Chinese Hackers Resume Attacks on U.S. Targets

 Internet News, Tech News  No Responses »
May 202013
 

 random-numbers

Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks  using different techniques, according to computer industry security experts and American officials.

The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s highly organized team of hackers — or at least urge them to become more subtle.

But Unit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower, is back in business, according to American officials and security companies.

MORE:   Chinese Hackers Resume Attacks on U.S. Targets – NYTimes.com.

 

 

 

Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too

 Internet News  Comments Off
May 082013
 

random-numbers

Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet’s most popular Web servers to push potent malware exploits on visitors.

Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them from the Alexa top 100,000 ranking, researchers from antivirus provider Eset said. The backdoor infects sites running the Apache, nginx, and Lighttpd Web servers and has already exposed almost 100,000 end users running Eset software to attack (the AV apps protect them from infection). Because Eset sees only a small percentage of overall Internet users, the actual number of people affected is presumed to be much higher.

“This is the first time I’ve seen an attack that will actually target different Web servers, meaning the attacker is willing to create the backdoor for Apache, Lightttp, and nginx,” Pierre-Marc Bureau, Eset’s security intelligence program manager, told Ars. “Somebody is running an operation that can victimize various Web servers and in my opinion this is the first time that has ever happened. This is a stealthy, sophisticated, and streamlined distribution mechanism for getting malware on end users computers.”

Previously, Cdorked was known to infect only sites that ran on Apache, which remains by far the Internet’s most popular Web server application.

MORE: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too | Ars Technica.

 

 

 

Google Offers Help to Webmasters Whose Sites Were Hacked

 Internet News, Tech News  Comments Off
Mar 132013
 

example-reportedattack

Google has launched a page and a set of tutorials aimed for webmasters whose site was hacked.

Specifically, Google explains webmasters how to deal with Google’s search warning that a site is dangerous, which usually appears if a hacker has infected the site with harmful code.

“Every day, cybercriminals compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner,” claims Google on the site titled “Webmasters help for hacked sites.”

via Google Offers Help to Webmasters Whose Sites Were Hacked.

 

 

Critics: Substandard crypto needlessly puts Evernote accounts at risk

 Internet News, Tech News  Comments Off
Mar 052013
 

evernote

Security experts are criticizing online note-syncing service Evernote, saying the service needlessly put sensitive user data at risk because it employed substandard cryptographic protections when storing passwords on servers and Android handsets.

The scrutiny of Evernote’s security comes two days after Evernote officials disclosed a breach that exposed names, e-mail addresses, and password data for the service’s 50 million end users. Evernote blog posts published over the past few years show that the company protects passwords and sensitive user data with encryption algorithms and schemes that contain known weaknesses. That is prompting criticism that the company’s security team isn’t doing enough to protect its customers in the event that hackers are able to successfully compromise the servers or end-user phones.

The chief complaint involves Evernote’s use of the MD5 cryptographic algorithm to convert user passwords into one-way hashes before storing them in a database. Use of MD5 to store passwords has long been frowned on by security experts because the algorithm is an extremely fast and computationally inexpensive way to convert plaintext such as “password” into a unique string of characters such as “5f4dcc3b5aa765d61d8327deb882cf99.” MD5 makes an attacker’s job of cracking the hashes much easier by allowing billions of guesses per second, even on computers of relatively modest means.

By comparison, the use of slow algorithms such as bcrypt, which Twitter uses to protect its passwords, adds considerable time and computing requirements to the task of converting the hashes into the underlying plaintext passwords. Even when hashes are generated using cryptographic salt to add randomness—as Evernote says it does—MD5 is still considered a poor choice.

READ MORE:  Critics: Substandard crypto needlessly puts Evernote accounts at risk | Ars Technica.

 

 

 

Viruses, Trojans, and worms, oh my: The basics on malware

 Internet News, Tech News  Comments Off
Mar 052013
 

random-numbers

Some say we’re living in a “post-PC” world, but malware on PCs is still a major problem for home computer users and businesses.

The examples are everywhere: In November, we reported that malware was used to steal information about one of Japan’s newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives. Malware known as “Dexter” stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time.

In this second installment in the Ars Guide to Online Security, we’ll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans.

Viruses are programs that can replicate themselves in order to spread from computer to computer, while targeting each PC by deleting data or stealing information. They can also change the computer’s behavior in some way.

“Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program,” Cisco notes. “When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.”

READ MORE:  Viruses, Trojans, and worms, oh my: The basics on malware | Ars Technica.

 

 

 

U.S. target of sustained cyber-espionage campaign

 Internet News  Comments Off
Feb 112013
 

random-numbers

The U.S. is under attack, a recently released national security document has claimed.

China is the top cyberthreat to the U.S., the National Intelligence Estimate (NIE) claims, according to the Washington Post, which obtained information related to the report from unidentified individuals. The NIE, which comes from all U.S. intelligence agencies, says that China has been intensifying attacks on U.S. businesses to identify data that will help the country gain economically, according to the Post.

Over the past five years, the Chinese have focused their efforts on businesses operating in finance, technology, and aerospace, among others, according to the Post.

MORE:  U.S. target of sustained cyber-espionage campaign | Security & Privacy – CNET News.

 

 

 

10 simple ways to secure your WordPress site

 Internet News, Tech News  Comments Off
Nov 192012
 

Some simple housekeeping can make a world of difference to the likelihood of your site getting hacked. Kim Crawley has the tricks

WordPress is the most popular content management system (CMS) on the web. Developed with PHP, and powered by mySQL databases, WordPress is used by an astonishing 8.5 per cent of all websites. Web-delivered malware and website cracking are becoming increasingly common, and with such a large percentage of web content using WordPress as a CMS, any security vulnerabilities in WordPress’ coding or framework could affect millions of websites.

This article will explain how you can best protect your WordPress site from malware and cracking, without having deep security knowledge.

via 10 simple ways to secure your WordPress site | Feature | .net magazine.

 

 

 

Yet another Java flaw allows “complete” bypass of security sandbox

 Internet News, Tech News  Comments Off
Sep 262012
 

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.

“The impact of this issue is critical—we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7,” Adam Gowdiak of Security Explorations wrote, claiming the hole puts “one billion users” at risk.

Gowdiak wrote that Security Explorations successfully pulled off the exploit on a fully patched Windows 7 32-bit computer in Firefox, Chrome, Internet Explorer, Opera, and Safari. Although testing was limited to Windows 7 32-bit, Gowdiak told Computerworld that the flaw would be exploitable on any machine with Java 5, 6, or 7 enabled (whether it’s Windows 7 64-bit, Mac OS X, Linux, or Solaris).

MOREYet another Java flaw allows “complete” bypass of security sandbox | Ars Technica.

 

Twitter users may be victims of direct message malware

 Internet News  Comments Off
Sep 252012
 

I’m not the only one to be getting these spammy direct messages on Twitter that lead to bogus Facebook links. Apparently a lot of people have been complaining of these messages, according to Sophos analyst Graham Cluley who wrote about it on the Naked Security blog.

Different variations of the direct messages include, “your in this [link] lol” and “lol ur famous now [link]” (I got this one too).

Of course, I didn’t click on the link. However, according to Cluley, those people that do click are led to a video player that says, “An update to Youtube player is needed.” Users are asked to download what is supposedly called “FlashPlayerV10.1.57.108.exe,” but Sophos antivirus products detect it as Troj/Mdrop-EML, which is a backdoor Trojan that can copy itself to accessible drives and network shares.

A Slate reporter wrote that he clicked on the bogus link and was directed to Facebook where he was told he had to log in to access an app. It’s unclear if this link also contained some sort of virus, Trojan, or malware.

MORETwitter users may be victims of direct message malware | Security & Privacy – CNET News.

 

How I cracked my neighbor’s WiFi password without breaking a sweat

 Tech News  Comments Off
Aug 292012
 

Last week’s feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.

Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they’re like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn’t encouraging.

First, the good news. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme.

What’s more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. WPA and WPA2 also use a network’s SSID as salt, ensuring that hackers can’t effectively use precomputed tables to crack the code.

That’s not to say wireless password cracks can’t be accomplished with ease, as I learned firsthand.

MORE:  How I cracked my neighbor’s WiFi password without breaking a sweat | Ars Technica.

 

 Older Entries
   Beat diabetes   Diabetes diet