Continued : http://www.f-secure.com/weblog/archives/00002336.html
Flash-Based Fake Antivirus Software: Windows Risk Minimizer
From the Symantec Security Response Blog:
Fake antivirus software or "scareware" is nothing new, but these applications continue to get more sophisticated. We recently discovered a relatively new fake antivirus application called Windows Risk Minimizer.
The fake antivirus software was promoted through spam sent from a popular webmail service. This is slightly unusual as normally fake antivirus infections arrive through drive-by exploits. Spam messages promoting the fake antivirus software contained links to compromised domains, which then redirected users to the fake antivirus site. We witnessed over 300 compromised domains being used in just a few hours.
When OK is clicked, a fake scan is carried out. [Screenshot]
The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes. Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names).
Continued : http://www.symantec.com/connect/blogs/flash-based-fake-antivirus-software-windows-risk-minimizer
Facebook Warns Users About Timeline Adware
Facebook issued a video warning to its hundreds of millions of users on Thursday about the dangers of adware programs that lure users with promises of special features.
In a video message from the Facebook Security group, the company said that a growing number of companies are fooling Facebook users into installing add-on software that can cover their Facebook account with adds, result in slower site performance and compromise user security.
The warnings come as online advertisers are looking for ways to capitalize on the Facebook platform and the hours each day that avid users can spend on the giant social network.
In a phenomenon that seems a throwback to the go-go days of the Web, Facebook users are now complaining to the company about their page and Timeline being overrun with noisy, distracting ads that also bog down site performance.
The adware programs may be promoted on the Walls and timelines of Facebook users, but are not part of the site. Instead, most are bundled with browser plugins and toolbars that must be installed on the user's Web browser.
Continued : http://threatpost.com/en_us/blogs/facebook-warns-users-about-timeline-adware-032312
Address spoofing vulnerability discovered in Mobile Safari
.. on iOS 5.1
A security researcher has discovered that it's possible to show the URL of one site while loading another in Mobile Safari, which could trick users into visiting a malicious website. The vulnerability has been reported to Apple, but until the company issues a patch for iOS, users should be extra cautious when clicking unknown links.
"This can be exploited to potentially trick users into supplying sensitive information to a malicious web site," Vieira-Kurz explained, "because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."
Vieira-Kurz developed a proof of concept that causes a new window or tab to open when clicking a specially crafted link. That new window looks as though it is loading Apple's website at apple.com, but it actually loads in an iframe within a page on MajorSecurity's website. The proof of concept doesn't do anything malicious, but the same technique could be used to scrape your AppleID, for instance, or possibly even grab credit card info if you buy something from the Apple Store.
Continued : http://arstechnica.com/apple/news/2012/03/address-spoofing-vulnerability-discovered-in-mobile-safari-on-ios-51.ars