10 total posts
Komodia Website Under DDoS Attack
Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack.
As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack.
"Some people say it's not DDOS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs," the notice said.
The attack may be an outcome of last week's disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users' sensitive transactions at risk to man-in-the-middle attacks.
Continued : http://threatpost.com/komodia-website-under-ddos-attack/111195
Norton Update Caused Internet Explorer to Crash
Symantec customers started flooding the company's Norton Community forum on Friday with posts about an update that caused the Internet Explorer web browser to crash.
After analyzing the complaints, the security firm determined that the problem was triggered by a corrupt file in the virus definition set. The buggy update was the Intrusion Prevention System (IPS) 20150220.001 definition package.
According to Symantec, the corrupt IPS definition package caused the 32-bit version of Internet Explorer to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Other Web browsers don't appear to be affected.
TurboTax's Anti-Fraud Efforts Under Scrutiny
Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax - allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their fight against the multi-billion dollar problem of tax refund fraud.
Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit's chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general. In response, TurboTax temporarily halted all state filings while it investigated claims of a possible breach. The company resumed state filing shortly after that pause, saying it could find no evidence that customers' TurboTax credentials had been stolen from its network.
Continued : http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/
Cell Phones Leak Location Information through Power Usage
Bruce Schneier @ his "Schneier on Security" blog:
New research on tracking the location of smart phone users by monitoring power consumption:
PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.
One of the machine-learning tricks the researchers used to detect that "noise" is a focus on longer-term trends in the phone's power use rather than those than last just a few seconds or minutes. "A sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise," the researchers write (pdf). "We show that measuring the phone's aggregate power consumption over time completely reveals the phone's location and movement."
Continued : https://www.schneier.com/blog/archives/2015/02/cell_phones_lea.html
This reminds me of Air Gap Malware.
For those that didn't know, for years it was proposed that maintaining an "air gap" was sufficient for security.
No more. http://en.wikipedia.org/wiki/Air_gap_malware
In this case you see how an app with innocuous privileges can gain insight beyond it's priviledges.
Lavasoft's Ad-Aware Web Companion Relies on Superfish ..
SSL Digestor, the flawed traffic interception engine from Komodia included by browser component Superfish, has also been employed in Ad-Aware Web Companion from antivirus provider Lavasoft.
The engine relies on the same root certificate and the same RSA private key to replace the digital certificates of any HTTPS website contacted by the user.
Lavasoft's product acted locally, no data collected
It acts as a transparent proxy between the client and the server, processing all SSL traffic exchanged between the two parties, thus being able to decode the encrypted stream.
Continued : http://news.softpedia.com/news/Lavasoft-s-Ad-Aware-Web-Companion-Relies-on-Superfish-Component-from-Komodia-473952.shtml
Security software found using Superfish-style code,
... as attacks get simpler
"Titles from security firms Lavasoft and Comodo leave users open to easier attacks."
Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.
Lavasoft and Comodo were added just as researchers were discovering simpler, more potent ways to exploit the vulnerabilities.
Continued : http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/
Stolen SIM Card Keys Could be Powerful Spy Tool
It would be another powerful tool in the arsenal of US and British spy services: encryption keys for a large share of the SIM cards used for mobile phones.
A report by the investigative news website The Intercept, citing leaked documents from former National Security Agency contractor Edward Snowden, said the US and British agencies "hacked into" European manufacturer Gemalto to gain these keys.
The report, if accurate, could allow the NSA and its British counterpart GCHQ to secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap.
"This is a huge deal," said Bruce Schneier, a cryptographer who is chief technology officer at the security firm Resilient Systems, and a fellow at Harvard's Berkman Center.
Continued : http://www.securityweek.com/stolen-sim-card-keys-could-be-powerful-spy-tool
Related: How the "Great SIM Heist" could have been avoided
CTOs targeted with tax-themed phishing emails carrying ..
Tax-themed phishing emails targeting CTOs of tech companies have been spotted by researchers at Talos, Cisco's security intelligence and research group.
The initial emails, sent from a spoofed .gov email address, claimed that the recipient's federal tax payment was received, and that they could print out a receipt: a Word document attached to the email.
This first run obviously wasn't very successful, so they changed the text for the later attempts, saying that the payment was not received and that they should download and edit the attached "confirmation file" and send it back to the sender.
Continued : http://www.net-security.org/malware_news.php?id=2969