Information Security News
Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction.
The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system.
The attack is more serious than the Thunderstrike proof-of-concept exploit that came to light late last year. While both exploits give attackers the same persistent and low-level control of a Mac, the new attack doesn't require even brief physical access as Thunderstrike did. That means attackers half-way around the world may remotely exploit it.
by Peter Bright
Hola is a VPN provider that purports to offer its users freedom from censorship, a way to access geoblocked content, and anonymous browsing. The service claims that more than 47 million people are part of its peer-to-peer network. But according to a group of researchers (calling themselves Adios), it's dangerously insecure: the client software has flaws that allow for remote code execution and features of the client enabled tracking. On top of that, critically, Hola sells access to its peer-to-peer network with little oversight, enabling it to be used maliciously. The nature and scale of problems with Hola has researchers now saying users should bid adieu to the software.
Since the initial reports, Hola has made some changes. One method of remote code execution was removed—though the Adios team says that others remain—and the tracking flaw has also been fixed. But the deeper problems remain, and they're fundamental to the way that Hola is built.
The company doesn't hide the fact that the Hola network is peer-to-peer. Users of the service form a large network, and Hola traffic is routed through this network, using the connections of other Hola users. This is great for Hola; it means that the company doesn't need to operate points of presence in different countries in order to make traffic appear to originate in these countries. But this is very risky for end users.
Facebook has announced that its users can add an OpenPGP public key to their profile. This will allow Facebook to encrypt notification e-mails, and for others to use the public keys for encrypted communications. Facebook is "gradually rolling out" this experimental feature, which will be available from your account's Contact and Basic Info page.
Facebook says it has chosen to use GNU Privacy Guard (GPG) for its implementation. Back in February, the company stepped in with a $50,000 donation when the GPG project was struggling to raise funds to secure its future. As far as the detailed implementation is concerned, Facebook's notifications will be encrypted using the RSA or ElGamal algorithms, and the company is "investigating the addition of support for GPG's newer elliptic curve algorithms in the near future." Facebook is also looking at ways of offering public key management on mobile devices, not currently supported.
When encrypted notifications are enabled on an account, Facebook will sign outbound messages using its own private key to provide greater assurance that the contents of inbound e-mails are genuine—one of the chief benefits of the new feature. It means, for example, that users can be sure that password reset messages do indeed come from Facebook rather than someone masquerading as the company.
Posted by InfoSec News on Jun 01http://www.bbc.com/news/technology-32925495
Posted by InfoSec News on Jun 01http://www.csoonline.com/article/2926718/security-awareness/what-enterprise-should-do-when-helpless-employees-lose-hope-in-fighting-cyber-attacks.html
Recently I made some small modifications to the Dshield Linux Cisco PIX submission perl script (https://www.dshield.org/clients/framework/cisco.tar.gz). This allows anyone with an ASA or Cisco Security Manager(CSM) to submit logs to the project with ease.
">Setup a cron, to submit the logs.
">Initially its best to have it cc you the logs so you can validate that everything is working via the dshield.cnf file.
">If using postfix, make sure that the message size limit is very high, as this will not attach a compressed file, it">message_size_limit =
">If the email goes through, check the ISC portal My Account - My Reports. You should see when you last submitted logs. This may lag behind several hours before the website updates, so dont worry on first submission if it takes a bit.
">Now get submitting your logs!
Tom Webb(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Coming to Infosec Europe this week? Would you like a free T-shirt?
Infosec Europe begins tomorrow and we're busy putting the finishing touches to the Sophos stand. Sophos stand setup. If you're attending the event, please do stop by the stand (D260) and say hi, and make sure you listen to one or more of the talks from ...
Posted by InfoSec News on Jun 01http://www.energyglobal.com/downstream/special-reports/29052015/How-can-SCADA-security-be-improved-for-oil-and-gas-companies-089/
Posted by InfoSec News on Jun 01http://www.eweek.com/mobile/wearables-maker-jawbone-sues-fitbit-over-alleged-data-theft.html
Posted by InfoSec News on Jun 01http://www.networkworld.com/article/2929173/apple-vulnerability-could-allow-firmware-modifications-researcher-says.html
Posted by InfoSec News on Jun 01http://www.theage.com.au/it-pro/security-it/rentahacker-site-leaks-australian-buyers-names-and-addresses-20150529-ghca3f.html
Posted by InfoSec News on Jun 01http://www.lawfareblog.com/2015/05/tallinn-2-0-and-a-chinese-view-on-the-tallinn-process/
56 MEEELLION credentials exposed by apps say infosec boffins
Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook. The research team tested 750,000 Android and iOS applications, ...