Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware

November 21, 2014 – 5:30 AM

Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world.

This free-of-charge anti-surveillance tool, called Detekt, is an open source software app released in partnership with Human rights charity Amnesty International, Germany’s Digitale Gesellschaft, the Electronic Frontier Foundation (EFF) and Privacy International, in order to combat government surveillance.

Source:
http://thehackernews.com/2014/11/detekt-free-anti-malware-tool-to-detect_20.html

Let’s Encrypt: Delivering SSL/TLS Everywhere

November 18, 2014 – 4:44 PM

Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?

The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.

Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process.

Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security.

Source:
https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html

ISPs Stripping Encryption from Personal Mails

November 14, 2014 – 5:26 AM

The Electronic Frontier Foundation (EFF), an internet freedom watchdog group, is reporting that for the past few months, some ISPs in the US and Thailand have been caught removing encryption from customers’ emails, by stripping a security flag called STARTTLS from the messages.

The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client. By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the sending server will proceed to transmit plaintext email over the public Internet, where it is easily subject to eavesdropping and interception.

One example, according to Golden Frog, is Cricket Wireless. The personal VPN service provider noted in filings with the FCC that its analysis showed that Cricket was interfering with its users’ ability to encrypt their SMTP email traffic by “overwriting the content of users’ communications and actively blocking STARTTLS encryption. This is a man-in-the-middle attack that prevents customers from using the applications of their choosing and directly prevents users from protecting their privacy.”

Cricket has since stopped doing this, the firm said. For its part, Cricket has not issued a public statement on the accusation.

But the move to block encryption, if proven true, clearly belies the basic principles of a free, open and unencumbered internet—and the privacy implications are, of course, myriad.

Source:
http://www.infosecurity-magazine.com/news/eff-isps-stripping-encryption-from/

Microsoft posts critical patch for huge Windows vulnerability that affects all modern machines

November 11, 2014 – 4:14 PM

Remember Heartbleed? You know, the exploit in SSL that was so bad it got its own brand? Microsoft may have an issue of similar scale on its hands with a critical patch issued via Windows Update today.

The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel Could Allow Remote Code Execution,” which affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

Microsoft gives few details about the exploit, other than saying that the bug would “allow remote code execution if an attacker sends specially crafted packets to a Windows server.”

In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account. The attack appears to only affect those running a server on affected platforms.

This is particularly bad as the hole itself is in the Schannel library, which is the layer that handles encryption and authentication in Windows, particularly for HTTP applications.

The bad news? It affects everything running a modern version of Windows, meaning businesses will need to patch a lot of machines as soon as possible. Microsoft also says that there is no workaround or ways to mitigate the attack, other than via a patch.

Source:
http://thenextweb.com/microsoft/2014/11/11/microsoft-posts-critical-patch-huge-server-vulnerability/

Darkhotel APT Malware Targets Global CEOs Using Hotel Internet

November 11, 2014 – 7:34 AM

A seven-year-old cyber espionage campaign has targeted senior level executives from large global companies by using a specialized Advanced Persistent Threat (APT), zero-day exploits, and well-developed keyloggers to extract information from them when they stay in luxury hotels during their business trips.

The researchers at Moscow-based security firm Kaspersky Lab dubbed the threat as “DarkHotel APT,” appear to have the ability to know in advance when a targeted executive checks in and checks out of a hotel.

The group has been operating in Asia since from 2009 but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others, as well. It uses hotel Wi-Fi networks to target elite executives at organisations in manufacturing, defense, investment capital, private equity, automotive and other industries.

The group has access to zero day vulnerabilities and exploits, and it used them to infect victims. Threat actors use three different malware distribution methods including malicious Wi-Fi networks, booby-trapped P2P torrents, and highly customized spear phishing, Kaspersky Lab reported in research paper.

When the target executives connect their devices to the hotel’s Wi-Fi or wired Internet access, they are shown bogus software updates, typically something that looks legitimate, for Adobe Flash, Google Toolbar, or Windows Messenger. But these updates also contain a type of malware called a Trojan dropper bundled with more malware.

Source:
http://thehackernews.com/2014/11/darkhotel-apt-malware-targets-global.html