Spyware, Viruses, & Security forum

Alert

NEWS - October 03, 2013

by Carol~ Forum moderator / October 3, 2013 1:30 AM PDT
Feds Take Down Online Fraud Bazaar 'Silk Road', Arrest Alleged Mastermind

Prosecutors in New York today said that federal agencies have taken over the Silk Road, a sprawling underground Web site that has earned infamy as the "eBay of drugs." On Tuesday, federal agents in San Francisco arrested the Silk Road's alleged mastermind. Prosecutors say 29-year-old Ross William Ulbricht, a.k.a "Dread Pirate Roberts" (DPR), will be charged with a range of criminal violations, including conspiracy to commit drug trafficking, and money laundering.

The Silk Road is an online black market that as late as last month was hosting nearly 13,000 sales listings for controlled substances, including marijuana, LSD, heroin, cocaine, methamphetamine and ecstasy. Much like eBay sellers, merchants on the Silk Road are evaluated by previous buyers, who are encouraged to leave feedback about the quality of the seller's goods and services. [Screenshot]

The Silk Road is not available via the regular Internet. Rather, it is only reachable via the Tor network, an anonymity network that bounces its users communications across a distributed network of relays run by volunteers all around the world.

Continued: http://krebsonsecurity.com/2013/10/feds-take-down-online-fraud-bazaar-silk-road-arrest-alleged-mastermind/

Also:
FBI: Silk Road mastermind couldn't even keep himself anonymous online
FBI Takes Down Billion-Dollar Silk Road Online Drug and Hacking Marketplace
Silk Road closed down by the FBI, alleged founder identified and arrested
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 03, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 03, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Yahoo admits its bug bounty goof, and stops offering ..
by Carol~ Forum moderator / October 3, 2013 2:15 AM PDT
.. free t-shirts

For a while there I thought there had been so much bad news for Yahoo recently, that it ran the risk of wrestling the security dumbo award from its normal home in the tight grip of the Oracle Java team.

Leaving aside the absurd debacle of its recycled email address scheme, and its CEO not thinking that having a passcode on her smartphone might be a good idea, they found themselves in the firing line for their "Find a bug in Yahoo Mail and we'll give you $12.50 to buy one of our lousy t-shirts" slap-in-the-face for vulnerability researchers.

However, Yahoo appears to be trying to mend some of the damage.

In a self-effacing blog post entitled "So I'm the guy who sent the t-shirt out as a thank you", Ramses Martinez, a director for Yahoo Paranoids (one assumes that's the cutesy name for Yahoo's security department) described the new bounty programme. [Screesnshot]

Continued : http://grahamcluley.com/2013/10/yahoo-bug-bounty/

Related:
Yahoo! Finds! Cash! Behind! Sofa! For! Proper! Bug! Bounties!
Yahoo Promises Rewards of up to $15K / €11K for Reporting Vulnerabilities
Yahoo abandons T-shirt rewards for vulnerability information
Collapse -
Bruce Schneier: The battle for power on the Internet
by Carol~ Forum moderator / October 3, 2013 2:15 AM PDT

Bruce Schneier gives us a glimpse of the future of the internet, and shares some of the context we should keep in mind, and the insights we need to understand, as we prepare for it. [VIDEO]

http://www.net-security.org/secworld.php?id=15699

* * * * * * * * * *

Losing The Future: Schneier On How The Internet Could Kill Democracy

With his deep background in both cryptography and Internet security, Bruce Schneier is of the most thoughtful commentators on all matters cyber. So revered is he, that he even inspired a list of humorous Chuck Norris-style "Bruce Schneier" facts .

In recent months, Bruce has been an invaluable sounding board amid the drip-drip-drip of details of ubiquitous government surveillance stemming from Edward Snowden's leak of classified intelligence on NSA spying and cyber operations.

In this video, from a recent speech Bruce did at the TEDxCambridge event up here in the Boston area, he goes a bit deeper: drawing out the current trend lines like hacktivism, Facebook- and Twitter-fueled popular revolutions, civil war and mass surveillance, and trying to discern what the future might look like.

Continued : https://securityledger.com/2013/10/losing-the-future-schneier-on-how-the-internet-could-kill-democracy/

Collapse -
Ad Plus instead of AdBlock Plus
by Carol~ Forum moderator / October 3, 2013 3:46 AM PDT

From the Kaspersky Lab Weblog:

This is one of those scenarios where the user looks for protection but only finds problems. Sergio de los Santos, a friend of mine, has shared with me a link to a false App that pretends to be AdBlock Plus, the well-known and useful application that many users have in their web browsers. At the time of its download, the application was active in Google Play and all who downloaded it, instead of the App blocking non-desired ads on their web browser, received the exact opposite- more ads and more problems related to data privacy. [Screenshot]

I say this because at analyzing its code, one could notice that it is in fact an Adware. Kaspersky Anti-Virus detects it as HEUR:AdWare.AndroidOS.Starsys.b

But what exactly does this malicious application do once installed on the victim's device? The answer is it does many things, among which are:

android.permission.READ_LOGS (reads the archive logs of your device, which include sensitive personal data of the user)
android.permission.BLUETOOTH (interacts with the bluetooth confirguration with the capacity to alter it and allow incoming connections from other devices that are within the protocol's reach)
android.permission.INTERNET (provides applications necessary access to the Internet)
android.permission.RECEIVE_SMS (interacts with SMS messages, reads them and could even delete them without the victim's consent)
android.permission.READ_CONTACTS (has access to all of the contacts in your agenda)

Continued:http://www.securelist.com/en/blog/208214071/Ad_Plus_instead_of_AdBlock_Plus

Collapse -
R.I.P. Microsoft Points Scams (Hopefully)
by Carol~ Forum moderator / October 3, 2013 3:48 AM PDT

From ThreatTrack Security Labs:

Here's a scam you probably won't be seeing much of in future.

We've written about Xbox point generators many times in the past - sometimes they're survey scams, other times they're executables or phish attempts. In all cases, they claim to offer up free Microsoft Points (the virtual currency of choice for Microsoft, paid for with real money) in return for following steps A to Z with a side order of shenanigans running throughout. Typical example: [Screenshot]

End-users would hand over some personal information / sign up to a ringtone service / some other terrible thing in return for "free points", except they would never ever receive any. Free points scams have been a mainstay of the survey scam boom, and have always managed to draw in fresh marks in search of something for nothing.

Well, Microsoft recently started to bring the axe down on said virtual currency which means scams such as the ones mentioned here are going to end up rather Dodo-ish in the near future. While I get the shovel and think of a fitting tribute, let's take a look at....

Continued : http://www.threattracksecurity.com/it-blog/r-p-microsoft-points-scams-hopefully/

Collapse -
1Password 4 for Mac brings upgraded security and Wi-Fi sync
by Carol~ Forum moderator / October 3, 2013 6:24 AM PDT

"AgileBits aims to prevent "attacks that haven't even been dreamt of yet." "

AgileBits today released 1Password 4 on the Mac App Store, a major upgrade to one of the best-known password management applications.

The application has a new design and various features aimed at making it easier to use, such as a menu bar utility. It also brings back Wi-Fi Sync, which lets users sync password data from a Mac to an iOS device without storing their encrypted keychain in Dropbox or iCloud.

AgileBits described security improvements including a new keychain design with 256-bit AES encryption keys and data integrity checks that increase resistance to tampering. The design "forestalls many attacks that haven't even been dreamt of yet," AgileBits said. 1Password 4 development was helped along by 20,000 beta testers.

Continued: http://arstechnica.com/information-technology/2013/10/1password-4-for-mac-brings-upgraded-security-and-wi-fi-sync/

Related: 1Password 4 for Mac released

Collapse -
McAfee research shows sharp rise in malware signed with..
by Carol~ Forum moderator / October 3, 2013 6:24 AM PDT
.. legitimate digital certificates

McAfee research indicates that a steep rise in the amount of malware signed with legitimate digital certificates — not forged or stolen ones — is a growing threat that raises the question whether there should be some kind of "certificate reputation services" or other method to stop certificate abuse.

Malware signed with legitimate certificates has soared since 2010 when roughly 1.3% of a sample set was found signed that way, according to McAfee. This roughly doubled to 2.9% in 2011, then rose to 6.6% in 2012. Though the rate is slightly lower so far this year, the total amount of certificate abuse continues to grow because the amount of new malware roughly doubles every year.

Speaking at the company's annual user conference, David Marcus, director of advanced research and threat intelligence, said McAfee Labs also found that legitimately signed Android malware, almost non-existent in 2010, grew to be about 7% of all Android malware in 2012 and today constitutes 24%.

Continued: http://www.networkworld.com/news/2013/100313-mcafee-malware-274481.html
Collapse -
How the feds took down the Dread Pirate Roberts
by Carol~ Forum moderator / October 3, 2013 6:24 AM PDT

[Related to the first post "Feds Take Down Online Fraud Bazaar 'Silk Road', Arrest Alleged Mastermind"]

The Dread Pirate Roberts, head of the most brazen drug trafficking site in the world, was a walking contradiction. Though the government says he raked in $80 million in commissions from running Silk Road, he allegedly lived under a false name in one bedroom of a San Francisco home that he shared with two other guys and for which he paid $1,000 a month in cash. Though his alleged alter ego penned manifestos about ending "violence, coercion, and all forms of force," the FBI claims that he tried to arrange a hit on someone who had blackmailed him. And though he ran a site widely assumed to be under investigation by some of the most powerful agencies in the US government, the Dread Pirate Robert appears to have been remarkably sloppy—so sloppy that the government finally put a name to the peg leg: Ross William Ulbricht.

Yesterday, Ulbricht left his apartment to visit the Glen Park branch of the San Francisco Public Library in the southern part of the city. Library staff did not recognize him as a regular library patron, but they thought nothing of his visit as he set up his laptop in the science fiction section of the stacks. Then, at 3:15pm, staffers heard a "crashing sound" from the sci-fi collection and went to investigate, worried that a patron had fallen......

Continued : http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.