Hackin9
New chips that blur the line between computer memory and storage are starting to move beyond niche applications and could change how we use PCs, an industry analyst said Sunday.
 
Apple's iPhone and iPad users will now be able to add 1TB of external storage with LaCie's new Fuel wireless hard drive.
 
Samsung is making a play for the "connected home" with a new service that will let people control things as varied as their refrigerator, TV and heating system via a single smartphone app.
 

On Friday, Netherlands-based security firm Fox IT reported that Yahoo.com's advertising network (ads.yahoo.com) was hacked and serving up malware to thousands of visitors during the last week. Fox IT believes Yahoo users were compromised as early as December 30, and the company estimates as of Friday that malicious materials were being delivered to roughly 300,000 visitors per hour—with nine percent (27,000) thought to be infected.

While infected, Yahoo's ad servers were reportedly sending visitors an "exploit kit." According to Fox IT, this would zero-in on vulnerabilities in Java to install various malware components on host computers. Fox IT has not yet identified a specific culprit, but the firm is confident the attack is financially motivated (with control of victim's machines possibly being sold to others).

The Washington Post spoke to two security researchers who confirmed the situation. Researcher and WaPo contributor Ashkan Soltani said it's possible the attack came from a direct hack, but the attackers may have also disguised the malware as regular ads that evaded Yahoo's filtering system. Either way, The Post noted the situation is just the most recent case of Java exploits in a year that was filled with them.

Read 2 remaining paragraphs | Comments

 

Author Nick Sullivan worked for six years at Apple on many of its most important cryptography efforts before recently joining CloudFlare, where he is a systems engineer. He has a degree in mathematics from the University of Waterloo and a Masters in computer science with a concentration in cryptography from the University of Calgary. This post was originally written for the CloudFlare blog and has been lightly edited to appear on Ars.

There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm that the NSA reportedly paid RSA $10 million in exchange for making it the default way for its BSAFE crypto toolkit to generated random numbers.

So how is that possible? This is a technical primer that explains what a backdoor is, how easy it can be to create your own, and the dangerous consequences of using a random number generator that was designed to have a backdoor. This is necessarily a long technical discussion, but hopefully by the end it should be clear why Dual_EC_DRBG has such a bad reputation.

Read 44 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In a move likely designed to bring into its fold a team of Swiss Android developers, Google has apparently bought Bitspin, according to a post on the website of the maker of an Android alarm clock app.
 
Lower pricing hasn't stopped Lenovo from adding a gaggle of new features and innovations to its latest hybrid laptops and tablets.
 
Lenovo wants to bring 4K to the masses with the aggressively priced $799 ThinkVision 2840m monitor.
 

2014, the year that infosec gets political
CSO Magazine
2013 has certainly been a watershed year for information security. But to understand how things might subsequently unfold in 2014, it's worth remembering that each and every revelation of 2013 will be processed and acted upon by humans. Humans with ...

and more »
 

French researcher finds gaping holes in security of DSL modems
iT News
Nigel Stanley, CEO and analyst of infosec consultancy Incoming Thought, said that with the proliferation of broadband technology, many homes and small businesses will be relying on these modems to provide access to the web. "But how on earth can an ...

and more »
 

In previous diary I talked about startup folders and shell folders registry keys. In this diary I will continue talking about how to check if you are suspecting something malware or a compromised system.

2-Run and RunOnce registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\

 

Any executable in the above registry keys will start during the system startup, the different between Run and RunOnce is that RunOnce will run the value for one time then it will be deleted ,while Run it will run every time that the system startup.


  

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\

The above keys is related to specific user login, again the different between Run and RunOnce is RunOnce will run one time the the value will be deleted while run will be run every time that the specific user log on.

3- Services

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

Here you can find the list of services that run at system startup, each service has a startup value as the following table:

 

Value

Startup Type

2

Automatic

3

Manual

4

Disabled

 4-Schedule tasks:

Schedule task can be used to run a executable based on a schedule .The task are located in %windir%/tasks folder,of course attacker and malware will not use task name such as ‘I am malicious’ instead it will use some names that sound legitimate such ‘Windows Update’ .  




 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Malicious ads served through Yahoo's ad network delivered malware to thousands of site visitors, according to researchers at Fox-IT, but Yahoo subsequently blocked the attack.
 
Microsoft co-founder Bill Gates' once-invulnerable position as the company's biggest stockholder continued to erode in the fourth quarter of 2013.
 
Internet Storm Center Infocon Status