IT World Canada has an interesting article on an issue a lot of my customers have been asking about lately:
Corporate IT administrators may have more to worry about than just the wave of smart watches, Google glasses and other wearable computing devices that could flood the enterprise soon. A recent survey of indicates that more than half of Generation Y workers are prepared to contravene corporate bring your own device and cloud computing policies if it cramps their personal and professional computing and social networking activity.
Showing posts with label 0-day. Show all posts
Showing posts with label 0-day. Show all posts
Monday, November 11, 2013
Thursday, December 13, 2012
Skynet Botnet Controlled Over Tor
A botnet has been discovered that uses a hidden Tor IRC service for command and control. Although Tor tends to be on the slow side, the extra layers of anonymity make it significantly difficult and maybe even impossible to locate either the C&C servers, or the people running them.
All kinds of direct hack attacks probably occur over the Tor network. This use however, is interesting in that there currently is no known method for shutting them down. I expect that once a compromised server is found, researchers will begin looking for vulnerabilities on the hidden Tor services in the hopes of finding a vulnerability that exposes the actual IP information.
The article discusses how the bots are being used to mine bitcoins.
Either way, this is interesting, and probably will soon be the de facto way to run botnets.
All kinds of direct hack attacks probably occur over the Tor network. This use however, is interesting in that there currently is no known method for shutting them down. I expect that once a compromised server is found, researchers will begin looking for vulnerabilities on the hidden Tor services in the hopes of finding a vulnerability that exposes the actual IP information.
The article discusses how the bots are being used to mine bitcoins.
Either way, this is interesting, and probably will soon be the de facto way to run botnets.
Monday, May 14, 2012
Microsoft Causes OSX Vulnerability, Then Gloats
Microsoft discovered a vulnerability in Word that could allow an attacker to execute code on any system using Microsoft Word to read a specially malformed document, then spins it to say it is proof that Macs are just as vulnerable as Windows to document-based attacks.
Tuesday, March 20, 2012
The Pwn Plug is a little white box that can hack your network
Built by a startup company called Pwnie Express, the Pwn Plug is pretty much the last thing you ever want to find on your network—unless you've hired somebody to put it there. It's a tiny computer that comes preloaded with an arsenal of hacking tools. It can be quickly plugged into any computer network and then used to access it remotely from afar. And it comes with "stealthy decal stickers"—including a little green flowerbud with the word "fresh" underneath it, that makes the device look like an air freshener—so that people won't get suspicious.
Friday, March 16, 2012
Anyone can say they are part of Anonymous... unless it makes them look bad
Anonymous likes to say that anyone can be a member just by saying they are. But apparently anyone creating malware while claiming to be part of Anonymous are officially *not* part of Anonymous. Unless of course it is malware written by other members of Anonymous. This is bizarre circular thinking for folks who have been known to be far more clever in the past. What gives?
Monday, November 21, 2011
Illinois Water Utility Pump Destroyed After Hack
A cyber attack on a Springfield, Ill. public water utility resulted in the destruction of one of its pumps, according to a security expert.
While I would do away with alarmist statements like "This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic", and find it hard to give any amount of credibility to people that make such stupid pronouncements, the situation described in this article points out once again how SCADA systems are still not being treated at the level of sensitivity they should be.
While I would do away with alarmist statements like "This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic", and find it hard to give any amount of credibility to people that make such stupid pronouncements, the situation described in this article points out once again how SCADA systems are still not being treated at the level of sensitivity they should be.
Tuesday, November 8, 2011
What is Phlashing
Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote update paths in network hardware, which are often left unprotected, to deliver corrupted and flash this to the device. As a result, the device would become unusable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote update paths in network hardware, which are often left unprotected, to deliver corrupted and flash this to the device. As a result, the device would become unusable.
Thursday, September 8, 2011
Award BIOS Flashing Trojan
I used to talk about the possibility of a virus or worm writing boot code on hard drives, or flashing devices with new configurations, or even entirely new code. It seems there is now a trojan out there that does just that. Yes the site is in Chinese. But it describes a trojan that flashes Award BIOS code to add a few new functions on bootup.
Symantec has more details on how it infects the hard drive Master Boot Record (MBR) and specifically targets and alters the Award BIOS. Other BIOS brands are not affected.
Symantec has more details on how it infects the hard drive Master Boot Record (MBR) and specifically targets and alters the Award BIOS. Other BIOS brands are not affected.
Thursday, August 25, 2011
Ten years later, still the same malware?
At Blackhat2011 during an interview about ESET'S recent Global Threat Report, a reporter asked me why we still see very old strains of common, long-detected malware. After all, haven't we detected these threats in the wild for years by now?
Sunday, August 7, 2011
Check out The INTRUDER Daily
The INTRUDER Daily is a newspaper style aggregation of information security news. Check it out!
Thursday, June 30, 2011
Software Can Copy Your Keys From A Photograph Taken 200 Feet Away
A new piece of software cleverly titled Sneakey makes it possible to copy keys using nothing more than a photograph, even if that photograph was taken from far away, according to Peter Murray at Singularity Hub.
In one demonstration, the software helped create working keys using a picture taken with a cell phone camera and a picture taken with a telephoto lens over 200 feet away.
In one demonstration, the software helped create working keys using a picture taken with a cell phone camera and a picture taken with a telephoto lens over 200 feet away.
Wednesday, June 29, 2011
The Navy Bought Fake Trojanized Chinese Microchips
The Navy Bought Fake Trojanized Chinese Microchips. They weren't only low-quality fakes, they had been made with a "back-door" and could have been remotely shut down at any time. If left undiscovered the result could have rendered useless U.S. missiles and killed the signal from aircraft that tells everyone whether it's friend or foe.
The problem remains with these "trojan-horse" circuits that can be built into the chip and are almost impossible to detect -- especially without the original plans to compare them to.
The Intelligence Advanced Research Projects Agency (IARPA) is now looking for ways to check the chips to make sure they haven't been hacked in the production process.
The problem remains with these "trojan-horse" circuits that can be built into the chip and are almost impossible to detect -- especially without the original plans to compare them to.
The Intelligence Advanced Research Projects Agency (IARPA) is now looking for ways to check the chips to make sure they haven't been hacked in the production process.
Tuesday, June 28, 2011
Old Style MBR Viruses are Back
Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector.
A new variant of a Trojan Microsoft calls "Popureb" digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog.
If this reminds you of the 80's, it should. At least back then you could boot to your DOS rescue disk and type FDISK /MBR to get rid of boot sector viruses. Now that there is too much money to be made off of viruses, I'm sure this command no longer works.
A new variant of a Trojan Microsoft calls "Popureb" digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog.
If this reminds you of the 80's, it should. At least back then you could boot to your DOS rescue disk and type FDISK /MBR to get rid of boot sector viruses. Now that there is too much money to be made off of viruses, I'm sure this command no longer works.
Tuesday, June 21, 2011
Amazon's cloud is full of holes
Thomas Schneider, a postdoctoral researcher in the System Security Lab of Technische Universität Darmstadt, said on Monday that Amazon's Web Services is so easy to use that a lot of people create virtual machines without following the security guidelines.
In what they termed was the most critical discovery, the researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines.
But the consequences could be expensive: With those keys, an interloper could start up services on EC2 or S3 using the customer's keys and create "virtual infrastructure worth several thousands of dollars per day at the expense of the key holder," according to the researchers.
In what they termed was the most critical discovery, the researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines.
But the consequences could be expensive: With those keys, an interloper could start up services on EC2 or S3 using the customer's keys and create "virtual infrastructure worth several thousands of dollars per day at the expense of the key holder," according to the researchers.
Anonymous steals 10,000 Iranian government emails, plans DDoS attack
After hacking into the Iranian Government email sites and procuring 10,000 official's email addresses and their associated emails, Anonymous is planning a full day of DDoS attacks to mark the election day anniversary.
'LulzSec suspect' arrested by New Scotland Yard
New Scotland Yard has confirmed that it has arrested a 19-year old suspected hacker in Essex, UK, in connection with a series of hacks and denial-of-service attacks against a number of organisations.
It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA).
It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA).
Monday, June 20, 2011
Japan Criminalizes Creation, Acquisition or Storage of Computer Viruses
A new law in Japan makes creation or distribution of a computer virus without reasonable cause punishable by up to three years in prison, and acquisition or storage of a virus punishable by up to two years.
I am not sure how stringent their definition of "reasonable cause" is in this case, but it sounds like a good start.
I am not sure how stringent their definition of "reasonable cause" is in this case, but it sounds like a good start.
Sunday, June 19, 2011
Quantum Cryptography Not All It's CRACKED Up To Be.
This story is an easy-to-read easy-to-understand description of a flaw in quantum cryptography that allows an observer to determine the quantum key. Until now, this was theoretically impossible. If my 20 years in information security has taught me one thing, it is that hackers love impossibilities.
Saturday, June 18, 2011
PC World Confuses LulzSec with Batman
Why on earth is PC World thanking LulzSec? This article is far too similar to subplots in the Batman or Spiderman movies. Talk about mixed messages... PC World has lost any credibility they may have once had.
Read this article for a more appropriate response to LulzSec's behavior.
Read this article for a more appropriate response to LulzSec's behavior.
Tuesday, March 8, 2011
Nexus S Android Sniffs and Emulates RFID tags
The Nexus S Android phone is capable of reading and emulating RFID. An application called Farebot demonstrates how the phone could be used to emulate RFID fare cards. This apparently could make it cheaper and more convenient for transit riders. However, the software's author also points out how many of these cards keep records trip information in clear-text. This creates a bit of a privacy issue since it is so easy for this software to read cards from people who merely happen to walk close enough to you.
Currently FareBot can parse and display balance and trip history information from Seattle’s ORCA card, and can dump raw data from any other MIFARE DESFire card including San Francisco’s Clipper card. FareBot is open-source and designed to be flexible so that hopefully other developers will add support for other types of cards.
Currently FareBot can parse and display balance and trip history information from Seattle’s ORCA card, and can dump raw data from any other MIFARE DESFire card including San Francisco’s Clipper card. FareBot is open-source and designed to be flexible so that hopefully other developers will add support for other types of cards.
Subscribe to:
Posts (Atom)