Archive for the ‘phishing’ Category
Anonymous says it’s going after a Mexican Drug Cartel, we’ll share you the amazing details!
Plus: Our tips for controlling remote downloads, and why all I’m going to want for Christmas is hard drives!
All that and more, on this week’s TechSNAP!
Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
Direct Download Links:
Subscribe via RSS and iTunes:
- Anonymous claims one of its members was kidnapped at a street protest
- Anonymous claims it will start releasing details about journalists, taxi drivers, police officers and government officials who are on the Cartel’s payroll, if the kidnap victim is not released by November 5th (Guy Fawkes Day)
- No information about the person who was allegedly kidnapped has been released
- Anonymous hopes that releasing this information, the government will be able to pursue the allegedly corrupt officials. However, depending on the type of information, it is unlikely that the evidence provided would be enough to convict someone.
- There are serious concerns that the release or even the threat of the release of such information could result in a violent backlash from the Cartel.
- It would seem that anyone who’s name appears on the lists released by anonymous would be in serious danger. A case of mistaken identity or speculation could result in the death of an innocent person.
- Anonymous has claimed it would attack a number of entities, including the NYSE and Facebook, a large number of these attacks have never taken place, or were unsuccessful and never mentioned again.
- At least 50 different companies were targeted by attackers attempting to steal research and development documents and other sensitive information.
- The attacks started in July, and continued through September, it is also believed that the same attackers were targeting NGOs and the auto industry earlier this year.
- The attacks where spear phishing attacks, a specialized form of the common email attack. Unlike a typical phishing scam, where an attacker poses as your bank and attempts to get you to enter your login credentials and other personal information in to a fake site designed to mimic the look of your banks site, a spear phishing attack specifically targets individuals, using information that is known about them and where they work. Spear Phishing attacks also commonly involve impersonating someone you might expect to receive such an email from.
- The emails sent in this case often took the form of meeting invitations with infected attachments. In other cases when the messages were broadcast to many victims, they took the form of security bulletins, usually riding on actual vulnerability announcements for common software such as Adobe Reader and Flash Player. It also seems the attackers attached the infected files in 7Zip format, to evade many spam filters and virus scanners that block or scan .zip files. The attackers also took to encrypting the zip files with a password, and providing that password in the email, again to avoid virus scanners on the inbound mail servers.
- This attackers used PoisonIvy, a common backdoor trojan written by one or more persons who speak Mandarin. The Trojan also contained the address of a Command and Control (C&C) server used to feed it additional instructions.
- Once the attackers made their way in to the network through one or more infected machines, they leveraged that access to eventually gain permissions to copy sensitive documents and upload them to an external server where they could then be recovered.
- One of the command and control servers was a VPS operated in the United States, owned by a Chinese individual from Hebei province. Investigators have not been able to determine if this individual was part of the attacks, if anyone else had access to the VPS, or if he was acting on behalf of another group. It is possible the server was compromised, or that it could have been made to look like that was the case.
- Symantec says that there were a number of different groups attacking these companies during this time span, some using a custom developed backdoor called ‘Sogu’ and using specially crafted .doc and .pdf files. There is no word on if these additional attacks were also successful.
- Full Report
- Remote Downloads?
- Q: I have a question regarding downloads, in particular, remote downloads.
- A: There are a number of options, ranging in capability and ease of use.
- rTorrent – A command line torrent client, works great over SSH (especially when combined with Screen). This is what Allan uses to seed the Linux Action Show torrents.
- uTorrent – uTorrent (microTorrent) is available for windows, mac and linux. It offers an optional web UI (the web UI is the only option for linux) for remotely controlling the torrents, and can also automatically start downloading torrents when they are placed in a specified directory. uTorrent also incorporates an RSS reader.
- wget – is a standard command line downloading tool included in most GNU Linux distros. Also available for windows
- curl – A library and utility for dealing with http, it is a common feature of most web hosting servers, and easily integrates with PHP. You could write a short PHP script that would download files to the report server when prompted (possibly by an email or access from your mobile phone)
- Windows Kernel Zero Day Vulnerability Found in Duqu Installer
- Stop Online Piracy Act Introduced in the House
- Data points to China as source of March RSA breach, wider attacks
- Authorities Seize Duqu’s C&C Servers in India
- AWS Load Balancer Sends 2 Million Netflix API Reqs To Wrong Customer
- Mac OS X Trojan steals processing power to produce Bitcoins
Our very own Allan got caught in the wake of a data breach, and he’ll share the details
In the recent weeks there have been 10 separate attacks against Sony, the details are like nothing we’ve ever seen before. Plus we’ve got a new batch of viewer emails and I’ll share my near disaster war story!
All that & much more on this week’s TechSNAP!
Direct Download Links:
Subscribe via RSS and iTunes:
Topic: DirectAdmin customer database compromised
- DirectAdmin (by JBMC Software) is a unix web hosting control panel much like cPanel
- DirectAdmin allows more customization, and scripting than cPanel
- DirectAdmin provides official support for FreeBSD
- Customer information was compromised (name, address, email, username, hashed password)
- Billing information was not compromised (Credit Cards are processed via a gateway and never pass through DirectAdmin’s servers)
- Unauthorized code was run on the DirectAdmin servers, sending a targeted phishing email to all customers using their real names from the customer database, stating that the version of directadmin they are using was compromised and directing them to a link that would take advantage of a PDF vulnerabilities to install malware on their computer.
Topic: Sony suffers a series of compromises around the globe
- PSN Compromised and shutdown
- SOE compromised and shutdown
- So-Net, a Japanese ISP owned by Sony was compromised, and virtual points were stolen from paying customers
- Sony Thailand defaced, replacing with credit card phishing site
- Sony Online Sweepstakes (2500 Contestants’ personal details leaked)
- PSN password reset page exploit (allowed anyone to reset another users’ password)
- Sony BMG Music Greece (8500 Usernames, emails, passwords and phone numbers)
- SQL Injection was used to dump the database and deface the site by hacker b4d_vipera
- Sony Music Indonesia (Defaced By k4L0ng666)
- Sony Music Japan
- SQL Injection attack, credit claimed by LulzSec
- Sony Ericsson Canada (2000 Usernames, email addresses and hashed passwords)
- SQL Injection used to expose the database, credit claimed by the Lebanese hacker group Idahca
- Sony has not notified customers, nor released a comment to the media about the compromise
- Canadian Privacy Commissioner as of yet not contacted by Sony about the recent breach, and noted that Sony did not proactively notify them about the PSN/SOE breach.
- OpenSSH 4.4 (Released Sep 2006, Latest: 5.8 Feb 2011)
- Apache 2.2.10 (Released Oct 2008, Latest: 2.2.19 May 2011, 2.2.17 Oct 2010)
- Apache 2.2.10 was subject to multiple known vulnerabilities
- Excessively outdated software such as this indicates that the OS and packages were not being regularly updated or audited.
Timeline Inforgraphic of Sony security woes: http://www.creditcardfinder.com.au/the-sony-playstation-hack-what-it-means-outside-the-gaming-world.html
Details have come out about specifically what outdated software Sony was running for the PSN/SOE servers:
As mentioned before on TechSNAP, security researches warned Sony about the problems months ahead of time.
Q: (Adam) Is there a simple way to handle email encryption in Mozilla Thunderbird
A: Yes, there is a plugin for Thunderbird called ‘EnigMail’ that allows you to easily implement GPG/OpenPGP in a cross platform way. It requires you to install GPG, you can get it from the official gpg website, or through your favourite package repository for your OS. For windows, there is also GPG4Win which provides an easy installed and some basic GUI utilities. Of course, with email encryption, it is only really useful if the person on the other end is encrypting their email as well. To send an encrypted email, you need the public key of the person you are sending the email to, then they use their private key to decrypt it. While not everyone will have email encryption setup, you can still sign all of your emails, this hash of your email encrypted to your public key means that anyone can use your public key to verify that only you, and no one else, could have sent a particular email, and that the email was not modified in transit.
Q: (dstoeberl) Since dropbox has proven to be plagued with security design flaws, what about other services like Wuala
A: Wuala used to be almost as bad as dropbox, but they have improved since then.
Colin Percival, the FreeBSD Security Officer, makes a competing product, for unix called TarSnap. He talks about some of the problems with wuala and the claims they made:
They used to make quite a few mistakes, however their system is not fundamentally flawed like dropbox, they encrypt each users’ files before they leave that users machine, so things are far more secure
I would say they have learned some of the lessons dropbox is now learning. But if you really want secure online backups, you really have to understand the issues, and decide how much you trust the claims the service is making.
Q: (DreamsVoid) I am building a home file server to go under my bed. It will have 5 hard drives, but I am concerned about cooling vs noise level, and power usage.
A: There are a few basic principals to consider for cooling any computer. The first is airflow, specifically, you want to make sure you are always drawing cool air in the front of the machine, the exhausting the hot air out the back. Maintaining a consistent directional flow of fresh air will allow the components to displace their heat. Make sure the front intakes of your case have access to plenty of fresh air and keep them clear of dust and debris. Make sure you also gave the machine a decent margin for exhaust, don’t shove the machine tight against a wall, the fans won’t be able to push the hot air as far away from the machine. For noise considerations, where possible, use larger diameter fans, they can move the same amount of air with significantly less noise. Most fans will include 3 importat measurements on the package; Airflow (Cubic Feet per Minute), Air Pressure (millimeters of H2O) and dB(A) (Weighted noise level). You have to compare the numbers and make the tradeoffs that work best for you, a lower noise level fan will move less air, and likely with less pressure. As far as power usage, hard drives only use a few watts, even when active, their largest consumption is during boot up. Hard drives with a lower RPM will use less power, and there are also specific models designed to offer lower power consumption.