12 total posts
Dear hacker: Please help us eavesdrop on our customers
"Saudi telecom seeks help monitoring encrypted Twitter data according to e-mails"
Mobily, a Saudi Arabian telecommunications company with 4.8 million subscribers, is working on a way to intercept encrypted data sent over the Internet by Twitter, Viber, and other mobile apps, a security researcher said Monday.
Moxie Marlinspike, the pseudonymous cryptographer who has identified several security bugs in the secure sockets layer protocol used to protect website transactions, said he learned of the project after receiving an e-mail from company officials. Carrying the subject line "Solution for monitoring encrypted data on telecom," it said the project was required by "the regulator." Marlinspike believed this meant the government of Saudi Arabia. In follow-up e-mails, the Mobily officials said they were looking for ways to bypass the protections built into the SSL and Transport Layer Security protocols so telecom workers could monitor messages spreading terrorism.
"One of the design documents that they volunteered specifically called out compelling a [certificate authority] in the jurisdiction of the UAE or Saudi Arabia to produce SSL certificates that they could use for interception," Marlinspike wrote in a blog post. "A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities."
Continued : http://arstechnica.com/security/2013/05/dear-hacker-please-help-us-eavesdrop-on-our-customers/
Related: Moxie Marlinspike >> Blog >> A Saudi Arabia Telecom's Surveillance Pitch
Telecom fraud - phishing and Trojans combined
From the Kaspersky Lab Weblog:
In China telecom fraud has become an increasingly common crime. Last year there were more than 170,000 telecom fraud cases, causing the loss of over $12.5 billion. The fraudsters usually call their victims and trick them into transferring cash to a criminal gang via an ATM. But recently a new breed of telecom fraud, which combines phishing sites and backdoor Trojans, has emerged.
Last week the police from the Dongcheng sub-branch of Beijing's Public Security Bureau asked us to help investigate a telecom fraud case. The victim was defrauded of $100,000. After our investigation, the fraudsters' tactics were laid bare.
So how does the scam work? How was the victim deceived?
First you get a call from a 'public prosecutor' saying that you are implicated in a financial crime and you must help with the investigation. Of course, you deny everything, but the 'public prosecutor' advises you to check if you are listed in an official database as a suspected criminal. To do this, they tell you to visit the "Supreme Procuratorate's" website, which is, of course, a phishing site: [Screenshot]
Next they will ask you to check if you are really listed as a criminal by checking your information in the "online finance crime database". This database, of course, is highly confidential and can only be accessed after downloading and running a "plugin": [Screenshot]
That alleged plugin is, in fact, a customized teamviewer application: [Screenshot]
Continued : http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_combined
Android malware continues to rise
The first quarter of 2013 was marked by firsts for Android malware that add complexity to the Android threat landscape.
According to F-Secure Labs, January through March saw the first Android threat distribution outside of apps via email spam, the first targeted Android attacks, and the first Android advanced fee fraud scam. Additionally, examples of increased commoditization of Android malware surfaced.
The number of new mobile threat families and variants continued to rise by 49 percent from the previous quarter, from 100 to 149. 136, or 91.3% of these were Android and 13, or 8.7% Symbian. Q1 2013 numbers are more than double that of a year ago in Q1 2012, when 61 new families and variants were discovered.
The new Android techniques are a cause for concern, says Sean Sullivan, Security Advisor at F-Secure Labs. "I'll put it this way: Until now, I haven't worried about my mother with her Android because she's not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone."
Continued : http://www.net-security.org/malware_news.php?id=2492
@ F-Secure: F-Secure Labs Webinar: Mobile Threat Report Q1 2013
Dorkbot Malware Infects Facebook Users; Spies Browser ..
... Activities and Grabs Data
A new variant of the Dorkbot malware infects Facebook users worldwide, spreading from one friend to another through the social network's internal chat. The Bitdefender Labs have caught and blocked the worm, which is capable of spying on users' browsing activities and stealing their personal details. The malware family mainly circulates in the US, India, Portugal, the UK, Germany, Turkey and Romania.
The Dorkbot malware poses as a "jpg" image but is actually an executable file. As an IRC bot, the malware is easily coordinated by the attackers from a control and command server. Besides stealing usernames and passwords, the botmaster may also order other malware downloads.
A variant similar to the one currently spreading was detected by the antivirus company two years ago. Like other malware, Backdoor.IRCBot.Dorkbot can update itself once installed on the victim's computer.
Continued : http://www.hotforsecurity.com/blog/dorkbot-malware-infects-facebook-users-spies-browser-activities-and-grabs-data-6165.html
Meet the Con Man Who Pulled Off a Federal Sting That Cost..
... Google $500 Million
Meet the career con man who made a fortune selling illegal pharmaceuticals online—and pulled off a federal sting that forced Google to pay $500 million
On February 25, 2009, a then 34-year-old career con man named David Anthony Whitaker left the Wyatt Detention Facility in Central Falls, Rhode Island, and slid into the backseat of an unmarked government car. He was dressed in traditional prison garb—khaki pants, brown shirt, handcuffs, leg irons. A federal agent sat beside him. A second car followed to make sure nobody trailed them or attempted an ambush. Not that anyone expected trouble. This was merely standard procedure when transporting a government cooperator.
That's what Whitaker was now: a cooperator. It felt surreal. One year ago he was in Mexico, living the most fulfilling life he'd ever known in his chaotic, troubled years on the planet. He had been bringing in obscene amounts of money by selling black-market steroids and human growth hormone online. He had a multimillion-dollar apartment in a country club in Guadalajara. He had a cabin in the mountain town of Mazamitla. He had lots of cars—an orange 4Runner, a BMW, a Jeep. He'd even funded the construction of a local hospital. Sure, he had to live under an alias and was on the run from US Secret Service agents who were trying to nail him for a long-standing multicount fraud complaint. But he had a lawyer on retainer, and at least the local cops were easy to pay off.
Continued : http://www.wired.com/threatlevel/2013/05/google-pharma-whitaker-sting/all/
Skype with care - Microsoft is reading everything you write
Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.
A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:
Continued : http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html
Microsoft fixes two critical IE security flaws, including
... 'nuke' zero-day
Microsoft has dished out 10 security patches, which will fix a total of 33 vulnerabilities. In all, two of the bulletins will resolve 'critical' security flaws.
Included in the patches are eight important updates for Windows, Office, Lync, the .NET Framework, and Windows Essentials, which are hitting the usual update channels today, such as Windows and Microsoft Update.
Bulletin 1 (MS13-037) patches 11 privately reported vulnerabilities in all versions of Internet Explorer 6 and above, including for Windows 8 devices and Windows RT-based tablets. The most severe vulnerability would allow hackers to install malware on an affected machine through a specially-crafted webpage. Microsoft said lower user permissions would mitigate the damage caused by such malware.
Bulletin 2 (MS13-038) relates to the recent "nuke-bug" flaw in Internet Explorer 8, which was discovered earlier this month.
The "watering hole" attacks were aimed at federal government employees at the U.S. Department of Labor and U.S. Department of Energy — the latter focuses on nuclear weapons research and testing. The DOL's website was compromised to direct visitors to a malware-ridden site, which triggered a drive-by download to install the Poison Ivy Trojan. The malware is linked to a hacker group based in China.
Also: Microsoft fixes 33 vulnerabilities
Firefox now logs your browser's start up time, run time,
Firefox now logs your browser's start up time, run time, number of crashes, and sends the data to Mozilla
Mozilla on Tuesday announced the release of Firefox 21. In the changelog, the company included an interesting point that's worth elaborating on: "Preliminary implementation of Firefox Health Report."
Those with a sharp memory will remember that Firefox Health Report (FHR) was first announced back in September 2012 and described as a new feature that sends data back to the company in order to help it "build a more excellent browser." In addition to prioritizing development, Mozilla also said FHR would help it "improve performance, fix problems and let users see how their browsing experience compares against other instances of Firefox."
We predicted that the feature would eventually hit the stable version of the browser in Firefox 19 or maybe even Firefox 20. We were off by a version number, and even then, this is only an early version of FHR.
Continued : http://thenextweb.com/insider/2013/05/14/firefox-now-logs-your-browsers-start-up-time-run-time-number-of-crashes-and-sends-the-data-to-mozilla/
It seems like no matter what we do or where we go , we get tracked. Now even when I go into my settings in Firefox and check the box that say's "Tell websites I do not want to be tracked", Firefox is sill tracking me ? What do we have to do? Always use a Live Cd ?.