Spyware, Viruses, & Security forum


NEWS - May 07, 2013

by Carol~ Forum moderator / May 7, 2013 3:47 AM PDT
Amid a barrage of password breaches, "honeywords" to the rescue

"Decoy passwords would trigger alarms that account credentials are compromised."

Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.

The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardized—including LivingSocial, dating site Zoosk, Evernote, Twitter, LinkedIn, and eHarmony to name just a few from the past year. Because these dummy accounts don't belong to legitimate users of the service and are normally never accessed, they can be used to send a warning to site administrators when attackers are able to log in to them. The new, complementary honeyword measure—proposed in a research paper (pdf) titled "Honeywords: Making Password-Cracking Detectable—was devised by RSA Labs researcher Ari Juels and MIT cryptography professor Ronald Rivest, the latter who is the "R" in the RSA cryptography scheme.

Continued : http://arstechnica.com/security/2013/05/amid-a-barrage-of-password-breaches-honeywords-to-the-rescue/

"Honeywords" plan to snare password thieves
Sweet Password Security Strategy: Honeywords
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 07, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 07, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fake Flash player on DropBox
by Carol~ Forum moderator / May 7, 2013 5:14 AM PDT
In reply to: NEWS - May 07, 2013

From the Zscaler Research Blog:

Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash updates:

hxxp://kivancoldu.com/, redirects to hxxp://click-videox.com/ [Screenshot: http://kivancoldu.com on 05/02/2013]

hxxp://fastcekim.com/, redirects to hxxp://click-videox.com/
• hxxp://kivanctatlitug.tk/ d(down)
[Screenshot: hxxp://kivanctatlitug.tk/]

The fake warning at the top of the page alternates between English and Turkish.

What is interesting is that the malicious executables are actually hosted in a DropBox account and have not been taken down since they were found about seven days ago. I have spotted two different executables so far:

• FlashPlayer.sfx.exe (detected by only 2 of 46 AV vendors)
• Videonuizle.exe (detected by 5 of 46 AV vendors)

These two files have similar behavior. They disable all Windows features: UAC, Firewall, AV, Safe Boot, etc. The malware then drops variants of the Sality virus, some of which have a good detection rate amongst AV vendors.

Continued : http://research.zscaler.com/2013/05/fake-flash-player-on-dropbox.html

Collapse -
Step Forward with Malwarebytes Secure Backup
by Carol~ Forum moderator / May 7, 2013 5:15 AM PDT
In reply to: NEWS - May 07, 2013

From the Malwarebytes Blog:

Computer security can be exhausting when you consider all the updates and scans you know you should do every day. Keeping all your data safe - not to mention website blocking, external security (keeping your password safe and your computer locked) and, of course, backing up important files in case you are actually infected with some new strain of malware or your hard drive crashes - is a tough job. Luckily, Malwarebytes has just released a tool that will alleviate some of these concerns and help you stave off some of these headaches. Malwarebytes Secure Backup, our newest malware security tool, not only helps keep your files safe with regular backups to either secure cloud storage or local storage but also makes sure that you do not back up any malware by scanning every file that you back up.

Malwarebytes Secure Backup

• Eliminates worrying about lost files
• Remembers to back up when you don't
• Removes the threat of saving or spreading infected files
• Uses backup technology named "The top-rated backup solution" by PC Magazine
• Automatically scans your important files for malware even if you forget to run your usual antivirus/anti-malware scan on your system. It is a malware "fail-safe."

The Threat

Continued : http://blog.malwarebytes.org/news/2013/05/step-forward-with-malwarebytes-secure-backup/

Malwarebytes backup service prevents malware uploads
Malwarebytes adds antivirus scanning to cloud backup software

Collapse -
Twitter's Password Fails
by Carol~ Forum moderator / May 7, 2013 5:16 AM PDT
In reply to: NEWS - May 07, 2013

From the F-Secure Antivirus Research Weblog:

Let's say you want to hack Jack Dorsey's online banking account. Where to start? His username?

Challenging... his online banking username is a secret. But how about his Twitter account?

Oh, that's easy. It's @jack.

That's the problem with "social" usernames — they're meant to be known. [Screenshot

Another problem, Twitter appears to validate e-mail addresses: [Screenshot]

Continued : http://www.f-secure.com/weblog/archives/00002550.html

Collapse -
Researchers Hack Building Control System at Google Australia
by Carol~ Forum moderator / May 7, 2013 5:16 AM PDT
In reply to: NEWS - May 07, 2013


Read enough stories about security vulnerabilities in industrial control systems and the statistics in them start to blur.

Tens of thousands of control systems connected to the internet, dozens of hardcoded passwords that can't be changed, untold numbers of backdoors embedded in systems by vendors that hackers can use to remotely control them — these are just a sampling of the problems uncovered by researchers in the last three years.

But statistics like these come into sharp focus when a company like Google is in the crosshairs.

Two security researchers recently found that they could easily hack the building management system for the corporate giant's Wharf 7 office overlooking the water in the Pyrmont section of Sydney, Australia.

Google Australia uses a building management system that's built on the Tridium Niagara AX platform, a platform that has been shown to have serious security vulnerabilities. Although Tridium has released a patch for the system, Google's control system was not patched, which allowed the researchers to obtain the administrative password for it ("anyonesguess") and access control panels.

Continued : http://www.wired.com/threatlevel/2013/05/googles-control-system-hacked/

Google left heating, cooling system open to hackers
Australian Google office building hacked
Researchers hack Google Australia headquarters building

Collapse -
D.C. Media Sites Found Hacked, Serving Fake AV
by Carol~ Forum moderator / May 7, 2013 5:45 AM PDT
In reply to: NEWS - May 07, 2013

Websites operated by media outlets in the Washington D.C. area were the targets of widespread hacks this week, with web sites for two major radio stations among those found serving up malicious links that installed fake antivirus software on victims' machines.

Researchers at two security firms, Invincea and zScaler, identified compromises on the web sites of the two stations - WTOP, the D.C. areas largest FM station, and a sister site, FedNewsRadio, 1500 AM, which caters to government employees. The compromises were part of a string of almost identical attacks that redirected visitors to the web sites that push malicious software to victims' machines. Only visitors using versions of Microsoft's Internet Explorer web browser were targeted with the attack, zScaler said.

In a related post, researchers at Invincea said the attacks were similar to one they had investigated a breach at dvorak.org, a web site operated by technology blogger John Dvorak. That attack likely was the result of a compromise of WordPress, or a WordPress plugin. It is not known whether the other web sites also used WordPress, a common blogging and content management platform.

Continued : https://securityledger.com/d-c-media-sites-found-hacked-serving-fake-av/

U.S. media sites compromised, lead to malware
Compromised US Media Sites Used to Distribute ZeroAccess, Fake AV Malware

Collapse -
Hackers gain access to all .edu domains
by Carol~ Forum moderator / May 7, 2013 5:45 AM PDT
In reply to: NEWS - May 07, 2013

The hacker collective "Hack the Planet" (HTP) has claimed responsibility for an attack on MIT (Massachusetts Institute of Technology) computer systems in late January, in which it claims to have briefly taken control of the university's domain, redirected email traffic, and obtained administrator access to all .edu domains. HTP also claims to have compromised web servers for other sites, including security tool Nmap, network security service Sucuri, IT security company Trend Micro, and network analysis tool Wireshark.

Some of the hacks made use of a zero-day exploit, which the group has now taken the opportunity to disclose, against a vulnerability in the MoinMoin wiki system. Hack the Planet has also released information about an exploit against web servers running ColdFusion 9 or 10. The group claims to have used a variant of this exploit for their April attack on hosting company Linode.

Continued : http://www.h-online.com/security/news/item/Hackers-gain-access-to-all-edu-domains-1858471.html

Collapse -
Yahoo Mail Blocked by Browsers in Malvertising Chain Reactio
by Carol~ Forum moderator / May 7, 2013 10:28 AM PDT
In reply to: NEWS - May 07, 2013

From Bitdefenders' "HOTforSecurity" blog:

If you tried to access Yahoo mail today, chances are that you saw at least once the Safe Browsing dialog instead of your inbox, as one of the advertisers showing banners on Yahoo has started serving malicious content. [Screenshot]

The malicious ads started showing up earlier this morning, when ad pusher eqads.com got blocked by Google Safe Browsing. A closer look into the incident revealed that the eqads.com site is redirecting to a number of malicious domains, including 11lalervo.info (registered yesterday) and skiajkax.sytes.net.

Both domains have been briefly available and served Java and PDF exploits via crimeware kits.

Since it is unknown for how long the advertiser has been compromised to load malicious contents from third-party websites, you should perform a 60-second QuickScan to see if you have been infected.

Continued : http://www.hotforsecurity.com/blog/yahoo-mail-blocked-by-browsers-in-malvertising-chain-reaction-6124.html

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Big screens for the big game

Still looking for the best TV deals ahead of Sunday's game? Here are our top three big screen picks.