Exploit Targeting Windows Zero-Day Vulnerability Spotted

November 28, 2013 – 2:21 PM

Trend Micro came across samples of an exploit targeting the recently announced zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow a threat actor to gain certain privileges that enable him to do varied activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges.

This exploit was recently used in a targeted attack. In the incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346), referenced in this Adobe Security Bulletin. This vulnerability is used in tandem with the Windows zero-day vulnerability  (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.

This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Thus, those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.

Source:
http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-targeting-windows-zero-day-vulnerability-spotted/

Posted in Internet, Security, Windows | No Comments

Linux Worm Targeting Hidden Devices

November 27, 2013 – 5:16 PM

Symantec has discovered a new Linux worm that appears to be engineered to target the “Internet of things”. The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. Variants exist for chip architectures usually found in devices such as home routers, set-top boxes and security cameras. Although no attacks against these devices have been found in the wild, many users may not realize they are at risk, since they are unaware they own devices that run Linux.

The worm, Linux.Darlloz, exploits a PHP vulnerability to propagate itself in the wild. The worm utilizes the PHP ‘php-cgi’ Information Disclosure Vulnerability (CVE-2012-1823), which is an old vulnerability that was patched in May 2012. The attacker recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013.

Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.

Linux is the best known open source operating system and has been ported to various architectures. Linux not only runs on Intel-based computers, but also on small devices with different CPUs, such as home routers, set-top boxes, security cameras, and even industrial control systems. Some of these devices provide a Web-based user interface for settings or monitoring, such as Apache Web servers and PHP servers.

Source:
http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices

Posted in Internet, Linux, Security | No Comments

The internet mystery that has the world baffled

November 26, 2013 – 5:30 AM

One evening in January last year, Joel Eriksson, a 34-year-old computer analyst from Uppsala in Sweden, was trawling the web, looking for distraction, when he came across a message on an internet forum. The message was in stark white type, against a black background.

“Hello,” it said. “We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck.”

The message was signed: “3301”.

A self-confessed IT security “freak” and a skilled cryptographer, Eriksson’s interest was immediately piqued. This was – he knew – an example of digital steganography: the concealment of secret information within a digital file. Most often seen in conjunction with image files, a recipient who can work out the code – for example, to alter the colour of every 100th pixel – can retrieve an entirely different image from the randomised background “noise”.

It’s a technique more commonly associated with nefarious ends, such as concealing child pornography. In 2002 it was suggested that al-Qaeda operatives had planned the September 11 attacks via the auction site eBay, by encrypting messages inside digital photographs.

Sleepily – it was late, and he had work in the morning – Eriksson thought he’d try his luck decoding the message from “3301”. After only a few minutes work he’d got somewhere: a reference to “Tiberius Claudius Caesar” and a line of meaningless letters. Joel deduced it might be an embedded “Caesar cipher” – an encryption technique named after Julius Caesar, who used it in private correspondence. It replaces characters by a letter a certain number of positions down the alphabet. As Claudius was the fourth emperor, it suggested “four” might be important – and lo, within minutes, Eriksson found another web address buried in the image’s code.

Source:
http://www.telegraph.co.uk/technology/internet/10468112/The-internet-mystery-that-has-the-world-baffled.html

Posted in Internet, Privacy, Security | No Comments

Twitter tightens security against NSA snooping

November 23, 2013 – 7:40 AM

Twitter has implemented new security measures that should make it much more difficult for anyone to eavesdrop on communications between its servers and users, and is calling on other Internet companies to follow its lead.

The company has implemented “perfect forward secrecy” on its Web and mobile platforms, it said Friday. The technology should make it impossible for an organization to eavesdrop on encrypted traffic today and decrypt it at some point in the future.

At present, the encryption between a user and the server is based around a secret key held on the server. The data exchange cannot be read but it can be recorded in its encrypted form. Because of the way the encryption works, it’s possible to decrypt the data at some point in the future should the server’s secret key ever be obtained.

With perfect forward secrecy, the data encryption is based on two short-lived keys that cannot be later recovered even with the knowledge of the server key, so the data remains secure.

It’s an important principle, because while encryption traffic is difficult to break with current computer technology, innovations in computing hardware and systems might make it easier to break in the future. Perfect forward secrecy should ensure data remains secure no matter the advances in computer technology.

Source:
http://news.techworld.com/security/3490737/twitter-tightens-security-against-nsa-snooping/?olo=rss

Posted in Internet, Privacy, Security | No Comments

Encrypt the Web Report: Who’s Doing What

November 20, 2013 – 5:14 AM

We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress. See the infographic.

By adopting these practices, described below, these service providers have taken a critical step towards protecting their users from warrantless seizure of their information off of fiber-optic cables. By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process. While Lavabit’s travailshave shown how difficult that can be for service providers, at least there was the opportunity to fight back in court.

While not every company in our survey has implemented every recommendation, each step taken helps, and we appreciate those who have worked to strengthen their security. We hope that every online service provider adopts these best practices and continues to work to protect their networks and their users.

Source:
https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what

Posted in Internet, Privacy, Security | No Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap