Archive for September, 2012

Questions Loom On Extent Of Adobe APT Hack

September 29, 2012 11:50Comments Off
Questions Loom On Extent Of Adobe APT Hack

In the wake of Adobe’s warning, Thursday, about a high profile compromise on its network, security experts say the incident raises troubling questions about the extent of the breach at a company that makes software running on hundreds of millions of computers. Adobe said, in an official statement, that the breach was limited to a single build server and that the attackers did not have access to any of the company’s source code repositories. Writing on Thursday, Brad Arkin, Adobe’s Senior Director of Product Security And Privacy, reassured customers that the company’s source code wasn’t stolen, nor did the hackers have access to code for any of Adobe’s core products like Adobe Reader or Flash. However, security experts said the nature of the attack – which Adobe has described as having the characteristics of an “APT” – or advanced persistent threat – make it difficult to know what attackers did […]

Read more ›

Adobe Certificate Stolen, Used To Sign Malware

September 28, 2012 04:11Comments Off
Adobe Certificate Stolen, Used To Sign Malware

Adobe said on Thursday that it will revoke a code signing certificate that has been misused to sign malicious applications. Adobe said in a published security advisory that it plans to revoke the certificate on October 4. The revocation will affect software signed with the certificate after July 10, 2012. The company will issue updataes affected products using a new digital certificate, the company said in a statement. Adobe said it is investigating the misuse of the certificate to sign two malicious programs, identified as pwdump7 v7.1, a utility that extracts password hashes from the Windows operating system. The second file,  myGeeksmail.dll, is a malicious ISAPI filter, though Adobe said it does not know of any signed versions of that file in the wild. Adobe identified the stolen certificate as a sha1RSA certificate issued to Adobe Systems by VeriSign with the Serial Number: 15 e5 ac 0a 48 70 63 71 8e 39 […]

Read more ›

Mayor Of Pwnville: Researchers Say Foursquare Behavior Reveals Where You Live

September 26, 2012 19:57Comments Off
Mayor Of Pwnville: Researchers Say Foursquare Behavior Reveals Where You Live

Everybody knows that geo-location services like FourSquare let everyone know where your favorite Starbucks or restaurant is located – that’s the point. But how about where you live? Researchers from universities in Brazil and India analyzed data from 13.6 million Foursquare accounts and found that the user’s home town (or city) can be reliably determined from their activity on the location sharing network, including “check-ins,” “mayorships” and  “tips.” Foursquare, a location-based social network, allows mobile phone users to post their location and add reviews, tips and other content about places they visit. Frequent visitors are designated as “mayors” of a particular location and can be entitled to particular promotions. The site has been the subject of hand-wringing over the privacy implications of sharing GPS location data. It has also been the subject of assorted hacks – notably: celebrity Ashton Kutcher’s Foursquare account was compromised by a hacker in January of […]

Read more ›

Urgent: Express Delivery Notifications Contain Malware!

September 25, 2012 20:06Comments Off
Urgent: Express Delivery Notifications Contain Malware!

The security firm FireEye put together an interesting report that looked at trends in the naming of  malicious attachments. You might think that what you call a malicious file doesn’t matter, so long as the ruse that surrounds it is convincing. But, of course, the malicious attachment is a vital piece – if not the most vital piece – of the whole social engineering attack. Recall that the now famous hack at the security firm RSAturned on an Excel spreadsheet, ’2011 Recruitment plan.xls’ that purportedly came from a corporate recruitment agency. The name of the file was irrelevant to its working – but critical in getting the targets to open it. FireEye’s analysis found notable changes in the words used to name malicious e-mail attachments between the second half of 2011 and the first half of 2012. Among other things: overt references to shipping companies like UPS and DHL replaced […]

Read more ›

Report: Iran Going All-Out To Boost Cyber Capabilities

September 24, 2012 14:11Comments Off
Report: Iran Going All-Out To Boost Cyber Capabilities

A report from the University of Toronto’s Munk School of Global Affairs suggests that the Iranian government is pursuing an aggressive program to boost its cyber warfare capabilities and tap the talents of its citizenry to hunt for vulnerabilities in software. The latestl bi-weekly trend report covering the Middle East and North Africa notes a number of clues, most gleaned from public sources, that the Iranian regime is putting cyber defense and offense on the front burner, more than two years after the Stuxnet worm was discovered infecting systems in the country’s Natanz uranium enrichment facility. The report from the Munk School’s Citizen Lab notes the Iranian government’s technical cooperation partnership with North Korea to fight against malware such as Duqu, Flame and Stuxnet. It also notes recent calls from Iran’s Minister of Information to have governmental agencies create “cyber rescue teams” and make plans to defend against potential cyber […]

Read more ›

Watchdog: Uncle Sam Should Do More To Secure Mobile Devices

September 21, 2012 21:10Comments Off
Watchdog: Uncle Sam Should Do More To Secure Mobile Devices

The U.S. Federal Communications Commission (FCC) and other government agencies should be doing much more to guarantee U.S. consumers that their mobile devices are safe from attack and malicious software, according to a report from The Government Accountability Office (GAO). The GAO, which is the U.S. Government’s watchdog agency, found that mobile devices in its report that consumer mobile devices face an “array of threats” that take advantage of vulnerabilities that are common in mobile devices. Some private sector firms and government agencies have taken steps to address threats from mobile devices, but most consumers remain uninformed about the threats or proper mobile security hygiene, GAO said. It called on the FCC to “encourage” wireless carriers and handset makers to “implement a baseline of mobile security safeguards.” The report, GAO-12-757 (PDF), called for the FCC to take a more active role in its relationship with mobile carriers in their efforts […]

Read more ›

Oracle Databases Vulnerable To Remote Password Cracking

September 20, 2012 14:48Comments Off
Oracle Databases Vulnerable To Remote Password Cracking

A presentation at the Ekoparty Conference in Argentina will detail a critical hole in some versions of Oracle’s Database Server that could allow remote attackers to crack user and administrator passwords. The presentation, by researcher Esteban Fayó of Application Security Inc., describes a vulnerability in versions 11.1 and 11.2 of Oracle’s native authentication protocol, which is used by Oracle 11g Database Servers. The flaw allows any user with knowledge of a valid Oracle Database login to determine if a given password corresponds to that user account. Oracle has fixed the flaw in a Database Server update,replacing the flawed protocol with a newer version, Version 12. However, Fayó said that the company has done a poor job of informing its customers of the serious security flaw in the 11.1 and 11.2 protocols and, in fact, still allows those to be used by default. In an interview with Security Ledger, Fayó said that he discovered […]

Read more ›

Microsoft Issues Fix For IE Zero Day, Promises Update For Friday

04:50Comments Off
Microsoft Issues Fix For IE Zero Day, Promises Update For Friday

After three days of hand wringing over newly discovered and remotely exploitable holes in its popular Internet Explorer (IE) web browser, Microsoft on Wednesday released a temporary fix for the problem and said it was planning a more substantive update for Friday. In a post on the company’s Security Response Center blog on Wednesday, Yunsun Wee, Microsoft’s Director of Trustworthy Computing said that the company had prepared a Fix it for the problem, described as the “Prevent Memory Corruption via ExecCommand in Internet Explorer.” Fix its are temporary workarounds that aren’t intended as permanent software updates. Microsoft has been scrambling to address the previously unknown (or “zero day”) holes in IE since Sunday, when security researcher Eric Romang of the firm ZATAZ.com spotted the vulnerability being exploited in files hosted on servers linked to an online crime syndicate and used in previous round of Java based attacks. Microsoft issued a […]

Read more ›

GoDaddy: There Was No Hack

September 11, 2012 17:32Comments Off
GoDaddy: There Was No Hack

GoDaddy issued a statement Tuesday saying that an unexpected service outage that affected the company and millions of Web sites that rely on its hosted infrastructure (including this one) was not the result of a hack, but to “a series of internal network events” that corrupted the router data tables at the domain registrar and Internet hosting firm. The statement, posted on GoDaddy’s web site and attributed to interim CEO Scott Wagner, reiterated claims that no customer data was “at risk” at any point and that none of the company’s systems were compromised. It ran contrary to suggestions that the firm was the target of a denial of service attack, and claims from a nameless, faceless Internet denizen who used the handle @AnonymousOwn3r who claimed to have taken down the company for reasons that he couldn’t name. GoDaddy’s sparse explanation of the six hour-long outage helps explain why the company’s […]

Read more ›

GoDaddy Back Online After Outage, The Search Is On For the Cause

03:43Comments Off
GoDaddy Back Online After Outage, The Search Is On For the Cause

To paraphrase financial wizard and multi-billionaire Warren Buffett: you never know who’s using GoDaddy until the tide goes out. And that’s exactly what happened today, when one of the world’s largest hosting firm, GoDaddy, was knocked offline, bringing with it millions of Web sites ranging from small, local firms to dotcom startups. Among the sites knocked offline was Securityledger.com. GoDaddy said that the company “experienced intermittent outages” starting at 10:25 AM Pacific Time. Service was mostly restored by 2:43 PM Pacific Time, according to a statement posted on Godaddy.com. The company said that no sensitive customer information was exposed in the breach, and that the company will be issuing statements in the coming days that better explain what happened. In the meantime, millions of GoDaddy customers watched helplessly as Web sites and other hosted services went dark. In an update posted on the GoDaddy Twitter account at 6:00 PM Pacific Time, the company […]

Read more ›

Security Ledger Uses: