Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - May 03, 2015

May 3, 2015 9:47AM PDT
Google's new version of Password Alert blocking bypass is bypassed

"If one researcher can block the phishing protection, criminal attackers can, too."

On Thursday, Ars reported that a new service that warns when Google account users' passwords are phished had been bypassed by a drop-dead simple exploit, just 24 hours after Google had rolled out the Chrome plugin. Within hours of publication, Google issued an update that blocked the exploit. Now the same researcher has figured out a way to block the new version, too.

The first bypass required just seven lines of code to completely obfuscate the warning that the older Password Alert extension displayed when Chrome users entered their Google account password into a non-Google website. The warning told users their Google password had been intercepted by bad guys and advised users to change it right away.

Continued : http://arstechnica.com/security/2015/05/01/googles-new-version-of-password-alert-blocking-bypass-is-bypassed/

Related :
Researcher neutralizes Google's Password Alert with a few lines of code
Easy exploit lets hackers bypass Google's new Password Alert
Researcher Finds Method to Bypass Google Password Alert

Discussion is locked

- Collapse -
Unnoticed for years, malware turned Linux and BSD servers ..
May 3, 2015 10:06AM PDT
.. into spamming machines

For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. [Screenshot]

What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email.

This operation succeeded in remaining hidden for so long thanks to several factors: the sophistication of the malware used, its stealth and persistence, the fact the spammers aren't constantly infecting new machines, and that each of the infected machines wasn't made to blast out spam all the time.

Continued : http://www.net-security.org/malware_news.php?id=3030

Related :
Spam-blasting malware infects thousands of Linux and FreeBSD servers
Malware Discovered Targeting Web Servers Running Linux, FreeBSD
- Collapse -
Revealed: The anti-virus vendor cheating in independent test
May 3, 2015 10:07AM PDT

Chinese anti-virus vendor Qihoo 360 has been stripped of all of the certifications awarded to it this year by the three leading anti-malware testing agencies, after being found to have broken the rules.

In a joint statement (pdf) issued by AV-Comparatives, AV-Test.org and Virus Bulletin, Qihoo was found guilty of attempting to game detection tests:

'Investigations by the three labs found that all products submitted for testing by Qihoo had one of the product's four available engines, provided by Bitdefender, enabled by default, while a second, Qihoo's own QVM engine, was never enabled. This included versions posted to ostensibly public sections of the company's websites....'

Continued : https://grahamcluley.com/2015/05/revealed-anti-virus-product-cheat/

Related : Antivirus Company Qihoo Censured for Cheating in Lab Tests

- Collapse -
Crypt0L0cker ransomware avoids US computers
May 3, 2015 10:07AM PDT

Yet another piece of ransomware has surfaced, and this one has several interesting things about it: it expressly avoids targeting US users, and it has a hardcoded list of file types it avoids encrypting.

It's called Crypt0L0cker - the letter "o" has been replaced by zeroes - and, despite the name, the malware has much more in common with TorrentLocker that CryptoLocker. [Screenshot]

According to a Bleeping Computer admin, this ransomware is currently being distributed through emails that pretend to be traffic violations or other government notices, and targets users in Europe, Asia and Australia.

"When first installed, Crypt0L0cker will connect to a C&C server and send the victim's unique identifier as well as the campaign ID. The C&C server will then send back the HTML ransom note and the name of the file it should be saved as," he explained.

Continued : http://www.net-security.org/malware_news.php?id=3028

- Collapse -
Unpatched, vulnerable PDF readers leave users open to attack
May 3, 2015 10:09AM PDT

Unpatched, vulnerable PDF readers are a big security issue for private PC users, according to Secunia. 14% of PC users in the US (up from 12.9% last quarter) have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks. [Screenshot]

The security of a PC is significantly affected by the number and type of applications installed on it, and the extent to which these programs are patched:

• Adobe Reader 10 and 11 come in at number three and four on the Most Exposed List. Adobe Reader 10 with a 25% market share, 39 vulnerabilities and unpatched on 65% of PCs. Adobe Reader 11 with a 55% market share, 40 vulnerabilities and unpatched on 18% of PCs.
• 1 in 20 programs on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and do not receive security updates. Adobe Flash Player, one of the end-of-life applications, is still installed on no less than 78% of the PCs.

Continued : http://www.net-security.org/secworld.php?id=18329

- Collapse -
China Censors Facebook.net, Blocks Sites With "Like" Buttons
May 3, 2015 10:18AM PDT

Chinese government censors at the helm of the "Great Firewall of China" appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by [url=Chinese government censors at the helm of the "Great Firewall of China" appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook's "like" buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively blocking millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.

Sometime in the last 24 hours, Web requests from within China for a large number of websites were being redirected to wpkg.org, an apparently innocuous site hosting an open-source, automated software deployment, upgrade and removal program for Windows.

One KrebsOnSecurity reader living in China who was inconvenienced by the glitch said he discovered the problem just by trying to access the regularly non-blocked UK newspapers online. He soon noticed a large swath of other sites were also being re-directed to the same page.

Continued : http://krebsonsecurity.com/2015/04/china-censors-facebook-net-blocks-sites-with-like-buttons/

- Collapse -
Mozilla Moving Toward Full HTTPS Enforcement in Firefox
May 3, 2015 10:18AM PDT

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections.

Mozilla is the developer of Firefox. It accounts for between 12 and 22 percent of the browser market share throughout its various versions. The group has not yet established a timeline for the deprecation of HTTP.

Firefox security lead Richard Barnes says the plan to implement full HTTPS enforcement in the browser consists of two broad steps. First, the group will select a date, after which new Firefox features will be available only to secure, HTTPS-enabled websites. The second step will be to begin making existing features incompatible with insecure, HTTP sites, particularly features with security and privacy implications.

Continued : https://threatpost.com/mozilla-moving-toward-full-https-enforcement-in-firefox/112537

- Collapse -
Beware of Cookie-Cutter Sites Serving Programs. They're PUPs
May 3, 2015 10:18AM PDT

"Malwarebytes Unpacked" blog:

We've recently encountered a number of URLs that, at first may appear to host a number of unrelated software, but if we visit and put them side-by-side, the pattern is obvious. From the cookie-cutter design of the websites to the files they claim to serve, everything is similar, including their detection names. [Screenshot]

Sites that usually use the same template are not inherently bad. Small businesses can utilize them as they are generally free, manageable, and easy to configure. One can create a business page and launch it the same day. Unfortunately, the ease and immediacy of such sites are widely exploited by spammers and mainly those with ill intent.

The above sites claim to be sources of the following:

Continued : https://blog.malwarebytes.org/fraud-scam/2015/05/beware-of-cookie-cutter-sites-serving-programs-theyre-pups/

- Collapse -
A Day in the Life of a Stolen Healthcare Record
May 3, 2015 10:18AM PDT

When your credit card gets stolen because a merchant you did business with got hacked, it's often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.

I was reminded of this last month, after receiving a tip from a source at a cyber intelligence firm based in California who asked to remain anonymous. My source had discovered a seller on the darknet marketplace AlphaBay who was posting stolen healthcare data into a subsection of the market called "Random DB ripoffs," ("DB," of course, is short for "database").

Eventually, this same fraudster leaked a large text file titled, "Tenet Health Hilton Medical Center," which contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.

Continued : http://krebsonsecurity.com/2015/04/a-day-in-the-life-of-a-stolen-healthcare-record/