Recent Posts

Businesses should be on their guard against agencies who offer them information on their competitors, following the jailing of a team of private investigators who used spyware to steal information on behalf of legitimate companies.

According to media reports, four members of the Israeli Modi’in Ezrahi private investigation firm have been sentenced after they were found guilty of using a Trojan horse to steal commercial information.

The Trojan horse, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency (whose clients include Israel’s second biggest mobile phone operator, Partner Communications). Another alleged victim was Champion Motors, which imports Audi and Volkswagen motor vehicles.

Asaf Zlotovsky, a manager at the Modi’in Ezrahi detective firm, was given a 19 month jail sentence. Two other employees, Haim Zissman and Ron Barhoum, were sent to prison for 18 and nine months respectively. The firm’s former CEO, Yitzhak Rett, escaped a jail sentence after admitting the allegations under a plea bargain - he has been fined 250,000 Israeli Shekels (UKP 36,500) and will face ten months on parole.

“It’s understandable that firms would want information on what their business rivals are planning to do, and try to seek a competitive advantage over them. What isn’t acceptable is to hire firms that will use illegal methods, such as computer spyware, to gather that information,” said Graham Cluley, senior technology consultant at Sophos. “Firms need to be very careful about the third parties they hire to help them grow their business, and seek assurances that their partners will not be behaving unethically or illegally. If they do not, the consequences could not only be a swathe of bad publicity, but also a spell in prison.”

Michael Haephrati, who honed his computer skills during three years’ military service in the Israeli army, and his wife, Ruth, were fined and sentenced to jail by an Israeli court for their involvement in the case in 2006.

“Regular cybercriminals may be attempting to steal your employees’ credit card details, but spyware can also be used for corporate espionage designed to steal your business plans and customer databases,” explained Cluley. ” Firms should be on their guard and have proper defences in place to avoid falling foul of this kind of attack.”

Article source

SlideShare, a Mountain View-based startup that lets you upload and embed PowerPoint presentations on the web, appears to have stirred the red dragon last week.

About ten days ago the company began receiving anonymous requests to delete slideshows that were deemed “illegal” by the requesters. The SlideShare staff checked out these slideshows and discovered them to be quite innocent. While some described ways to fight corruption in China, none of them violated the company’s terms of service, and so SlideShow did nothing to fulfill the requests.

SlideShare soon began receiving a different type of request from the same people, who could now be identified by their email addresses. This time they were pretending to be users who had lost their passwords. Once again doing nothing, the company got a very demanding, and almost threatening, call to its Indian office on Wednesday, one that insisted that the company grant access to an account.

After these three failed attempts, SlideShare experienced a massive distributed denial of service attack starting at 10pm on Thursday, one day before the CNN website was attacked by Chinese instigators in apparent backlash to its coverage of the Tibetan protests. We’ve been told that the attack reached a peak of 2.5GB/sec and consisted entirely of packets sent from China.

Not long after the first attack subsided, SlideShare was hit a second time on Friday and the site went down again until Saturday morning. Since then there have been no more attacks, but the company continues to receive fake password recovery and illegitimate takedown requests at a rate of about 5-10 per day (it has accumulated about 50-60 total).

There’s a lot of speculation around just what has happened here since no one knows for sure who is behind the requests and attacks. However, it seems likely that they were from the same hacker groups - possibly linked to the Chinese government - that attacked the CNN site (and later called their attack off after getting too much publicity). Some of the slideshows with takedown requests have been viewed many times recently, so their popularity seems to have landed them on the Chinese government’s radar.

SlideShare insists that it will do everything it can to protect its users’ freedom of speech. As such, it has no plans to remove any of the content in question.

The Sports Network was also recently taken over by Chinese hackers who mistook it for CNN sports.

Article source

The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new facebook account. Im going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and whois protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:

Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam.

It’s not clear yet exactly what the phishing scammers are planning on using the compromised accounts for, or how far it has spread. One tipper claimed that many of his friends had been caught as well.

Article source

Software giant Microsoft warned on Friday that some customers have reported detecting attacks using Microsoft Word and a previously unknown vulnerability in Microsoft’s Jet database engine.

The attack uses an e-mail message with two attachments — a Word file and a Microsoft Jet database file — although Microsoft is investigating whether other programs could also be used, the company said in a security advisory published on Friday. While the software giant has stated that Microsoft database files (.mdb) should be considered unsafe, and do not execute automatically, under the attack conditions described in the latest attacks the database files does execute, security firm McAfee stated in its research blog.

“Up until recently attackers typically exploited MS Jet DB vulnerabilities through MDB files, and therefore Microsoft stuck to their ‘MDB files are unsafe’ story — well, that’s changed,” Craig Schmugar, senior antivirus researcher at security firm McAfee, wrote in the post.

Flaws in Microsoft’s Office productivity applications have become standard weapons for fraudsters conducting targeted attacks aimed at high-level managers and executives. While ten or fewer high-severity flaws were reported in the five major component applications of Microsoft Office each year from 2002 to 2006, at least 26 high-severity flaws were reported in Office applications last year, according to data from the National Vulnerability Database. Earlier this month, Microsoft patched a dozens flaws in Office applications.

Vulnerabilities in Microsoft Office have been used in industrial espionage and in attacks on government systems.

Microsoft is currently working on producing a patch for the flaw. The company recommended that companies either restrict Microsoft Jet Database from running or block .mdb files from being sent as attachments.

The vulnerability does not affect computers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1, the company stated.

Article source

The Gmail CAPTCHA has been cracked—albeit not easily—raising new concerns about spammers’ ability to abuse Google’s e-mail services. Websense Security Labs pointed out the security breach late last week, noting that spammers have a lot to gain by being able to use bots to automatically sign up for new accounts.

Google’s free e-mail services and a highly-desirable gmail.com domain—one that is unlikely to be blacklisted by anybody’s spam filters—are just two of the features that induced spammers to crack the CAPTCHA and have bots do all the work. On the upside, it apparently wasn’t easy—Websense says that it required two bot hosts to crack instead of just the one that recently cracked Windows Live Mail’s CAPTCHA (Websense believes that the same group was involved with both). It also believes that the two hosts are required because the first host may fail at cracking the code the first time around (and possibly time out), but the second host may also be required to check the work of the first. Additionally, only one in every five CAPTCHA-breaking requests on Gmail succeeded. Still, a 20 percent success rate is relatively high when you consider that spambots are trying to register hundreds (or thousands) of e-mail addresses at a time.

Article source

A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.

In a technical paper that was published Thursday on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.

When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeros — out of the chip’s memory.

“Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power,” Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. “Just put the chips back into a machine and you can read out their contents.”

The researchers used special pattern-recognition software of their own to identify security keys among the millions or even billions of pieces of data on the memory chip.

“We think this is pretty serious to the extent people are relying on file protection,” Mr. Felten said.

The team, which included five graduate students led by Mr. Felten and three independent technical experts, said they did not know if such an attack capability would compromise government computer information because details of how classified computer data is protected are not publicly available.

Article source

Oxblood Ruffin shares word that Cult of the Dead Cow just launched a large-scale scanner project, Goolag.org:

“SECURITY ADVISORY: The following program may screw a large Internet search engine and make the Web a safer place.

Today CULT OF THE DEAD COW (cDc), the world’s most attractive hacker group, announced the release of Goolag Scanner, a Web auditing tool. Goolag Scanner enables everyone to audit his or her own Web site via Google. The scanner technology is based on “Google hacking”, a form of vulnerability research developed by Johnny I Hack Stuff. He’s a lovely fellow. Go buy him a drink.

“It’s no big secret that the Web is the platform”, said cDc spokesmodel, Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a big Web site, I’d be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious.”

Goolag Scanner will be released open source under the GNU Affero General Public license. It is dedicated to the memory of Wau Holland, founder of the Chaos Computer Club, and a true champion of privacy rights and social justice.”

GOOLAG SCANNER FUNCTIONS AND FEATURES

GoolagScan is a standalone windows GUI based application.

* Configuration. gS uses one xml-based configuration file for its settings.

* Data-House-holding. All dorks coming with the distribution of gS are kept inside one file.

Article source