NEWS - August 13, 2013

Bitcoin Transactions on Android Vulnerable to Theft

Bitcoin wallets on the Android platform are vulnerable to theft after a vulnerability was discovered that could allow an attacker to guess a private key used to secure transactions involving the virtual currency.

A post to a Bitcoin forum over the weekend pointed to a report of one address having 55.8 Bitcoins stolen. As of this morning, one Bitcoin was worth $104.52 according to an online Bitcoin exchange calculator.

"All private keys generated on Android phones/tablets are weak and some signatures have been observed to have colliding R values, allowing the private key to be solved and money to be stolen," said developer Mike Hearn who wrote an alert on a Bitcoin development mailing list.

The vulnerability is in the Android implementation of the Java SecureRandom random number generator. An alert on urges users to rotate their keys and generate new addresses with a repaired random number generator and then send your Bitcoin funds back to yourself.

Continued :

All Android-created Bitcoin wallets vulnerable to theft
Bitcoin wallets created on Android devices at risk of theft
Android random number flaw implicated in Bitcoin theftsAndroid bug batters Bitcoin wallets
Discussion is locked
Reply to: NEWS - August 13, 2013
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - August 13, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
The Pirate Bay's new censorship-dodging browser 'not secure'

The Pirate Bay has released a bundle of add-ons to help people search for and access bits of the internet that governments and ISPs have locked away. The only hitch is: despite the fact that it contains a Tor client, security experts have said that it doesn't completely anonymise internet traffic.

This has raised concerns about users' security.

PirateBrowser, released in celebration of the torrent site's 10th birthday - and with a bunch of torrent sites already bookmarked, natch - is based on Firefox Portable and comes bundled with proxy-management toolset Foxyproxy and the Tor client Vidalia.

In its FAQ, The Pirate Bay says:

Does it [allow me to] surf the net anonymously?

No, while it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about.

If you are looking for something more secure you may want to try a VPN like PrivacyIO.

Security experts have complained that The Pirate Bay failed to adhere to Tor security protocols, with one observer claiming the new browser was "unsafe".

Continued :

The Pirate Bay launched its own PirateBrowser last week. Here's how it works
PirateBrowser Beats Blockades, Doesn't Make You Invisible to NSA
The Pirate Bay releases censorship-thwarting browser
The Pirate Bay releases 'PirateBrowser' to circumvent censorship

- Collapse -
Simple Hack Threatens Outdated Joomla Sites

If you run a site powered by the Joomla content management system and haven't yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors.

The patch released on July 31, 2013 applies to Joomla 2.5.13 and earlier 2.5.x versions, as well as Joomla 3.1.4 and earlier 3.x versions. Joomla credits discovery of the bug to Web security firm Versafe, which says a simple exploit targeting the vulnerability is already in use. Joomla versions 2.5.14 and 3.1.5. fix a serious bug that allows unprivileged users to upload arbitrary .PHP files just by adding a "." (period) to the end of PHP filenames.

For 2.5.x and 3.x versions of Joomla, it is possible for anyone with access to the media manager to upload and execute arbitrary code simply by appending a period to the end of the file name they would like to run. For sites powered by unsupported versions of Joomla (1.5.x, and a cursory Google search indicates that there are tens of thousands of these 1.5.x sites currently online), attackers do not even need to have an account on the Joomla server for this hack to work.

Continued :

- Collapse -
Do You Own A Website? Now Would Be A Good Time to Patch It

"Malwarebytes Unpacked" Blog:

If you run your own website - but not Blogger and other free ones - chances are it is powered by one of the two most common Content Management Systems (CMS) on the planet: WordPress and Joomla!.

There are very active campaigns making the rounds right now targeting these two platforms. A botnet comprised of nearly 25,000 infected computers is attacking login pages by performing 'brute-force attacks'.

The Fort Disco botnet tries tens of thousands username/password combinations until a match is found. Once logged in, the bad guys use your website to host phishing, spam or even malware.

At the same time, a critical security flaw has been discovered in Joomla! where an attacker could easily upload a backdoor by simply adding a '.' at the end of the file name.

Continued :

- Collapse -
Adoption of antivirus software on mobile devices remains low

Consumer adoption and willingness to pay for antivirus software on mobile devices is low, according to Gartner. Gartner believes that high consumer use of personal mobile devices for work purposes means security providers have an opportunity to assist enterprise BYOD initiatives.

"The use of personal devices at work matches high-enterprise demand for solutions to the BYOD security problem," said Ruggero Contu, research director at Gartner. "This presents providers of both consumer and enterprise endpoint security products with an opportunity to enforce security to private devices and potentially expand their footprint into the consumer space. Consequently, product managers at consumer security providers need to adopt strategies that allow consumer security use on personal devices in the enterprise workplace."


Also: Consumers still reluctant to spend on mobile security, says Gartner

- Collapse -
Cybercriminals "saving up" wave of Windows XP attacks for..
... when Microsoft stops support

ESET's "We Live Security" Blog:

Cybercriminals will unleash a wave of "zero-day" vulnerabilities to attack Windows XP machines after April 8, 2014, a security expert has claimed. Microsoft will stop releasing security updates for the OS on that date.

Criminals will "sit on" such vulnerabilities until that date to make more money from their exploits, according to Jason Fossen of security training company SANS.

At present, vulnerabilities are patched by Microsoft. After April, only companies paying for custom support will be protected - and up to a third of organizations are expected to still use Windows XP machines.

"The average price on the black market for a Windows XP exploit is $50,000 to $150,000 - a relatively low price that reflects Microsoft's response," said Fossen, speaking to ComputerWorld.

Continued :
- Collapse -
Dalai Lama's Website Hacked And It's Infecting Computers
Expert: Dalai Lama's Website Has Been Hacked And It's Infecting People's Computers

A prominent computer security firm has warned that the Dalai Lama's Chinese-language website has been compromised with malicious software that is infecting computers of visitors with software that could be used for spying on its visitors.

Kaspersky Lab researcher Kurt Baumgartner told Reuters that he is advising web surfers to stay away from the Chinese-language site of the Central Tibetan Administration's site until the organization fixes the bug.

He said he believes the group behind the campaign was also behind previous breaches on the site that have gone unreported as well as attacks on websites belonging to groups that focus on human rights in Asia.

Continued :

@ Kaspersky Labs: Watering-Hole Attack Compromises Key Tibetan Site
- Collapse -
New York Times attackers use updated Trojans in new campaign

The Chinese group blamed for an infamous attack on the New York Times last January appears to be on the move again using updated versions of its two favourite Trojan families, researchers at FireEye have reported.

In May, the firm noticed that two important backdoors, APT.Aumlib and APT.Ixeshe had been updated, the first of which had not received modification since May 2011, the latter since December 2011.

As their APT (Advanced Persistent Threat) monikers imply, these are pieces of malware used to compromise targets before further payloads are called. They are specially written to attack specific organisations and are the frontline of what might politely be called state-sponsored malware, in this case of Chinese origin.

Continued :

Related: They're ba-ack: Hacker gang that infiltrated NYT for months returns

- Collapse -
NSA Increasing Security by Firing 90% of Its Sysadmins
Bruce Schneier @ his "Schneier on Security" Blog:

General Keith Alexander thinks he can improve security by automating sysadmin duties such that 90% of them can be fired:

Using technology to automate much of the work now done by employees and contractors would make the NSA's networks "more defensible and more secure," as well as faster, he said at the conference, in which he did not mention Snowden by name.

Does anyone know a sysadmin anywhere who believes it's possible to automate 90% of his job? Or who thinks any such automation will actually improve security?

He's stuck. Computerized systems require trusted people to administer them. And any agency with all that computing power is going to need thousands of sysadmins. Some of them are going to be whistleblowers.

Leaking secret information is the civil disobedience of our age. Alexander has to get used to it.

NSA cutting 90% of sysadmin jobs to beef up security
NSA gets burned by a sysadmin, decides to burn 90% of its sysadmins
NSA sysadmins to be replaced with computers
- Collapse -
Crypto experts blast German e-mail providers' "secure data..
.. "secure data storage" claim

GPG developer calls move a "great marketing stunt at exactly the right time."In the wake of the shutdown of two secure e-mail providers in the United States, three major German e-mail providers have banded together to say that they're stepping forward to fill the gap. There's just one problem: the three companies only provide security for e-mail in transit (in the form of SMTP TLS) and not actual secure data storage.

GMX, T-Online (a division of Deutsche Telekom), and - which serve two-thirds of German e-mail users - announced on Friday that data would be stored in Germany and the initiative would "automatically encrypt data over all transmission paths and offer peace of mind that data are handled in compliance with German data privacy laws." Starting immediately, users who use these e-mail services in-browser will have SMTP TLS enabled, and starting next year, these three e-mail providers will refuse to send all e-mails that do not have it enabled.

"Germans are deeply unsettled by the latest reports on the potential interception of communication data," said Rene Obermann, CEO of Deutsche Telekom, in a statement. "Our initiative is designed to counteract this concern and make e-mail communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity."

- Collapse -
Kevin Bacon has his Twitter hacked - 6 degrees leads to ..
.. something phishy

Online criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star's hundreds of thousands of followers.

Bacon, who is probably almost as well known for the "Six degrees of Kevin Bacon" trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.

Did anyone see this? She is way too young for that - [Screenshot]

If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit. do (not to be confused with bit. ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page. [Screenshot]

Continued :
- Collapse -
Google Announces Big Increase For Bug Bounty Rewards

Google has yet again stepped its vulnerability hunting game up, saying bug bounty rewards will be increased by as much as five times.

The tech titan also revealed it has now handed out more than $2 million (£1.3m) in bug bounties, across its Chromium, Google Web and Pwnium rewards.

Bug bounty boost

"Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a 5x increase in reward level! We'll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity," said Google's "masters of coin" and security rewards leads Chris Evans and Adam Mein.

Continued :

After Paying $2M in Rewards, Google Multiplies Some Bug Bounties Five Times
Google Celebrates $2 Million in Bug Rewards, Increases Bounty for Chromium Flaws
Google bumps up security bounties for Chromium

- Collapse -
Android antivirus products compared

"[UPDATED] Independent test lab AV-Test compared 30 Android antivirus products. There are some winners and some serious failures. But do you really need any of them?"

Independent test lab AV-Test has completed a comparison of 30 antivirus products for Android. The comparison included:
[List of 30 Antivirus Products]

All 30 products were tested in July, 2013 on Android 4.2.2. The products scanned 1972 malware samples. 7 of the products detected 100% of the samples. 16 more detected 98% or better. The real problems came for these products:

• AegisLab Antivirus Premium 63.6%
• Bornaria Mobile Security 84.6%
• SPAMfighter VIRUSfighter Android 68.0%
• Zoner Mobile Security 63.6%

The average detection rate for all products was 95.2% and the median was 99.2%

AV-Test checked for 3 broadly-defined performance metrics:

1 - The app does not impact the battery life
2 - The app does not slow down the device during normal usage
3 - The app does not generate too much traffic

Continued :

- Collapse -
New Mobile Malware Taps Ad Networks To Spread

It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices.

Palo Alto described the new, malicious mobile software, dubbed "Dplug," in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according to Wade Williamson, a senior security researcher at Palo Alto.

Continued :

- Collapse -
Russian Site Serves Fake Talking Tom Cat Game

ThreatTrack Security Labs:

One of our threat researchers in the AV Labs found the dubious Russian website, game-talking-tom-cat(dot)ru, serving up fake Talking Tom Cat games for mobile devices that were purported to run on Android, Java and Symbian.

Outfit7, the Cyprus-based mobile application maker of the Talking Friends collection of mobile apps, released Talking Tom Cat in 2010. This app is capable of repeating words users say to the cat. Users can also interact with the character: stroking the touch screen of the mobile device strokes the cat's head and tapping heavily on the screen knocks back the cat.

Talking Tom Cat is a free game app and can also be downloaded from third-party app sites, such as Softonic. However, we advise you, dear Reader, not to visit nor click links related to game-talking-tom-cat(dot)ru, as this is one supposed site we don't want you going to. [Screenshot]

Note that the links to the fake site above all direct to various Google Docs pages where the supposed files were made available for download: [Screenshot]

Continued :

- Collapse -
Report: Google Play Store Infested With Adware

"In study of 8,000 apps on Google Play, nearly 2,000 are flagged as adware, ZScaler says"

The Google Play market, where most Android users go to safely download applications, is infested with adware, according to a study published last week.

In a blog posted Thursday, Zscaler posted the results of a study of 8,000 applications offered on Google Play. Of those 8,000 apps, more than 1,845 were flagged as adware, the blog states.

"This is a big number," the blog states. "Most of the applications were flagged by AV vendors due to their excessive inclusion of ads and deceptive practices for delivering them, including altering device settings."

The Zscaler blog suggests that there is a growing gap between Google's willingness to accept new applications that permit aggressive advertising techniques, and antivirus applications, which increasingly block applications that use such aggressive techniques.

"Ultimately, end users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged," the blog says.

Continued :

Related: Is it Adware? Antivirus Vendors Say Yes, Google Says No

- Collapse -
"LNK" Attacks are Back Again

Symantec Security Response Blog:

Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well.

The target of the link is disguised to make it look like it is linking to a text file, tricking the user into opening it, unaware that they are not opening a text file. [Screenshot: Details of LNK file made to look like a link to a text file]

Under more careful examination, by scrolling to the left of the text box, you can see the malicious scripts that will actually be executed if you open this link. [Screenshot: True destination of link file]

The lesson here is to check carefully to see where link files actually point to before opening them.

After the link file is opened, a series of events happen involving the download and execution of various script files. This process ends with the display of a bogus error message followed by a back door being opened to a remote command-and-control (C&C) server, which will allow the remote attacker to perform numerous activities on the compromised computer.

Continued :

CNET Forums