Information Security News
by Robert Lemos
Major Bitcoin exchange Bitstamp reopened its virtual doors late Friday, four days after it suspended services because of an online theft of 19,000 bitcoins valued at more than $5 million.
Bitstamp, the second largest Bitcoin exchange for US dollars, moved its system to Amazon’s cloud services and added additional security features to make compromises more difficult, Bitstamp’s CEO Nejc Kodrič said in a statement on the company’s website.
“By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” he said. “While this decision means we have not been able to provide you with services for a number of days, we feel this extra measure of precaution was in the best interest of our customers.”
The miscreants taking credit for knocking image board site 8chan offline, and earlier for taking down Sony's and Microsoft's gaming networks, operates an attack platform powered mostly by thousands of hacked home Internet routers, according to a published report.
The revelation, in an article posted Friday by KrebsOnSecurity, is the latest evidence documenting a big uptick in the hacking of Internet routers. Over the past 18 months, researchers have uncovered several other large-scale attacks on routing devices, including those made by Asus, Linksys, and many other manufacturers. Routers are often ripe targets because users fail to change default passwords, and the devices often contain security vulnerabilities that can easily be exploited by attackers halfway around the globe.
Those compromising routers for financial gain appear to be members of the Lizard Squad, a group that operates an online attack service that promises to take down any site a paying customer has requested. KrebsOnSecurity namesake Brian Krebs cited security researchers assisting law enforcement officials investigating the group. The researchers asked to remain anonymous. According to Krebs, the for-hire denial-of-service service is powered by a network of compromised devices that mostly include home routers from around the world that are protected by little more than default usernames and passwords. Krebs wrote:
North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.
Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.
However, because Red Star has had so few people with access to it, one of the ironic side effects has been that security holes in the operating system may have gone undetected. And as a security researcher who tested the latest release of Red Star's desktop version reported today, one flaw in the system would allow any user to elevate their privileges to those of the system's root account and bypass all those security policies put in place by the North Korean regime.
Using the Spotlight search feature in OS X Yosemite can leak IP addresses and private details to spammers and other e-mail-based scammers, according to tests independently performed by two news outlets.
The potential privacy glitch affects people who have configured the Mac Mail App to turn off the "load remote content in messages" setting, as security experts have long advised. Spammers, stalkers, and online marketers often use remote images as a homing beacon to surreptitiously track people opening e-mail. Because the images are hosted on sites hosted by the e-mail sender, the sender can log the IP address that viewed the message, as well as the times and how often the message was viewed, and the specific e-mail addresses that received the message. Many users prefer to keep their e-mail addresses, IP addresses, and viewing habits private, a goal that's undermined by the viewing of remote images.
Like Mozilla Thunderbird, Microsoft Outlook, and many other e-mail clients, Mail allows users to block remote images for precisely this reason. But even when remote image viewing is disabled in Yosemite-based Mail app settings, the images will be opened by Spotlight, according to two recent media reports. The feature is used to search a Mac for files or e-mail containing a specified search term. When spotlight returns a preview of e-mails containing the term, it loads the images, overriding the option. Images are loaded even when the previewed message has landed in a users' junk mail folder.
by Sean Gallagher
It’s been over a year since the first wave of cryptographic extortion malware hit computers. Since then, an untold number of individuals, small businesses and even local governments have been hit by various versions of malware that holds victims’ files hostage with encryption, demanding payment by Bitcoin or other e-currency in exchange for a key to reverse the damage. And while the early leader, CryptoLocker, was taken down (along with the “Gameover ZeuS” botnet) last June, other improved “ransomware” packages have sprung up to fill its niche—including the sound-alike CryptoWall.
Ransomware is a strange hybrid of digital mugging and commercial-grade coding and “customer service”—in order to continue to be able to generate cash from their malware, the criminal organizations behind them need to be able to process payments and provide victims with a way to get their files back, lest people refuse to pay because of bad word-of-mouth. And to grow their potential market, the extortionists need to find ways to make their “product” work on a wide range of potential target systems. The apex of this combination of crime and commerce is (at least so far) the latest version of CryptoWall—CryptoWall 2.0.
In a blog post this week, researchers Andrea Allievi and Earl Carter of Cisco‘s Talos Group presented a full code dissection of CryptoWall 2.0 and found a few surprises, aside from using a number of different, sophisticated features to attack systems and evade detection before it can strike. And while the malware is 32-bit Windows code to ensure the widest reach possible, it can detect when a 64-bit Windows environment is available and switch some of its functionality to run in full 64-bit native mode—ensuring it can do maximum damage on the most recent Windows client and server platforms.
How Laws Are Determining the Ethics of Code
Perhaps the most contentious ethics debate in the infosec community took place in the late 1990s and early 2000s and occurred beyond, and sometimes in spite of, any relevant law. That debate was prompted by the antisecurity movement and concerned the ...
Zero Day Weekly: Super cookies, Gogo Inflight fake certs, Microsoft security ...
Media unaccustomed to writing about infosec still struggled to understand even the very words they used, or, in some cases, came across as hacker groupies. Some came out with articles which did little to advance the conversation -- pitting the opinions ...
#Anonymous wishes Jeremy Hammond Happy Birthday with Children's Book ...
Some supporters gathered outside Stratfor's corporate offices for a Hammond Birthday Party, to remind the company of the most embarrassingly public opsec fail in corporate infosec history. Hammond's mother Rose Collins is headed to Kentucky to ...
Posted by InfoSec News on Jan 09http://arstechnica.com/tech-policy/2015/01/snowden-us-has-put-too-much-emphasis-on-cyber-offense-needs-defense/
Posted by InfoSec News on Jan 09http://www.defenseone.com/technology/2015/01/pentagon-moves-tie-loose-ends-its-network-security/102471/
Posted by InfoSec News on Jan 09http://www.bloomberg.com/news/2015-01-09/power-grid-under-cyber-attack-every-minute-sees-u-k-up-defenses.html
Posted by InfoSec News on Jan 09http://www.wired.com/2015/01/german-steel-mill-hack-destruction/
Posted by InfoSec News on Jan 09http://usa.chinadaily.com.cn/china/2015-01/09/content_19279010.htm
Posted by InfoSec News on Jan 09Fowarded from: cfp2015 (at) recon.cx
Quite a few of you have written in to let us know that Microsoft is changing the way in which they provide information (thanks to you all). ">You can read the full blog here --">/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx
In a nutshell if you want to be advised in advance younow need to register, select the products used and you will then be provided with information relating to the patches that will be released. If you are a premier customer your technical contact can provide information.">The main point for">">Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page
Now a lot of us do look at that information to plan their next patching cycle. So you will need to look at that process and see what needs changing. Youll have to rely on the information in your patching solution, or register.
You can register here: http://mybulletins.technet.microsoft.com/
The dashboard that is created in the end looks nice, but for me to early to tell how useful it is at this stage, although it was slightly painful to review each bulletin.It will take a few patch cycles to sort it all out Id say. " />
So going forward you will need to adjust how you identify the patches to be applied within your environment. If you do not want to register you can just visit the main bulletins page here --https://technet.microsoft.com/en-us/library/security/dn631937.aspx
This page has a list of all release bulletins.
Mark H(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.