softsecurity.com In focus

Infernal affairs: NZ govt sites attacked

Sun, 27 Mar 2011 16:53:30 GMT

Anonymous, or merely anonymous? Online hacktivists Anonymous have been accused of bringing down the New Zealand Government?s Department of Internal Affairs last week ? or perhaps they haven?t.?

Friday Squid Blogging: Squid Fabric Designs

Fri, 25 Mar 2011 16:15:15 GMT

Some of these are actually nice.

Authenticating the Authenticators

Fri, 25 Mar 2011 12:22:47 GMT

This is an interesting read: It was a question that changed his life, and changed mine, and may have changed -- even saved -- all of ours by calling attention to flaws in our nuclear command and control system at the height of the Cold War. It was a question that makes Maj. Hering an unsung hero of the nuclear age. A question that came from inside the system, a question that has no good answer: How can any missile crewman know that an order to twist his launch key in its slot and send a thermonuclear missile rocketing out of its silo�a nuke capable of killing millions of civilians�is lawful, legitimate, and comes from a sane president? Any chain of authentication ultimately rests on trust; there's no way around it.

Man Utd sues supporter over corporate client 'data theft'

Fri, 25 Mar 2011 11:51:43 GMT

Prawn sandwich crowd suffer intimidation Manchester United is suing a supporter who published a list of its corporate supporters on its website last year, a move the football club alleges led to incidents of harassment.?

Chinese firm accused of mobile malware ruse

Fri, 25 Mar 2011 09:50:39 GMT

Users pay to remove unrequested app Chinese security firm NetQin has been accused of conspiring to plant malicious software on users' handsets in order to drum up business for its mobile security software.?

Identifying Tor Users Through Insecure Applications

Fri, 25 Mar 2011 06:38:05 GMT

Interesting research: "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users": Abstract: Tor is a popular low-latency anonymity network. However, Tor does not protect against the exploitation of an insecure application to reveal the IP address of, or trace, a TCP stream. In addition, because of the linkability of Tor streams sent together over a single circuit, tracing one stream sent over a circuit traces them all. Surprisingly, it is unknown whether this linkability allows in practice to trace a significant number of streams originating from secure (i.e., proxied) applications. In this paper, we show that linkability allows us to trace 193% of additional streams, including 27% of HTTP streams possibly originating from ``secure'' browsers. In particular, we traced 9% of Tor streams carried by our instrumented exit nodes. Using BitTorrent as the insecure application, we design two attacks tracing BitTorrent users on Tor. We run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor users. Using these IP addresses, we then profile not only the BitTorrent downloads but also the websites visited per country of origin of Tor users. We show that BitTorrent users on Tor are over-represented in some countries as compared to BitTorrent users outside of Tor. By analyzing the type of content downloaded, we then explain the observed behaviors by the higher concentration of pornographic content downloaded at the scale of a country. Finally, we present results suggesting the existence of an underground BitTorrent ecosystem on Tor.

Spotify splattered with malware-tainted ads

Fri, 25 Mar 2011 06:15:08 GMT

Sounds dodgy Updated Users of the ad-supported version of Spotify were hit by a malware-based attack on Thursday.?

Chain Reaction finds and plugs security hole that led to fraud

Fri, 25 Mar 2011 05:29:40 GMT

Bike site gets back on track Popular UK-based biking site ChainReactionCycles.com has confirmed that a security breach on its systems led to fraud against its customers.?

RSA won't talk? Assume SecurID is broken

Thu, 24 Mar 2011 15:25:42 GMT

No news is bad news for two-factor logins Comment It's been a week since RSA dropped a vaguely worded bombshell on 30,000 customers that the soundness of the SecurID system they used to secure their corporate and governmental networks was compromised after hackers stole confidential information concerning the two-factor authentication product.?

Detecting Words and Phrases in Encrypted VoIP Calls

Thu, 24 Mar 2011 12:46:16 GMT

Interesting: Abstract: Although Voice over IP (VoIP) is rapidly being adopted, its security implications are not yet fully understood. Since VoIP calls may traverse untrusted networks, packets should be encrypted to ensure confidentiality. However, we show that it is possible to identify the phrases spoken within encrypted VoIP calls when the audio is encoded using variable bit rate codecs. To do so, we train a hidden Markov model using only knowledge of the phonetic pronunciations of words, such as those provided by a dictionary, and search packet sequences for instances of specified phrases. Our approach does not require examples of the speaker's voice, or even example recordings of the words that make up the target phrase. We evaluate our techniques on a standard speech recognition corpus containing over 2,000 phonetically rich phrases spoken by 630 distinct speakers from across the continental United States. Our results indicate that we can identify phrases within encrypted calls with an average accuracy of 50%, and with accuracy greater than 90% for some phrases. Clearly, such an attack calls into question the efficacy of current VoIP encryption standards. In addition, we examine the impact of various features of the underlying audio on our performance and discuss methods for mitigation.

Five jailed for �140m VAT scam

Thu, 24 Mar 2011 09:38:18 GMT

Nearly 40 years' chokey for revenue cheats Five men have been jailed for their roles in a huge missing-trader fraud which netted �140m.?

Hackers make off with TripAdvisor's membership list

Thu, 24 Mar 2011 09:35:32 GMT

Can't recommend it Travel site TripAdvisor has warned subscribers to expect more spam following the theft of its member database.?

Transmitting Data Through Steel

Thu, 24 Mar 2011 07:37:25 GMT

This is cool: Tristan Lawry, doctoral candidate in electrical and computer engineering, has developed equipment which can transmit data at high rates through thick, solid steel or other barriers. Significantly, Lawry's kit also transmits power. One obvious application here would be transmission through the steel pressure hull of a submarine: at the moment such hulls must have hundreds of penetrations for power and data cables, each one adding expense, weight and maintenance burden. What's interesting is that this technology can be used to transmit through TEMPEST shielding. If you had the through-metal technology now reinvented by Lawry, however, your intruder -- inside mole or cleaner or pizza delivery, whatever -- could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition's unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years. Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs. Naturally, if you knew how such equipment worked you might be able to detect or block it -- hence the understandable plea from the British spooks to BAE to keep the details under wraps. Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel -- and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers.

EU admits deep impact cyberattack in run-up to key summit

Thu, 24 Mar 2011 07:34:42 GMT

Internal docs suggest longer-term problem The EU has admitted to having been hit by a deep, penetrating cyber-attack.?

Russian jailed for 6 years for smutty billboard stunt

Thu, 24 Mar 2011 05:26:54 GMT

Serious sentence for stoner silliness A Russian man has been jailed for six years for putting smut on a streetside video billboard.?

Auditor to Oz PM&C: don?t use Webmail for leaks

Wed, 23 Mar 2011 17:26:45 GMT

Security spooks slap sloppy civil servants Australian cloud computing chauvinists are prepping the ?#GovDoesn?tGetIt? hashtag after the Australian National Audit Office (ANAO), with a bit of help from the spooks in the Defence Signals Directorate, identified services like Hotmail and Gmail as key vulnerabilities in government information security.?

Discussing PCI at RSA

Wed, 23 Mar 2011 17:18:37 GMT

I always enjoy getting a chance to talk with folks like Gene Kim, Josh Corman and Mike Dahn.� We’ve talked about the nature of compliance together many times and I like that all of us have evolving opinions of how compliance influences the world.� We got the gang back together in front of a video [...]

'Iranian' attackers forge Google's Gmail credentials

Wed, 23 Mar 2011 15:12:36 GMT

Skype, Microsoft, Yahoo, Mozilla also targeted Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.?

Microsoft Releases Security Advisory 2524375

Wed, 23 Mar 2011 12:12:00 GMT

Hello - Today we're releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks. We have taken steps to further help protect customers by developing a mitigation update. We recommend customers download the update to help protect against inadvertent use of the fraudulent digital certificates. Customers should continue to utilize Internet Explorer's Security Status bar located on the right side of the address bar to verify that the site being visited is valid and secure. The Microsoft mitigation will be made available through the Microsoft Download Center and the Windows Update Service. For customers who use Windows Automatic Updates, the update will occur automatically. The video below provides additional viewpoints on the mitigation and explains why you should prioritize installation as soon as possible. If you have not done so already, we highly recommend customers register for our comprehensive alerts. Sign up here: Microsoft Technical Security Notifications Thanks, Bruce Cowper
Group Manager, Trustworthy Computing

ZeuS cybercrime cookbook on sale in underground forums

Wed, 23 Mar 2011 11:32:59 GMT

Lets non-coders produce trojans, other burglar tools Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit though underground forums.?

RUSTOCK TAKEDOWN: How the world's worst botnet was KO'd

Wed, 23 Mar 2011 08:48:54 GMT

Redmond posse sends bot-herd cowboys a-runnin' Analysis The unidentified criminals behind the infamous Rustock botnet were paying at least $10,000 a month for US-based command and control servers prior to a successful takedown operation last week.?

Nokia C7 'Astound' in US debut - all ready for touchless payment

Wed, 23 Mar 2011 08:04:00 GMT

OK, keys, wallet, phone - I'm outta here The Nokia C7 has got its American launch, exclusive to T-Mobile and branded the "Astound", but it also got functioning NFC software ? unlike its European incarnation.?

Threats vs. Vulnerabilities

Wed, 23 Mar 2011 06:34:58 GMT

I found this article on the difference between threats and vulnerabilities to be very interesting. I like his taxonomy.

Fake Japan blackout alerts cloak Flash malware

Wed, 23 Mar 2011 06:17:03 GMT

Scumbags continue to batten on human misery Scumbags are taking advantage of the desperate situation in Japan by distributing malware that poses as information about a rolling electricity blackout programme.?

Facebook tells privacy advocates not to 'shoot the messenger'

Wed, 23 Mar 2011 06:01:02 GMT

You have no right to be forgotten, argues big IT Facebook insisted yesterday that it is heavily focused on tightening privacy controls for its users, even if information posted on its platform is re-published elsewhere by people accessing the site.?

Facebook traffic mysteriously passes through Chinese ISP

Tue, 22 Mar 2011 22:44:49 GMT

Routing cockup most likely explanation For a short time on Tuesday, internet traffic sent between Facebook and subscribers to AT&T's internet service passed through hardware belonging to the state-owned China Telecom before reaching its final destination, a security researcher said.?

Network Security Podcast, Episode 234

Tue, 22 Mar 2011 19:24:35 GMT

Martin, Rich and Zach are joined tonight by none other than Josh Corman from the 451 Group to talk about the recent RSA breach.� Actually, he was on more to talk about the industries reaction to the breach more than the breach itself.� The reality is that we still know almost nothing about what happened, [...]

Interview: Unisys on the cybercrime treaty

Tue, 22 Mar 2011 16:10:04 GMT

Why Australia should sign up Australia is working through the long process of acceding to the European Convention on Cybercrime. It?s a process that causes significant angst. Privacy advocates are concerned at the convention?s intrusive nature; ISPs worry about how much data they?d have to carry.?Free Register Webcast: Can telephony and IT work together?

Apple showers love on Mac malware protection

Tue, 22 Mar 2011 15:35:30 GMT

Feeds Snow Leopard's neglected Xprotect For only the second time in 19 months, Apple has updated the signatures used to protect Mac users against malware attacks.?

Nude women back accused WikiLeaker

Tue, 22 Mar 2011 12:18:32 GMT

Protestors bare breasts for Bradley Manning Photos Supporters of Bradley Manning stripped down to their skivvies outside the office of US Senator Diane Feinstein to protest the treatment of the suspected WikiLeaker, who is being held in solitary confinement, often without being allowed to wear clothes.?