Archive | December 2012

Drones Becoming Better Used for Surveillance in the US

Drones are being used for extensive surveillance in the United States, and reportedly have been used before in other countries for spying and targeted assassinations. There’ve been numerous reports of Customs and Border Protection that utilized Predator drones.

The Electronic Frontier Foundation (EFF) had provided evidence of its use by federal government and also local law enforcement. There are a lot of license records for drones, and the tracking of them on domestic flights. According to the organization, “EFF filed suit against the U.S. Department of Transportation (DOT), demanding data on certifications and authorizations the agency has issued for the operation of unmanned aircraft, also known as drones.”

These government surveillance issues outline a risky pattern that goes beyond internet monitoring, crazy intersection cameras, etc. These drones have impressive yet disturbing functionality to civil liberties advocates. According to the FOIA complaint, they carry equipment that can, “conduct highly sophisticated and almost constant surveillance. Including video cameras, infrared cameras and heat sensors, and radar.”

According to CSO, “The complaint quoted a description of the U.S. Army’s A160 Hummingbird Drone-Copter that includes, “super-high-resolution ‘gigapixel’ cameras that can track people and vehicles from altitudes above 20,000 feet, … can monitor up to 65 enemies of the State simultaneously, and … see targets from almost 25 miles down range.”

The CSO has a collaborative article about the situation, with more information.

December Patches are in: Microsoft and Adobe have updates ready for Black Tuesday

Well it’s Patch Tuesday, or what some people call “Black” Tuesday.

Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.

Current bulletins for this round:

  1. MS12-077 Cumulative Security Update for Internet Explorer
  2. MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  3. MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
  4. MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
  5. MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
  6. MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
  7. MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

(Key: ImportantCritical)

For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x, Adobe said.

The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.

There is also a security hotfix available to fix misc. vulnerabilities in ColdFusion. Get updates for Adobe products at Adobe.com.

Stay protected from vulnerabilities entirely and get $30 off this month for Kaspersky products: Kaspersky E-Store

Security Awareness at Your Business, What about BYOD? (mini-whitepaper)

What exactly does it take to make your business more secure? You might ask… “Do I need to secure all the computers with antivirus software?”  – or – “Do we have to set up a network security policy?”  – or –  “Is security really necessary? It’s costly, why do we need it?”

It is possible to consider all of those questions, and possibly even answer them in your own mind. It is necessary to have antivirus software and a good security policy. It is also good to keep an eye on all of your employees as necessary to make sure they stay on task. 😉

However, let’s focus on some of the main data here…

  • Security awareness can be determined as the knowledge of how security systems work, and being able to apply them to an object. It matters to the physical and digital assets of the organization…AKA, your money, data, etc. Maybe it matters these days to say “Time is money, data is money, and so on…etc.”
  • Educate your employees on these matters, especially on the types of threats that can be seen in today’s malware world. Many things, especially on smartphones, are easy to spot. It’s good to keep an eye on the latest information about threats.
  • Password security is always important! Therefore, educate everyone on the basis of password security…including executives. Everyone you know in your business needs to be educated and re-educated. It’s so easy to become comfortable with choosing an easy password. Get out of the habit before it costs your company a fortune!
  • Protect your information and develop a policy for social media, BYOD, etc. It is important to educate your employees on how they should post on social networks anything about your company. The last things you need is for a pre-release to be leaked, private data leaked, a controversial issue light up, etc. Also, make sure to keep your employees off of non-work apps on their smartphones, and only focused on work. (BYOD at work says use smartphone for work only)
  • Back up your rules with consequences (honestly enforce them too), to make sure if security policies and procedures are broken, at least the employee will know how much trouble they’re in.
  • To scale this security awareness project further, download NIST’s Special Publication 800-50 – Building an Information Technology Security Awareness and Training Program to learn how to make your own.

 

Saudi Aramco Incident Investigated Much Closer

We reported back in October about the damage swell of Saudi Aramco, Saudi Arabia’s oil company, which fell victim to a cyberattack. Some new details have been revealed by a few investigating/reporting organizations…

The New York Times reported the following yesterday:

The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. It was Aramco’s first comments on the apparent aim of the attack.

Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet been published.

The “Cutting Sword of Justice” made a post on PasteBin.com about taking credit for the attack.

We explained previously that most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. However, renewed thoughts of Aramco are showing the want by hackers to stop the flow of production. Good thing it got sorted out.

Hackers and Virus-makers Retrying Their Luck on Android and Windows Phones

When you look at the scope of Android malware (malicious software/viruses), and then think about Windows Phone malware, it’s as if hackers and virus-makers (“cybercriminals”) are retrying their own luck. What is meant by this? Years ago when malware started gaining big time (probably around 2000), these cybercriminals tried a number of ways to hack the Windows API/kernel, causing innumerable issues for Windows users. Now, today’s market looks like it’s being done all over again.

During the 2000s era, it seemed like we had quite a few different types of malware. Here are those types explained in today’s market for smartphone malware:

  • Dialer: a trojan app/program that automatically dials premium rate numbers and attempts to rack up charges on the user’s phone bill. This can be highly costly, so removing it immediately is the best option.
  • Trojan: a common name for any type of app/program that is designed to look like it does one thing, but it’s code does something else untrustworthy. Many options trojans pick would be the stealing of personal data off of the device, or changing the settings of a device to make it behave a different way.
  • Virus: a self-replicating piece of code, infects other files, or just damages files on devices.
  • Spyware: another trojan app/program, which decides to attempt the stealing of personal data on the user’s device.
  • Adware: another trojan app/program designed to show ads to the user, sometimes flooding their screen. Commonly, these ads are personalized for the user, by getting a scope of the type of apps they have.
  • Rootkit: a piece of trojan code, designed to get administrator privileges on the device, and then take control (and manipulate) of the system.

As you can see, some of those issues are as prevalent on mobile devices as they were on Windows operating systems in the 2000s era.

To further protect your mobile device from anyone of the threats described, please consider purchasing Kaspersky Mobile Security: Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95 Click Here

Serious Java Vulnerabilities Have Many Things in Common (mini-whitepaper)

If you’ve seen many of our posts here, you’d know that we report about Java vulnerabilities. As often as they come, they must have something in common, right? Indeed.

Let’s discover the vulnerabilities of CVE-2012-4681 and CVE-2012-5076, what’s similar and what we can learn about these two serious vulnerabilities. These use a Java reflection mechanism that breaks applet security restrictions, and allow a malicious payload. In other words, they bypass security and execute malicious code.

Now, Java reflection is used in programs commonly, usually those requiring the examination of runtime behavior of applications running in Java Virtual Machine. It is very convenient for Java developers (despite saving time) to write Java programs, but it also opens up more opportunities for exploits.

Now, to open up for the technical part, which you can skip if you don’t understand Java or it would give you a headache. 🙂

== TECHNICAL START ==

Java reflection has many functions and they are:

  1. GET class
  2. GET all members and methods in class include private ones
  3. Invoke methods

Java’s big vulnerability in dealing with reflection is that it allows hidden fields. Obviously, this isn’t a true flaw (meaning the Java developers don’t see a problem), but it would help to change this attribute to avoid further problems.

Now, CVE-2012-4681 used Java reflection to induce a hidden field that was called statement.acc. It implemented, also, the “setfield” function, which changes the value of the ACC file (found in the hidden field).  To break the code, “Java.beans.statement” would be implemented.

So, in Java, we’d see:

SetField(Statement.class, "acc", localStatement, localAccessControlContext);

Then, as we analyze CVE-2012-5062, we see the big offender, “util. GenericContructor”, which is used to create an object from a restricted class. We would implement it like “sun.invoke.anon.AnonymousClassLoader”, and then call its function “loadclass” – that would deliver the malicious payload. Here is a breakdown of how the payload would work:

  1. GET the method “loadclass” and then invoke.
  2. GET the method “r” in payload and then invoke.
  3. Using “Class.forName” to load a target class
  4. Using “getDeclaredFields”, which would enumerate all fields (not including hidden ones).
  5. Using “setAccessible” to expose hidden/private fields.
== TECHNICAL END ==

Obviously, it’s time, researchers, to keep an eye on Java reflection vulnerabilities.

Data Leak about the US/UK reported by Swiss Spy Firm

Secret information on counter-terrorism shared by foreign governments may have been compromised by a massive data theft by a senior IT technician for the NDB, Switzerland’s intelligence service, European national security sources said.

Intelligence agencies in the United States and Britain are among those who were warned by Swiss authorities that their data could have been put in jeopardy, said one of the sources, who asked for anonymity when discussing sensitive information.

Swiss authorities arrested the technician suspected in the data theft last summer amid signs he was acting suspiciously. He later was released from prison while a criminal investigation by the office of Switzerland’s Federal Attorney General continues, according to two sources familiar with the case.

The suspect’s name was not made public. Swiss authorities believe he intended to sell the stolen data to foreign officials or commercial buyers.

A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.

read more in this Reuters’ report

%d bloggers like this: