Information Security News
Chris Mohan --- Internet Storm Center Handler on Duty(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
New Service Turns Facebook Photos Into Products Without Your Friend's Consent
Want to turn your friend's Facebook photograph into a mug to sip your morning coffee from? A new service called Photos At My Door can help you do that. It's an app that can access any of your Facebook friends' public photographs and turn them into ...
by Sean Gallagher
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.
Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.
The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.
Why Crowdstrike's focus on attackers and active defense polarizes infosec pros
I've been writing this story forever it seems, trying to arrive at a reasonable version of the truth. I've been sworn to secrecy, and have had so many off-the-record conversations I'm tempted to just leave part of this page blank as a symbolic ...
Without Def Con, the Feds Have a Hacker Recruitment Problem
... this year's conference, a move that will effectively deprive federal law enforcement and intelligence agencies of prime recruiting opportunities among the conference's 15,000+ talent pool of hackers, cyber security researchers, and corporate ...
by Sean Gallagher
If you’re using Google’s “back up my data” feature for Android, the passwords to the Wi-Fi networks you access from your smartphone or tablet are available in plaintext to anyone with access to the data. And as a bug report submitted by an employee of the Electronic Frontier Foundation (EFF) on July 12 suggests, that leaves them wide open to harvesting by agencies like the NSA or the FBI.
“The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.”
The Backup Manager app stores Android device settings in Google’s cloud, associated with the user account paired with the device; the Backup Manager interface is part of the core Android application API as well, so it can be used by other Android apps. Backup is turned on by default for Nexus devices and can push data such as MMS and SMS messages, browser bookmarks, call logs, and system settings—including Wi-Fi passwords—to Google’s cloud for retrieval in the event that a device is broken, lost, or stolen.
Network Solutions appears to be experiencing an extended outage. Based on a note posted to Facebook, the note indicates that the outage may be related to a larger compromisse of customer sites.
"Network Solutions is experiencing a Distributed Denial of Service (DDOS) attack that is impacting our customers as well as the Network Solutions site. Our technology team is working to mitigate the situation. Please check back for updates."
The referenced blog website is currently responding slowly as well (it redirects to a networksolutions.com site, which may be affected by the overall outage of "networksolutions.com" ). After a couple minutes, the blog post loaded for me, and it is more or less a copy of the Facebook post above:
"On July 15, some Network Solutions customer sites were compromised. We are investigating the cause of this situation, but our immediate priority is restoring the sites as quickly as possible. If your site has been impacted and you have questions, please call us at 1-866-391-4357."
Various web sites hosting DNS with Network Solutions appear to be down as well as a result. The outage appears to be diminishing over the last 15-30 min or so (4pm GMT) with some affected sites returning back to normal.
This outage comes about 3-4 weeks after the bad DDoS mitigation incident that redirected a large number of Network Solution Hosted sites to an IP in Korea. (see http://blogs.cisco.com/security/hijacking-of-dns-records-from-network-solutions/ )
Network Solution's Facebook page: https://www.facebook.com/networksolutions
Posted by InfoSec News on Jul 17https://www.computerworld.com/s/article/9240843/Oracle_39_s_July_patch_release_includes_27_fixes_for_remote_exploits
Posted by InfoSec News on Jul 17http://www.seattlepi.com/technology/businessinsider/article/Cyber-Expert-We-ve-Remotely-Spied-Through-The-4668683.php
Posted by InfoSec News on Jul 17http://news.techworld.com/security/3457878/ddos-attacks-hit-one-in-five-uk-businesses-in-2012/