Next-gen HTTP 2.0 protocol will require HTTPS encryption

Sending data in plain text just doesn’t cut it in an age of abundant hack attacks and mass metadata collection. Some of the biggest names on the Web–Facebook, Google, Twitter, etc.–have already embraced default encryption to safeguard your precious data, and the next-gen version of the crucial HTTP protocol will only work for URLs protected by HTTPS.

Mark Nottingham, chair of the HTTPbis working group developing the HTTP 2.0 protocol for the Internet Engineering Task Force, made the announcement early Wednesday in a Worldwide Web Consortium mailing list.

“I believe the best way that we can meet the goal of increasing use of TLS [Transport Layer Security] on the Web is to encourage its use by only using HTTP/2.0 with https:// URIs,” Nottingham wrote.

Source:
http://www.pcadvisor.co.uk/news/network-wifi/3489125/next-gen-http-20-protocol-will-require-https-encryption-most-of-the-time/?olo=rss

Posted in Internet, Privacy, Security | No Comments

Ransomware demands additional payment to delete ‘criminal records’

Back in July 2013, we had discovered a new method of spreading the infamous FBI ransomware by using JavaScript code and iframes to create an illusion that the victim’s browser was locked.

After several months, the threat is still very much alive hopping from one domain name to the next. The message is still the same and along these lines: “you have been downloading copyrighted material or pornographic images and you could go to jail… unless you pay the fine”.

But here’s a new twist being added: not only do you have to pay the first ransom to unlock your browser (USD$300) but a second screen comes up after with a processing fee (USD$ 450) to delete all criminal records.

Source:
http://blog.malwarebytes.org/news/2013/11/ransomware-demands-additional-payment-to-delete-criminal-records/

Posted in Internet, Security | No Comments

Linux Back Door Uses Covert Communication Protocol

In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords. While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out. While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.

The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid suspicious network traffic or installed files, which may have triggered a security review. Demonstrating sophistication, the attackers devised their own stealthy Linux back door to camouflage itself within the Secure Shell (SSH) and other server processes.

This back door allowed an attacker to perform the usual functionality—such as executing remote commands—however, the back door did not open a network socket or attempt to connect to a command-and-control server (C&C). Rather, the back door code was injected into the SSH process to monitor network traffic and look for the following sequence of characters: colon, exclamation mark, semi-colon, period (“:!;.”).

After seeing this pattern, the back door would parse the rest of the traffic and then extract commands which had been encrypted with Blowfish and Base64 encoded.

Source:
http://www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol

Posted in Internet, Linux, Security | No Comments

New mobile exploits demonstrated at Pwn2Own event

At information security conference PacSec 2013 in Tokyo, two teams have accepted rewards for demonstrating exploits against cell phones in the Mobile Pwn2Own 2013 contest sponsored by HP.

Japanese squad Team MBSD, of Mitsui Bussan Secure Directions, Inc., collected $40,000 for installing malware and collecting personal data on the Android-powered Samsung Galaxy S4. The group lured a user to a malicious website, gained system-level privileges and installed applications that allowed the team to gather information, including SMS messages, contacts and browsing history.

Keen Team, a Chinese squad from Keen Cloud Tech, took $27,500 for demonstrating two exploits against Safari on the iPhone 5. The group captured Facebook credentials on iOS 7.0.3 by stealing a Facebook cookie via social engineering, and also stole a photo on iOS 6.1.4.

Source:
http://www.scmagazine.com//new-mobile-exploits-demonstrated-at-pwn2own-event/article/320836/

Posted in Coding, Hardware, Internet, Mobile, Security | No Comments

Popular humor site hosted Nuclear Pack exploit kit

Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.

According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.

Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected at least through Monday, though saboteurs may have had access to the site since early last week.

Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.

“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.

Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.

Source:
http://www.scmagazine.com//popular-humor-site-hosted-nuclear-pack-exploit-kit/article/320833/

Posted in Internet, Privacy, Security | No Comments