Tag: forensics

Two Million Passwords Stolen From Facebook, Twitter, ADP

The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]

APT or fANTasy: The Strange Story of BadBIOS

Yesterday over on Veracode’s blog I wrote about the ongoing saga of “BadBIOS” – a piece of malicious software that might be the most sophisticated virus ever written, or a figment of the imagination of Dragos Ruiu, the esteemed security researcher who says he discovered it on systems he owned. The story of BadBIOS reads like something out of science fiction. Ruiu has described it in interviews and blog posts as BIOS-based malware that can back door systems running a variety of operating systems – OS X, Windows and even OpenBSD. But it’s also described as an ephemeral kind of ‘we-don’t-know-what,’ that can’t be isolated or analyzed. One Twitter follower of Ruiu’s suggested designating it a “heisenbug” which he defined as “a software bug that seems to disappear or alter its behavior when one attempts to study it.” That would be funny if this weren’t deadly serious. For, really, one […]

Malware Supply Chain Links Eleven Attacks

Fresh off their discovery of a previously unknown (‘zero day’) security hole in Microsoft’s Internet Explorer web browser, researchers at the security firm Fireeye say that they have evidence that a string of sophisticated attacks have a common origin. In a report released on Monday (PDF), the firm said that many seemingly unrelated cyber attacks identified in the last year appear to be part of a “broader offensive fueled by a shared development and logistics infrastructure” — what Fireeye terms a ‘supply chain’ for advanced persistent threat (APT) attacks. At least 11 APT campaigns targeting “a wide swath of industries” in recent months were found to be built on a the same infrastructure of malicious applications and services, including shared malware tools and malicious binaries with the same timestamps and digital certificates. “Taken together, these commonalities point to centralized APT planning and development,” Fireeye wrote. The attacks link at least 11 separate […]

Belkin WeMo

Video: Weaponizing Your Coffee Pot

The third annual DerbyCon wrapped up last week. Alas, I wasn’t able to make it down to Louisville, Kentucky and don a pork-pie hat with the smart people there. Still, there were some great presentations, and most of them are available online. One worth checking out if you’re into the Internet of Things hacking -thing is Daniel Buentello’s (@danielbuentell0) presentation of “Weaponizing Your Coffee Pot.” This is a repeat performance for Daniel, who also presented it at the ToorCon Conference in Seattle back in July. The first half of this talk is a high level overview of IoT and the security implications thereof. Mostly this is stuff you’ve read on this blog before. In the second half, Daniel goes down into the weeds on hacking a couple of classic IoT devices: Belkin’s WeMo IP enabled power outlet and Nest’s iconic thermostat. Without getting into all the details (its worth watching […]

Veracode Talking Code

Protecting Smart Cars And The Supply Chain From Hackers

One theme that frequently comes up in my conversations with experienced security veterans when we talk about security and “the Internet of Things” is the absence of what might be termed a “security culture.” That’s a hard term to define, but it basically describes a kind of organizational culture that anticipates and guards against online attacks. Certainly companies that have been selling software in any great number for any amount of time have had to develop their own security cultures – think about Microsoft’s transformation following Bill Gates Trustworthy Computing memo, or Adobe’s more recent about-face on product and software security. But that culture is lacking at many of the companies that have traditionally thought of themselves as ‘manufacturers’ – makers of “stuff,” but which now find themselves in the software business. Think General Electric (GE) or – even better – auto makers. A couple of months back, I had […]