Archive | July 2012

TeaMp0isoN Member that Hacked Tony Blair Sentenced

TeaMp0isoN member, Junaid Hussain, 18, of Birmingham, was accused and plead guilty to hacking in the Gmail account of British Prime Minister Tony Blair.

According to ThreatPost, the attack that Hussain admitted to being involved with was a breach of the email account of one of Blair’s former advisers. Hussain, who used the handle “TriCk”, pleaded guilty in early July to the attack and was sentenced Tuesday in England to six months in prison for the attack. He was arrested in April.

According to Sophos’s Naked Security, members of the TeaMp0isoN hacking gang then published the hacked information online, sparking security fears about the safety of the former Prime Minister, his friends and associates.

Message posted by Team Poison

A time in prison at the start of your adult life is no easy undertaking. Hope the young lad learned his lesson.

DEF CON Adventures 2012 Explored

DEF CON Logo from defcon.org

Many fun adventures occurred at DEF CON this year, with many interesting new things going on.

Here is the brief summary:

  • Man’s cell phone battery catches fire, explodes in his back pocket.
  • Private phone network created called “NinjaTel”.
  • Possible crack of PPTP encryption found.
  • National Security Agency (NSA) director visited.
  • Hacker explores the world of warranties.

Man’s cell phone battery catches fire, explodes in his back pocket

Credit: Elinor Mills, CNET – Click Image to News Article

Private phone network created called “NinjaTel”

NinjaTel phone network is part of a new initiative by hackers. They were giving them away at DEF CON to good contributors. Probably used as a play phone for hackers. Apparently, the initiative is based on a large unencrypted GSM network with a large open base transceiver station. With approximately 600 customized Android phones on the market, the phones are filled with silly apps and other apps that can help hackers.

Possible crack of PPTP encryption found

Tools were developed at the conference to crack PPTP encryption. Encryption specialist Moxie Marlinspike showed off his usual handiwork.

According to CNET, the tools crack WPA2 (Wi-Fi Protected Access) and VPN passwords used by corporations and organizations running networks that are protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2 for authentication.

As for hacking warranties, read more here.

And that’s a wrap for this year’s DEF CON. Kudos!

Rakshasa Case Study: Really Undetectable?

By Jay Pfoutz
Editor

Apparently, the new showy security threat is Rakshasa… At Black Hat Las Vegas, this new security technique was unveiled.

This new malware by researcher Jonathan Brossard is apparently ‘impossible to disinfect’.

Now, FIRST OF ALL!! – Anything created with man’s hands can be destroyed. I’d like to see this opinion last: undetectable, can’t be disinfected, etc.

The paper on Rakshasa can be found here. It describes a hardware backdoor. Unbeknownst to this artist researcher, companies like Kaspersky or ESET have already begun to craft hardware antivirus drivers. So, this backdoor hardware malware scheme is a bit late, but maybe just in time, too.

Will it be used? Who knows. That’s the scary part!

It is realistically a BIOSkit, a rootkit that infects the BIOS of the computer. What’s wrong with this…? It can be easily disinfected by flashing all of the devices of the computer, which apparently would be infected.

However, this malware has not been tested in an enterprise-based beta, which means just because it worked on a couple of machines does not mean it would work on any other computer. Impressive? Yes! But, not at all scary, yet.

What makes me more shocked, is that people will actually believe that this malware will not be able to be disinfected. But, this is the turnaround: it can be! This is nothing more than a BIOSkit, and we have seen BIOSkits removed in our leagues many times.

But, then again, people commonly believe rootkits are impossible to be removed too. Look…we proved them wrong!

By inflicting code signing for BIOS, just like all other hardware driver signing, can easily keep it blocked. Also, if BitLocker evolves in Windows 8 and further technologies, it could easily secure the OS. Also, things like device encryption, could be taken to a new level.

This is not a new vulnerability, and Brossard agrees.

I’m sure we’ll have more on this story as it develops in the future. Stay tuned to seCURE Connexion!

Blackhole Malware on Twitter: “It’s you on photo?”

Common Twitter scams have been highlighted over time by many security organizations. Please take note of the intro below, and then see the full investigation by Sophos:

If you are a Twitter user please be very cautious of clicking on links that claim you are pictured in an online photo.

Thousands of malicious links are being spammed out, targeting innocent users of the micro-blogging network.

The links point to Russian webpages that ultimately attempt to infect your Windows PC using the notorious Blackhole exploit kit.

Read more on Sophos Blog
Kaspersky Lab E-Store

Java Flaws Becoming Serious Issue

vulnerability

Java exploitation has been a problem for years. Many of the issues encountered with Java exploitation are usually because versions are out-of-date.

Web-exploit-toolkits are used by attackers to attempt exploits at common vulnerable plugins, including Java, Adobe Flash Player, and Adobe Reader.

“As the Advanced Malware Analysts administrator/group owner, I see a lot of issues with people not updating Java, Flash Player, and Reader. These attack vectors were used 5 or so years ago, up until today. Still a complete problem. Problem is, people do not use great tools like Secunia PSI or the auto-update feature in each of the plugins’ control panels,” says Jay Pfoutz – administrator and group owner of the Advanced Malware Analysts. The Advanced Malware Analysts are a group of malware analysts whom volunteer on tech support forums across the web to assist in malware removal for free.

Exploitation frequently happens when people fail to update their plugins in a timely manner. Java plugin problems lately have increased because attackers are now targeting Java a lot more.

Here is how to check for the latest updates for Java (should be done weekly):

  • If using Mozilla Firefox, Plugin Check is the easiest way.
  • Click Start, navigate to Control Panel. Look for Java in the list, and double-click on that. Click the “Update” tab, and then click the “Check for Updates Automatically” check box if you want Java to search for updates automatically. Select how you want Java to notify you about available updates. Or you can hit the Update Now button. More info here
  • Verify Java Version Online

By doing this, you are ensuring prevention from malware exploitation. However, it won’t be enough. Please download and install the following also:

Payment Terminal Vulnerabilities Identified by Black Hats

Three widely deployed payment terminals have identified vulnerabilities:

 

[EMV] cards have malicious code written on their chips that gets executed when they get inserted into the terminals’ smart card readers.

The researchers used this method to install a racing game on one of the three test devices during their demonstration and played it using its PIN pad and display.

For the second device, the researchers used the same method to install a Trojan program designed to record card numbers and PINs. The recorded information was then extracted by inserting a different rogue card into the payment terminal.

The third payment terminal, which is popular in the U.S., is more sophisticated than the other two devices. It has a touchscreen to facilitate signature-based payments, a smart card reader, a SIM card to communicate over mobile networks, support for contactless payments, an USB port, an Ethernet port and an administration interface that can be accessed both locally and remotely.

Read more on this at Computer World

Symantec’s New Chairman: Steve Bennett

Symantec (NASDAQ:SYMC) today announced that Enrique Salem, president and chief executive officer (CEO), has stepped down effective immediately and Symantec’s board of directors has appointed Steve Bennett president and chief executive officer, in addition to his continued role as chairman of the board.

About Steve Bennett

Steve Bennett joined Symantec’s board of directors in February 2010 and became chairman in 2011. Bennett previously led Intuit serving as president and chief executive officer from 2000 to 2007. At Intuit, Bennett combined the company’s historic innovative and customer-driven expertise with strategic and operational rigor. Intuit revenue grew to $2.7 billion in fiscal 2007 from less than $1 billion in fiscal 2000. Under Bennett’s leadership Intuit grew its existing businesses while simultaneously expanding into new markets, such as online banking and healthcare.

Read more on the Press Release from Symantec

%d bloggers like this: