Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - February 23, 2015

Feb 23, 2015 3:55AM PST
SSL-busting code that threatened Lenovo users found in a dozen more apps

"What all these applications have in common is that they make people less secure."

The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that's categorized as a malicious trojan by a major antivirus provider.

Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats. According to a blog post published Friday by a security researcher from Facebook, Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia. Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.

Continued : http://arstechnica.com/security/2015/02/ssl-busting-code-that-threatened-lenovo-users-found-in-a-dozen-more-apps/

Related:
Superfish SSL Interception Library Found in Several Applications: Researchers
Superfish not the only app using Komodia's SSL-busting code
Superfish spyware not limited to Lenovo laptops
Lenovo not alone in suffering from Superfish security flaw

Discussion is locked

- Collapse -
Komodia Website Under DDoS Attack
Feb 23, 2015 4:21AM PST

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack.

As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack.

"Some people say it's not DDOS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs," the notice said.

The attack may be an outcome of last week's disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users' sensitive transactions at risk to man-in-the-middle attacks.

Continued : http://threatpost.com/komodia-website-under-ddos-attack/111195

- Collapse -
Norton Update Caused Internet Explorer to Crash
Feb 23, 2015 4:26AM PST

Symantec customers started flooding the company's Norton Community forum on Friday with posts about an update that caused the Internet Explorer web browser to crash.

After analyzing the complaints, the security firm determined that the problem was triggered by a corrupt file in the virus definition set. The buggy update was the Intrusion Prevention System (IPS) 20150220.001 definition package.

According to Symantec, the corrupt IPS definition package caused the 32-bit version of Internet Explorer to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Other Web browsers don't appear to be affected.

Continued: http://www.securityweek.com/norton-update-caused-internet-explorer-crash

- Collapse -
TurboTax's Anti-Fraud Efforts Under Scrutiny
Feb 23, 2015 5:06AM PST

Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax - allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their fight against the multi-billion dollar problem of tax refund fraud.

Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit's chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general. In response, TurboTax temporarily halted all state filings while it investigated claims of a possible breach. The company resumed state filing shortly after that pause, saying it could find no evidence that customers' TurboTax credentials had been stolen from its network.

Continued : http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/

- Collapse -
Cell Phones Leak Location Information through Power Usage
Feb 23, 2015 5:06AM PST
Bruce Schneier @ his "Schneier on Security" blog:

New research on tracking the location of smart phone users by monitoring power consumption:

PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.

One of the machine-learning tricks the researchers used to detect that "noise" is a focus on longer-term trends in the phone's power use rather than those than last just a few seconds or minutes. "A sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise," the researchers write (pdf). "We show that measuring the phone's aggregate power consumption over time completely reveals the phone's location and movement."


Continued : https://www.schneier.com/blog/archives/2015/02/cell_phones_lea.html
- Collapse -
This reminds me of Air Gap Malware.
Feb 23, 2015 5:17AM PST

For those that didn't know, for years it was proposed that maintaining an "air gap" was sufficient for security.

No more. http://en.wikipedia.org/wiki/Air_gap_malware

In this case you see how an app with innocuous privileges can gain insight beyond it's priviledges.
Bob

- Collapse -
Lavasoft's Ad-Aware Web Companion Relies on Superfish ..
Feb 23, 2015 5:56AM PST
.. Component

SSL Digestor, the flawed traffic interception engine from Komodia included by browser component Superfish, has also been employed in Ad-Aware Web Companion from antivirus provider Lavasoft.

The engine relies on the same root certificate and the same RSA private key to replace the digital certificates of any HTTPS website contacted by the user.

Lavasoft's product acted locally, no data collected

It acts as a transparent proxy between the client and the server, processing all SSL traffic exchanged between the two parties, thus being able to decode the encrypted stream.

Continued : http://news.softpedia.com/news/Lavasoft-s-Ad-Aware-Web-Companion-Relies-on-Superfish-Component-from-Komodia-473952.shtml
- Collapse -
Security software found using Superfish-style code,
Feb 23, 2015 7:09AM PST
... as attacks get simpler

"Titles from security firms Lavasoft and Comodo leave users open to easier attacks."

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

Lavasoft and Comodo were added just as researchers were discovering simpler, more potent ways to exploit the vulnerabilities.

Continued : http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/
- Collapse -
Stolen SIM Card Keys Could be Powerful Spy Tool
Feb 23, 2015 5:56AM PST

It would be another powerful tool in the arsenal of US and British spy services: encryption keys for a large share of the SIM cards used for mobile phones.

A report by the investigative news website The Intercept, citing leaked documents from former National Security Agency contractor Edward Snowden, said the US and British agencies "hacked into" European manufacturer Gemalto to gain these keys.

The report, if accurate, could allow the NSA and its British counterpart GCHQ to secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap.

"This is a huge deal," said Bruce Schneier, a cryptographer who is chief technology officer at the security firm Resilient Systems, and a fellow at Harvard's Berkman Center.

Continued : http://www.securityweek.com/stolen-sim-card-keys-could-be-powerful-spy-tool

Related: How the "Great SIM Heist" could have been avoided

- Collapse -
CTOs targeted with tax-themed phishing emails carrying ..
Feb 23, 2015 5:56AM PST
..malware

Tax-themed phishing emails targeting CTOs of tech companies have been spotted by researchers at Talos, Cisco's security intelligence and research group.

The initial emails, sent from a spoofed .gov email address, claimed that the recipient's federal tax payment was received, and that they could print out a receipt: a Word document attached to the email.

This first run obviously wasn't very successful, so they changed the text for the later attempts, saying that the payment was not received and that they should download and edit the attached "confirmation file" and send it back to the sender.

Continued : http://www.net-security.org/malware_news.php?id=2969