25 total posts
US cable: China leaders ordered hacking on Google
Contacts told American diplomats that hacking attacks against Google were ordered by China's top ruling body and a senior leader demanded action after finding search results that were critical of him, leaked U.S. government memos show.
One memo sent by the U.S. Embassy in Beijing to Washington said a "well-placed contact" told diplomats the Chinese government coordinated the attacks late last year on Google Inc. under the direction of the Politburo Standing Committee, the apex of Communist Party power.
The details of the memos, known in diplomatic parlance as cables, could not be verified. Chinese government departments either refused to comment or could not be reached. If true, the cables show the political pressures that were facing Google when it decided to close its China-based search engine in March.
The cable about the hacking attacks against Google, which was classified as secret by Deputy Chief of Mission Robert Goldberg, was released by WikiLeaks.
The New York Times said the cable, dated early this year, quoted the contact as saying that propaganda chief Li Changchun, the fifth-ranked official in the country, and top security official Zhou Yongkang oversaw the hacking of Google. Both men are members of the Politburo Standing Committee.
Vast Hacking by a China Fearful of the Web
U.S. Cable: China Ordered Google Hack
Chinese firm hired Blaster hacking group, says U.S. cable
"Companies with ties to Chinese government, military have access to Windows source code"
Chinese security firms with ties to the Chinese military have hired hackers, including the group responsible for the original Blaster worm, U.S. diplomats alleged in a 2009 cable published Saturday by WikiLeaks.
The companies also have access to the source code to Microsoft Windows.
According to the U.S. State Department's daily security briefing of June 29, 2009, Topsec of Beijing had employed "a known Chinese hacker" from June 2002 to March 2003. Identified as Lin Yong, aka "Lion," the hacker served as a senior security service engineer to "manage security service and training."
Topsec, China's largest security vendor, provides training and support service for the People's Liberation Army (PLA), and was partially funded by the Chinese government, the cable continued, citing an interview in state-run media with the firm's founder and chairman, He Weidong.
Another company, Venustech, also of Beijing, used the services of a hacking group called XFocus, which was reportedly responsible for crafting the original Blaster worm in mid-2003, the security briefing said.
Continued : http://www.networkworld.com/news/2010/120610-chinese-firm-hired-blaster-hacking.html
US works to secure networks as hackers advance
It will take several more years for the government to fully install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say.
As the Department of Homeland Security moves methodically to pare down and secure the approximately 2,400 network connections used every day by millions of federal workers, experts suggest that technology already may be passing them by.
The department that's responsible for securing government systems other than military sites is slowly moving all the government's Internet and e-mail traffic into secure networks that eventually will be guarded by intrusion detection and prevention programs.
Progress has been slow, however. Officials are trying to complete complex contracts with network vendors, work out technology issues and address privacy concerns involving how the monitoring will affect employees and public citizens.
The WikiLeaks release of more than a quarter-million sensitive diplomatic documents underscores the massive challenge ahead, as Homeland Security labors to build protections for all of the other, potentially more vulnerable U.S. agencies.
"This is a continuing arms race and we're still way behind," said Stewart Baker, former Homeland Security undersecretary for policy.
Continued : http://www.foxnews.com/us/2010/12/05/works-secure-networks-hackers-advance/
RIM: India Agrees to Work With Enterprises for Data Access
The Indian government has agreed that it must work with individual enterprises if it wants access to communications sent via BlackBerry enterprise services, Research in Motion said on Friday.
"The Government has acknowledged that any potential policy or approach that requires lawful access to strongly encrypted enterprise data sent to or from corporate and government organizations ... would need to occur through the enterprise customers themselves since RIM has no ability to provide the customers' encryption keys," RIM said in a statement.
The comment offers a clue about how RIM might be able to comply with government demands for access to BlackBerry communications while maintaining its reputation for security. Instead of RIM providing governments with access to user data, it appears to put the responsibility on the government to approach individual enterprises for it.
RIM has maintained since the beginning of the dispute that it does not have access to its customers' encryption keys and therefore cannot provide access to their data. The dispute has put the company in a tricky position. If it doesn't help the government, it risks having its service blocked. If it does, it risks alienating customers who choose RIM for the strength of its security.
Also : India wants BlackBerry access from companies: report
Google off the hook: Aussies call off criminal investigation
The Australian Federal Police (AFP) announced, late on Friday afternoon (usually a good time for bad news, catching journalists just after they have left for the pub for the weekend), that Google would face no criminal charges over its interception of WiFi traffic in Australia.
Google landed in hot water early in 2010 when it emerged that its Street View cars had been hoovering up and retaining snooped WiFi traffic whilst driving around the towns and cities of the world.
The plan, apparently, was to record and to map the names and MAC addresses of WiFi access points.
Google, it seems, not only recorded and retained network names and address, but also the contents of any data frames it sniffed as it went by.
This means that the search giant ended up with snippets of internet traffic, potentially from millions of users.
So if you were using unencrypted WiFi when Google drove past, you ran the risk of having personally identifiable information - snippets of email you were reading, perhaps, or fragments of pictures you were uploading - grabbed and retained by the 200kg gorilla of the internet search-and-advertising industry.
Continued : http://nakedsecurity.sophos.com/2010/12/06/google-off-the-hook-with-cops/
PayPal cuts WikiLeaks from money flow
The online payment service provider PayPal has cut off the account used by WikiLeaks to collect donations, serving another blow to the organization just as it was struggling to keep its website accessible after an American company stopped directing traffic to it.
PayPal said in a blog posting that the move was prompted by a violation of its policy, "which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity."
The short notice was dated Friday, and a spokeswoman for PayPal Germany on Saturday declined to elaborate and referred to the official blog posting.
Donating money to WikiLeaks via PayPal on Saturday was not possible anymore, generating an error message saying "this recipient is currently unable to receive money."
PayPal is one of several ways WikiLeaks collects donations, and until now was probably the most secure and convenient way to support the organization.
The other options listed on WikiLeaks' website are through mail to an Australian post office box, through bank transfers to accounts in Switzerland, Germany or Iceland as well as through one "credit card processing partner" in Switzerland.
PayPal suspends WikiLeaks donations account
PayPal Drops WikiLeaks Donation Account
Anonymous attacks PayPal in 'Operation Avenge Assange'
Anonymous has launched a broad-ranging campaign in support of Wikileaks, starting with a DDoS assault on a PayPal website.
The denial of service attack lasted for eight hours and resulted in numerous service disruptions, Panda Security reports.
The group, spawned from anarchic message board 4chan, first came to prominence with a long running campaign against the church of Scientology, its beef with the Hubbard faithful centering on their attempts to censor content from the net.
PayPal's decision to stop processing donations for Wikileaks following its controversial publication of US diplomatic cables as well as the withdrawal of hosting services by Amazon are seen on 4chan and elsewhere as attempts to censor the whistle-blowing site, a development Anonymous intends to oppose. It said on its website:
'While we don't have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and are unable to express our opinions and ideas.
We can not let this happen. This is why our intention is to find out who is responsible for this failed attempt at censorship. This is why we intend to utilize our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.'
Continued : http://www.theregister.co.uk/2010/12/06/anonymous_launches_pro_wikileaks_campaign/
Also : PayPal Freezes WikiLeaks' Account and Angers Anonymous
Report from Panda Security : Operation:Payback broadens to "Operation Avenge Assange"
McAfee, Secure Short URL Service ... Or is it?
Recently, McAfee entered the already crowded URL Shortening business. The service is called mcaf.ee and is meant to provide a major 'added value' over its competitors; namely security.
Basically, every URL being shortened using the mcaf.ee service, is scanned and ensured to be safe for browsing. However, as when using any AntiVirus, it appears that not only safe URLs are shortened but malicious ones too. As a result this may hurt the security provided by other sites, which in turn might rely on the security provided by the mcaf.ee service.
For demonstration purposes, let's have a look at a malicious URL, which was found in the wild, and was reported as safe by mcaf.ee. [Screenshot: Source code of a malicious URL]
Now, let's see how the mcaf.ee service can be manipulated to overcome the security provided by Facebook, for example. We'll choose a successfully blocked Facebook phishing URL: [Screenshot]
When we used the shortened URL generated by mcaf.ee service: hxxp://mcaf.ee/139b4, the URL could be used on a Facebook wall or private message, without being blocked. Luckily, after a few minutes, we noticed that Facebook started blocking that URL as well.
Continued : http://labs.m86security.com/2010/12/mcafee-secure-short-url-service-or-is-it/
Facebook announces New Profile - but is it better? bigger?
Facebook's roller-coaster ride through cloud computing continues apace with the announcement earlier today of the New Profile. (In case you're wondering about that opening metaphor: Facebook is the ride. You are the rider, and you're paying for the privilege with the information you upload.)
Like the new Facebook messaging system announced in mid-November, ambitiously dubbed 'Fmail' by some, and even touted as a possible spam killer by ueberblogsite Huffington Post, the New Profile is not something which is being rolled out to everyone at once.
For a site with 500 million accounts (sorry, Facebook, they aren't all users, and repeating it over and over as if it were a fact won't make it true), rolling out significant changes of this sort over a period of time is a wise operational move.
Continued : http://nakedsecurity.sophos.com/2010/12/06/facebook-announces-new-profile/
Also: Facebook profile overhaul revamps personal pages
Don't Pay Your Taxes
Or at least try to ensure that your money doesn't end up in the hands of criminals using the Zeus crimeware kit, which could happen if you fall for this latest malicious email campaign targeting tax payers. The emails are being sent from one of the Pushdo/Cutwail botnets and the campaign is very similar to the EFTPS one we previously blogged about. The main difference is the use of legitimate hacked websites and a range of exploits targeting vulnerabilities in client side software such as Java and Adobe PDF readers.
The malicious email claims that your tax payment has been rejected and provides a link for you to check your information:
[Screenshot: EFTPS Email]
Continued : http://labs.m86security.com/2010/12/dont-pay-your-taxes/
Class Action Lawsuit Filed Over YouPorn History Sniffing
The practice works through checking whether your browser registers certain links as previously visited, by seeing if they are assigned the color "purple" - that nifty change of color that tells you that you've already clicked on a link. I exposed YouPorn's exploitation of the security flaw here last week, based on an academic paper published a few months back.
By the end of the week, Pitner and Reagan, both of Newport Beach, had filed their lawsuit [PDF] in the Central District of California against Netherlands-based Midstream Media, the innocuous-sounding company behind YouPorn, YouPorn Gay, and other sites explicitly named enough that I shall not mention them on the august pages of Forbes.com.
Continued : http://blogs.forbes.com/kashmirhill/2010/12/06/class-action-lawsuit-filed-over-youporn-history-sniffing/
Rogue Websites Exploit Flaw to Track Your Web History
History Sniffing: How YouPorn Checks What Other Porn Sites You've Visited and Ad Networks Test The Quality of Their Data
What You Should Know About History Sniffing
The news is based on a study released by University of California, San Diego researchers who found that a number of sites were "sniffing" the browsing history of visitors to record where they'd been.
This reconnaissance works because browsers display links to sites you've visited differently than ones you haven't: By default, visited links are purple and unvisited links are blue. History-sniffing code running on a Web page simply checks to see if your browser displays links to specific URLs as purple or blue.
These are not new discoveries, but the fact that sites are using this technique to gather information from visitors seems to have caught many by surprise: A lawyer for two California residents said they filed suit against one of the sites named in the report - YouPorn - alleging that it violated consumer-protection laws by using the method.
Continued : http://krebsonsecurity.com/2010/12/what-you-should-know-about-history-sniffing/#more-7037
Some Data-Miners Ready to Reveal What They Know
Seeking to head off escalating scrutiny over Internet privacy, a group of online tracking rivals is building a service that lets consumers see what information those companies know about them.
The project is the first of its kind in the fast-growing business of tracking Internet users and selling personal details about their lives. Called the Open Data Partnership, it will allow consumers to edit the interests, demographics and other profile information collected about them. It also will allow people to choose to not be tracked at all.
When the service launches in January, users will be able to see information about them from eight data and tracking firms, including BlueKai Inc., Lotame Solutions Inc. and eXelate Inc.
Additional tracking firms are expected to join once the system is live, but more than a hundred tracking firms and big Internet companies including Google Inc. and Yahoo Inc. are not involved.
Continued : http://online.wsj.com/article/SB10001424052748704377004575650802136721966.html
Stuxnet expert nuke-boffin killing: Iran claims arrests
Iranian authorities claim to have arrested suspects over the murder of a nuclear scientist in the country last Monday.
Motorcylists placed bombs on the windows of cars as the targets of the attack were driving to work, in two identical but separate attacks last Monday. Each device was detonated seconds later leaving little chance of escape.
One blast killed Majid Shahriari, a professor at the nuclear engineering faculty at the Tehran University, and severely wounded his wife. The second bomb injured nuclear physicist Fereidoun Abbasi, who was fortunate to escape with his life.
Shahriari, a quantum physicist by trade, reportedly headed the team Iran has established to eradicate the Stuxnet worm from industrial facilities involved in its controversial nuclear program.
Continued : http://www.theregister.co.uk/2010/12/06/iran_claims_stuxnet_expert_hit_squad_arrests/
Researchers Tracking Emerging Darkness Botnet
Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed "Darkness," is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots.
The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadow Server Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic.
"Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive," Shadowserver's analysts wrote in a report on the Darkness botnet. "It now appears that 'Darkness' is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using 'Darkness'. It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add 'Darkness' to their botnet arsenal."
Continued : http://threatpost.com/en_us/blogs/researchers-tracking-emerging-darkness-botnet-120610
Many malware attacks triggered by USB devices
One in every eight malware attacks occurs via a USB device, often targeting the Windows AutoRun function, according to Czech security vendor Avast Software.
The company reported that of the 700,000 recorded attacks on computers in the Avast user community during the last week of October, 13.5% came via USB devices such as flash drives.
AutoRun alerts computer users when a new device is connected and helps them choose which application should run the new files.
"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware," said Avast virus analyst Jan Sirmer. Cybercriminals are taking advantage of people who use USB flash drives to share large files with friends or transfer files at their workplaces, Sirmer said.
Infected USB devices -- which can include portable gaming units, digital cameras, mobile phones or MP3 players -- start executable files that invite a wide array of malware into host computers. The incoming malware copies itself into Windows and can replicate itself each time the computer is started.
Continued : http://www.computerworld.com/s/article/352998/USB_Devices_Guilty_in_Many_Malware_Attacks
Updates to a couple of Sysinternals tools
Last Updated: 2010-12-05 20:27:34 UTC
The Microsoft Sysinternals folks have updated a couple of our favorite tools in the last couple of weeks. The update to Process Explorer fixed bugs with the DLL view. The 2 Autoruns updates added monitoring of AutoSync startup locations and fixed a bug with deleting or disabling entries in multisz registry values.
As Posted @ http://isc.sans.edu/index.html
2011 Trends: Hackers Exploit Router Vulnerabilities
From Symantec's MessageLabs Intelligence Blog:
Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.
Hackers Exploit Router Vulnerabilities
As 2010 has proven there are many systems vulnerable to attack. We often focus on PCs, servers and devices but recently it has become apparent that routers are also open to exploit. Router vulnerabilities, allow attackers to re-route network traffic with malicious intent. As an example a user could be diverted from an online banking site to an identical-looking malicious website and their login credentials could be stolen or a business user could be diverted from a legitimate CRM, ERP or HR service allowing a hacker to access client, business or staff information. When properly structured these attacks can forward the user to the legitimate site with no indication the attack has occurred.
In 2011, we expect to uncover new variants of malware that will include functionality to actively search for and exploit business and home networking hardware with known vulnerabilities. Since networking equipment software and firmware is rarely updated these vulnerabilities can exist for years.
Also posted today: 2011 Trends: Cybercriminals Usurp URL Shortening Services
Cybercriminals Usurp URL Shortening Services
URL Shortening services are becoming critical to the operation of social networks, particularly those that apply a character limit to user updates. In 2010 we saw a number of exploits using URL shortening services that lead to compromised sites.
In 2011 we expect to see more sophisticated attacks using URL shortening services either by a criminal enterprise gaining control of a significant URL shortening service or one of these groups setting up a service which appears legitimate, and operates in a legitimate manner, before being turned to malicious use. Even occasional malicious use cloaked within a legitimate service or legitimate-looking service could prove very effective.
Huawei Open Security Test Center in the UK
Huawei Technologies has opened a security testing center in the U.K. to ensure its products meet government standards, the company announced Monday.
The "Cyber Security Evaluation Centre," located in Banbury, will be used to test the company's hardware and software used for telecommunications networks. Huawei said IP-based networks and smart devices are increasingly becoming open and integrated, which also increases potential security threats.
The Chinese vendor's move may be intended to quell concerns that its equipment could contain malicious software. BT is using Huawei equipment for its 21st Century Network, a massive project to convert BT's infrastructure to a secure IP platform to carry voice and data traffic.
Huawei said it is in the process of building "a state-of-the-art, end-to-end cyber security assurance system that will further protect equipment and network operations, based on industry best practices and international standards."
Continued : http://www.itworld.com/hardware/129767/huawei-open-security-test-center-uk
Researcher Releases JavaSnoop Java-Analysis Tool
Java has long been one of the more widely used--and widely criticized--technologies on the Web. It's used virtually everywhere and roundly panned by security researchers for its security shortcomings. Now, a researcher has released a new tool, called JavaSnoop, that's designed to help people better analyze and understand the behavior of Java applications.
The final release of JavaSnoop 1.0 came on Monday, after months of revisions and fixes since it was first announced at Black Hat this summer. The tool is the creation of Arshan Dabirsiaghi, director of research at Aspect Security, and it's meant to give developers, researchers and other interested parties the ability to do a number of interesting things with Java applications that normally aren't possible without having the source code at hand.
"The whole idea of JavaSnoop is to turn theoretical vulnerabilities into real vulnerabilities," he said in his presentation at Black Hat. "Theoretical vulns don't really get fixed at the same rate that real vulns do."
Arshan Dabirsiaghi's Blog (with video) here : JavaSnoop 1.0 FINAL Released!
AVAST Software: Over 770,00 Pirates Plus 2 in the Vatican
AVAST Software has always prided itself in how the avast! antivirus program spreads virally, with 80 percent of new users coming through the recommendations of satisfied friends. But the rapid global expansion of one multi-user license for avast! Pro Antivirus surprised even the company's top management.
What started as a 14-user license for a small firm in Tucson, Arizona issued on June 30, 2009 quickly mushroomed to 774,651 active users by late 2010. The license has been used in over 200 countries ranging from Afghanistan to Zimbabwe - even the Vatican City. Phenomenal growth yes, but except for the original 14 users, all of the others are pirates.
"We made a decision to see just how viral this one license for avast! Pro Antivirus could be. The answer is 'very'," said Vince Steckler, CEO of AVAST Software. "Now we are in the process of converting these pirates over to legal products."
The speed at which the pirated license spread from Arizona was accelerated by warez sites, a common source of downloaded films and programs. "We found our license code at a number of warez sites around the globe," said Mr. Steckler. "There is a paradox in computer users looking for 'free' antivirus programs at locations with a known reputation for spreading malware." He pointed out that downloading at these sites is not risk-free as the avast! Virus Lab has documented examples of warez sites distributing packages of a 'cracked' antivirus program combined with malware.
Continued : http://www.avast.com/en-eu/pr-avast-software-over-770-000-pirates-plus-2-in-the-vatican
Bruce Schneier: FTC Privacy Report
The U.S. Federal Trade Commission released its privacy report: "Protecting Consumer Privacy in an Era of Rapid Change."
From the press release:
''One method of simplified choice the FTC staff recommends is a "Do Not Track" mechanism governing the collection of information about consumer's Internet activity to deliver targeted advertisements and for other purposes. Consumers and industry both support increased transparency and choice for this largely invisible practice. The Commission recommends a simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads. The most practical method would probably involve the placement of a persistent setting, similar to a cookie, on the consumer's browser signaling the consumer's choices about being tracked and receiving targeted ads.'
As Posted here : http://www.schneier.com/blog/archives/2010/12/ftc_privacy_rep.html
Also Posted at his blog today:
"Cyberwar and the Future of Cyber Conflict"
The world is gearing up for cyberwar. The U.S. Cyber Command became operational in November. NATO has enshrined cyber security among its new strategic priorities. The head of Britain's armed forces said recently that boosting cyber capability is now a huge priority for the UK. And we know China is already engaged in broad cyber espionage attacks against the west. So how can we control a burgeoning cyber arms race?
We may already have seen early versions of cyberwars in Estonia and Georgia, possibly perpetrated by Russia. It's hard to know for certain, not only because such attacks are often impossible to trace, but because we have no clear definitions of what a cyberwar actually is.
Continued : http://www.schneier.com/blog/archives/2010/12/cyberwar_and_th.html
Android Update Adds Protection From Mobile Clickjacking
Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to "clickjacking" attacks that trick them into clicking on hidden or disguised user interface elements.
The company unveiled Android Version 2.3, also known as "Gingerbread," on Monday along with the first phone running the new OS: the Nexus S, a co-development project between Google and Samsung. That phone features a 4" display, support for gyroscope sensors, wireless Near Field Communication (NFC) and improved keyboard and copy/paste controls. Among the cool new features, however, Google also introduced support for so-called "touch filtering" which prevents UI elements that control sensitive functionality from being enabled at the same time as they are obscured by other UI elements - a technique sometimes referred to as "clickjacking" in the world of Web security.
Continued : http://threatpost.com/en_us/blogs/android-update-adds-protection-mobile-clickjacking-120610