Spyware, Viruses, & Security forum

Alert

NEWS - October 07, 2013

by Carol~ Forum moderator / October 7, 2013 1:32 AM PDT
How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

Bruce Schneier @ his Schneier on Security Blog:

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identifies Tor users on the Internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation.

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the Internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

Continued : https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

Tor/NSA Related:
Tor, the NSA, and the government's internal debate over online anonymity
NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show
Report: NSA unmasking Tor users

NSA using Firefox flaw to snoop on Tor users
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 07, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 07, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gmail misidentifies Adobe password reset message as spam
by Carol~ Forum moderator / October 7, 2013 1:47 AM PDT

On Thursday, Adobe announced that hackers had broken into its systems, stealing some of its source code and stealing information on some 2.9 million customers.

Adobe's security team said that it was contacting customers via email to tell them how they can change their passwords, as well as sending letters to those who had credit card information exposed.

It's somewhat disappointing then to discover that Gmail, one of the world's most popular webmail providers, is mistakenly blocking Adobe's warning as spam.

Here's how the message, sent by Adobe Customer Care with the subject line "Important Password Reset Information", appears in Gmail's spam folder. [Screenshot]

Google has added the (incorrect) warning that users should be cautious of the email:

Be careful with this message. Similar messages have been used to steal people's personal information. Unless you trust the sender, don't click on links or reply with personal information.

Continued: http://grahamcluley.com/2013/10/gmail-adobe-password-reset-spam/

Collapse -
LA students get iPads, crack firewall, play games
by Carol~ Forum moderator / October 7, 2013 1:47 AM PDT

Education officials in the nation's second-largest school district are working to reboot a $1 billion plan to put an iPad in the hands of each of their 650,000 students after an embarrassing glitch emerged when the first round of tablets went out.

Instead of solving math problems or doing English homework, as administrators envisioned, more than 300 Los Angeles Unified School District students promptly cracked the security settings and started tweeting, posting to Facebook and playing video games.

"'Temple Run.' 'Subway Surfing.' Oh, and some car racing game I can't remember the name of," said freshman Stephany Romero, laughing as she described the games she saw fellow Roosevelt High School students playing in class last week.

That incident, and related problems, had both critics and supporters questioning this week whether LAUSD officials were being hasty or overreaching in their attempt to distribute an iPad to every student and teacher at the district's more than 1,000 campuses by next year.

"It doesn't seem like there was much planning that went into this strategy," said Renee Hobbs, director of the Harrington School of Communication and Media at the University of Rhode Island. "That's where the debacle began."

Continued: http://news.yahoo.com/la-students-ipads-crack-firewall-play-games-135158700.html

Collapse -
Kuluoz Voicemail Spam Drops Signed Certificate Winwebsec
by Carol~ Forum moderator / October 7, 2013 1:48 AM PDT

From the ThreatTrack Security Labs:

Kuluoz Malware has been causing problems this past week, with fake WhatsApp email messages leading to various forms of mobile infection. Over the last day or so, our Labs have noticed a shift into other realms - namely, Fake AV.

Whenever we see Kuluoz, it is typically using compromised boxes to host payloads - and those payloads are usually Winwebsec and Medfos. Fake emails are the name of the game, and as you can see the run the full range of wedding invites, airline spam, DHL / Fedex notifications and more besides.

In this case, we begin with the now familiar WhatsApp spam email messages: [Screenshot]

Instead of links taking end-users to malicious mobile downloads, they'll be taken to a .biz.ua URL offering up a Kuluoz.B executable file which will download WinWebSec onto the target PC. Winwebsec has been signed by a valid cert, which is increasingly becoming a problem where Malware is concerned. The Winwebsec variant is fairly recent, dating from mid to late August.

Continued: http://www.threattracksecurity.com/it-blog/kuluoz-voicemail-spam-drops-signed-certificate-winwebsec/

Collapse -
Card not present scams soar despite clampdown on bank fraud
by Carol~ Forum moderator / October 7, 2013 1:48 AM PDT

Better fraud detection and swifter action on phishing sites contributed to online banking losses falling by a fifth during the first half of 2013, according to figures from banking sector body Financial Fraud Action UK.

Online fraud cost against UK institutions cost the industry £17.1 million ($27 million, a 21 percent drop compared to the same period in 2012, almost matching a 22 percent drop in telephone banking fraud to £5.2 million over the same period.

"This is due to enhanced processes for intelligence-sharing across the banks, as well as better online security tools and greater awareness amongst consumers," said the FFA. Under police direction, service providers had also improved their efficiency at taking down the phishing sites used to steal bank credentials, which had fallen by 87 percent compared to 2012 the organisation said.

But despite this, overall UK 'plastic fraud' rose to £216.1 million, a fairly sharp year-on-year 17 percent rise; so what are the new trouble spots?

Continued : http://news.techworld.com/security/3472289/card-not-present-scams-soar-despite-clampdown-on-online-bank-fraud/

Collapse -
Vulnerable and aggressive adware threatening millions
by Carol~ Forum moderator / October 7, 2013 1:48 AM PDT

FireEye discovered a new mobile threat from a popular ad library that no other antivirus or security vendor has reported publicly before. Mobile ad libraries are third-party software included by host apps in order to display ads. Because this library's functionality and vulnerabilities can be used to conduct large-scale attacks on millions of users, we refer to it anonymously by the code name "Vulna" rather than revealing its identity.

We have analyzed all Android apps with over one million downloads on Google Play, and we found that over 1.8% of these apps used Vulna. These affected apps have been downloaded more than 200 million times in total.

Though it is widely known that ad libraries present privacy risks such as collecting device identifiers (IMEI, IMSI, etc.) and location information, Vulna presents far more severe security issues. First, Vulna is aggressive - if instructed by its server, it will collect sensitive information such as text messages, phone call history, and contacts. It also performs dangerous operations such as executing dynamically downloaded code. Second, Vulna contains a number of diverse vulnerabilities.

Continued : http://www.net-security.org/malware_news.php?id=2606

Collapse -
Adobe Flash Player replacement "Shumway" lands in Firefox 27
by Carol~ Forum moderator / October 7, 2013 6:02 AM PDT

Death knell for Adobe Flash Player?

Mozilla has taken one giant step closer to making Adobe's Flash Player a thing of the past with the inclusion of their own HTML5 Flash Player called "Shumway".

Shumway landed in Firefox 27 nightly, which has yet to make the Aurora branch, and according to our own tests, even though Shumway can be loaded (it's disabled by default) it's in a "pretty much unusable state" right now.

Adobe Flash Player has a long history of being plagued with bugs, and many users opt not to install it at all; so being able to play Flash without the normal player is a big step forward for security, as well as on mobile devices which don't support Flash natively.

Shumway is a HTML5 technology experiment that explores building a faithful and efficient renderer for the SWF file format without native code assistance. Shumway is community-driven and supported by Mozilla. Their goal is to create a general-purpose, web standards-based platform for parsing and rendering SWFs. Full integration with Firefox is a possibility if the experiment proves successful.

Continued: http://www.neowin.net/news/adobe-flash-player-replacement-shumway-lands-in-firefox-27

Related: Shumway, Mozilla's HTML5-Based Flash Player Replacement, Lands In Firefox Nightly

Collapse -
Router Flaw Could Disclose Sensitive Configuration,
by Carol~ Forum moderator / October 7, 2013 6:03 AM PDT
.. Password Information

Taiwanese electronics company Asus has released an update for one of its routers that corrects an authentication bypass vulnerability discovered in the devices over the summer.

The vulnerability is in Asus' RT-N10E brand of routers, sold primarily throughout Europe, China and South America.

According to a note on Carnegie Mellon's CERT Vulnerability Notes Database late Friday, the problem is that once an attacker gains access to the device, they can make their way to a certain website and learn the device configuration without entering log-in credentials.

The site, http: //RouterIPAddress/qis/QIS_finish[.]htm, bills itself as the most comprehensive Router Database and is commonly used by end users to research router information and settings worldwide.

The vulnerability (CVE-2013-3610) allows attackers to view information - including the device's administrator password - that should only be viewable to authenticated users, by being on the local area network.

Continued: http://threatpost.com/router-flaw-could-disclose-sensitive-configuration-password-information/102532

See Vulnerabilities / Fixes : ASUS RT-N10E Wireless Router "QIS_finish.htm" Information
Collapse -
Blackhole exploit kit author reportedly arrested, changes..
by Carol~ Forum moderator / October 7, 2013 6:03 AM PDT
... already noticeable

From the "Malwarebytes Unpacked" Blog:

Blackhole is one of the most popular crimeware toolkits serving browser-based exploits from compromised or malicious websites. Their end goal is to deliver malware (ransomware, banking trojans etc) onto unsuspecting visitors.

A few hours ago, a tweet from Maarten Boone, a security researcher at Fox-IT, a Dutch security firm didn't go unnoticed: [Screenshot]

The news very quickly spread across social network that Paunch, the guy behind the infamous Blackhole exploit kit, had been arrested.

While there has not been an official statement released yet, we have observed some corroborating events in the wild.

crypt.am a service used to encrypt the exploit kit is down: [Screenshot]

Continued: http://blog.malwarebytes.org/whats-in-the-news/2013/10/blackhole-exploit-kit-author-reportedly-arrested-changes-already-noticeable/

Related:
Paunch, the author of Blackhole Exploit kit arrested in Russia
BlackHole Exploit Kit Author Reportedly Arrested in Russia
Collapse -
PureVPN WAS Hacked, But is NOT Closing
by Carol~ Forum moderator / October 7, 2013 6:03 AM PDT

Ever since the extent of government surveillance of the internet became known through the Snowden leaks, public and commercial interest in virtual private networks (VPNs) to both bypass internet blockades and provide user privacy has escalated.

One VPN that has experienced 'phenomenal growth' in recent months is Hong Kong-based PureVPN. Over the weekend, however, some customers received an email purporting to come from the founder, Uzair Gadit: "I'm sorry to inform you that due to an incident we had to close your account permanently. We are no longer able to run an anonymization service due to legal issues we are facing."

It was a bit reminiscent of Ladar Levison's announcement that he was closing down Lavabit - but this message went further, warning that PureVPN had handed over full user details (presumably to the law enforcement agency causing the incident), and that it could not refund any money because its bank account had been frozen.

Continued: http://www.infosecurity-magazine.com/view/34909/purevpn-was-hacked-but-is-not-closing/

Related: VPN provider hacked, fake emails scare customers

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.