Information Security News
Facebook is unveiling a new service that remedies one of the biggest headaches facing online users today—the forgotten password.
Starting Tuesday, Facebook will offer a service that allows users who lose their GitHub login credentials to securely regain access to their accounts. The process takes only seconds and uses a handful of clicks over encrypted HTTPS Web links. To set it up, Facebook users create a GitHub recovery token in advance and save it with their Facebook account. In the event they lose their GitHub login credentials, they can reauthenticate to Facebook and request the token be sent to GitHub with a time-stamped signature. The token is encrypted so Facebook can't read any of the personal information it stores. After the request is sent, the GitHub account is restored. With the exception of Facebook's assertion that the person recovering the GitHub account is the same person who saved the token, Facebook and GitHub don't share any personal information about the user.
The service is designed to eliminate the hassle and significant insecurity found in most account recovery systems that exist now. One common recovery method involves answering security questions. Many of the questions—for instance, "What is your favorite sport?" and "What is your favorite pizza topping?" asked by United Airlines—are easily guessed. That leaves people susceptible to account takeovers. Other methods, such as delivering security tokens by e-mail or SMS text message, lack the kind of end-to-end encryption that's increasingly expected for secure communications.
Networked digital video recorders have been harnessed for all sorts of ill intent over the past few months, including use in a botnet that disrupted large swaths of the Internet. But a different sort of malware hit the DVRs used by the District of Columbia’s closed-circuit television (CCTV) surveillance system just one week before Inauguration Day. The Washington Post reports that 70 percent of the DVR systems used by the surveillance network were infected with ransomware, rendering them inoperable for four days and crippling the city’s ability to monitor public spaces.
The CCTV system, operated by the District’s Metropolitan Police Department and supported by the DC Office of the Technology Officer (OCTO), began to be affected on January 12. Police noticed they could not access video from four DVRs. Washington DC Chief Technology Officer Archana Vemulapalli told the Post that two forms of malware were found on the four systems, and a system-wide sweep discovered additional DVR clusters that were infected.
The infections were limited to the local networks that the DVRs ran on, and this ransomware did not extend to the District’s internal networks. While the investigation is ongoing, the malware likely was able to take over the systems because each site was connected to the public Internet for remote access. Vemulapalli told the paper no ransom was paid and the system was restored to full functionality before Inauguration Day.
In Diary entry py2exe Decompiling - Part 1 we took a quick look at py2exe files.
How can we identify an .exe file generated by py2exe? A quick test is to check if the PE file has a resource PYTHONSCRIPT. I developed a YARA rule for this.
Of course, this YARA rule just detects if a PE file was created with py2exe. It doesnt identify the sample as malware, there are legitimate py2exe applications too.
As mentioned in part 1, unpy2exe supports Python 2, not Python 3.
For Python 3, you can use program decompile-py2exe.
Please post a comment mentioning the py2exe analysis tools you like to use.