Instagram vulnerability :Media Information Disclosure Security Issue

Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. The attack was developed by Carlos Reventlov around a vulnerability he found within Instagram in mid-November. He notified Instagram of the problem on Nov. 11, but as of last Tuesday, it had not been fixed.

The vulnerability is in the 3.1.2 version of Instagram's application, released on Oct. 23, for the iPhone. Reventlov found that while some sensitive activities, such as logging in and editing profile data, are encrypted when sent to Instagram, other data was sent in plain-text. He tested the two attacks on an iPhone 4 running iOS 6, where he first found the problem.
"When the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server," Reventlov wrote. "Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos."
The plain-text cookie can be intercepted using a man-in-the-middle attack as long as the hacker is on the same LAN (local area network) as the victim. Once the cookie is obtained, the hacker can delete or download photos or access the photos of another person who is friends with the victim.

Details

The Instagram app communicates with the Instagram API via HTTP and HTTPs connections.
Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone.
The only authentication method for some HTTP calls is an standard cookie that is sent without encryption when the user starts the Instagram app.
An attacker on the same LAN of the victim could launch a simple arpspoofing attack to trick the iPhones into passing port 80 traffic through the attackers machine. When the victim starts the Instagram app a plain text cookie is sent to the Instagram server, once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.

Suggested fix

• Use HTTPs for all API requests that could contain sensitive data, such as photo URLs.
• Use a body signature for unencrypted requests.

Read more

Australia's Small Business Point of Sale System hacked By Romanian Crime Gang

Police have smashed a Romanian organised crime gang that allegedly hacked into the computer systems of small businesses, with credit card details of 30,000 Australians used in $30 million worth of illegal transactions around the world.

Australian and Romanian national police have broken up a ring of hackers blamed for pillaging the point-of-sale systems of Australian small businesses. The Sydney Morning Herald reports that the ring stole credit card data from 30,000 Australian consumers by hacking into the systems of as many as 100 small businesses across the country. The data was then used to create counterfeit credit cards which racked up over $30 million in fraudulent charges around the world, including in the US.

The Australian ring appears to have used the same playbook for its even bigger credit card fraud operation, hitting businesses ranging from gas stations to grocery stores. Sixteen alleged members of the gang were arrested, and charges against seven more were filed in Romania. Among the arrested is Gheorghe "The Carpathian Bear" Ignat, a mixed martial artist and one-time Greco-Roman wrestling champion of Romania who now lives in the US.

Romanian prosecutors were expected  in creating fake credit cards from stolen credit card details.Australian banks and credit unions have reimbursed the $30 million to the 30,000 Australians whose details were exposed by the hacking gang.The small businesses have also been told how their systems were accessed and have since improved their security.

Read more

IAEA Data Breach Part 2

In response to IAEA's Previous data breach and official statement, They're now publishing additional information to prove there ability to gain access to highly sensitive information, Including Confidential 'SafeGuard' Documents, Satellite Images, Official letters, Presentations and etc.Hoping positive IAEA's decision as an independent international organization doesn't allow this to happen again.

Information they listed was extracted from one of IAEA's new servers (“Nuclear Data Section, NDS“)

READ MORE :    **********

Read more

WORM_VOBFUS Variants Seen Spreading On Facebook

Based on our initial analysis WORM_VOBFUS variants seen spreading on Facebook does not exhibit new routines, but it is a good reminder for users about well-known but easily forgotten safe computing practices.

The significant increase in infection is curious because Windows 7 and Windows 8 PCs will not launch autorun.inf files, and Microsoft has released two patches for older systems. Therefore, security experts believe infections are happening through a combination of unpatched computers, shared folders and files and social media.Someone inserting a USB drive or memory stick carrying the malware can infect unpatched PCs. On other systems, an infection can occur once the malware travels to a network share and someone clicks on an infected file or folder.Clicking the malware on Facebook would certainly open a quick path to a shared folder on a corporate network, malware adds a registry key, so it can start when a PC is booted up. Variants of the application will disable Windows Update to prevent the victim from downloading patches to disable the malware.

WORM_VOBFUS, are known to propagate by taking advantage of Windows Autorun feature on drives. To address this, users are often advised to disable it to prevent their drives from being infected. For reason of inconvenience (or maybe forgetfulness?) users do not do so. However, users can disable Autorun, and in effect preventing worm from spreading, by doing certain steps... :-

Prevention :

Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.
Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.

Note: Make sure that your external drive is formatted using NTFS, as this procedure uses a specific feature of NTFS. If your removable drive is formatted using either FAT or FAT32, back up any data on the said drive first and reformat using NTFS. This may require Windows Vista or Windows 7.

1. Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”
2. Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively. Note: The folders recycle, recycler, recycled and setup are optional but it is recommended for users to create these as malware often use these names/titles.
   
3. Open a command prompt (cmd.exe) and go to the root directory of your removable drive.
4. Set the folder attributes using the following DOS command: attrib autorun.inf /s /d –a +s +r
5. Set the privilege level of the folder using the following DOS command:
   cacls autorun.inf /c /d administrators
6. Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.  
7. To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.  

Read more

US 100 Million $ Secret Underground Facility

US Building A Secret Underground construction project planned for Israel called Site 911. Project will cost up to $100 million, take more than two years to complete, and can only be built by workers from specific countries with proper security clearances. Palestinians need not apply.

When complete the well-guarded compound will have five levels buried underground and six additional outbuildings on the above grounds, within the perimeter. At about 127,000 square feet, the first three floors will house classrooms, an auditorium, and a laboratory — all wedged behind shock resistant doors — with radiation protection and massive security.

The bottom two floors are smaller, according to the full line of schematics uploaded to the Army's Acquisition Business Web Site, and possibly used for equipment and storage.

 "The purpose of Site 911 is [un] clear."

 

 

Read more

Bypass Windows 8 Password Login Screen

1. Start typing "netplwiz" (without quotes) in the Windows 8 start screen and hit enter to launch the "User Accounts" control panel (on older versions of Windows, click "User Accounts Control Panel").

 2. Enter your password if prompted.

 3. In the window that opens, uncheck the box stating "Users must enter a username and passwords to use this computer" and click OK (on older versions of windows, first double-click the account you wish to automatically log in). 
4. Enter and reenter the existing account password(s) if you're asked.

That's it. From now on, you will not see the password screen anymore.
However, If you don't want to use this feature anymore and are interested in getting your old Windows 8 password screen back, you can restore it by following the above steps—except the 3rd one where you need to select the check box, which we have de-selected previously.
You can follow the same steps to bypass password screen on previous version of Windows too, not just Windows 8.

Read more

Trading Forex Website Targeted

A FOREX trading website called "Trading Forex," located at hxxp://tradingforex.com has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers. 

FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world. 

The backdoor planted on Trading Forex is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and running on a victim's computer. This is an unusual approach.

Hackers intent on distributing malware through compromised websites often use pre-packaged tools, available through underground forums, most notably the widely used Blackhole Exploit kit.

Read more

Google Webmaster Tools security breach

Google site that helps website owners manage how their site appears in Google, diagnose problems, and optimize traffic, is currently experiencing a major security breach.
Old accounts are being re-verified, says Search Engine Journal. That may not sound like a big deal, but it’s a potential disaster for anyone who has had search engine optimizers working on their websites.

Hopefully, no black hats are taking advantage of special access to former clients’ sites, as they could cause significant damage by uploading fake sitemaps, requesting removal of key URLs from Google’s index, re-configuring U.S.-based sites to target users in Kazakhstan, Timbuktu, or any other random place, and setting Google’s crawl rate at a ridiculously slow pace, among other things.

The breach goes as far as granting access to sites’ Google Analytics accounts as well, at least in some cases. That allows access to extremely sensitive information that companies and sites do not want former employees or consultants seeing or sharing.
Google hasn’t commented on the issue yet, as far as I can tell, and the Google Webmaster Tools blog has not been updated since November 12.


UPDATED : Google has now released a comment :-

“For several hours yesterday a small set of Webmaster Tools accounts were incorrectly re-verified for people who previously had access. We’ve reverted these accounts and are investigating ways to prevent this issue from recurring.”

Read more

Anonymous Hacks DEBKA.com

DEBKA.com is an Israeli-Based News-Agency, which has tied relations with Israeli Intelligence Agency (MOSSAD) and Military sources, “Tongue of MOSSAD”. DEBKA first started around 2000 in purpose of polluting media with Zionist-Oriented news and rumors.

DEBKA also analyzes on how people react to news and information offered by the agency in their state of art laboratory. Using these methods the agency has got the ability to release news and rumors in subjects which have most impact in the eyes of readers and political figures.

Anonymous managed to hack their systems and acquire highly sensitive information, including employees and authors personal information, labs details and of course their subscribers.
For now, Anonymous only release portion of subscribers emails and passwords (Most of them are retired MOSSAD agents!!!). 

Read more

Spy Any Phone Via Hardware Hack With AudioJack Malware

The researcher Atul Alex has presented at last edition of International Malware Conference (MalCon) how it is possible to attack every mobile devices with a special hardware designed using common electronic components.
Atul Alex presented a paper that covers “abusing voice dialing and combining Arduino / Microcontroller to steal private data on iphone, Android, Windows Phone and Blackberry using only the Audio jack.

Mobile devices are sophisticated devices that manage a huge quantity user’s information and their exploit could open the door to a mine of sensible data, due this reason the expert provides that in incoming months defense system will be reinforced and it will be more  difficult in the future software based attacks.
It must be considered that an efficient attack on large scale against mobile world have to be able to infect multi platform devices.

During its presentation Atul Alex explained how to transform any mobile device into a spy tool, avoiding the installation of any malicious software on it, abusing voice dialing feature which is enabled by default on all mobile platforms.

Modern devices are equipped with powerful software able to interpret user’s vocal commands, the hardware device proposed by Alex Atul is able to mimic them to give orders to the device. The functionality opens future scenarios in which hackers are able to control phone simply sending unauthorized text messages to steal sensible data.
Almost all events on the mobile are notified to the user with the help of corresponding tones/sounds, the researched has demonstrated that adding a microcontroller to the headset’s circuit is possible to:

• Initiate phone calls without user interaction.
• Note duration of phone calls.
• Detect incoming/outgoing calls,  sms & so on.

In the future versions the hardware could also integrate more complex functionalities such as recording of phone calls or remote activation of the device.
For sure similar devices will represent in the future a privileged option for cyber espionage operations and more in general for cyber operations. Many governments are working or financing projects for development of new cyber tools. Government agencies have massively invested in programs to “violate” citizen’s privacy in the name of national security, world is changed from 11/9 and the risk of a new dramatic cyber attack is high.

The Defense Advanced Research Projects Agency (DARPA) is one of the most advanced agency in this sense, it is responsible for the development of new technologies for use by the military and recently it has proposed a device called the Power Pwn designed by Pwnie Express company that apparently look like a surge protector, but it’s a powerful tool to infiltrate networks allowing remote access to every  machine.

How to defend our device from similar attacks? In the future every interface of mobile device have to be properly designed, every input must be validated by a specially designed circuitry.
Another factor to consider as critical is the qualification of hardware for devices similar to the one described in the research , different compromised components may invade the consumer market with disastrous consequences, it is necessary a great effort to avoid dangerous incidents.

Read more

Java Zero-Day Exploit on Sale

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions).
According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. “I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly.”

Read more

Anonymous Leak Emails from Syrian Ministry

Anonymous Hacker managing Operation Syria (OpSyria) have released 1 GB of emails dump from Syrian Ministry of Foreign Affairs. Files are in files are in Arabic language.
Documents includes scanned copies of Syrian ministers passports, details about an arms transport from Ukraine, report which shows that 200 tons of Syrian bank notes have been shipped from Russia.
"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian Cash" Hackers said. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine".

Read more

REDHACK

A group of Internet hackers appeared Today on charges of terrorism, the first time alleged cyber criminals have been put on trial in Turkey .The 10 members of the "Redhack" group are accused of belonging to an armed terrorist organisation, illegally obtaining confidential documents and personal information, as well as cracking into private systems without authorisation.

The suspects, three of whom have been in custody since March, risk prison sentences ranging from eight to 24 years if convicted. Redhack claims to be affiliated with the international hackers' group Anonymous group, and has carried out several online attacks against state and private domains since 1997.

Read more

International Atomic Energy Agency (IAEA) Data Breech

Another victim of cyber attack ,The group of hackers who named itself Parastoo Farsi have exposed contacts for more than 100 nuclear experts and scientists from UN nuclear agency International Atomic Energy Agency (IAEA), the word Parastoo is Farsi and referes a bird species like the  swallow and an Iranian girl’s name.

      The agency reported that data breach is related to “some contact details related to experts working” with the agency”, fortunately data doesn’t include information related to confidential work carried out by the IAEA.
An agency spokesman Gill Tudor declared that the agency is working to find and fix the vulnerability exploited during the attack.

“The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago,” ”deeply regrets this publication of information stolen from an old server”.”The IAEA’s technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable,”

Why the hackers have hit the agency?

The main subject of the dispute between the U.S., Israel and Western countries with Iran is developing of the atomic program by the government in Tehran. Israel and the United States accused Iran to develop a nuclear weapons capability, due this reason they consider Iran a serious threat for worldwide peace. Tehran always denied any accusation and is continuing development of the program for uranium enrichment declaring civil purposes, and excluding military operations.

The IAEA agency is the organism that is investigating on Iran’s nuclear program and according the group of hackers its analysis isn’t impartial, Israel is widely believed to have nuclear arsenal but no government has conducted further investigations on its nuclear armament. Recently the IAEA published a report that states that Iran was ready to double the output at its underground uranium enrichment facility at Fordo, and the agency was unable to conclude that all nuclear material in was for civil use.

Read more

Rise Of The Machines : Human Judgment Required

As custom government malware becomes an increasingly common international weapon with real-world effects—breaking a centrifuge, shutting down a power grid, scrambling control systems—do we need legal limits on the automated decision-making of worms and rootkits? Do we, that is, need to keep a human in charge of their spread, or of when they attack? According to the US government, no we do not.

A recently issued Department of Defense directive signed by Deputy Secretary of Defense Ashton Carter sets military policy for the design and use of autonomous weapons systems in combat. The directive is intended to minimize "unintended engagements"—weapons systems attacking targets other than enemy forces, or weapon systems causing collateral damage. But the directive specifically exempts autonomous cyber weapons.

Most weapon systems, the policy states, "shall be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force," regardless of whether the system is using lethal "kinetic" weapons or some form of non-lethal force. If bullets, rockets, or missiles are to be fired, tear gas is to be launched, or systems are to be jammed, a human needs to make the final decision on when they are used and at whom they are aimed.

Read more

New Malware Targeting SQL Db's In Iran

Security firm Symantec has discovered a specialised worm called W32.Narilam that can compromise SQL databases. Symantec reports that the malware "speaks" Persian and Arabic and appears to target mainly companies in Iran. Narilam is, therefore, reminiscent of Stuxnet and its variants.

Narilam spreads via USB flash drives and network shares. Once inside the system, the worm searches for SQL databases that are accessible via the Object Linking and Embedding Database (OLEDB) API. Rather than steal found target data for intelligence purposes, the worm proceeds to modify or delete the data and can, says Symantec, cause considerable damage. Stuxnet similarly served no intelligence purpose and was designed to sabotage its target – an uranium enrichment facility in Natanz, Iran.
 
**Narilam affects almost exclusively "corporate users"**
 
The purpose of Narilam, or that of the worm's authors, remains unknown. However, Symantec says that its analysis suggest that the saboteurs appear to have targeted corporate data records. 

Apparently, the worm's translated instructions include object names such as "sale", "financial bond" and "current account". Due to the malware's level of specialisation, Symantec rates the infection risk as low. The security firm notes that current analysis results indicate "that the vast majority of users impacted by this threat are corporate users."

Some of the worm was written in the Delphi programming language. Symantec says that the worm takes its name from its own attributes, because it searches for SQL databases with three specific names: alim, shahd and maliran. 
Source: Symantec 

Read more

South Carolina Department of Revenue Data Breech

The South Carolina Department of Revenue recently suffered a major data breach, leading to 3.8 million tax payers and their 1.9 million dependents having their Social Security numbers exposed along with credit cards (5K) and bank account information (3.3 million accounts).The attacker gained access to 44 servers, installing 33 pieces of malicious software and utilities along the way, all undetected.  The organization had no idea they were breached. It was not until law enforcement brought evidence to the department regarding three cases identify theft, that they were even aware something might be wrong.

According to the official incident report ( PDF)  they are not sure how the hacker gained access, but believe it was via  a phishing attack, where an employee opened an infected attachment and the attacker was able to get a username and password. The attacker was able to log into the network using valid credentials and once inside the network was able to access numerous servers, installing tools to help exploit systems along the way.
 

Detection

Since the attack  South Carolina Governor, Nikki Haley said the State is implementing stronger security policies and tools including 24/7 monitoring. But, you have to wonder why there was no monitoring in the first place. The  attacker was inside the network for months installing software, much of which was malicious, compressing and downloading database files, accessing log files and more. There were no warnings, or red flags alerting the network administrators that something was wrong.  Incident detection and system state intelligence should be part of any information security strategy to help manage risk, which unfortunately  South Carolina has had to  learn the hard way.

Read more

Iran's New Smart Card For Internet Monitoring

A BETTER WAY TO CITIZEN SURVEILLANCE :

Iran's Government introduces a biometric Smart card for monitoring there citizens and  opposition on the Internet., which will serve as the access map to the Web. Without registration of "Smart card", the Internet for citizens remains closed .

Early next year is the "smart card" issued in a pilot project in the province of Qom citizens should receive five years all Iranians aged 15 and over the digital card. The identification should be carried out by a combination of the fingerprint and personal information stored on the card and encrypted, the online with a central database will be matched.

One of the models for the "smart-card" is the card that will be issued by the Immigration Department in Singapore upon request to regular visitors. This also works with fingerprints, is used only to uniquely identify persons at the entry and exit. Also the German identity card provides the opportunity to identify themselves clearly in the Internet and online to do such authorities - on request.

The Iranian card applications are significantly more far-reaching project leader Ebrahim said at the presentation. Not only in their entry and exit, but also in shops on the Internet, the use of the online presence of the authorities at eHealth applications and distribution of subsidized commodities such as gasoline the Iranians must identify themselves electronically in the future.

"As a key", so the State news agency IRNA, the new "smart-card" format to allow Iranian citizens entry into the digital world, "counterfeit-proof and with unique identification possibilities".

But just like a key can the new card not only open doors, but also close. The Iranian regime repeatedly announced to introduce a national "halal closed intranet" that allows access only to pages perfect according to Iranian Islamic law. Until the end of September the British "guardian" reported that researchers from the University of Pennsylvania were encountered a working test version of the "halal" network. Should Tehran fulfill his vision, it could demand from the citizens to identify themselves in any online use with a new map.

Since January 18, Iranian Internet cafés must store six months name, address and telephone number of the user as well as the IP address and all sites visited. Currently the scheme bypasses still relatively easily with help of false personal data. With the new "smart card" that would be impossible. Also, data could be recorded electronically centrally, the access to those users would be much easier. So one of the biggest advantages of the new card is the protection against "Identity theft" according to IRNA.

Read more

Latest Linux malware Doing iFrame Injections

  

                New Linux malware can automatically hijack websites

       

 A few days ago, an interesting piece of Linux malware came up on the Full Disclosure mailing-list. It's an outstanding sample, not only because it targets 64-bit Linux platforms and uses advanced techniques to hide itself, but primarily because of the unusual functionality of infecting the websites hosted on attacked HTTP server - and therefore working as a part of drive-by download scenario.  It can automatically hijack websites hosted on compromised servers to attack web surfers with drive-by-downloads.

The software nasty targets machines running 64-bit GNU/Linux and a web server, and acts like a rootkit by hiding itself from administrators. A browser fetching a website served by the compromised system will be quietly directed via an HTML iframe to malicious sites loaded with malware to attack the web visitor's machine.

The malware module was specially designed for the kernel version 2.6.32-5-amd64, which happens to be the latest kernel used in 64-bit Debian Squeezy. The binary is more than 500k, but its size is due to the fact that it hasn't been stripped (i.e. it was compiled with the debugging information). Perhaps it's still in the development stage, because some of the functions don’t seem to be fully working or they are not fully implemented yet. 

The Linux malware is designed to load itself into memory on startup before hooking itself into kernel functions. Rootkit Linux Snakso-A, as Kaspersky Lab dubs the software, uses various ninja-style tricks to hide itself before crafting network data packets containing the HTML iframes; these are then tucked into the server's output to visiting web browsers. The malicious payload delivered to surfers through these iframes is pulled from a mastermind's command-and-control server.

An excellent, detailed analysis of this rootkit was recently posted on CrowdStrike blog .

Read more

AT&T iPad Data Slurp

A 27 year old  hacker Andrew Auernheimer from new york has been found guilty of breaching AT&T's site security to obtain iPad customer data.

According to the government, the men used an "account slurper" that was designed to match email addresses with "integrated circuit card identifiers" for iPad users, and which conducted a "brute force" attack to extract data about those users, who accessed the Internet through AT&T's network.

The case is been closely watched in the information security community because Auernheimer recovered the data from the AT&T website without bypassing any security controls. The appeal will therefore focus on whether the Computer Fraud and Abuse Act offences were committed by Auernheimer, an important point of law that has implications for both penetration testing and the reporting of security vulnerabilities.

Read more

“First 300 Shares Will Get Prize” Facebook Scam

Various messages distributed on Facebook claim that users can win expensive prizes such as Apple products or designer headphones just by liking and sharing a Facebook Page
  

These posts used by fraudsters to advertise their Facebook pages and, in some cases, even utilized to trick unsuspecting customers into handing over personal information .

FOR EXAMPLE :

“FIRST 300 SHARE WILL GET THE SAMSUNG GALAXY-When It’s done send me all your informations inbox.”

“FIRST 300 SHARE WILL GET THE IPHONE 5-When It’s done send me all your informations inbox.”

“THIS IS NOT A JOKE! I’M GIVING AWAY THOSE I-PADS I-POD IPHONES APPLES, FOR THE LUCKY 50 PEOPLE THAT ‘SHARE’ THIS STATUS, COMMENT ‘DONE’, AFTER YOU LIKED IT. GOOD LUCK I’LL PICK THE LUCKY 05 WINNERS.”

For example, one of the posts mentioned above promises 300 smartphones for the first 300 users that share it. Why would a company hand out 300 expensive devices for only 300 Shares or Likes.
Finally, as Hoax Slayer’s Brett Christensen highlights, these scammy contests are poorly worded and they’re usually written in uppercase letters. A legitimate company would never organize any promotion in such haste.

So, don't give these unscrupulous people what they want! Don't "like" their bogus Pages. Don't be tricked into spamming your friends with their fake promotions by sharing their pictures. Do not send your personal information to these people in the vain hope of winning a prize. Before entering any type of promotion or prize draw always take a closer look. If it seems suspect or dodgy, give it a miss. 

Read more

.Eu Domains Are Being Used To Infect PCs

Some malicious .eu domains have been registered during November which are being used to infect PCs with malware via the Blackhole exploit kit. 

For example :

owzshm.eu
mpxuth.eu
ngpsjy.eu
wlwhhz.eu
jhzopj.eu
jqwwgm.eu
pmgugq.eu
jkiwhy.eu
nrxpxq.eu
vjtjpy.eu
xzjvhs.eu
xipuww.eu
kngipu.eu
ptkqzo.eu
pyrhox.eu

This type of tactic is pretty common, used by many threats in their attempts to evade security filtering.And what of this IP address,It has something of a long history of questionable activity, extending over many months. It currently hosts over 100 domains, whose purpose ranges from porn site gateways (referenced in spam) through to exploit sites.

 

Read more

Smartcard Malware

Smartcard Malware Can Share a Smartcard Over The Internet

                                       S8UK3FT4BKJW

Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.A team of researchers has created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet.

In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to perform operations with the victim's card as if it was attached to his own computer, said Paul Rascagneres, an IT security consultant at Luxembourg-based security auditing and consulting firm Itrust Consulting, on Thursday. Rascagneres is also the founder and leader of a malware analysis and engineering project called malware.lu, whose team designed this USB sharing malware.

Smart cards are used for a variety of purposes, but most commonly for authentication and signing documents digitally. Some banks provide their customers with smart cards and readers for secure authentication with their online banking systems. Some companies use smart cards to remotely authenticate employees on their corporate networks. Also, some countries have introduced electronic identity cards that can be used by citizens to authenticate and perform various operations on government websites.

Rascagneres and the malware.lu team tested their malware prototype with the national electronic identity card (eID) used in Belgium and some smart cards used by Belgian banks. The Belgian eID allows citizens to file their taxes online, sign digital documents, make complaints to the police and more.

However, in theory the malware's USB device sharing functionality should work with any type of smart card and USB smart card reader, the researcher said.

In most cases, smart cards are used together with PINs or passwords. The malware prototype designed by the malware.lu team has a keylogger component to steal those credentials when the users input them through their keyboards.
 However, if the smart card reader includes a physical keypad for entering the PIN, then this type of attack won't work, Rascagneres said.

The drivers created by the researchers are not digitally signed with a valid certificate so they can't be installed on versions of Windows that require installed drivers to be signed, like 64-bit versions of Windows 7. However, a real attacker could sign the drivers with stolen certificates before distributing such malware.

In addition, malware like TDL4 is known to be able to disable the driver signing policy on 64-bit versions of Windows 7 by using a boot-stage rootkit -- bootkit -- component that runs before the operating system is loaded.
The attack is almost completely transparent to the user, since it won't prevent them from using their smart card as usual,The only giveaway might be the blinking activity led on the smart card reader when the card is accessed by the attacker.

Read more

Cracking WPA2 Password Of Belkin Routers

A number of Belkin wireless routers are shipped with a default WPA2 password to protect network connections. The apparently random passwords are printed on a label that’s on the bottom of the router.
Although this approach should be, in theory, more secure, because the password is likely stronger than what many users would set themselves, it turns out that the random passphrases aren’t so random.

The researchers have determined that the password is based on the device’s WAN MAC address, and since this information is not so difficult to obtain, a remote attacker could easily hack into a targeted network – given that the default configuration is used.

The default password is made of 8 characters which can be determined by replacing each hex-digit of the WAN MAC address with another value from a static substitution table.
Several device models are affected, including Belkin N450 Model F9K1105V2 and Belkin Surf N150 Model F7D1301v1.

The experts claim to have contacted Belkin back in January, but since they haven’t received any response, they’ve made their findings public. In the meantime, they advise users to change their default passphrases to something stronger and, implicitly, more secure.

Vulnerability :

Having a preconfigured randomly generated WPA2-PSK passphrase for wireless routers is basically a good idea since a vendor-generated passphrase can be much more secure than most user-generated passwords. However, in the case of Belkin the default password is calculated solely based on the mac address of the device. Since the mac address is broadcasted with the beacon frames sent out by the device, a wireless attacker can calculate the default passphrase and then connect to the wireless network.
Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the wan mac address using a static substitution table. Since the wan mac address is the wlan mac address + one or two (depending on the model), a wireless attacker can easily guess the wan mac address of the device and thus calculate the default WPA2 passphrase.

Moreover, the default WPA2-PSK passphrase solely consists of 8 hexadecimal digits, which means that the entropy is limited to only 32 bits (or 33 bits since some models use uppercase hex digits). After sniffing one successful association of a client to the wireless network, an attacker can carry out an offline brute-force attack to crack the password. The program oclhashcat-plus can try 131,000 passwords per second on one high end GPU (AMD Radeon hd7970) [Link]. Doing a full search of the 32-bit key space takes about 9 hours at this rate.

An attacker can exploit this vulnerability to calculate the WPA2-PSK passphrase of a wireless network. This allows sniffing and decrypting all wireless traffic in a purely passive attack given that the attacker has also sniffed the association.

Affected device :  

 

Belkin Surf N150 Model F7D1301v1
Belkin N900 Model F9K1104v1
Belkin N450 Model F9K1105V2
Belkin N300 Model F7D2301v1

How To Secure Yourself : 

Users of potentially affected wireless routers should change the wireless passphrase to something more secure.

Read more

Windows 8 Pro Free

 Pirates Exploit a weakness in Microsoft’s Key Management Service (KMS) To Get Windows 8 Pro Free Copies: When a better lock’s built, folks just devise new ways to pick it. It’s pretty much a fact of life. So it’s not surprising that folks have already pirated Windows 8. If anything, it was probably expected. What is surprising, however, is that Microsoft’s just unintentionally legitimized pirated copies of Windows 8 Pro through a Windows Media Center upgrade.

The Media Center upgrade, which Microsoft is offering through January 31, 2013, includes Microsoft’s tools for watching and recording live TV. However, applying the upgrade has an unintended side effect: It permanently activates the copy of Windows 8 that you’ve applied it to.

Exploit allows all those pirates currently using the KMS exploit to suddenly grant themselves a complete copy. Since KMS installs basically expire after 180 days .

 

Read more

FreeBSD Project Server Hacked

                       Two FreeBSD Project Servers Hacked

Hackers broke into two FreeBSD project servers using an SSH authentication key* and login credentials,Venerable BSD-based operating system FreeBSD has announced a smallish system compromise.
The FreeBSD administrators took a bunch of servers offline to investigate, and published a blow-by-blow account of what they know about the breach so far.
FreeBSD isn't the first open source operating system to suffer an intrusion on its core servers.
The Linux developers famously suffered both a malware attack and a server compromise last year that saw kernel.org vanish offline for over a month.

No Trojanised packages have been uncovered, at least as yet. But FreeBSD users have been urged to carefully check third-party packages installed or updated between 19 September and 11 November nonetheless, as a precaution.
The FreeBSD.org team has promised to tighten up security, in particular by phasing out legacy services such as the distribution of FreeBSD source via CVSup, in favour of the more robust Subversion, freebsd-update, and portsnap distribution methods". The hack was "not due to any vulnerability or code exploit within FreeBSD .

Read more

Malware Using Google Docs As Proxy

Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, as a bridge when communicating with attackers in order to hide the malicious traffic.

The malware -- a new version from the Backdoor.Makadocs family -- uses the Google Drive "Viewer" feature as a proxy for receiving instructions from the real command and control server. The Google Drive Viewer was designed to allow displaying a variety of file types from remote URLs directly in Google Docs.

Backdoor.Makadocs is distributed with the help of Rich Text Format (RTF) or Microsoft Word (DOC) documents, but does not exploit any vulnerability to install its malicious components, Katsuki said. "It attempts to pique the user's interest with the title and content of the document and trick them into clicking on it and executing it.

Read more

Thanksgiving Screensaver Malware

A malware designed to infect your PC has been found hidden inside an innocuous Thanksgiving screen-saver.When millions of Americans are preparing to celebrate Thanksgiving with their families and friends.

TheThanksgiving screensaver that you just downloaded from the net may not be entirely safe,while you are being presented with a slideshow, the screensaver is silently connecting to a website and attempting to download malicious code, allowing malicious hackers to take remote control of your computer.

Malware also drops a new DLL, called ssheay.dll, which poses as an Add-in for Outlook. A link to the DLL is added into the Registry, ensuring that the code is run automatically each time the computer is started.

So,If you're celebrating Thanksgiving please look after yourself by ensuring your computers are properly patched against the latest security flaws.........................thank's n cheer's from indiatriks.

Read more

Wii U JAILBREAK

Techies claim they've cracked Nintendo's anti-piracy defences in the Wii U days after the games console hit US shelves.
The hack, the gaming equivalent of jail-breaking, allows home-made games, pirate copies of titles and other unauthorised software to run on the Wii U, according to wiiuhacks.com. The attack appears to involve exploiting security holes in old Wii games when a Wii U is running in legacy Wii mode.
The group has also produced a seven-minute video of what appears to be a Wii U playing homebrew games after running the "Smash Stack" exploit from a disc. Nintendo, like other console makers, locks down its machines so, in theory, they can only play cryptographically signed software; hackers usually have to exploit security holes in the system or endorsed games to defeat these protections.

Read more

Lenovo Windows 8-based home theater PC 'IdeaCentre Q190

Lenovo has announced the release of its new range of Windows 8-based home entertainment desktop PC Lenovo IdeaCentre Q190. According to Lenovo, the Q190 desktop PC is the world’s “smallest full-function” PC that measures just 22mm in width.Lenovo’s mini IdeaCentre Q190 is a spec-bumped version of the PC maker’s previous Q180 home entertainment system. Announced on Thursday, the Q190 comes complete with a third-generation Intel Core i3 processor, a terabyte-large hard drive, a 24GB SSD cache, and up to 8GB of memory. It is also compatible with Windows 8.

“Lenovo is committed to making PC innovation accessible to all, and the IdeaCentre Q190 and latest C-Series AIOs deliver just that,” said Ouyang Jun, Executive Director and General Manager, IdeaCentre Business Unit. “Whether it’s the subtle, space-saving design of the Q190 that transforms your living room TV or monitor into a home theater, or the sleek look, powerful performance and family friendly features of the C-Series AIOs, Lenovo’s latest desktop PCs are designed to meet the entertainment needs of any household.”
  Lenovo's new home entertainment system brings full HD graphics to TV screens along with 7.1 channel surround sound via HDMI, and comes with a compact multimedia remote. Other than HDMI, the Q190 comes with an Ethernet port, VGA, S/PDIF, and USB 3.0 connectivity.
The compact PC is specifically designed to take care of the users’ home entertainment needs. For multimedia needs, there is an optional Blu-ray disc player and wireless multimedia remote with built-in mini backlit keyboard and mouse to control the system from a distance. The Lenovo IdeaCenter Q190 is available in January at a starting price of US$ 349.

Read more

Cool Exploit Kit

Cyber crooks have made their attacks stealthier with the launch of a aggressive exploit kit Cool exploit kit   to generate malicious code on legitimate websites. Cool can exploit multiple un-patched vulnerabilities in the user’s browsers, browser plug-ins, software applications or operating systems. Exploit kits are still making rounds, nothing new there.A new kid has been dubbed as Cool Exploit Kit.
Lately, we're seeing that Blackhole updated to the latest PluginDetect version 0.7.9, which has already been used by Cool.It seems that Blackhole is also now exploiting the Java vulnerability,another vulnerability being exploited by Cool. In addition to this, Blackhole is once again serving Flash exploits like it did in version 1,of course, Cool wouldn't want to be left behind as it performs similar checks to the same plugins and exploits the same vulnerabilities.
It may be just us, but the version checks by the two kits are very much alike. And when we checked out Cool’s Flash exploits, we notice that it uses the same Flash filenames as seen from Blackhole version 1, which happen to exploit the same Flash vulnerabilities,although other functions are pretty much similar as well.

With all these “differences”, it appears that Cool and Blackhole are more than just a tiny bit related. And it wasn't only us that noticed that, @kafeine mentioned in his post that there's a high chance that both kits have the same author.

Read more

Email leaks 400+Taliban official's contacts

That was exactly the rookie mistake made by Taliban spokesman Qari Yousuf Ahmedi last week, ABC News reports, which resulted in Ahmedi inadvertently disclosing his full mailing list of more than 400 email addresses.Ahmedi is one of two official spokesmen for the Islamic fundamentalist movement, the other being Zabiullah Mujahid. Ahmedi was reportedly forwarding a press release he received from Mujahid when he mistakenly put recipients' addresses in "cc" field, causing contacts he meant to keep private to be viewable to everyone on the list.

According to the ABC News report, most of those addresses belonged to journalists. That's bad news (no pun intended), because in war-torn Afghanistan, targeted attacks on journalists are commonplace.

Read more

Microsoft Surface tablet

Microsoft's Surface tablet, an important part of the software multinational's attempt to bring Windows into the portable computing age, is suffering from lacklustre sales, according to a report citing manufacturing sources.

Orders from the supply chain are said to have been halved, from an estimated 4m units, which Microsoft expected to sell by the end of the year, to 2m units, said Taiwan's DigiTimes website.

Asus, Samsung and Dell are also experiencing "weak" sales of Windows 8 tablets, sources said. On Wednesday, Asus's chief finance officer, David Chang, revealed that "demand for Windows 8 is not that good right now".

Backed by a multimillion-dollar ad campaign, Surface was designed in-house by Microsoft as a showcase for Windows 8, the latest version of its best-selling software redesigned for the touch screen.

Microsoft declined to comment on Surface. The company said this week it has sold 40m Windows 8 licences since the launch, outstripping sales of Windows 7.

Read more

Cyber security

Five Measures for Your Cyber security

1. Translate Security Answers to Another Language

Many times, security questions such as “What is your favorite book?” are much easier to break than passwords because they are susceptible to social engineering. Consider translating your answers to another language by using free online translation tools. Switching this up can serve to deter a hacker who may assume you’re sticking to only one language.

2. Start Passwords with a Space

Many modern password cracking tools, like Cain & Abel, do not take spaces into account simply because they aren’t common in passwords. Adding one to your password can throw off complex hacking software. Spaces carry other benefits, too. If you need to write your password down, only you will know a space is also needed at the front or end of it.

3. Don’t Depend on Just AES 256 Encryption

With just a few clicks, AES 256 encryption allows anyone using a PC or Mac to encrypt their files and protect them with a password. That said, there are holes, because AES 256 encryption is only as strong as the master password being used for the encryption. For example, if no randomness is used on data encrypted with AES 256, it is susceptible to the TLS CBC IV attack.
4. Do not use NTLM if the Underlying Protocol is Insecure
If you are accessing a site via HTTP or FTP — both protocols for exchanging files over the internet — never enter your credentials in a Windows authentication popup. Unlike HTTP or FTP, HTTPS and SFTP ensure data being sent from the host computer to the receiver isn’t available in plain text. HTTPS and SFTP ensure the entire transmission is encrypted, so no outside eyes can access usernames and passwords.

5. Use Drive Encryption Software

Use drive encryption software such as BitLocker on all machines. Even if you format your hard drive, sensitive data can easily be recovered from a machine if it is lost or stolen. Drive encryption software is a simple way to prevent this from happening, because it encrypts every bit of data on a storage volume.

Read more

How To Become a Computer Forensics Expert

What a Computer Forensics Investigator needs to understand

A Computer Forensics Investigator needs to be able to understand the process of investigating a cybercrime, the laws involved and the details in obtaining the necessary authorisation to perform the investigation.

Each computer forensics case is different, and each country’s laws are different too. Most difficult of all: attacks are becoming more elaborate every day.

The Computer Forensics Investigator must have the necessary information technology and security skills, to be able to deal with these different situations.

The examination process – and the many different types of digital evidence - makes computer forensics a time-consuming process. So a Computer Forensics Investigator must also have the necessary skills to manage projects and resources.
 
First things first: the First Responder

The most important function of a computer forensics investigator starts with the First Responder. Roles of the First Responder include: securing, evaluating and documenting the electronic crime scene; conducting preliminary interviews; collecting, preserving, packaging and transporting electronic evidence; and finally reporting the crime.
 
The role of the Computer Forensics Investigator

Below are a few actions required of the Investigator:
•         Recover deleted files and deleted partitions in Windows, Mac OS X, and Linux
•         Crack passwords, understand password-cracking processes and have access to password-cracking tools
•         Understand types of password attacks and how to investigate a password-protected file breach
•         Understand different types of log capturing techniques, log management, log capturing tools and time synchronisation
•         Investigate logs, network traffic, wireless attacks, and web attacks
•         Track e-mails and investigate e-mail crimes.
 
How does computer forensics fit within the ethical hacking world?

Ethical hacking is a function of computer forensics. Ethical hacking is the process that follows vulnerability assessments and scanning. Ethical hacking is the art of exploitation with permission - and thus is a mandatory skill and requirement within the computer forensics world.

When a computer forensics investigator is tasked with the collection, examination, identification, preservation, recovery, analysis and presentation of evidence as facts; ethical hacking is the fundamental skill to achieve these effectively.
 
Computer forensics certifications

There are several computer forensics certs to choose from. These are the best:
·         C|HFIv8 - Computer Hacking Forensics Investigatorfrom the EC-Council
·         GCFE - Forensics Examinerfrom the GIAC (SANS)
·         CCFE - Certified Computer Forensics Examinerfrom the IACRB
·         CCE - Certified Computer Examinerfrom the ISFCE

Read more