It seems that the recent $81 million dollar attack against the Bangladesh Central Bank might have also been about the Seth Rogan Movie “the interview”... ok, not really, but the attack that happened at Sony in 2014 seems to have many things in common with the recent attack that resulted in the theft of $81 million. During the Sony attack the initial blame was centered on the release of the Interview, but that was never confirmed and seemed to be way off base.
Three years ago today DecryptedTech published an article calling out a software distribution company for installing Bitcoin mining software on subscribers’ systems. We highlighted the danger of the trust people put in web services by allowing agent software to run on their systems in order to use a service. Now we hear about a French company Tuto4PC that has taken this one step further and included some nasty little surprises in a utility they require for use of their free tutorial service. The discovery was made by Cisco’s Talos Security Intelligence group and, of course, is being refuted aggressively by the guys at Tuto4PC.
There is nothing like finding out that all of your protections are useless. This is almost what happened when security researchers found a massive hole in the Windows App Locker protection. Although the news that there is a flaw in any software, much less Windows will come as no surprise it is still a little odd that this one made it through QA testing. The flaw is one that very simple and has already been seen in the wild over the last couple of days. All you need to do to execute code on a system is to direct Regsvr32 to a remotely hosted file. Security researcher Casey Smith found this handy little tidbit of information and states that you do not even need to elevate privileges to get it to work.
One of the dangers of pointing anything out about the security, or lack of security, with a product or service is the chance that someone will not like what you say and come after you. This is what is happening with Chris Vickery. If you do not know who Vickery is we can give you some background. Vickery is a security researcher that has been focusing on systems and services that cater to kids and parents. He has uncovered some rather unsettling information about a number of products that leak information about kids. The revelations are very disturbing to say the least.
Last week Google announced that they will no longer be accepting ads that feature Flash. This new should really come as no surprise as Flash (and its spirit brother Java) have taken a beating on the security front for years. Abobe and Oracle have been unable to keep the bad guys from running rampant with their code. Of course the change will not take place overnight so everyone has the chance to swap out that old and insecure Flash for the new and (insecure) HTML5.
The term hack-proof is one that people have thrown around for some time. It is one of those phrases like NSA-Proof or malware proof that really do not mean what they should mean. However, it is certainly meant to mean that the technology in question is resistant to the majority of known (important word there) attacks. It is important to mention this definition as we start talking about the announcement that MIT and Texas Instruments have developed a new “hack-proof” RFID chip.
The term SLAPP is one that most people might not be aware of. To put it bluntly SLAPP (Strategic Lawsuits Against Public Participation) lawsuits are ones that attempt to censor information or public discourse on a particular topic. The most common ones are from corporate entities that are trying to stop negative information about their products or other areas from getting out. The negative information is not slanderous or libelous in nature and in most cases can be backed up with documentation. Still the corporate minds try the threat of litigation to remove the information.
Norse Corp, famous for their live attack map and Viking based parties at Black Hat, could be having some financial issues. At least that is the word from researcher Brian Krebs. Over the last couple of weeks they have laid off 30% of their staff and let their CEO go. Neither of the occurrences is good news for a company that is relatively new (Norse was founded in 2010). The basis of the business was to provide a nimble product that would allow for better threat tracking and blocking. Everything was centered on the use of live information to help prevent and mitigate attacks.
One cool thing about working in IT is that things are very predictable. You generally know how a system or application will react if you do this or that to it. This is how people find and use exploits in software and even hardware. You look at how an application works and identify ways you can use those processes against it. It is like digital judo. However, what many people do not really get is that this also works when setting up a larger organization for an attack. If you can track how they will respond to a particular threat, you can use it against them in very interesting ways.
Tor has pushed out a new version of its privacy enhancing Tor Browser Bundle. We are up to 5.5 now and, according to the Tor Project it is a full stable release. The update fixes a laundry list of bugs and also covers some usability issues that have been plaguing the software for some time. One interesting note is that they are finally working on blocking ways of fingerprinting users through different mechanisms (resolution, keyboard type etc.).