Information Security News
A UK man accused of breaking into computer systems operated by the US government has been rearrested on a recently filed extradition request, it has been widely reported.
Lauri Love, now 30, was arrested in October 2013 on charges he and associates hacked into networks operated by the US Army, the US Missile Defense Agency, NASA, the Environmental Protection Agency, and other US government agencies. The objective behind the hacking spree, US prosecutors said at the time, was to disrupt the operations and infrastructure of the US government by stealing large amounts of military data and personally identifying information of government employees and military personnel. "You have no idea how much we can fuck with the US government if we wanted to," Love allegedly told a hacking colleague at one point.
Following the 2013 arrest, Love was released on bail. Earlier this week, he was rearrested on an extradition warrant on behalf of the US, The Guardian and other news organizations reported. Love's attorney told reporters her client planned to fight the proceedings.
A string of weaponized attacks targeting Adobe's Flash media player—including three in the past 10 days—has kept software engineers scrambling to fix the underlying vulnerabilities that make the exploits so dangerous. Fortunately, they have also been busy making structural changes to the way the program interacts with computer operating systems to significantly reduce the damage that can result not only from those specific attacks but entire classes of similar ones.
At the moment, the defenses are fully implemented only in the Flash version included in Google Chrome, having made their debut earlier this week. One of the two mitigations is available in other versions of Flash, and the remaining one is expected to be added to other browsers in August. Had they been widely available earlier, they likely would have blunted the effects of at least some of the three most recent zero-day vulnerabilities, which were leaked following the thorough hack of Hacking Team, the malware-as-a-service provider that catered to governments around the world. To block entire classes of new exploits, Adobe engineers, with the help of their counterparts at Google's Project Zero team, have made two key changes, which were documented in a blog post published Thursday.
The first, which is currently available only in Chrome, is a new partition added to the heap, which is a large pool of computer memory. The partition isolates different types of memory contents, typically known as objects, from each other so one can't be used to hijack or otherwise tamper with another. Heap partitioning has long been a mainstay in Chrome and other browsers. Now it's a key defense in Flash.
Newly released e-mails from Hacking Team, the now-embattled Italian spyware firm that sold what it claims is lawful intercept software to companies and governments, definitively show that it sold its Remote Control System surveillance software to the Federal Security Service of the Russian Federation (FSB), the successor agency to the KGB.
Officially, Hacking Team sold its wares to a company called "Advanced Monitoring," whose corporate parent has a license to work with the FSB, as recently as August 28, 2014. That would put the Italian firm in violation of the July 31, 2014 European Union regulation that forbids selling such technology, whether directly or indirectly, to the Russian military.
It also seems odd that Hacking Team would sell on one side of the Atlantic to Western agencies like the US Army while also selling to the FSB. In its most recent human rights report, the United States Department of State refers to Russia as a "highly centralized, increasingly authoritarian political system."
About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.
Did you know you can have all EXEs of running processes scanned with VirusTotal?
In Process Explorer, add column VirusTotal:
Enable VirusTotal checks:
And accept the VirusTotal terms:
(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file).
And now you can see the VirusTotal scores:
Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. Ill showcase more tools in upcoming diary entries.