Security

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 18

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
Microsoft

Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers (voat.co) 332

An esteemed reader writes: Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently.
Botnet

Online Museum Displays Decades of Malware (thestack.com) 32

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.
Security

Avast SafeZone Browser Lets Attackers Access Your Filesystem (softpedia.com) 31

An anonymous reader writes: Just two days after Comodo's Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, it's now Avast's turn to be publicly scorned for failing to provide a "secure" browser for its users. Called SafeZone, and also known as Avastium, Avast's custom browser is offered as a bundled download for all who purchase or upgrade to a paid version of Avast Antivirus 2016. This poor excuse of a browser was allowing attackers to access files on the user's filesystem just by clicking on malicious links. The browser wouldn't even have to be opened, and the malicious link could be clicked in "any" browser.
Government

UK Wants Authority To Serve Warrants In U.S. (usatoday.com) 129

schwit1 writes with this news, as reported by USA Today: British and U.S. officials have been negotiating a plan that could allow British authorities to directly serve wiretap orders on U.S. communications companies in criminal and national security inquiries, U.S. officials confirmed Thursday. The talks are aimed at allowing British authorities access to a range of data, from interceptions of live communications to archived emails involving British suspects, according to the officials, who are not authorized to comment publicly. ... Under the proposed plan, British authorities would not have access to records of U.S. citizens if they emerged in the British investigations. Congressional approval would be required of any deal negotiated by the two countries.
Education

K-12 CS Framework Draft: Kids Taught To 'Protect Original Ideas' In Early Grades 131

theodp writes: Remember that Code.org and ACM-bankrolled K-12 Computer Science Education Framework that Microsoft, Google, Apple, and others were working on? Well, a draft of the framework was made available for review on Feb. 3rd, coincidentally just 3 business days after U.S. President Barack Obama and Microsoft President Brad Smith teamed up to announce the $4+ billion Computer Science for All initiative for the nation's K-12 students. "Computationally literate citizens have the responsibility to learn about, recognize, and address the personal, ethical, social, economic, and cultural contexts in which they operate," explains the section on Fostering an Inclusive Computing Culture, one of seven listed 'Core K-12 CS Practices'. "Participating in an inclusive computing culture encompasses the following: building and collaborating with diverse computational teams, involving diverse users in the design process, considering the implication of design choices on the widest set of end users, accounting for the safety and security of diverse end users, and fostering inclusive identities of computer scientists." Hey, do as they say, not as they do! Also included in the 10-page draft (pdf) is a section on Law and Ethics, which begins: "In early grades, students differentiate between responsible and irresponsible computing behaviors. Students learn that responsible behaviors can help individuals while irresponsible behaviors can hurt individuals. They examine legal and ethical considerations for obtaining and sharing information and apply those behaviors to protect original ideas."
Security

MIT Reveals "Hack-Proof" RFID Chip (thestack.com) 52

JustAnotherOldGuy writes: A group of researchers at MIT and Texas Instruments claim that they have developed a new radio frequency identification chip that may be impossible to hack. Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. The new RFID chip runs a random-number generator that creates a new secret key after each transaction. The key can then be verified with a server to ensure that it is correct. The group at MIT also incorporated protection against a power-glitch attack, an attack that would normally leave a chip vulnerable to an interruption of the power source that would in turn halt the creation of a new secret key. Texas Instruments CTO Ahmad Bahai stated, "We believe this research is an important step toward the goal of a robust, lo-cost, low-power authentication protocol for the industrial internet." The question is, how long will it be before this "hack proof" chip is hacked?
Security

Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com) 159

itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.
Government

Marco Rubio Wants To Permanently Extend NSA Mass Surveillance (nationaljournal.com) 338

SonicSpike writes: Marco Rubio wants Congress to permanently extend the authorities governing several of the National Security Agency's controversial spying programs, including its mass surveillance of domestic phone records. The Florida Republican and 2016 presidential hopeful penned an op-ed on Tuesday condemning President Obama's counterterrorism policies and warning that the U.S. has not learned the "fundamental lessons of the terrorist attacks of Sept. 11, 2001." Rubio called on Congress to permanently reauthorize core provisions of the post-9/11 USA Patriot Act, which are due to sunset on June 1 of this year and provide the intelligence community with much of its surveillance power. "This year, a new Republican majority in both houses of Congress will have to extend current authorities under the Foreign Intelligence Surveillance Act, and I urge my colleagues to consider a permanent extension of the counterterrorism tools our intelligence community relies on to keep the American people safe," Rubio wrote in a Fox News op-ed.
Cloud

CoreOS Launches Rkt 1.0 (eweek.com) 49

darthcamaro writes: Docker is about to get some real competition in the container runtime space, thanks to the lofficial aunch of rkt 1.0. CoreOS started building rkt in 2014 and after more than a year of security, performance and feature improvement are now ready to declare it 'production-ready.' While rkt is a docker runtime rival, docker apps will run in rkt, giving using a new runtime choice: "rkt will remain compatible with the Docker-specific image format, as well as its own native App Container Image (ACI). That means developers can build containers with Docker and run those containers with rkt. In addition, CoreOS will support the growing ecosystem of tools based around the ACI format."
Google

Google Targets Fake "Download" and "Play" Buttons (torrentfreak.com) 117

AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.
AI

Harnessing Artificial Intelligence To Build an Army of Virtual Analysts 41

An anonymous reader writes: PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market. Their goal was to make a system capable of mimicking the knowledge and intuition of human security analysts so that attacks can be detected in real time. The platform can go through millions of events per day and can make an increasingly better evaluation of whether they are anomalous, malicious or benign.
Security

Push To Hack: Reverse Engineering an IP Camera (contextis.com) 35

New submitter tetraverse writes: For our most recent IoT adventure, we've examined an outdoor cloud security camera [the Motorola Focus 73] which like many devices of its generation a) has an associated mobile app b) is quick to setup and c) presents new security threats to your network. From the article: This blog describes in detail how we were able to exploit the camera without access to the local network, steal secrets including the home networkâ(TM)s Wi-Fi password, obtain full control of the PTZ (Pan-Tilt-Zoom) controls and redirect the video feed and movement alerts to our own server; effectively watching the watchers.
Crime

Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com) 84

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.
United States

Former DoE Employee Ensnared By Secret-Selling Sting Pleads Guilty (washingtonpost.com) 40

mdsolar writes: A former Energy Department employee accused of attempting to infiltrate the agency's computer system to steal nuclear secrets and sell them to a foreign government pleaded guilty Tuesday to a reduced charge of attempting to damage protected government computers in an email "spear-phishing attack." Charles Harvey Eccleston, a former employee at the department and at the independent Nuclear Regulatory Commission (NRC), was arrested March 27 by Philippine authorities after an undercover FBI sting operation. Eccleston, 62, a U.S. citizen who had been living in the Philippines since 2011, was "terminated" from his job at the NRC in 2010, according to the Justice Department. In January 2015, the department said, he targeted more than 80 Energy Department employees in Washington at four national nuclear labs with emails containing what he thought were links to malicious websites that, if activated, could infect and damage computers.
Programming

Winner of the 2015 Underhanded C Contest Announced (underhanded-c.org) 48

Xcott Craver writes: The Underhanded C contest results have now been announced. This time the contest challenge was to cause a false match in a nuclear inspection scenario, allowing a country to remove fissile material from a warhead without being noticed. The winner receives $1000 from the Nuclear Threat Initiative.
China

Duplicate Login Details Enabled Hack of More Than 20 Million Chinese Consumers (thestack.com) 14

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.
Security

Chromodo Browser Disables Key Web Security (thestack.com) 53

An anonymous reader writes: A Google Security Research update has claimed that Comodo's internet browser Chromodo, based on the open-source project Chromium, contains significant security failings and puts its users at risk. This week's Google alert suggested that the Chromodo browser – available as a standalone download, as well as part of the company's Security package – is less secure than it promises. According to analysis, the browser is disabling the Same Origin policy, hijacking DNS settings, and replacing shortcuts with Chromodo links, among other security violations.
Privacy

Shopping Mall SMS Parking Notifications Could Be Used To Track Any Car (itnews.com.au) 42

Bismillah writes: Westfield's Scentre Group has removed SMS notifications for its ticketless parking system after it was discovered they could be used to track other people's cars unnoticed. The system allows you to enter any licence plate, which in turn will be scanned upon entry and exit at mall parking facilities — and when the free parking time is up, a notification message is sent to the mobile phone number entered, with the exact location of the car.
Security

Severe and Unpatched eBay Vulnerability Allows Attackers To Distribute Malware 30

An anonymous reader writes: Check Point researchers have discovered a severe vulnerability in eBay's online sales platform, which allows criminals to distribute malware and do phishing campaigns. This vulnerability allows attackers to bypass eBay's code validation and control the vulnerable code remotely, to execute malicious Javascript code on targeted eBay users.

Slashdot Top Deals