10 total posts
Study: Password Security Improves with Age
Baby Boomers may not be perceived as tech savvy as Millenials, but they apparently are better at protecting their digital assets. A new British study believed to be the largest of its kind shows those 55 and older tend to pick passwords with twice the strength of those under 25. It also indicates those who prefer to use German and Korean languages chose the strongest passwords; Indonesian speakers, the weakest.
But that's still not saying much since weak passwords were prevalant across every demographic from a data set that included 70 million anonymized Yahoo accounts analyzed with the Internet giant's permission.
"We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution," wrote computer science researcher Joseph Bonneau of the University of Cambridge in an abstract. (pdf)
Many research projects measure password security by the sophistication of dictionary attacks involved in data breaches. Bonneau's study involved mathematical analytics on active accounts. Because the Yahoo passwords were hashed, Bonneau could not access individual accounts but did cull useful demographic data.
Continued : http://threatpost.com/en_us/blogs/when-it-comes-password-security-age-matters-060112
Over-55s pick passwords twice as secure as teenagers'
Over-55s pick stronger passwords than youngsters
University of Cambridge Study Indicates Grandpa is a Better Password Picker
Malicious PowerPoint File Contains Exploit, Drops Backdoor
From TrendLabs Malware Blog:
We discovered a malicious MS PowerPoint document that arrives via an attached file attached to specific email messages. The file contains an embedded Flash file, which exploits a software bug found in specific versions of Flash Player (CVE-2011-0611) to drop a backdoor onto users' systems. [Screensht]
Users who open the malicious .PPT file triggers the shellcode within the Flash file that exploits CVE-2011-0611, and then drops "Winword.tmp" in the Temp folder. Simultaneously, it also drops a non-malicious PowerPoint presentation file "Powerpoint.pps", tricking users into thinking that the malicious file is just your average presentation file. Based on our analysis, "Winword.tmp" is a backdoor that connects to remote sites to communicate with a possible malicious user. It is also capable of downloading and executing other malware leaving infected systems susceptible to other, more menacing threats such as data stealing malware.
Trend Micro detects the malicious PowerPoint file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL. Reports, as well as our own analysis, confirmed that this kind of malware has been used for targeted attacks in the past.
Continued : http://blog.trendmicro.com/malicious-powerpoint-file-contains-exploit-drops-backdoor/
Android's Bouncer malware protection is asleep at the job,
In response to a slew of malware-infected apps on the Android Market, Google introduced Bouncer as a security mechanism to keep naughty apps at bay. But according to research from two security experts, Bouncer can easily be tricked to allow malicious apps onto Google Play (formerly the Android Market).
Jon Oberheide, a security expert and CTO at Duo Security, will be presenting his findings alongside security researcher Charlie Miller at the SummerCon conference later this week. The pair have released a teaser video (below) showing one method for bypassing Bouncer.
"This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its environment," Oberheide wrote in a blog post this morning. "While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we're confident that Google will continue to improve and evolve its capabilities. We've been in touch with the Android security team and will be working with them to address some of the problems we've discovered."
Continued : http://venturebeat.com/2012/06/04/android-bouncer-hack/
To Hide Android Malware From Google's 'Bouncer', Hackers Learn Its Name, Friends, And Habits
Researchers Find Methods for Bypassing Google's Bouncer Android Security
The Vienna Connection? Trying To Stamp Out Flame, Researcher
The Vienna Connection? Trying To Stamp Out Flame, Researchers Find Clues To Its Origins
Researchers at Kaspersky Lab, domain registrar GoDaddy and OpenDNS have taken steps to cut off Internet access for machines infected with the Flame worm. In the process, the researchers say they uncovered a large and complex command and control infrastructure of more than 80 Web domains and collected clues that put the origins of Flame as early as 2008.
Evidence collected from a close analysis of the mysterious malware suggests that Flame is more than three years old and has relied on a huge network of more than 80 command and control Web domains to continue receiving orders from those behind the cyber espionage toolkit, according to posts on Kaspersky Lab's research blog, Securelist, and OpenDNS.com.
The analysis pointed out significant differences between Flame and earlier, APT-style threats like Stuxnet and Duqu, Kaspersky analyst Aleks Gostev wrote on Monday. For example, while Duqu's authors took extraordinary steps to conceal the source of it central command and control server and scripts, Flame's authors were far less careful: dropping control scripts on the dozens of command and control servers that the malware was programmed to consult.
Continued : http://threatpost.com/en_us/blogs/vienna-connection-trying-stamp-out-flame-researchers-find-clues-its-origins-060412
Aleks Gostev @ Securelist : The Roof Is on Fire: Tackling Flame's C&C Servers
Related: Iran-targeting Flame malware used huge network to steal blueprints
'Gadget' in the middle: Flame malware spreading vector..
From the Kaspersky Lab Weblog:
In our FAQ on Flame posted on May 28, 2012, we postulated there might be a still undiscovered zero-day vulnerability in Flame:
"At the moment, we haven't seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day."
Our suspicion was heightened because fully patched Windows 7 machines were being infected over the network in a very suspicious manner.
We can now confirm this is the main purpose of a special module of Flame called "Gadget" together with another module called "Munch".
(NOTE: It's important to understand that the initial Flame infection could still be happening through zero-day vulnerabilities. The "Gadget" module is simply used to spread within a network from a machine that is already infected with the malware).
The "Gadget" and "Munch" modules implement an interesting man-in-the-middle attack against other computers in a network.
When a machine tries to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake, malicious Windows Update to the client.
The fake update claims to be the following:
"update description="Allows you to display gadgets on your desktop."
displayName="Desktop Gadget Platform" name="WindowsGadgetPlatform">
In the process of infecting a client, 8 CAB files are used. One of them contains a specifically built program called WuSetupV.exe: [Screenshot]
Continued : https://www.securelist.com/en/blog/208193558/Gadget_in_the_middle_Flame_malware_spreading_vector_identified
Related: Flame abused Windows Update to spread
The Pros and Cons of Letting the Kids Join Facebook
Following its $16 billion infusion from its recent IPO, the world's largest social network is reportedly developing a technology that would allow children to access Facebook under parental supervision.
A Facebook spokesperson neither confirmed nor denied that they are developing such technologies, saying in an email that the company had nothing to announce. The original report came from the Wall Street Journal.
It is important to note that Facebook currently has a policy that bars children under 13 from creating an account, though it is widely understood that such a rule is incredibly difficult to enforce.
The move would open a vast, long-term, and impressionable market for the newly public company. Investors will no doubt welcome the idea as Facebook struggles with its tempestuous post IPO period; however, privacy and children's advocates are obviously concerned.
Common Sense Media's CEO James Meyer released the following statement today, saying the move could have serious consequences for younger users.
Continued : http://threatpost.com/en_us/blogs/pros-and-cons-letting-kids-join-facebook-060412
Flame Hijacks Microsoft Update to Spread Malware Disguised..
,, As Legit Code - (Related to first post in this thread)
[Screenshot: Flame Rogue Certificate]
It's a scenario security researchers have long worried about, a man-in-the-middle attack that allows someone to impersonate Microsoft Update to deliver malware — disguised as legitimate Microsoft code — to unsuspecting users.
And that's exactly what turns out to have occurred with the recent Flame cyberespionage tool that has been infecting machines primarily in the Middle East and is believed to have been crafted by a nation-state.
According to Microsoft, which has been analyzing Flame, along with numerous antivirus researchers since it was publicly exposed last Monday, researchers there discovered that a component of Flame was designed to spread from one infected computer to other machines on the same network. When uninfected computers update themselves, Flame intercepts the request to Microsoft Update server and instead delivers a malicious executable to the machine that is signed with a rogue, but technically valid, Microsoft certificate.
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday.
Win8's AV will kick in after other solutions stop working
Last week, McAfee shared the findings of a year-long project that revealed that some 17 percent of all the tested PCs around the globe had either no AV software installed or they have and it's not active, making its users vulnerable to malware.
This week, Gary Davis, director of global consumer product marketing for McAfee, has revealed that Windows 8 will have built-in antivirus protection in the guise of "Windows Defender", which will activate itself if it doesn't detect another active AV solution.
Windows Defender has already been announced by Microsoft in September, and has been seen in action during the various previews of the upcoming version of the popular operating system.
Still, the company will allow third-party vendors to stake their claim to the machines installed with it first. According to Computerworld, this decision stems from Microsoft's wish to keep a good relationship with original equipment manufacturers.
OEMs usually preinstall their machines with trial AV solutions of this or that third-party vendor, and get a cut from each sale of a full version once (and if) the user decides to upgrade.
So, Windows Defender will only be activated if there is no other AV working on the machine. And if such a software has stopped receiving updates, for the next 15 days Windows will be popping up a window asking the user to update or upgrade that particular solution, and offering the option of Windows Defender - but also other software choices - for download from the Microsoft Store.
Also: Windows 8's built-in antivirus will put third-party products first
Hacker group hits Warner Bros and China Telecom
A group calling itself SwaggSec is claiming to have hacked the networks of Warner Bros and China Telecom, and has released documents and logins online.
In a statement on Pastebin, the group says that both companies had severe vulnerabilities.
"China Telecom's SQL server had an extremely low processing capacity, and with us being impatient, after about a month straight of downloading, we stopped. However, a few times we accidentally DDoS'd their SQL server. I guess they thought nothing of it, until we left them a little message signed by SwaggSec," it says.
"They realized they were hacked, and simply moved their SQL server. No changing of admin passwords, or alerting the media. At any moment, we could have and still could destroy their communication infrastructure leaving millions without communication."
SwaggSec has also released the details of what it claims are over 900 admin users for China Telecom. It's published the login for this, and is encouraging people to access and tamper with its data.
Continued : http://www.tgdaily.com/security-features/63800-hacker-group-hits-warner-bros-and-china-telecom
'SwaggSec' claims hack of China Telecom, Warner Bros.
Swagg Security Leaks Data from China Telecom and Warner Bros