Archive | March 2013

Stuxnet Attack on Iran was Illegal? Read more inside…

The North Atlantic Treaty Organization’s (NATO) researchers have uncovered a serious reality in the Stuxnet case against Iran (brought on by the US and Israel). NATO’s researchers call it an “act of force”, which was apparently an illegal move.

“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by international legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia.

Apparently, it is prohibited, “according to the U.N. charter, the use of force is prohibited, except in self-defense,” says Michael N. Schmitt, a lead author on The Tallinn Manual on the International Law Applicable to Cyber Warfare.

According to the Washington Times, The international group of researchers who wrote the manual were unanimous that Stuxnet — the self-replicating cyberweapon that destroyed Iranian centrifuges that were enriching uranium — was an act of force, said Mr. Schmitt, professor of international law at the U.S. Naval War College in Newport, R.I.

Also, the article stated that neither Israel nor the United States has publicly acknowledged being behind Stuxnet, but anonymous U.S. national security officials have told news outlets that the two countries worked together to launch the attack, which set the Iranian nuclear program back as much as two years, according to some estimates.

A manual produced by 20 researchers in NATO, as well as some legal scholars and senior military lawyers, details 300 pages worth of important cybersecurity analysis.

“We wrote it as an aid to legal advisers to governments and militaries, almost a textbook,” Schmitt told the paper. “We wanted to create a product that would be useful to states to help them decide what their position is. We were not making recommendations, we did not define best practice, we did not want to get into policy,” he said.

More detailed investigation is probable in this matter.

Free Software Pioneer Richard Stallman calls Ubuntu ‘Spyware’

Richard Stallman, the pioneer of free software, has asked a South American free software association to not promote Ubuntu at any event, giving reasons that it “spies on its users” by collecting desktop search activity, and then handing it over to Amazon.

Canonical, developers of Ubuntu, a Linux-based operating system, released version 12.10 with the desktop search last October. Users can opt out of this, in which Canonical claims it retrieves anonymous user data, which is shared with third parties.

After calling Ubuntu spyware, it seems it might be a ridiculous banter by Stallman. It may not be spyware, but it’s no surprise any software collects data. Wouldn’t you be shocked if you found out software didn’t collect data?

A lot of heated criticism has been over this desktop search, however, Stallman’s request was declined. The FLISOL event organizer stated that users should have freedom of choice. As we know, limited freedom of choice is bad when it comes to software.

Whether Stallman wants Ubuntu promoted anymore is irrelevant to the fact that Ubuntu is one of the fastest growing distros of Linux.

Annual Antivirus Toplist Report – 2013 (premium & free)

2013-review

Welcome to our second toplist of antivirus software. The following are independently reviewed security products, compiled from a list of average reviews for 2013 products!

Premium

Premium antivirus software provides the best antivirus protection and safeguards your computer, your identity, and all of your personal information saved on the computer. Some programs provide extra features, such as free online backup, auto-sandbox (which runs your programs in a safe environment to make sure they are not malicious), and social networking protection. The percentages in rank were based on an average of virus removal, protection, and overall performance. Note: only some testing data is available, here.

  1. Bitdefender – 95% – Bitdefender Antivirus Plus 2013 builds on #1 ranked silent security technology to stop e-threats, secure online transactions, and defend your privacy on social networks.
  2. Kaspersky – 90% – The next recommended program, Kaspersky Antivirus, usually yields the highest results in antivirus testing groups, and is one of the most trusted. Its antivirus product is well worth its cost. What’s even better is the amount of features it has – and the strength of each feature. Each individual feature has a good amount of protection involved. It truly is the pro-active piece of software that every computer needs!
  3. Norton – 87% – Symantec’s awesome Norton products have grown up from a nice antivirus to a very awesome powerhouse packed with great features and a cool-looking interface. Although the interface is a little tough for beginners, it sure has the amount of protection-based features needed to keep the viruses out! With its new identity protection interfaces, it deserves spot two!
  4. F-Secure – 84.4% – F-Secure software has risen up to become a great competitor to other antivirus vendors. Its feature-rich interface and good heuristics, paired with lightweight performance, makes this program a star! Kudos!
  5. Trend Micro – 83.8% – This vendor has absolutely grown up lately, from a bit mediocre to a much better, more advanced antivirus program. They have truly made reviewers (like me) proud!
  6. G Data – 81% – This vendor is not exactly as we expected, when people were telling us how good they are. But, they did do a good job blocking threats, but removing existing threats took quite a while to do. I can understand being thorough, but being a bit more timely might be a good idea..
  7. BullGuard – 78% – This was unexpected. BullGuard, like Trend Micro, surprised us big time. The amount of effort the developers put into this program was unbelievable. We say kudos to the developers! Some improvement is still needed, but nonetheless, good job!
  8. AVG – 77% – AVG for years has provided good protection. It provides great feature rich software. The only takeaway, the problem of false positives, but more realistically – once a system has been infected, AVG software gets hostile (which requires complete uninstall and reinstall for it to work properly again). Their response on false positives is not quick enough, which can cause problems with trust. Trust is very important to PC users. This program came in spot eight, again, because of that!
  9. Avast – 76% – This antivirus program may very well be the feature-rich program of the year. Improving greatly from previous years, it shows each new year how much it has grown to be a beneficial program for almost any system. The only problem that was seen in Avast Pro Antivirus compared to other ones listed above this one, were the ability to stop a malicious download immediately in its tracks. However, with every new program update comes a much better way to block these infected sites.
  10. Webroot – 75% – Webroot has stepped it up with SecureAnywhere, after SpySweeper was retired, but they need to step it up more. Especially on the aspects of removal and protection. Antivirus software needs to be more of protecting and keeping the user safe, not just removing viruses.
  11. Avira – 74% – Avira provides social networking protection, anti-phishing, and pro-active HIPS protection in its newer versions of antivirus. However, it may not be as feature-rich as other programs in its class, and this may take away from the functionality of the antivirus engine (which failed to block a few threats) and does not remove some viruses very well (maybe lacking the proper tools to do it). It did not block 100% of malware, but came fairly – blocking approximately 96% of threats.
  12. ESET – 72.3% ESET has done a great job making NOD32 Antivirus in to a lightweight powerhouse! However, it lacks the ability to find all of the viruses on a hostile system, and the heuristics are a bit lacking. But, hopefully, next year will be much better.
  13. Panda Security – 71.9% – This one was a hard one to judge. When tested on many different systems in the past, it was recognized to provide good protection and great features, however, it lacked performance. Some of the performance lacks had to do with running on a hostile system around a lot of viruses: the program had slowed to a halt. However, the sandbox system, good heuristics, and overall complete protection is what makes it okay!
  14. GFI Vipre – 70.7% – no review written.
  15. McAfee – 66% – no review written.

Free

Free antivirus software provides a temporary means to safeguard your computer, while you can save money for a premium investment…

  1. Avast  – This is growing itself a trend for the best free antivirus. It is thought one of the best promotion techniques they have used in the recent year was contests for their users. From what was seen in our perspective, Avast has an awesomely fast antivirus engine. However, it barely slipped from first place due to its false positives and lack of stronger heuristics needed for the bigger threats. But, since it is free, it goes to show that users need a premium antivirus protection.
  2. AVG – Its good detection and smart heuristics allow it to be a powerful antivirus program, however, it has dealt with false positives on an uncomfortable scale before, so second place is where it sits this time!
  3. Avira  – What is good about Avira Free is that it continually shows good protection against all Windows platforms. What is bad is that it cannot run 100% on heavily infected systems. This is a common problem with antivirus software, but Avira Free has shown to not function very well. May be due to the lack of a well-coded self-protection driver, but nonetheless good luck in the future!
  4. ZoneAlarmIt is assured that ZoneAlarm’s new free program has what it takes to be a good antivirus program. However, due to a few false positives, it ranked 4th this time.
  5. Microsoft Security Essentials – This comes far as one of the most lightweight and simplistic antivirus programs on the market. Microsoft is the maker of the Windows operating system, of course, so it gave users a trustworthiness factor for Microsoft Security Essentials. However, due to the fact it has missed quite a few viruses and it does not remove viruses pretty well, it ranked last on the free list.

Thanks for reading this review. Feel free to comment below. 🙂

Welcome back Ramnit – Anti-detection rootkit back in action

malware

Ramnit is the name of a rootkit family, which is composed of a sophisticated virus-mutated rootkit, which tends to infect files with polymorphic code and then locks them to disk (some versions lock to disk).

What’s more? Now, it has a troubleshooting module, increased anti-detection capability, enhanced encryption & malicious payloads, and better-written polymorphic code.

“Ramnit is a frequently updated threat which gets updated by its developer every day,” said Tim Liu of the Microsoft Malware Protection Center in a blogpost on Thursday.

Ramnit originated in 2010, and focused on stealing personal credentials, and banking mining (laundering money).

“It looks like the troubleshooting module has become a common feature in recently developed botnets. The malware authors are analyzing the error reports and making the botnet component more stable,” Liu said.

A new payload module, Liu said, is called Antivirus Trusted Module v1.0; Ramnit kills all antivirus processes through this module, though only AVG AntiVirus 2013 has been moved into the module to date, Liu said.

Google disallowing Ad-Blockers in Play store

While Google Play has operated in an odd fashion, by mostly approving apps correctly, except for a few slipping by. But, it has also approved ad-blocking apps. Most of the time these apps either operated in browser environment (like Firefox add-on: AdBlock Plus) or in a rooted environment (which helps disable all device ads).

Google says no more, as many report on social networks that ad blockers are removed from Google Play. Most of the time, the reason for removal: “Violation of section 4.4 of the Developer Distribution Agreement.”

Supposed that Google is disallowing updates to current versions, which means that even if you have ad blockers on your device, they will eventually dysfunction, if not already.

Urgent Security Fixes Issued for Windows, Adobe Flash Player & AIR

myupdates

Windows

The usual round of updates are in. As today is Patch Tuesday, Windows and Adobe Flash and Air were issued security updates. Microsoft had seven update bundles containing 20 total vulnerabilities in Windows and other Windows software. Adobe released updates for Flash and Air.

Microsoft had four critical patches, and three other updates. A total of seven today.

The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

Adobe Flash Player/AIR

Adobe has sent updates for Flash Player, now at 11.6.602.180. This is the version for Windows and Mac OS X based systems. Four security flaws were identified, which prompted this fix. No current attacks/exploits have been identified.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own. The update may not be issued for Chrome just yet, but should be soon, we hope.

If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Here is the update table for Adobe Flash Player and AIR:

flash-air

 

Pwn2Own (2013) Contest a Blast – FULL Results

pwn2own

CanSecWest is a conference, and 2013’s conference once again involved the Pwn2Own contest for hackers, an elite (1337) competition. The concept remained simple and will always that if you pwn a fully-patched browser running on a fully-patched laptop, you get to keep the laptop.

However, different rules applied this year. It involved successfully demonstrating the exploit, providing the sponsor (HP) the fully functioning exploit, and all details involved with the vulnerability used in the attack. If there were many vulnerabilities, multiple reports are needed, etc.

The work couldn’t be sold to anyone else, and proof of concept would belong to HP once sold. Basically, HP buys the winning exploits for own use. Their idea of reward money was the following:

  • Google Chrome on Windows 7 = $100,000
  • IE10 on Windows 8 = $100,000 or IE9 on Windows 7 = $75,000.
  • Mozilla Firefox on Windows 7 = $60,000
  • Apple Safari on Mac OS X Mountain Lion = $65,000
  • Adobe Reader XI and Flash Player = $70,000
  • Oracle Java = $20,000

It was assuredly a blast at the competition, no doubt about it.

DAY ONE: Java, Chrome, IE10, and Firefox PWNED!!!

(Where’s Safari, right? It survived!)

The idea behind each attack is the ability to browse to an untrusted website where you’re able to inject and run arbitrary code outside of the browsing environment.

Of course, one of the rules is: “A successful attack … must require little or no user interaction and must demonstrate code execution… If a sandbox is present, a full sandbox escape is required to win.”

ie-ff-chrIn addition to Chrome, Firefox, and IE10 being pwned, Java was pwned three times on the first day. Once by James Forshaw, Joshua Drake, and VUPEN Security. VUPEN Security also led a lot of the pack of issues by successfully exploiting IE10 and Firefox as well.

The only other exploit was by Nils & Jon, where both successfully exploited Chrome.

The day after the first day of Pwn2Own, Mozilla and Google patched the exploits that were pushed out. Amazingly fast, Firefox went on to version 19.0.2 (which you should’ve been updated automatically), and Chrome went on to version 25.0.1364.160 (effectively patching 10 vulnerabilities).

“We received the technical details on Wednesday evening and within less than 24 hours diagnosed the issue, built a patch, validated the fix and the resulting builds, and deployed the patch to users,” said Michael Coates, Mozilla’s director of security assurance, in a Thursday blog.

Microsoft has decided to wait until next week’s Patch Tuesday run of updates to push out the fix for the Internet Explorer exploit on IE10.

DAY TWO: Adobe Reader and Flash Player PWNED!!! Java PWNED AGAIN!!!

The last day of Pwn2Own 2013 went with a BANG!fl-ar-ja

Flash Player…exploited by VUPEN Security (any surprise?). Adobe Reader PWNED by George Hotz. Java once again was exploited, this time proxied by Ben Murphy.

Who’re the overall prize winners?

  • James Forshaw, Ben Murphy, and Joshua Drake for Java – each $20,000
  • VUPEN Security for IE10 + Firefox + Java + Flash – $250,000
  • Nils & Jon for Google Chrome – $100,000
  • George Hotz for Adobe Reader – $70,000

Of course, George Hotz is best known for jailbreaking the iPhone and PlayStation 3. He’s still in progress with a lawsuit with Sony over the issue for PS3.

It’s amazing to see that Java was PWNED 4 times in just two days, but is it any surprise based on the number of vulnerabilities Oracle has dealt with for Java?

Now in its eighth year, Pwn2Own contest had $480,000 in payouts, a record year. Amazing!

Got any vibe on this issue? Post comment below! 🙂

%d bloggers like this: