- BotConf2013: The ‘first botnet fighting conference’ took place in Nantes, France. And the slides are available.
- COPS: Talks & slides of the ‘Congress on Privacy & Surveillance‘ held at the EPFL in September are online.
- IETF 88: A video of the technical plenary focused on the topic of “Internet Hardening” can be viewed here.
- Pony Botnet: Trustwave found a Pony Botnet Controller server holding over two million passwords and account credentials for Facebook, Google, Yahoo, Twitter, LinkedIn & Co. – and did some analysis on password complexity and length.
- ZeroAccess Botnet: Europol’s European Cybercrime Center (EC3) together with cybercrime units from Germany, Latvia, Switzerland and the Netherlands disrupted the ZeroAccess Botnet. Krebs-on-Security published some insights why it appears to be operating normally.
- NSA mass surveillance: According to the Washington Post, the NSA gathers cellphone location data from around the world by tapping into the cables that connect mobile networks globally – around 5 billion records a day.
- The EFF asked companies like Amazon, Facebbook, Dropbox & Co. what they are doing to bring encryption best practices to their services.
- Big Data & Security: Cisco published a series of blog posts about Big Data in Security, Part I – Part V
Category Archives: Background
Unser SWITCH Security-Report für November 2013 ist verfügbar
Die aktuelle Ausgabe unseres monatlich erscheinenden ‘SWITCHcert Reports zu aktuellen Trends im Bereich IT-Security und Privacy‘ ist soeben erschienen.
Themen diesen Monat:
- Sind EU-Institutionen im Visier der Geheimdienste?
- Die schöne neue Welt der Smart spying TVs
- Schwache Verschlüsselungsverfahren erleichtern Abhörern
die Arbeit - Verbraucherschützer erkämpfen mehr Rechte für deutsche
Google-Nutzer – möglicherweise - Und wie immer Links zu spannenden Präsentationen, Artikeln und Videos rund um die Themen IT-Security und -Privacy.
Zum Download (PDF):
Haben Sie einen unserer vorigen Security-Reports verpasst? Hier kommen Sie zum Archiv.
IT-Security-Links #43
- SCADA-Insecurity: According to Eugene Kaspersky, Stuxnet might have infected the internal network of a Russian nuclear plant.
- Ransomware: CryptoLocker infections are on the rise. The Malware encrypts files it finds on a number of network resources and demands a ransom for the decryption key.
- users.tar.gz: KrebsOnSecurity reported that the latest Adobe breach impacted at least 38 million users, that’s more than 10 times the number of users initially estimated. Sophos analyzed the database dump.
- Cyber attack next tuesday in London: Thousands of staff across dozens of London financial firms will be put through a “war games” scenario to test how well they can handle a major cyber attack.
- Major Bitcoin theft: A man who ran an online “wallet service” for storing Bitcoins has claimed hackers stole more than one million Australian dollars in bitcoins.
- Cryptography: Nick Sullivan wrote a (relatively easy to understand) primer on elliptic curve cryptography.
- It’s official: Computer scientists pick stronger passwords. Researchers examined the passwords of 25.000 faculty, staff, and students at Carnegie Mellon University.
German:
- MELANI, die Schweizer Melde- und Analysestelle Informationssicherung hat ihren Halbjahresbericht 2013/1 veröffentlicht und berichtet schwerpunktmässig über den grössten DDoS-Angriff in der Geschichte des Internets, E-Banking-Angriffe mit Smartphone-Trojanern und über zahlreiche gezielte Spionageangriffe.
- Sicher? Mit 38 Zeilen Code liest ein 16-Jähriger in Argentinien alle Personalausweis-Fotos aus dem Wahlregister aus.
Unser SWITCH Security-Report für Oktober 2013 ist verfügbar
Die aktuelle Ausgabe unseres monatlich erscheinenden ‘SWITCHcert Reports zu aktuellen Trends im Bereich IT-Security und Privacy‘ ist soeben erschienen.
Themen diesen Monat:
- Big Data oder “PRISM yourself” – Anwendungen, Nutzniesser und Risiken der Datenanalyse im grossen Stil.
- Geheimdienst-Affäre: Wie geht es nun weiter? – Was im vergangenen Monat rund um die NSA-Affäre passiert ist und wie darüber diskutiert wird.
- Und wie immer Links zu spannenden Präsentationen, Artikeln und Videos rund um die Themen IT-Security und -Privacy.
Zum Download (PDF):
Haben Sie einen unserer vorigen Security-Reports verpasst? Hier kommen Sie zum Archiv.
IT-Security-Links #41
- HITB2013KUL: The Security Conference ‘Hack in the Box‘ took place this week. Slides of the talks are available here.
- Malware “Dexter”: Infected point-of-sale terminals in South African restaurants costs banks millions.
- Bring your own Shadow IT: How people avoid the “clunky” network their organisation offers.
- Insecurities of /dev/random: A security analysis (PDF) of Linux’ pseudo-random number generator.
- Can we trust ‘NSA-proof’ TrueCrypt? Security researchers are raising funds to conduct an independent audit of TrueCrypt, the popular disk encryption utility.
- NSA collects millions of address books: According to a newly disclosed presentation, the NSA collects contact lists from personal e-mail and instant messaging accounts around the world.
- Windows XP support ends April 2014! After this date customers will no longer receive new security updates.
German:
- Wie sicher sind Computersysteme von Schweizer Firmen? Die First Security Technology AG scannte Schweizer IP-Adressen und hat daraus einen Swiss Vulnerability Report erstellt. Kritik dazu gibt’s auch.
IT-Security-Links #40
- Adobe hacked: Acrobat and ColdFusion code stolen in mid-August 2013 along with credit card and other data on approximately 2.9 million customers.
- Silk Road: The underground drug marketplace has been taken down by the FBI after many years of investigation.
- Heads up Internet Explorer users! A Metasploit module for the latest vulnerability (CVE-2013-3893) is available. The flaw allows attackers to execute arbitrary code on the victim’s computer.
- A 56-page “DDoS Survival Handbook” (PDF) is freely available from Radware.
German:
- Unser aktueller SWITCH Security-Report (PDF) ist online! Die Themen:
- Apples biometrische Verführungen und mögliche Folgen
- NSA-Überwachungsspiel ohne Grenzen
- Der Endkunden-Router als sicherheitskritische Komponente neu entdeckt
- Zum Stöbern: Spannende Artikel zu aktuellen Themen
- “Ihr seid alle Freiwild”: Bruce Schneier war kürzlich in Lausanne und hat an der Konferenz der Information Security Society Switzerland (ISSS) zum Thema NSA-Skandal gesprochen.
Die Cyber-Bedrohung – Wie ernst ist es wirklich?
Am 23. September gab es an der ETH Zürich einen Vortrag zum Thema “Die Cyber-Bedrohung – Wie ernst ist es wirklich?”, präsentiert vom ehemaligen Projektleiter der “Nationalen Strategie Cyber Defense”, Divisionär Kurt Nydegger. Wir waren natürlich sehr interessiert, was dort berichtet wird.
Im Rahmen des Vortragsprogramms der Technischen Gesellschaft Zürich präsentierte Kurt Nydegger den rund 90 Anwesenden den aktuellen Stand der strategischen Aktivitäten zum Thema: Continue reading
IT-Security-Links #39
- FBI warns of bank-robbing Beta Bot malware that disables antivirus.
- Biometrics are not safe: iPhone 5S fingerprint sensor hacked by Germany’s Chaos Computer Club
- ENISA presents in a 5-page paper a first “taste” of current developments related to the Threat Landscape 2013.
- F-Secure released their 50-page Threat Report for H1/2013. It’s about the latest trends, incidents and developments in malware.
German:
- Bund bricht Überwachungsprojekt ab: Grössere Probleme bei der Ablösung des Lawful Interception Systems (LIS) des Bundes.
- Paypal-Sicherheit: Erfahrungen mit dem “Paypal Bug Bounty Programm” und der Behebung von Sicherheitslücken beim Zahlungsdienstleister.
IT-Security-Links #36
- DDoS: China suffered a DDoS attack that disrupted and slowed access to sites in the .cn domain. According to the China Internet Network Information Center (CNNIC) the attack was the largest in history against the domain servers for Chinas ccTLD.
- NSA and Lavabit: New insights about the immediate closure of the encrypted e-mail service Lavabit.
- Linux Trojan “Hand of Thief”: Avast did an analysis of the new trojan for Linux.
- SSL/TLS: What’s under the hood – Where are the TLS sessionkeys in your Browser and how can you use them with Wireshark?
- Do you have the right methodical approach to introduce and run your ‘Next Generation Firewall’ successfully?
- justdelete.me: is a directory of direct links to delete your account from web services.
DNS Hijacking nimmt zu
Internetbenutzer die den Domainnamen nytimes.com in der Navigationsleiste ihres Browsers eingegeben hatten, sahen gestern für sechs Stunden nicht etwa die Webseite der Zeitung, sondern eine Seite der “Syrian Electronic Army” oder eine Fehlermeldung. Wie die Los Angeles Times berichtet, wurden die Zugriffs-Credentials eines Resellers von Melbourne IT missbraucht um die DNS-Einträge für nytimes.com zu ändern und die Besucher so auf einen anderen Webserver zu leiten.
Angriffe über das Domain Name System (DNS) häufen sich in der letzten Zeit. Statt eine gut gesicherte Webseite zu hacken, versuchen Kriminelle den Domainnamen auf den eigenen Server umzuleiten. Der Web-Traffic ist viel wert, sei es für Propaganda, wie im Fall der Syrian Electronic Army, oder für kriminelle Zwecke, wie das Verteilen von Malware, Clickfraud oder zur Search Engine Optimierung.
Statt einzelne DNS-Server zu hacken, versuchen die Kriminellen verstärkt, Registries, Registrare und Reseller von Domainnamen anzugreifen. Gelingt es ihnen in die Systeme oder an Credentials zu gelangen, können so oft gleich tausende von Domainnamen auf den eigenen Server umgeleitet werden. Prominente Opfer sind vor allem viel besuchte Webseiten wie Suchmaschinen oder Nachrichtenportale.
Auch Schweizer Domainnamen waren in der vergangenen Woche von falschen DNS Antworten betroffen. Continue reading
IT-Security-Links #34
- Social Engineering Attack I: The website of “The New York Times” was unavailable on Wednesday morning. According to KrebsOnSecurity a sophisticated phishing attack against newsroom reporters led to hacking of the site.
- Social Engineering Attack II: “Outbrain” who provides link recommendation services to Washington Post, CNN and the Time Magazine faced a security breach this week. As a consequence links on the sites redirected readers to the website of the Syrian Electronic Army (SEA). According to Outbrain, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain’s CEO. It led to a page asking Outbrain employees to input their credentials to see the information.
- NSA surveillance: Lavabit and Silent Circle shut down their encrypted email services. Read interviews of Silent Circle CEO Michael Janke to discover the inside story and Lavabit founder Ladar Levison and his lawyer. Also here’s an interview of PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society.
- IT Threat Evolution: Kaspersky published their IT Threat Report for Q2/2013.
- The City of London stops smartphone tracking recycle bins. The bins which are located in the Cheapside area of central London, logged the MAC address of individual smartphones.
- Web Application Security: Are attackers dot-dot-slashing their way into your data? Directory traversal (or Path traversal) attacks are too old and too simple to mention? According to recent Web Application Attack Reports, they still make up more than 30 percent of the attacks against web applications.
IT-Security-Links #33
- Simon Mullis of FireEye now posted the last part of the three-part series we mentioned last week with the title “Thinking Outside the Sandbox“. It seems like Anti-Virus vendors are using uploaded files from VirusTotal and alike services to find new Command-and-Control (C&C) servers but do this only successfully for ZeuS based malware families.
- A talk from Alex Stamos at the Black Hat conference last week made the point that RSA is broken in four to five years. The BREACH attack he showed abuses the fact that compression combined with encryption is problematic. Applied to HTTPS he was able to steal a secret in under 30 seconds.
- Nice write-down of the Comfoo APT threat by SecureWorks. While it targeted mainly Japanese and Indian government ministries, other industries such as education were targeted as well. The article concludes with the very true statement that most businesses will never see a Comfoo infection. However, evaluating whether an organization is a potential target of cyber-espionage is important in any risk evaluation.
- OpenX downloads were compromised. OpenX is an open source ad serving product used widely on the Internet. The binary distribution contained malicious files with a backdoor. The file was modified in November 2012. So, if you downloaded this software within the last 7 months, attackers have full access to your site.
- Matt Johansen of WhiteHat Security writes about Two-Factor Authentication. What it is, why you should care and how it is used by Google, Facebook and Twitter. Read the article and then go and enable it for your accounts if you haven’t already.
IT-Security-Links #32
- The Washington Post published an article by Andrea Peterson on why stolen European credit card numbers cost 5 times as much as U.S. ones on the underground market. There are several reasons for this, different credit card technology or how monetization for stolen cards works out are two of them but in the end it’s a function of supply and demand and the structure of the online underground economy.
- Distributed Denial of Service (DDoS) attacks are not a matter of if but when they happen to you. Sean Leach of Verisign provides 5 key steps enterprises can take to be prepared for a future attack.
- In an anti-botnet takeover of .pl domains, NASK (the .pl ccTLD registry) and CERT Polska have shutdown over 641 malicious domains, with 179 being used for C&C purposes. They terminated the agreement with the Registrar Domain Silver, Inc, which only had one benign domain name (domainsilver.pl itself) registered.
- Jeremiah Grossman and Matt Johansen of White Hat Security presented their research at Black Hat USA 2013 showing that you can “build” a browser botnet by leveraging advertising networks such as AdSense or DoubleClick.
- Another Black Hat speaker Paul Stone of Context Information Security showed how you can steal data from a web browser with the use of JavaScript-based timing attacks.
- Simon Mullis of FireEye posted part one and two of a three-part series on why old malware such as Carberp or Zeus are still successful. Part one: Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think. Part two: Cybercriminal Intent: How to Build Your Own Botnet in Less Than 15 Minutes.
- David Kriesel found out that Xerox scanners/photocopiers randomly alter numbers in scanned documents! Apparently, the problem only exists with small font sizes and with low-resolution.
IT-Security-Links #31
- Millions of SIM cards can be compromised because of wrongly configured Java Card software and weak encryption keys said security researcher Karsten Nohl. Nohl will be presenting his result on August 1st at the Black Hat security conference in Las Vegas. At least for Switzerland, the big mobile network operators assure that they never used SIM cards with weak encryption keys.
- The team at Information is Beautiful published an interesting visualization about the World’s Biggest Data Breaches from the last almost ten years. Looking at the graph, it’s of no surprise we sometimes feel that there is a data breach almost every week!
- URL shortener are often times used to hide malicious URLs. McAfee Labs looked at the Short-URL services most targeted by Malware in 2013 and also mentions its own secure URL shortener (mcaf.ee).
- In the IT-Security-Links Week 28, we mentioned the “Master key” vulnerability that allows attackers to inject malicious code into legitimate Android applications. Symantec now found the first applications abusing this vulnerability. All of these apps are designed for Chinese language users though.
- Microsoft informed that with the 1400 Citadel botnets taken down in June a total of 88 percent of the botnets spawned by that malware have been taken down. In addition, their analysis shows that approximately 40 percent of the infected computers which were impacted by their operation have been cleaned.
IT-Security-Links #30
- Geoff Huston (APNIC) published a long post on his DNSSEC validation measurements. Since March 2013 he has seen an rise in the number of DNSSEC validating resolvers from 3.3% to 8.1%. This increase is mainly because Googles public DNS has started to validate a few weeks ago. For Switzerland the number of validating DNSSEC resolvers is at 5.13%.
- Mac OS X Malware: Malwarebytes.org reports that FBI ransomware is now targeting Apple’s Mac OS X users. The news received a lot of attention and so Malwarebytes.org posted a Q&A.
- AndroRAT, is a free Trojan horse for Android devices that allows a remote attacker to gain control over the device and steal information from it. Cybercriminals have now created a tool called “binders” that easily allows users to repackage and Trojanize legitimate Android applications with AndroRAT. To date, Symantec has counted 23 cases of popular legitimate apps being Trojanized in the wild with AndroRAT.
- You would think that server compromises have advanced a lot. This does not mean that old style attacks such as simple account brute-forcing still don’t work. According Sucuri SSH brute-force, an attack 10 years old still persists.
- Harlan Carvey from the Windows Incident Response Blog posted the first part of the HowTo serie “Malware Detection”. An interesting read on how to easily detect malware on an infected computer.