Skype with care – Microsoft is reading everything you write

Anyone who uses Skype has consented to the company reading everything they write. The H‘s associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:

65.52.100.214 – – [30/Apr/2013:19:28:32 +0200]
“HEAD /…/login.html?user=tbtest&password=geheim HTTP/1.1”

They too had received visits to each of the HTTPS URLs transmitted over Skype from an IP address registered to Microsoft in Redmond. URLs pointing to encrypted web pages frequently contain unique session data or other confidential information. HTTP URLs, by contrast, were not accessed. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.

Source:
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

Posted in Internet, Privacy, Software | No Comments

Internet Explorer 10 blocks more malware than Chrome or Firefox, test finds

Microsoft’s Internet Explorer 10 is better at blocking malware downloads than rivals Chrome, Firefox, Safari and Opera thanks to superior URL and application reputation technology, a new test by NSS Labs has found.

Browser security has been getting more and more layered and complex.  How it works and whether it works is probably a complete mystery to even the most attentive browser users but the NSS Labs study found marked and surprising differences between the most popular browsers.

After testing the latest version of each of the five browsers against 754 malware-infected URLs over 28 days, IE10 (running on Windows 8) achieved a raw block rate of 99.9 percent, ahead of Chrome’s 83.1 percent, Firefox’s 10 percent, Safari’s 9.9 percent and Opera’s 1.8 percent.

Source:
http://news.techworld.com/security/3447306/internet-explorer-10-blocks-more-malware-than-chrome-or-firefox-test-finds/?olo=rss

Posted in Internet, Privacy, Security, Windows | No Comments

Microsoft rushes Explorer 8 patch release

Just 11 days after issuing an advisory, Microsoft has released a patch for a bug in Internet Explorer 8 that bedeviled the U.S. Department of Labor earlier this month.

Microsoft’s speedy release of this patch “is an outstanding example of Microsoft’s responsiveness to the security community and their users,” wrote Andrew Storms, director of security of operations for security software provider Tripwire, in an email statement.

This IE8 security bulletin (MS13-038) is one of 10 that Microsoft released Tuesday as part of its “Patch Tuesday” release of bug fixes and security bulletins that the company routinely issues on the second Tuesday of each month.

Microsoft marked MS13-038 as critical and the company, along with other security firms, are advising those still running IE8 to apply the fix immediately. Using an altered Labor Department Web page, attackers used this vulnerability in an attempt to install malicious code on any visitor’s machine running IE8. Microsoft issued a temporary fix for this vulnerability last week.

Source:
http://www.pcadvisor.co.uk/news/security/3447205/microsoft-rushes-explorer-8-patch-release/?olo=rss

Posted in Internet, Security, Windows | No Comments

Nordstrom tracking customer movement via smartphones’ WiFi sniffing

“You’ve spent quite some time in the lingerie department, but you haven’t even peeked at our display of Bose® ‘OE2′ Audio Headphones, which were $149.95 but are now ONLY $134.96! Can we talk?”

OK, so that’s not exactly what Nordstrom says it’s planning to do with the information it gleans from tracking customers’ movements throughout their stores.

But it certainly could market that aggressively, now that the department store – purveyor of apparel, shoes, jewelry, and the like – has implemented technology to track how much time you spend in specific departments within 17 stores in the US.

Tara Darrow, a company spokeswoman, told CBS DFW that sensors in the stores are collecting information from customers’ smartphones as those phones automatically scan for WiFi service.

Darrow said that the sensors monitor which departments you visit and for how long, but the sensors don’t actually follow your phone from department to department, and they don’t identify personal information tied to a phone’s owner.

Source:
http://nakedsecurity.sophos.com/2013/05/09/nordstrom-tracking-customer-smartphones-wifi-sniffing/

Posted in Internet, Privacy | No Comments

AutoIT makes malware “outrageously easy”

Security firm Trend Micro has seen an uptick in AutoIT-based malware thanks to the fact that it’s an easy-to-learn language that allows for quick development. It enables everything from simple scripts that change text files to scripts that perform mass downloads with complex GUIs. One commonly seen nefarious AutoIT tool code being uploaded to Pastebin is a keylogger.

“Grabbing this code, anyone with bad intentions can quickly compile and run it in a matter of seconds,” said threat researcher Kyle Wilhoit. “Upon compiling and executing the script, it creates two files – one that displays the correlated keystrokes in a local HTML page, and a second file that is a zip file of the first file – likely for exfiltration.”

In addition to keyloggers, Remote Access Trojan (RAT)-builders and server administrators based on AutoIT are becoming more prevalent.

“One RAT-builder identified was particularly interesting, as it showed a relatively professional level of development,” Wilhoit said. “Upon connecting to this RAT builder/administrator, the nefarious actor can get a remote shell and perform a litany of other system tasks on the victim. Further analysis of this RAT builder traces the developer back to several underground forums.”

Trend Micro also found a tremendous increase recently in the amount of malware utilizing AutoIT as a scripting language. One piece of malware that was found in the wild is a variant of the popular DarkComet RAT, using AutoIT. This variant runs a backdoor on the victim machine and communicates outbound to a malicious host. It also modifies the local software firewall policies to disable them, in addition to installing itself at startup for persistency.

Source:
http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/

Posted in Coding, Internet, Security, Software, Windows | No Comments