[+] Wayc0de's Blog[+]


Attackers Obtain Valid Cert for Google Domains, Mozilla Moves to Revoke It

A certificate authority in the Netherlands issued a valid SSL wildcard certificate for Google to a third party in July, leading to concerns that attackers may have been using the certificate to route sensitive traffic through their own servers, capturing it and compromising user data in the process. The certificate was revoked by the CA, DigiNotar, after the problem came to light Monday.

The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn't have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google's domains that use SSL.

It's not clear who DigiNotar issued the certificate to at this point.

Security and privacy experts began discussing the problem Monday, after some people in Iran began posting messages to Twitter and elsewhere about the possibility of a man-in-the-middle attack by the country's government, using the certificate. The certificate was issued on July 10, and Mozilla said on Monday that it is planning to isue immediate updates to many of its products, including Firefox, Thunderbird and others, to remove the DigiNotar root CA.

"Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.

We have received reports of these certificates being used in the wild," Mozilla security officials said in a blog post.

"Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack."

The problem with the fraudulent *.google.com certificate is quite similar to the results of the attack on Comodo earlier this year in which the attackers were able to compromise one of the company's European registration authorities and issue valid SSL certs for Gmail, Yahoo, Skype and several other high-value sites.

Firefox users who want to disable the browser's trust of the DigiNotar root immediately can do so by clicking on Options, then Advanced, then Encryption and then selecting the View Certificates option. Then scroll down to the DigiNotar root CA, click on it and then click on Delete or Distrust.

Hackers acquire Google certificate, could hijack Gmail accounts

Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.

Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.

"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on Pastebin.com last Saturday. Pastebin.com is a public site where developers -- including hackers -- often post source code samples.

According to Schouwenberg, the SSL (secure socket layer) certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA. DigiNotar was acquired earlier this year by Chicago-based Vasco, which bills itself on its site as "a world leader in strong authentication."

Vasco did not reply to a request for comment.

Security researcher and Tor developer Jacob Applebaum confirmed that the certificate was valid in an email answer to Computerworld questions, as did noted SSL researcher Moxie Marlinspike on Twitter. "Yep, just verified the signature, that pastebin *.google.com certificate is real," said Marlinspike .

Because the certificate is valid, a browser would not display a warning message if its user went to a website signed with the certificate.

It's unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company's certificate issuing website.

Schouwenberg urged the company to provide more information as soon as possible.

"Given their ties to the government and financial sectors it's extremely important we find out the scope of the breach as quickly as possible," Schouwenberg said. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran's government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Today, Kaspersky's Schouwenberg said "nation-state involvement is the most plausible explanation" for the acquisition of the DigiNotar-issued certificate.

"For one [thing], there's the type of information being looked for -- from Google users," said Schouwenberg. "This hints towards an intelligence operation rather than anything else. Secondly, this type of attack only works when the attacker has some control over the network, but not over the actual machine."

Others were more skeptical because of the claim that a single hacker pulled off the Comodo heist.
"I think it might still be a stretch to attribute this to the Iranian government," said Marlinspike on Twitter shortly before 4 p.m. ET. "We all know how that went last time."

The google.com certificate has not yet been revoked by DigiNotar -- the first step to blocking its use -- even though it was issued July 10.

Last March, browser makers, including Google, Microsoft and Mozilla, rushed out updates that added the stolen Comodo certificates to their applications' blacklists.

Today, Storms said he expected Google to quickly update Chrome, and that Microsoft, Mozilla and other would do the same some time later. "I suspect that if asked [Microsoft and Mozilla] will also issue updates, as there is already a precedent," said Storms.

Google did not reply to a request for comment on the rogue certificate.

Caution: Should You Share Your Location on Facebook?

Facebook recently rolled out a number of changes to the social networking site. One of the changes eliminates the concept of Facebook Places, but instead incorporates location-aware updates at virtually every level of Facebook. You might want to think twice, though, before broadcasting your location to the anonymous masses online.

Facebook has had a Foursquare-like check-in system for its mobile app for a while. Facebook Places has limited functionality, though, intended primarily for logging in at restaurants and retailers, and it doesn't provide any means for someone with a notebook or tablet to record location data.
Facebook Places location informationDoes your whole social network really need to know you're at McDonald's right now?Maybe that's a good thing. Do you want your entire social network--including some tenuous relationships with people you have never actually met in real life--to know that you are with your family having dinner at The Olive Garden?

The security experts at nCircle offer two opposing, but complementary viewpoints on the privacy and security implications of sharing location information. Andrew Storms, director of security operations, and Tim 'TK' Keanini, nCircle's CTO shared some thoughts with me on this topic.

Storms warns, "You could be home for one post and then across town for the next. Now, everyone knows you aren't home and the brand new TV you just told everyone about is also home--alone," adding, "Posting this level of detail in any online forum opens the door to potential nefarious action."

He explains that the issue of privacy and location information is really a matter of common sense, and recommends that you stop and think "does everyone in the world--or even everyone in my social network--really need to know my location at a given point in time?"

From Keanini's perspective, it is delusional to think that you or your property are somehow safer just because you don't post location information. It is a sort of security by obscurity fallacy that might give an illusion of better privacy, but the fact is that location information like your home address can be found by other means, and you'd better have some real protection in place.

Keanini says, "Locks, alarms, neighborhood watch--all of those things help to protect your home. In my book, it's better to feel safe publishing your location because you know you have taken the appropriate safeguards than to be surprised by the disclosure of this kind of personal information."

This is a privacy decision unique to your personal situation, there is no one-size-fits-all answer. What's dangerous about all private data, including location data, is disclosing it without thinking through the implications. If you want to limit exposure of your location information, use the controls available within Facebook to limit the audience the data is shared with.

HTTP DDoS Attacks Still Reign Supreme

Despite the media’s love-affair with Anonymous style cyber-anarchy and vigilante-hacktivism, the vast majority of DDoS attacks are carried out by criminals seeking financial gain, not activists, according to a new research report.

The top four targets of DDoS attacks in the second quarter were online shopping, gaming, stock exchange and banking sites, in that order, accounting for 69 percent of all DDoS attacks, according to the report on botnet activity from Kaspersky Lab. As for the “hacktivism” that’s gotten a lot of coverage lately, the bottom four spots on the list (excluding the one percent designated ‘other’) are transport, other business related and government sites respectively, accounting for a mere seven percent of attacks.

That said, the new report only accounts for botnet-driven attacks. Those popularized by Anonymous, which use the Low Orbit Ion Cannon (LOIC) DDoS tool, are not accounted for in this report.

Alarmingly, attacks on ‘blogs and forums’ and the ‘mass media’ accounted for eight percent and seven percent respectively, perhaps evidence of individuals and groups launching DDoS attacks in order to silence media channels, or more broadly, opinions with which they disagree.

On an interesting note, the analysis found that Tuesday is the most popular day of the week to launch a DDoS attack (closely followed by Wednesday, Monday and Thursday, in that order). Sunday is the least popular day to launch such attacks, Friday the second least and Saturday the third least popular. Also interesting is the author’s belief that as the summer holiday season comes to an end, more zombie machines will come back into use, making DDoS attacks all the more potent.

Seventy-two percent of attacks were aimed at IP addresses rather than specific domains.

HTTP flood attacks where massive amounts of HTTP requests are sent to targeted site in a short period of time, crippling the site, remain, by far, the most popular method of DDoSing. Read More...

Hurricane Irene Scam Hits Facebook

Hurricane Irene surely turned New York City to “city that never sleeps” as it brought flood waters, knocked out power to more than 4 million people and was even responsible for at least 15 deaths in six states.
What’s worse is that cybercriminals are taking advantage of the incident by spamming a fake video on Facebook.

The page, which contains the alarming title “VIDEO SHOCK – Hurricane Irene New York kills All” displays a clickable image of a fake video player on the page.

The text displayed in the succeeding pages is in Italian, which suggests that the attack specifically targets Italian users. Clicking the image of the video displays a prompt that says “Per Vedere il video devi prima condividere” which translates to “To see the video you must first share”, as well as two options that say “Share” and “See the video”.

Clicking “Share” displays the link to the Facebook on the user’s wall.

On the other hand, clicking “See the video” displays a list of deals that the user must register to, in order to view the video.

The said deals only lead to advertisement and affiliate program websites.
Such schemes in Facebook have been rampant in the past weeks, as we’ve seen such scams that lead to spam pages or surveys. We’ve seen these attacks use various social engineering lures, such as false news about the death of of singer Lady Gaga, tickets for the Twilight movie, Breaking Dawn, and invites for Google+.

For more information on threats found in social networks such as Facebook, check our report: Spam, Scams and Other Social Media Threats, and our infograph, The Geography of Social Media Threats. Read More...

WikiLeaks suffers its own data loss incident

Der Spiegel is reporting that WikiLeaks has had... wait for it... a data leakage accident. You might think, "So what? The data has already been leaked!"

Unfortunately, that isn't quite as clear as it seems. WikiLeaks goes to great lengths to protect both their sources and potential informants by redacting their details from the data before publication.

Last summer Daniel Domscheit-Berg had a dispute with Julian Assange and departed with a chunk of the WikiLeaks staff to form OpenLeaks.

In the process Domscheit-Berg was reported to have taken data from a server containing the 250,000+ leaked diplomatic cables in encrypted form and left Assange without access to the contents.
Eye peering through a keyholeAssange had shared the passphrase to decrypt the cables with an external source as a protective measure and expected the source to keep the key secret.

In November of 2010 Domscheit-Berg returned the files to WikiLeaks. This prompted WikiLeaks supporters to make the contents available in a public archive.

Apparently they didn't notice that the archive included a hidden directory that contained the encrypted file with the cables, and accidentally made the file public.

Assange's external source, not knowing the file was accessible to the public, for some reason publicly disclosed the key this spring.

The result? The uncensored cables are now publicly downloadable and could blow the cover of American informants around the world.

The lesson? Well, even if you are in the business of leaking secrets, you need to keep secrets. I wonder if Julian sees the irony in this incident.

WikiLeaks Twitter feed has posted a message stating "There has been no 'leak at WikiLeaks'. The issue relates to a mainstream media partner and a malicious individual."

If, like WikiLeaks, you need to keep secrets, consider downloading our free e-book, Data Leakage for Dummies.

WebSurgery – Web Application Security Testing Suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injection, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.

WEB Crawler

WEB Crawler was designed to be fast, accurate, stable, completely parametrable and the use of advanced techniques to extract links from Javascript and HTML Tags. It works with parametrable timing settings (Timeout, Threading, Max Data Size, Retries) and a number of rules parameters to prevent infinitive loops and pointless scanning (Case Sensitive, Dir Depth, Process Above/Below, Submit Forms, Fetch Indexes/Sitemaps, Max Requests per File/Script Parameters). It is also possible to apply custom headers (user agent, cookies etc) and Include/Exclude Filters. WEB Crawler come with an embedded File/Dir Brute Forcer which helps to directly brute force for files/dirs in the directories found from crawling.

WEB Bruteforcer

WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure. It is also multi-threaded and completely parametrable for timing settings (Timeout, Threading, Max Data Size, Retries) and rules (Headers, Base Dir, Brute force Dirs/Files, Recursive, File’s Extension, Send GET/HEAD, Follow Redirects, Process Cookies and List generator configuration).
By default, it will brute force from root / base dir recursively for both files and directories. It sends both HEAD and GET requests when it needs it (HEAD to identify if the file/dir exists and then GET to retrieve the full response).

WEB Fuzzer

WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling, firewall/filtering rules, DOS Attacks.

WEB Editor

A simple WEB Editor to send individual requests. It also contains a HEX Editor for more advanced requests.

WEB Proxy

WEB Proxy is a proxy server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.

You can download WebSurgery here:

Setup – setup.msi
Portable – websurgery.zip

nb : darknet


Cisco Aims for a Go-anywhere Router

Cisco Systems made its fortune selling routers for the cores of enterprise and service-provider networks, but now the company is sending its technology farther from those cozy confines than ever before.

The Cisco Integrated Services Router 819 Machine-to-Machine Gateway, available immediately, is the smallest member of the ISR family of branch and remote-office routers and is designed to withstand outdoor environments with extreme temperatures. Target markets for the device include truck fleets, tollbooths and ATMs (automated teller machines). The ISR 819 can also serve as a conventional router in a remote office, said Inbar Lasser-Raab, senior director of marketing for borderless networks.

Unlike most routers, the 819 relies primarily on cellular data to reach the Internet. This opens up more possible uses for the router, including moving vehicles. The router, which weighs only 2.3 pounds (1 kilogram) and is thicker but smaller than a tablet, starts at US$1,600. A slightly larger, hardened version, which is waterproof and has a temperature range from -13 degrees to 140 degrees Fahrenheit (-25 to 60 Celsius), starts at $2,300.

To ensure communication in isolated locations, the ISR 819 is equipped for 3G connectivity. It is available with both GSM (Global System for Mobile Communications) and CDMA (Code-Division Multiple Access) technology and has room for two SIM (Subscriber Identity Module) cards, so users can set up service with two different mobile operators for redundancy. Cisco is also eyeing 4G capability next year, though most machine-to-machine (M2M) applications aren't bandwidth-hungry.

M2M (machine-to-machine) networking is expected to grow rapidly in the coming years. Functions such as meter-reading, asset tracking and supply-level notifications can be automated through radios built into systems in the field, and wireless links can help to make it easier to network those devices.

As an example of how this type of device could work, a small wireless router in an ATM could send a signal when the amount of cash available in the machine fell to a certain level. It could immediately communicate over the cellular network to a similar router in an armored truck, and the driver of the truck would be given instructions to deliver more cash to that ATM.

Trucks, vending machines and other systems in the field have had wireless connectivity before, but Cisco calls the ISR 819 its first router for these types of applications that has all the features of the popular ISR line. For example, it includes stateful and application-inspection firewall capability, encryption for VPNs (virtual private networks), and features to optimize voice and video, according to Cisco.

There are 3G routers on the market from smaller vendors, but the fact that the 819 has the same software as Cisco's other popular ISR models is likely to make it more attractive to enterprises that have already invested in Cisco, said analyst Mike Spanbauer of Current Analysis. Cisco is more dominant in the router market for small and medium-sized companies than it is even in other areas of switching and routing, Spanbauer said.
"It's more about operational efficiency than necessarily bringing out a new service that didn't exist before," Spanbauer said.

But because so many features are built into it, the 819 may inspire new uses of remote routers in the future, he said. It will probably take less custom code and help from consultants to get a new use case off the ground, he said.

"Having the collapsed service offering on a single device does breed simplicity and encourages creativity in deployment," he said.

A renewed commitment by mobile operators could also help to boost the use of machine-to-machine applications, said IDC analyst Rohit Mehra. Some carriers have been slow to support machine-to-machine because they were focused on keeping up with consumers' use of mobile data on smartphones, he said. M2M will be an important source of market growth now that almost all consumers have cellphones.

nb : pcworld

Microsoft Throws Support Behind USB 3.0 With Windows 8

Microsoft is incorporating a software stack in its upcoming Windows 8 OS to natively support devices based on the USB 3.0 interconnect, which is in a battle for adoption with Intel's Thunderbolt.

USB 3.0 is the successor to USB 2.0 standard and can transfer data 10 times faster between computers and external peripherals such as cameras and storage devices. Most laptops and desktops today come with USB 2.0 ports and many PC makers are offering USB 3.0 ports as an option. The current Windows 7 OS does not include native support for USB 3.0, but device makers offer drivers to ensure products are compatible with the OS.

The growing support for USB 3.0 and wide usage of USB 2.0 was a compelling reason to improve the USB software stack, said Dennis Flanagan, Microsoft's director of program management for the devices and networking group, in an entry on the company's Building Windows 8 blog.
Microsoft Throws Support Behind USB 3.0 With Windows 8"By 2015, all new PCs are expected to offer USB 3.0 ports, and over 2 billion new 'SuperSpeed' USB devices will be sold in that year alone," Flanagan wrote.

Microsoft is writing a new software stack and controller for Windows 8 based on the "design principles" of USB 3.0, which will bring plug-and-play support for new devices such as external storage, webcams and keyboards, Flanagan wrote. The company is retaining the existing software stack to support older USB devices.

But there are few USB 3.0 devices available today, so to create the new software stack the company had to simulate and build virtual USB 3.0 hardware, including ports, hubs and devices.

The hardware support for USB 3.0 is also growing. Intel has already said it will integrate USB 3.0 support in chipsets for processors code-named Ivy Bridge, which will reach PCs early next year. AMD has already integrated support for USB 3.0 in its Fusion chipsets, which are already shipping for PCs.

USB 3.0 transfers data at speeds of up to 5 gigabits per second, which is slower than the transfer speed of rival interconnect technology Thunderbolt. Developed by Intel, Thunderbolt can transfer data between host computers and external devices such as displays and storage at up to 10 gigabits per second. Thunderbolt has been viewed as an alternative to USB 3.0, but Intel has the said the technologies are complementary. Apple uses Thunderbolt in its products.

Thunderbolt currently supports the PCI Express and DisplayPort protocols, and the interconnect does not require any OS support beyond existing software stacks for those protocols, an Intel spokesman said in an e-mail.

But Microsoft's backing will aid the fast growth of USB 3.0 and provide higher transfer speeds for consumer devices, said Jim McGregor, research director at In-Stat.

"Thunderbolt will be one of many peripheral options available, just like IEEE1394 and Firewire, but I think USB will be the predominant interface because it is so heavily tied to the largest growth segment of the market, mobile devices, for both interconnectivity and power," McGregor said.

Thunderbolt is based on copper wires, but ultimately will be based on optical technology. That will boost the interconnect's transfer speed and distance, Intel has said.

"[USB 3.0] will still not be as fast as the Thunderbolt optic link, but copper never will be as fast as optics," McGregor said.

Wireless charging could trump both USB 3.0 and Thunderbolt, provided it takes off, McGregor said. The transfer speeds may not be as fast, but device makers are showing interest in the technology, he said.
"It may eventually eliminate the need for peripheral connectors on mobile devices and then everyone will look to wireless interfaces," McGregor said.

Other than enthusiast users, drivers aren't something average PC users need to worry about, but native support for USB 3.0 in Windows 8 can't hurt, said Nathan Brookwood [CQ], principal analyst at Insight 64.
"When they are talking about the history of Windows 8, they are going to be talking about the user interface and ... touch," Brookwood said.

nb : pcworld

Best Free Software for Protecting Your PC and Your Privacy

(For links to all of these downloads in one convenient list, see our "Best Free Software for Protecting Your PC and Your Privacy" collection.)

Protect Against Malware

Malware is the most dangerous threat you'll come across online. Viruses, Trojan horses, and other types of malware can do immeasurable damage to your PC, steal your private information, and even turn your PC into a zombie that spews spam or carries out an attacker's commands. No need to be a victim, though; these freebies will keep you safe.

Microsoft Security Essentials

Microsoft Security Essentials free security download
About as simple to use as protection software gets, Microsoft Security Essentials sits in the background, scanning the programs you run to determine whether they're malware and then disposing of any that prove to be dangerous. In addition, it regularly scans your system to make sure no infections have gotten through. It's straightforward, clean, and free, a hard combination to beat.

Avast Free Antivirus

Avast Free Antivirus free security download
This well-designed, speedy antimalware tool is easy to use, and PCWorld rated it as the top free antivirus program. Like Microsoft's freebie, Avast Free Antivirus is a set-and-forget utility. Just run it and set the options, and it handles the rest on its own. Its scans are exceptionally fast, and it uses few system resources, so you won't need to spend much time with it. You probably won't even notice that it's running.

Spybot Search & Destroy

Spybot Search & Destroy free security download
This longtime spyware killer is one of the most popular files in PCWorld's Downloads library, and with good reason. Spybot Search & Destroy, as its name implies, is dedicated to eliminating spyware, and it does a great job. It scans your PC to catch offending spyware, including tracking cookies and spyware apps. It also inoculates your machine against getting infected in the first place.

Comodo Firewall

Comodo Firewall free security download
Every PC needs a good firewall, software that blocks applications on the computer from making unsafe outbound connections. A firewall is especially useful because Trojan horses typically try to make outbound connections; a firewall will also help to prevent your PC from becoming a zombie and doing an attacker's bidding. Comodo Firewall is a very good choice that blocks Trojan horses, stymies hackers attempting to take control of your PC, and wards off other threats. Note that using it takes a bit of work, since you have to let it know which programs are safe and should be allowed to have outbound connections. But setting that up is a small annoyance in light of the protection Comodo offers.

Stay Safe at Hotspots

When you use a Wi-Fi hotspot at a café, airport, or other public location, your PC and your privacy are particularly vulnerable. In such places it's exceptionally easy for anyone in the area to snoop on your activities as you browse the Web, especially since the advent of the free Firesheep extension that allows anyone without coding experience to steal your Facebook and Twitter identities as well as your logins at other sites. Guard your machine and your data with the following free software.

CyberGhost VPN

CyberGhost VPN free security download
The CyberGhost VPN utility sets up a virtual private network when you connect to the Internet. Simply install and run the software, and hop online. It hides your true IP address and connects you to anonymous servers. In fact, don't feel limited to using it at hotspots--you can also use it whenever you wish to guard your privacy while you surf the Internet.

Note, however, that CyberGhost VPN has a couple of limitations. First, the free version is good for only a 6-hour session or 1GB of downloads; after that, you'll have to restart the session. Second, it typically connects you to servers in Europe, so you may not be able to connect to, say, the U.S. version of Google. If those restrictions are deal-breakers, you could invest in the for-pay service. But if you're spending 6 hours at a time hunkered over your PC in a coffee shop, you may want to rethink your workflow anyway.

HTTPS Everywhere

HTTPS Everywhere free security download
The free Firefox add-in HTTPS Everywhere is designed to protect your privacy when you visit specific sites, including Facebook, Google Search, the New York Times, Paypal, Twitter, the Washington Post, and Wikipedia. It's an ideal tool for fending off Firesheep hackers. Note that it protects you only on sites that employ the HTTPS secure protocol, and that it can't help when you're using online services other than Web surfing, such as email and instant messaging. Still, it's a great way to stay safe at certain websites.

Hotspot Shield

Hotspot Shield free security download
This freebie does exactly what its name suggests: Hotspot Shield protects you when you're connected to a hotspot, by encrypting all of your data packets. When you install it, make sure to decline the extra toolbars. And if you don't want your home page and default search engine to change, uncheck those options as well during installation.


TrackMeNot free security download
Every time you perform a Web search, you give up a bit of your privacy. Search engines track your search terms, and they can build profiles about your interests based on what you search for. The free TrackMeNot add-in for Firefox and TrackMeNot add-in for Chrome cleverly thwart such behavior, bombarding search engines with random search terms gleaned from news sites and creating so much "noise" about you that no profile can be created.

Secure Your PC

Finally, you'll want to secure your PC itself--its contents as well as any passwords you've stored on it. The next three freebies will do the work for you.


KeePass free security download
You have plenty of passwords you use every month, for websites, ATMs, email services, and more. Most likely, you've stored them somewhere on your PC--which means that they can be stolen. Lock them away with KeePass, which hides them in an encrypted database so that only you can use them. In addition, the tool will create industrial-strength passwords for you, making it less likely that anyone will be able to break them.


FreeOTFE free security download
Worried that a snoop can walk by your PC when you're not around, and then access all of its files and applications? Concerned about what might happen to your files and data if you lose your laptop? FreeOTFE can encrypt files and folders--or your entire hard disk--and then decrypt the data on the fly as you use it. This utility isn't necessarily the easiest program to use, but it does its job nicely.

Secunia PSI

Secunia PSI free security download
You already know that you should take care of any vulnerabilities in your PC's operating system, but you might be surprised to learn that out-of-date applications can contain security flaws and pose significant problems too. If you have installed applications but neglected to regularly update and patch them, your computer may be at risk. Secunia PSI closes the holes through which malware can slither. The tool scans the software on your system, determines which programs are outdated, and then helps you install patches.

Hurricane Irene: Last-Minute Survival Tips for Small Businesses

Hurricane Irene is coming fast and will hit the East Coast of the United States within a matter of hours. Hurricanes are a very destructive force of nature bringing the threat of floods, as well as winds capable of uprooting trees and leveling buildings.

The devastation may seem overwhelming, but business must go on as quickly as possible. Here are some tips to consider to help your business bounce back and get up and running as quickly as possible in the wake of Hurricane Irene.

Hurricane Irene 
Hurricane Irene will hit the East Coast within a matter of hours. 

1. Have a Plan. Consider what the impact will be if power and communications are down for a day…or a week. Communicate now--proactively--with suppliers, partners, customers, or other affected parties to explain the situation, and to inform them that business may be interrupted, and you may be unable to communicate reliably, but that business will resume as quickly as possible.

Think about what is absolutely essential to accomplish critical business functions, and come up with a plan to get those functions working again as quickly as possible. If you need to replace equipment--either temporarily or permanently--where will you get it? Other businesses will also be looking for equipment so it may be hard to find.

2. Stay in Touch. Make sure that you have updated contact information for your employees. Follow up to make sure they are safe once Irene blows through, and to let them know the status of the business and when you expect them to return to work.

Identify key personnel and let them know ahead of time that you may need them to help keep things going in the aftermath of the hurricane, and resume business operations as soon as possible.

3. Protect Your Data. Your data should be backed up somewhere safe--in other words, somewhere that is not in the path of the hurricane; where you are confident it can survive the natural disaster so you will still have it if you need it. If you have your data backed up on DVDs or other media that is sitting in a closet in your office, odds are fair it will be destroyed as well.

It is too late at this point to turn to cloud-based solutions. Storing data in the cloud is a great way to protect it in the event of a natural disaster, but there is no way you can get gigabytes of data uploaded in time unless you have some serious bandwidth available.

At this point, your best bet is to use a disaster-proof external drive like those offered by ioSafe. It is late, but the drives are sold at retail outlets like Walmart that operate 24 hours, so you might still be able to pick one up. Alternatively, if you have a standard external hard drive, you might be able to place it inside a fire safe of some sort to give it some protection from the elements.
4. Get Connected. It is almost inevitable that communications will go down for some businesses. That could mean a loss of voice communications, or data, or both. Traditional landlines come in handy in a natural disaster because the phone system can continue working long after the power goes out.

If your business relies on voice-over IP (VoIP) communications like Vonage, Skype, Google Voice, or the VoIP services offered by many cable providers, remember that your Internet is your voice, and when you lose one you lose them both.

It can be handy to have cell phones available from multiple providers. AT&T towers may be down, but Verizon might work fine--or vice versa. It is also helpful if you have smartphones capable of being used as a Wi-Fi hotspot so you have an alternative means of connecting to the Internet if necessary.

Don't forget all of the standard hurricane survival tips--have lots of bottled water, batteries, canned goods (remember the can opener), and so forth. Most of all, stay safe. Hopefully these tips will help you continue doing business right through the hurricane, or resume business as quickly as possible, but none of that matters in the least compared with ensuring your own safety, your family's safety, and the safety of your employees and their families.

nb : pcworld

How To Protect Yourself From Supercookies

Everybody loves cookies, those little packets of code that websites leave in your browser. We love them because they make Web browsing more convenient by saving our usernames, passwords and other unique data from one session to the next. Marketing companies love them because they uniquely identify visitors and can be combined with traffic logs to compile a profile of your interests and browsing habits.

As long as you are a willing participant, this sort of tracking can be a good thing; browser cookies allow online retailers to tailor their websites to your needs and ensures you are more likely to see advertisements for products and services relevant to your interests. The problem is that lots of unscrupulous companies are using underhanded techniques to sneak cookies into your browser even when you don’t want them. They’re called supercookies, and they can be stopped with a few free utilities and some simple precautions.

Of course, you can disable storage of standard HTTP cookies via your browser’s privacy controls. Unfortunately, many popular websites now track users with unique data packages designed to circumvent your browser’s privacy filter. These souped-up data packages are colloquially known as supercookies, and they typically take advantage of alternate storage areas within your browser to store unique snippets of code and replicate that site’s HTTP cookie in the event you block or delete it from your browser.

With a little time and effort you can manually wipe these supercookies from your computer, but clearing out all the supplementary bits of code that transform a regular cookie into a supercookie is a time-consuming process. For example, to prevent Flash cookies you’ll need to visit the Adobe Website Storage Settings panel and click “Delete All Sites” to clear out any data stored in Flash on your computer, then hop over to the Global Storage Settings panel and disable third-party Flash content from storing data on your computer in the future.

Unfortunately, doing so also ruins the experience of visiting many restaurants, retailers and really any organization that relies heavily on Flash content. If you’re willing to download some free software, it’s easier to clean out any supercookies hiding in your computer with utilities like SlimCleaner and CCleaner.

SlimCleaner is an especially smart choice if you are worried about supercookies, as it incorporates an IntelliCookie feature that allows you to save cookies from trusted sites like your bank while deleting everything else. Mac-compatible versions of both utilities are available, though OS X users can also download the free Flash cookie removal app Flush.


The final step in safeguarding your privacy online is installing third-party software that blocks supercookies from infesting your browser in the first place. Firefox extensions like BetterPrivacy and NoScript make it easy to selectively filter what web scripts are allowed to run on your computer, ensuring that online marketers will have a difficult time tracking you without your permission. You can find out exactly how trackable you are by pointing your browser at the Electronic Frontier Foundation’s Panopticlick website and taking their free browser fingerprint test, which rates how easy it is to uniquely identify you based on what information your browser is sharing and saving. Prepare for the test with these simple precautions, and I think you’ll be pleasantly surprised with the results.

nb : pcworld


New Worm Morto Using RDP to Infect Windows PCs

A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.

Users who have seen Morto infections are reporting in Windows help forums that the worm is infecting machines that are completely patched and are running clean installations of Windows Server 2003.

"In a new windows 2003 R2 server, I'm noticing every few minutes, svshost.exe [sic] is opening a ton of outgoing TCP 3389 connections.  I ran an a/v scanner over it and it's clean.  Can it be hacked already???  has anyone seen this before?," one user asked in Microsoft's TechNet forum.

On Sunday, the SANS Internet Storm Center reported a huge spike in RDP scans in the last few days, as infected systems have been scanning networks and remote machines for open RDP services. One of the actions that the Morto worm takes once it's on a new machine is that it scans the local network for other PCs and servers to infect.

"A few weeks ago a diary posted by Dr. J pointed out a spike in port 3389 traffic.  Since then the sources have spiked ten fold.  This is a key indicator that there is an increase of infected hosts that are looking to exploit open RDP services." SANS handler Kevin Shortt said in a blog post.

Researchers at F-Secure said that Morto is the forst Internet worm to use RDP as an infection vector. Once it's on a new machine and has successfully found another PC to infect, it starts trying a long list of possible passwords for the RDP service.

"Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for port 3389/TCP, which is the RDP port," F-Secure Chief Research Officer Mikko Hypponen said in a blog post.

"Once you are connected to a remote system, you can access the drives of that server via Windows shares like \\tsclient\c and \\tsclient\d for drives C: and D:, respectively. Monto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it. The infection will create several new files on the system including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt. Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net."

It's been quite a while since there was a large-scale Internet worm attack. Once upon a time, worms such as Blaster, Code Red and SQL Slammer were all the rage and found success clogging networks with enormous amounts of scanning traffic and other activity. But those kinds of events have become an anachronism as attackers have turned the attention to for-profit attacks.

nb : threatpost 


Microsoft quietly finding, reporting security holes in Apple, Google products

Researchers at Microsoft have been quietly finding — and helping to fix — security defects in products made by third-party vendors, including Apple and Google.

This month alone, the MSVR (Microsoft Security Vulnerability Research) team released advisories to document vulnerabilities in WordPress and Apple’s Safari browser and in July, software flaws were found and fixed in Google Picasa and Facebook.

The MSVR program, launched two three years ago, gives Microsoft researchers freedom to audit the code of third-party software and work in a collaborative way with the affected vendor to get those issues fixed before they are publicly compromised.

[ SEE: Microsoft says Google Chrome Frame doubles IE attack surface ]

The team’s work gained prominence in 2009 when a dangerous security hole in Google Chrome Frame was found and fixed but it’s not very well known that the team has spent the last year disclosing hundreds of security defects in third-party software.

Since July 2010, Microsoft said the MSVR team identified and responsibly disclosed 109 different software vulnerabilities affecting a total of 38 vendors.

More than 93 percent of the third-party vulnerabilities found through MSVR since July 2010 were rated as Critical or Important, the company explained.

“Vendors have responded and have coordinated on 97 percent of all reported vulnerabilities; 29 percent of third-party vulnerabilities found since July 2010 have already been resolved, and none of the vulnerabilities without updates have been observed in any attacks,” Microsoft said.
This week’s discoveries:
  • A vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.
  • A vulnerability exists in the way that WordPress previously implemented protection against cross site scripting and content-type validation. An attacker could exploit this vulnerability to achieve script execution.

DHS warns that Irene could prompt phishing scams

As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity.

In an alert issued Thursday (PDF), the agency said that cybercriminals go into overdrive during highly publicized physical events such as hurricanes and earthquakes.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

"Both government agencies and private organizations could possibly become recipients of malicious activity, most commonly in the form of socially engineered spear-phishing emails," the alert from the DHS National Cybersecurity and Communications Integration Center said.

"These emails may appear to originate from a reputable source, with the email subject closely aligned to the event and usually of interest to the recipient," it said. "Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events."

Clicking on such emails could cause malware such as keyloggers and remote access tools to be downloaded on the user's computer, it said.

The alert is a sign of the growing attention that the DHS, which is responsible for protecting critical infrastructure targets in the U.S, and other security agencies and organizations have begun paying to phishing attacks.

Until relatively recently, phishing was considered mostly a consumer problem. But the use of phishing emails to successfully breach the Oak Ridge National Laboratory, EMC's RSA security division, Epsilon, and the Pacific Northwest National Laboratory have quickly changed that view.

 The speed and sophistication of such attacks after the devastating earthquake and tsunami in Japan earlier this year is but one example.

Barely hours after the Japan tragedies, phishers and other online scammers began use emails, fake websites and malicious downloads to try and steal money and plant malware on user systems.

Security companies such as Symantec said they observed millions of email messages and dozens of phony websites going up in the immediate aftermath of the disaster. In most cases recipients of the email messages were encouraged to click on attachments purporting to show images and videoes of the disasters or pointing users to sites where they could ostensibly make donations to victims.

Similar scams were observed in the aftermath of earthquake in Haiti.

The danger for enterprises is that infected computers could be used as entry points into corporate networks, said Anup Ghosh, founder of security firm Invincea.

In many cases, enterprise users are hit with highly targeted spear phishing email messages that appear to come from people they know.

"Spear phishing is the number one attack vector for enterprises. It is how you get into the network," Ghosh said. The tactic has become one of the most commonly used methods used by cyberattackers to break through corporate security defenses, he said.

"I know of CISOs who have run their own spear phishing tests and gotten click through rates of 60 percent," he said. "There's simply now training your way out of the problem."

nb : infoworld