Spyware, Viruses, & Security

Alert

NEWS - October 31, 2013

by Carol~ Forum moderator / October 31, 2013 6:28 AM PDT
Lavabit, Silent Circle Form New Anti-Surveillance Dark Mail Alliance

As the stunning revelations about the NSA's collection methods and capabilities continue to mount, two secure email providers that have shut down their services in recent months have formed a new alliance to develop and deploy a new secure email platform that will be resistant to surveillance and back doors. The Dark Mail Alliance, formed Wednesday by Silent Circle and Lavabit, aims to put together an open protocol and architecture for private email.

Both Lavabit and Silent Circle made the decision this summer to pull the plug on their respective secure email services, for different, but related, reasons. Lavabit, a provider of encrypted private email services, in August said that it would pull the plug on its service. At first the company didn't provide many details on why the decision had been made, but it gradually became clear that Lavabit founder Ladar Levison had decided to shut the service down rather than comply with a government request for access to the master encryption key for the service. Edward Snowden, the NSA whistle blower, was a Lavabit user, and the FBI wanted access to his email, but was also asking for access to other users' accounts. Levison instead shut the service down.

Continued : http://threatpost.com/lavabit-silent-circle-form-new-anti-surveillance-dark-mail-alliance/102757

Related:
Silent Circle and Lavabit launch "DarkMail Alliance" to thwart e-mail spying
Dark Mail Alliance develops surveillance-proof email technology
Silent Circle, Lavabit unite for 'Dark Mail' encrypted email project
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 31, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 31, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
NSA taps cables connecting Google and Yahoo data centers
by Carol~ Forum moderator / October 31, 2013 6:43 AM PDT

The US NSA and its UK counterpart GCHQ have collaborated in tapping the overseas fiber-optic cables used by Google and Yahoo to exchange data stored one their many data centers in the US and abroad, and have been slurping all the information passing through them, says a recent report by The Washington Post.

The operation - dubbed MUSCULAR - was revealed in a document dated Jan. 9, 2013 and shared with the news outlet by NSA whistleblower Edward Snowden.

In it is explained that the GCHQ has directed all the information that passed through those cables to a "buffer", and that every three to five days the NSA would sift through it with custom-built NSA tools and collect data they considered important and helpful.

This data included metadata but also the contents of users accounts, including emails, stored images, search queries, and so on.

Continued : http://www.net-security.org/secworld.php?id=15867

Related:
NSA Eavesdropping on Google and Yahoo Networks
This secret post-it note shows the NSA tapping into Google's data centers
Report: NSA breaks into Yahoo, Google data center links

Collapse -
iOS apps can be hijacked to show fraudulent content...
by Carol~ Forum moderator / October 31, 2013 6:44 AM PDT
.. and intercept data

"Some 10,000 titles in Apple's App Store may be susceptible to redirection hack."

A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday.

Researchers from Israel-based Skycure stumbled on the problem when they observed their own app redirecting to a wrong address. The team soon discovered that they could make many other apps exhibit the same behavior. As a result, apps that display news, stock quotes, social media content, or even some online banking details can be manipulated to display fraudulent information and intercept data sent by the end user. After an app has been tampered with once, it will continue to connect to the hacker-controlled server for an extended period of time, with no outward indication it is doing so. The weakness, dubbed HTTP request hijacking (HRH), is estimated to affect at least 10,000 titles in Apple's App Store.

Continued : http://arstechnica.com/security/2013/10/ios-apps-can-be-hijacked-to-show-fraudulent-content-and-intercept-data/

Related: HTTP 301 Redirections Lead to Trouble for Mobile Apps
Collapse -
Facebook Tests Software to Track Your Cursor on Screen
by Carol~ Forum moderator / October 31, 2013 6:44 AM PDT

Facebook is testing technology that would greatly expand the scope of data that it collects about its users, the head of the company's analytics group said Tuesday.

The social network may start collecting data on minute user interactions with its content, such as how long a user's cursor hovers over a certain part of its website, or whether a user's newsfeed is visible at a given moment on the screen of his or her mobile phone, Facebook analytics chief Ken Rudin said Tuesday during an interview.

Mr. Rudin said the captured information could be added to a data analytics warehouse that is available for use throughout the company for an endless range of purposes-from product development to more precise targeting of advertising.

Facebook collects two kinds of data, demographic and behavioral. The demographic data—such as where a user lives or went to school—documents a user's life beyond the network. The behavioral data—such as one's circle of Facebook friends, or "likes"—is captured in real time on the network itself. The ongoing tests would greatly expand the behavioral data that is collected, according to Mr. Rudin.

Continued : http://blogs.wsj.com/cio/2013/10/30/facebook-considers-vast-increase-in-data-collection/

Collapse -
Rogue Ads in Yahoo! Lead to Sirefef Infection
by Carol~ Forum moderator / October 31, 2013 6:44 AM PDT

From the ThreatTrack Security Labs Blog:

Our researchers in the AV Labs are continuing to see fake software being served on unfamiliar sponsored links or ads found in search results. Recently, we found an ad for a fake browser on Yahoo! after doing a search for "google chrome browser". [Screenshot]

Clicking the first ad we highlighted above leads users to the website, softpack(dot)info/chrome/: [Screenshot]

Below this page are texts that read as follows: [Screenshot]

Text in the box:

"This site distributes software free of charge via WeDownload Manager which is compatible with PCs running Windows XP, Vista 7 or 8. Besides managing the download of your selected software, the download manager with make recommendations for commercial offers that you might be interested in. The additional software may include toolbars, browser add-ons and other types of software applications. You are not required to install any additional software to receive the software you are trying to download. You can completely remove any of the installed programs at any time in Windows Add/Remove programs. More info about the uninstalling can be found here.

Browse, search the internet, check the weather, Facebook or Twitter, read the latest nest, faster and easier, with Ominent Toolbar."


Underlined text:

Continued: http://www.threattracksecurity.com/it-blog/rogue-ads-yahoo-lead-sirefef-infection/

Collapse -
Tricks Dress up as Treats for Cyber-Halloween
by Carol~ Forum moderator / October 31, 2013 6:44 AM PDT

Bitdefender's "HOT for Security" Blog:

From the darkest corners of the Internet, Halloween offers are creeping out in the open to taunt users with jaw-dropping discounts, as reported by Bitdefender labs. Apart from unbelievable dumping prices on costumes, ink, replica watches and designer clothes, this year's offer includes rogue AV and fake surveys. [Screenshot]

Scammers use quite a few buzz word combinations to grab people's attention and make sure their e-mails are open, their malicious attachments accessed and their fake surveys filled in. Spammers offer nothing but top-dollar deals:

Carters: Halloween, Michael Kors Glasses Frames, Glow-in-the-Dark Kids' Slippers
Halloween is almost near
BOO! Halloween is creeping up...shop Rockabye, Merkury Innovations, Oh-So Spooky Collection and more
Unique Halloween Costumes Order Now and Receive by Halloween!
Just in time for Halloween!
Shop Sexy Halloween Costumes
Get ready for Halloween its coming soon
The Halloween Boo-tique is Now Open! Gifts from $14.99
The Ultimate Halloween Costume Store


Continued : http://www.hotforsecurity.com/blog/tricks-dress-up-as-treats-for-cyber-halloween-7262.html

Collapse -
Looking for a last minute Halloween costume? Beware of ..
by Carol~ Forum moderator / October 31, 2013 7:49 AM PDT
.. spooks in your browser!

From the "Malwarebytes Unpacked" Blog:

It's that time of year when people dress up and kids over-indulge in candy. Yes, Halloween is upon us!

Speaking of which, are you still looking for that last-minute perfect costume? There are plenty of online shops where you can select an outfit that will scare your friends half to death.

To stay with our theme, today we are going to dissect a drive-by download that happened while browsing a Halloween online store. [Screenshot]

This legitimate website suffered a malicious code injection, something very common if you are not running the latest version of your favorite CMS software or are using weak passwords.

Malicious code inject

Continued : http://blog.malwarebytes.org/intelligence/2013/10/looking-for-a-last-minute-halloween-costume-beware-of-spooks-in-your-browser/
Collapse -
Scary Code: Top 5 malware that kept researchers up at night
by Carol~ Forum moderator / October 31, 2013 7:52 AM PDT

ESET's "We Live Security" Blog:

Which malicious code would be most frightening if sinister pieces of malware could rise from the dead on Halloween? Well, malware researchers spend all their time working with the creations of people who intend others harm, so you might expect they would be pretty immune to nervousness about the effects of malicious code. And it is true; a lot of us are very jaded about your average malware. Researchers certainly have a sense of the potential danger of the materials we are working with and are appropriately cautious, but there are some threats that are so scary that we will double or triple-check everything to make sure we cannot possibly let it loose somewhere accidentally.

While there are certainly other malware that has been more costly to fix or which spread much more widely, in terms of inconvenience or outright damage the following are the five malware that really give me the creeps:

Continued: http://www.welivesecurity.com/2013/10/31/scary-code-5-malware-that-kept-researchers-up-at-night/

Collapse -
Microsoft may end antivirus updates on XP in April
by Carol~ Forum moderator / October 31, 2013 7:52 AM PDT

Just days after sending a clear message about the trouble awaiting Windows XP users next April when Microsoft ends security updates for the operating system (and for Office 2003), the company is saying that it may also stop delivering antivirus signature updates for Microsoft Security Essentials, their free antimalware product.

A spokesperson issued the following statement:

Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014. Running antivirus on out of support operating systems is not an adequate solution to help protect against threats. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape. In addition, Microsoft recommends best practices to protect your PC such as: 1) running up to date antivirus, 2) regularly applying security updates for all software installed, and 3) using modern software that has advanced security technologies and is supported with regular security updates.

Continued : http://www.zdnet.com/microsoft-may-end-antivirus-updates-on-xp-in-april-7000022645/

Related: Microsoft security research paint bleak picture for XP users

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.