Spyware, Viruses, & Security forum

Alert

NEWS - November 14, 2014

Mobile Pwn2Own 2014: Windows Phone's sandbox resists attack

The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.

Of the targets available for selection, Amazon Fire Phone, Apple iPhone 5S, Samsung Galaxy S5, and Google/LG Nexus were completely "pwned," the Nokia Lumia 1520 running Windows Phone partially, and BlackBerry Z30, Apple's iPad Mini and the Nexus 7 weren't targeted at all.

Competitors were encouraged to come at the phones from a variety of sides - via the mobile web browser, through mobile app and OS holes, via Bluetooth, Wi-Fi or NFC, messaging services or, in limited cases, via baseband.

Continued: http://www.net-security.org/secworld.php?id=17640

Related:
Windows Phone Sandbox Holds Up at Mobile Pwn2Own
Windows Phone security sandbox survives Pwn2Own unscathed
Discussion is locked
You are posting a reply to: NEWS - November 14, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 14, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Facebook translates its privacy policy into plain English

In reply to: NEWS - November 14, 2014

Facebook updated its privacy policy on Thursday, this time with an eye toward crystal-clear explanations in big fonts, bright colors and nice, short words.

The changes include a new, animated dashboard on a page called Privacy Basics.

Privacy Basics walks you through changing settings in three categories: what others see about you, how others interact with you, and what you see. [Screenshot]

Those three categories tackle common questions like how to delete a post, who can see the comments you make on someone else's post, and how to stop someone who's bothering you.

Continued : https://nakedsecurity.sophos.com/2014/11/14/facebook-translates-its-privacy-policy-into-plain-english/

Related: Facebook updates terms and policies, introduces interactive privacy guides

Collapse -
CoinVault

In reply to: NEWS - November 14, 2014

From the Webroot Threat Blog:

Today we encountered a new type of encrypting ransomware that looks to be of the cryptographic locker family. It employs the same method of encryption and has a very similar GUI (kills VSS, increases required payment every 24hr, uses bitcoin payment, ect.). [Screenshot]

Here is the background that it creates - also very similar.

What's unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I've seen which actually gives you a free decrypt. It will let you pick any single file that you need after encryption and will decrypt it for you. [Screenshot]

Continued : http://www.webroot.com/blog/2014/11/14/coinvault/

Related: New cryptoware title borrows page from drug dealers

Collapse -
ISPs Removing Their Customers' Email Encryption

In reply to: NEWS - November 14, 2014

The Electronic Frontier Foundation:

Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.

Continued: https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks

Collapse -
For a year, gang operating rogue Tor node infected Windows

In reply to: NEWS - November 14, 2014

... executables

"Attacks tied to gang that previously infected governments with highly advanced malware."

Three weeks ago, a security researcher uncovered a Tor exit node that added malware to uncompressed Windows executables passing through it. Officials with the privacy service promptly shut down the Russia-based node, but according to new research, the group behind the node had likely been infecting files for more than a year by that time, causing careless users to install a backdoor that gave attackers full control of their systems.

What's more, according to a blog post published Friday by researchers from antivirus provider F-Secure, the rogue exit node was tied to the "MiniDuke" gang, which previously infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden. MiniDuke was intriguing because it bore the hallmark of viruses first encountered in the mid-1990s, when shadowy groups such as 29A engineered innovative pieces of malware for fun and then documented them in an E-zine of the same name.

Continued : http://arstechnica.com/security/2014/11/for-a-year-one-rogue-tor-node-added-malware-to-windows-executables/

Related : Malware served through rogue Tor exit node tied to cyber espionage group
Collapse -
Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash

In reply to: NEWS - November 14, 2014

When a small-time Tennessee restaurateur named Khaled Abdel Fattah was running short of cash he went to an ATM machine. Actually, according to federal prosecutors, he went to a lot of them. Over 18 months, he visited a slew of small kiosk ATMs around Nashville and withdrew a total of more than $400,000 in 20-dollar bills. The only problem: It wasn't his money.

Now Fattah and an associate named Chris Folad are facing 30 counts of computer fraud and conspiracy, after a Secret Service investigation uncovered evidence that the men had essentially robbed the cash machines using nothing more than the keypad. Using a special button sequence and some insider knowledge, they allegedly reconfigured the ATMs to believe they were dispensing one dollar bills, instead of the twenties actually loaded into the cash trays, according to a federal indictment issued in the case late last month. A withdrawal of $20 thus caused the machine to spit out $400 in cash, for a profit of a $380.

Continued : http://www.wired.com/2014/11/nashville/

Collapse -
Network Hijackers Exploit Technical Loophole

In reply to: NEWS - November 14, 2014

Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world's Internet address ranges.

Last week, KrebsOnSecurity featured an in-depth piece about a well-known junk email artist who acknowledged sending from two Bulgarian hosting providers. These two providers had commandeered tens of thousands of Internet addresses from ISPs around the globe, including Brazil, China, India, Japan, Mexico, South Africa, Taiwan and Vietnam.

For example, a closer look at the Internet addresses hijacked by one of the Bulgarian providers - aptly named "Mega-Spred" with an email contact of "abuse@grimhosting" — shows that this provider have been slowly gobbling up far-flung IP address ranges since late August 2014.

Continued : http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-loophole/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.