Saturday, January 10, 2015

INTERESTING SHORT FILM ABOUT COMPUTER PROGRAMMING

  • Saturday, January 10, 2015
  • asd
  • Share this video to your friends. Sharing Is Caring :) 

    read more

    Saturday, July 19, 2014

    Computers can be hack without internet connections - using cellphones

  • Saturday, July 19, 2014
  • asd
  • Hackers no longer need the Internet to invade and control a system, Ben Gurion University researchers say


    Cutting off the Internet won’t keep you safe from long-distance hackers, Ben Gurion University researchers discovered. Using a technique called air-gap network hacking, all a hacker has to do is implant the right kind of malware into a cellphone that gets within range of a computer. Hackers on the other side of the world could use cellphone-based malware to remotely access any data they want, using the electromagnetic waves emanating from computer or server hardware, with no need for an Internet connection

    The hack isn’t new, according to Prof. Yuval Elovici, head of BGU’s Cyber Security Lab. The technique was used to attack Iranian servers in the Stuxnet hack attack. What’s new is the use of a cellphone to do it.

    The Iranian network targeted by Stuxnet was an air-gapped one, connected only to local computers, with no external connection to the Internet. The virus infected the servers controlling the Iranian nuclear program’s centrifuges, “choking” them until they ground to a halt. It was, many experts believe, physically transferred to the closed network via a USB flash drive. The attack described by Elovici is light-years ahead of Stuxnet, because no physical contact is required to compromise a system.

    Even if you don’t think your computer is connected to anything, it sends electromagnetic or acoustic emanations from its hardware. The NSA’s (National Security Agency) TEMPEST program uses special devices to pick up data from computers and servers via leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations from hardware such as video monitors, keyboards, network cards and memory chips.

    Each stroke on a keyboard, for example, transmits an electrical signal that runs through a computer’s processor and shows up on the monitor, emitting electromagnetic waves. Since each letter is unique, each key gives off a different frequency wave. If a hacker can capture those waves and reconstruct them, he could figure out what usernames and passwords were used to log onto the network.

    How could a mobile phone be used to hack into an air-gapped network? In a take-off of an email phishing attack, a hacker could send an unsuspecting employee in a sensitive installation a text message that looks legitimate, but contains a link to malware that surreptitiously gets installed on their cellphone.

    Once the malware is on the phone, it scans for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server. Elovici’s team has demonstrated how this is done with computer video cards and monitors. With the virus installed on the system, the phone connects to it via the FM frequency, sucks information out of the server and uses the phone’s cellphone network connection to transmit the data back to hackers. All that’s needed is physical proximity to the system. The team said that one to six meters is enough.

    Elovici and his team demonstrated this technique to President Shimon Peres during his visit to BGU’s Cyber Lab last month.

    Right now, Elovici said, there’s little that can be done to prevent this kind of cyber-attack other than turning off the phone. As that is not a practical solution in this day and age, his team is searching for other solutions. It’s a major security risk, he said. Until a solution is found, that risk will only increase, as news of the hack spreads in the hacker community.

    Article from TimesofIsrael
    read more

    Tuesday, January 21, 2014

    Hackers use refrigerator in cyber attack

  • Tuesday, January 21, 2014
  • asd

  • Call it the attack of the zombie refrigerators.

    Computer security researchers say they have discovered a large "botnet" which infected internet-connected home appliances and then delivered more than 750,000 malicious emails.

    The California security firm Proofpoint, which announced its findings, said this may be the first proven "internet of things" based cyber attack involving "smart" appliances.

    Proofpoint said hackers managed to penetrate home-networking routers, connected multimedia centres, televisions and at least one refrigerator to create a botnet — or platform to deliver malicious spam or phishing emails from a device, usually without the owner's knowledge.

    Security experts previously spoke of such attacks as theoretical.

    But Proofpoint said the case "has significant security implications for device owners and enterprise targets" because of massive growth expected in the use of smart and connected devices, from clothing to appliances.

    "Proofpoint's findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the internet of things and transform them into 'thingbots'", to carry out the same kinds of attacks normally associated with personal computers.

    The security firm said these appliances may become attractive targets for hackers because they often have less security than PCs or tablets.

    Proofpoint said it documented the incidents between December 23 and January 6, which featured "waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide".

    More than 25 per cent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices. No more than 10 emails were initiated from any single device, making the attack difficult to block based on location

    "Botnets are already a major security concern and the emergence of thingbots may make the situation much worse," said David Knight at Proofpoint.

    "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them."
    read more

    Sunday, December 8, 2013

    Microsoft Steps up Fight on Cyber Criminals

  • Sunday, December 8, 2013
  • asd

  • Microsoft has announced they have stepped-up their fight on cyber criminals by partnering with the FBI, A10 Networks, and Europol’s European Cybercrime Centre (EC3). The most recent endeavours by the new crime fighting union was said to have “successfully disrupted” a Botnet that was responsible for infecting nearly 2 million computers. It is estimated that this Botnet operation has been costing online advertisers more than $2.7 million dollars per month.
    Microsoft is now working on a preliminary court injunction that would direct U.S. Internet Service Providers among other groups controlling domains and IP addresses, to shut down the Botnet’s network. The suit was filed in a Texas district court and asks these groups to also preserve material and content associated with the Botnet for helping with Microsoft’s fight.
    The Botnet, known as ZeroAccess is very sophisticated and has not been totally disabled but Microsoft is hoping that the combined efforts of technical and legal action will put the Botnet in serious jeopardy. The actions of the cyber crime units are looking to disrupt the Botnet’s business model by affecting their criminal infrastructure. Their efforts are also hoping to protect the Botnet victims’ computers from executing any future fraudulent schemes.
    The ZeroAccess Botnet affects search engines such as Bing, Yahoo, and Google, by hijacking an innocent person’s computer and redirecting their search results. Once hijacked, they are taken to dangerous websites which then install and infect a person’s computer with a malware. The cyber criminals can then access personal information and data and ultimately commit fraud by charge businesses for advertising clicks. ZeroAccess is disguised as legitimate software by tricking their victims into downloading and installing it on their computers.
    ZeroAccess is a difficult to be totally eradicated as it relies on a peer-to-peer infrastructure. This infrastructure allows the cyber criminals to control the Botnet remotely from thousands and thousands of infected computers. According to Microsoft, the Botnet is one of the most sophisticated operations in history due to it being so durable and robust.
    ZeroAccess malware will disable a user’s security features opening up their system to be vulnerable to even more secondary attacks. Microsoft recommends the immediate removal of the infection using up to date anti-virus software or malware removal tools.
    Microsoft says they are stepping-up the fight on these cyber criminals by notifying people who have been infected with the malware. Microsoft is directing people to their support site for more information on the Botnet which provides them with information regarding its removal.
    Microsoft’s fight against ZeroAccess is their first target since forming a new Cybercrime Center last month. The Cybercrime Center was formed after Microsoft was successful in disrupting over 1,000 Botnets back in June. Those Botnets were being used to rob innocent victims of their identity and banking information. Citadel was the name of the Botnet that infected more than 5 million people and was responsible for losses of over $500 million dollars.
    Other entities such as Trustwave’s SpiderLabs, have recently looked at source code from a Botnet dubbed Pony, which was recently discovered. Pony successfully stole credentials for 1.58 million websites, including 320,000 email accounts. They also found the Botnet responsible for breaching security on 3,000 secure shell accounts, 3,000 remote desktops, and 41,000 FTP accounts.
    In the past year, Microsoft’s technical and legal teams of their Digital Crimes Unit were successful in taking down the Bamital and Nitol Botnets. Microsoft announced on Thursday that their new Cyber Crime Unit and their newly formed alliances were stepping up their fight on cyber criminals, like those responsible for the ZeroAccess Botnet.
    read more

    Tuesday, August 6, 2013

    Electoral Commission Twitter account hacked, voters asked not to click

  • Tuesday, August 6, 2013
  • asd
  • Australian voters have been asked to ignore direct messages purportedly sent from the Australian Electoral Commission, after the commission's Twitter account was hacked on Tuesday.

    Twitter users started telling the AEC its Twitter account had been hacked shortly after 7 am, when they received links in direct messages from @AusElectoralCom. Some of the messages read "I found a funny pic of you!" with the link leading to a fake Twitter page designed to capture users' login details by way of  "verification".

    It is a classic phishing scam - Twishing - perpetrated by malicious hackers and something the social network has moved to curtail by limiting the number of DMs that can be sent at once to 250. The scam's goal is to capture more and more Twitter login details to in turn send more DMs. Links of similar scams have been found to lead to malware downloads, including banking trojans.

    Evan Ekin-Smith, spokesman for AEC, said the commission received advice from Twitter early Tuesday that its account had been compromised together with a list of measures to fix the problem.

    Mr Ekin-Smith said he was not aware of how its password had been obtained, but was certain no one from the organisation had been phished in a similar scam or divulged the password.

    He said the AEC would now change its password daily and to increasingly more complex combinations to ensure it wouldn't happen again. It has also elected to use Twitter's two-factor authentication introduced in May, requiring a verification code sent to a linked mobile number to login.


    "It's the power of social media used in a negative way. I have been speaking to our IT people this morning, they are putting in further steps - so anyone who tries to access our Twitter account will have to go through many more complicated steps in the future."

    At 9:10 am the AEC posted: "The Twitter issue has been resolved swiftly this morning. It was in no way related to any AEC IT systems."

    Mr Ekin-Smith said AEC was quick to address the issue and to determine no IT systems had been compromised. He said no third-party applications were linked to the account.

    AEC is the latest in a string of hacked high-profile accounts - Jeep, The Guardian, and Associated Press were among those hacked recently, some as a result of hactivism.

    Twitter's help centre has advice for people whose account has been hacked.

    read more

    Tor 'deep web' servers go offline as Irish man is held over child abuse images

  • asd
  • Freedom Hosting, linked by the FBI to child abuse images, has gone offline, as the FBI sought the extradition of a 28-year-old suspect from Ireland.
    Eric Eoin Marques is the subject of a US arrest warrant for distributing and promoting child abuse material online.

    He has been refused bail by the high court in Dublin, reported the Irish Independent, until the extradition request is decided. Marques, who is both a US and Irish national, will face the high court again on Thursday.
    If extradited to the US, Marques faces four charges relating to images hosted on the Freedom Hosting network, including images of the torture and rape of children. He could be sentenced to 30 years in prison.
    Freedom Hosting hosted sites on the The Onion Router (Tor) network, which anonymises and encrypts traffic, masking the identity of users.

    Whistleblowers, journalists and dissidents too?

    On Sunday, Tor's official blog posted a detailed statement confirming that a large number of "hidden service addresses", or servers anonymised using the network, had unexpectedly gone offline.
    Tor was quick to distance itself from Freedom Hosting, which has been claimed to be a hub for child abuse material as well as Silk Road – the eBay of hard drugs, saying "the persons who run Freedom Hosting are in no way affiliated or connected to the Tor Project Inc, the organisation co-ordinating the development of the Tor software and research."
    "Anyone can run hidden services, and many do," said the statement. "Organisations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse recovery.
    "Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example."
    Security blogger and former Washington Post reporter Brian Krebs wrote on Sunday that users were identified using a flaw in Firefox 17, on which the Tor browser is based.
    Rik Ferguson, vice-president of security research at Trend Micro, said he was awaiting further details to be made public as Marques is brought to trial, but that the takedown and related law enforcement "is great news for the campaign against child exploitation".
    "The malicious code made a 'victim machine' which visited one of the compromised hidden sites, and requested a website on the 'visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation.
    "It is a legitimate concern that users of child abuse material may simply go elsewhere, and as such the individual users should continue to be targeted by law enforcement globally. However, going after the people and organisations that really enable this content to be made available at all is a much more effective strategy."
    In 2011, hacking collective Anonymous took down Freedom Hosting with a targeted DDos attack as part of an anti-paedophile campaign. Anonymous also published details of the accounts of 1,500 members of Lolita City, claiming Freedom Hosting was home to 100GB of child abuse material.

    FBI conspiracy?

    Users on the Tor sub-Reddit were suspicious about the news, dissecting the details of the vulnerability and pointing to a previous case where the FBI had taken over and maintained a site hosting child abuse material for two weeks in order to identify users.
    "FBI uploads malicious code on the deep web sites while everyone is off at Defcon. Talk about paying dirty," commented VarthDaTor. Defcon is an annual event in the US for security experts and hackers.
    "The situation is serious," said gmerni. "They got the owner of FH and now they're going after all of us. Half the onion sites were hosted on FH! Disable Javascript in your Tor browser for the sake of your own safety."
    read more

    Friday, June 28, 2013

    Update Your FIREFOX to FIX the four critical SECURITY holes

  • Friday, June 28, 2013
  • asd
  • Mozilla has released the Firefox version 22 that addresses more than 10 Security vulnerabilities.


    Four Critical security bugs including "Execution of unmapped memory through onreadystatechange event", "Privileged content access and execution via XBL", "Memory corruption found using Address Sanitizer" and "Miscellaneous memory safety hazards" have been fixed in the latest version.

    Six High level security bugs including "Inaccessible updater can lead to local privilege escalation", "XrayWrappers can be bypassed to run user defined methods in a privileged context", "Data in the body of XHR HEAD requests leads to CSRF attacks" also have been fixed.

    Users are recommended to update their Firefox to the latest one.
    read more

    Saturday, June 8, 2013

    Android malware discovered, most advanced yet claims researchers

  • Saturday, June 8, 2013
  • asd
  • Security researchers have discovered what is claimed to be the most sophisticated Android malware ever seen.
    Android malware discovered, most advanced yet claims researchers

    Dubbed Obad, the malware can send texts to premium rate numbers, download and install additional malware and remotely execute console commands. It also uses complex obfuscation techniques to evade detection.

    The malware was unearthed by researchers working for IT security firm Kaspersky said that once the smartphone is infected, the malware quickly gains access to privileges on the phone and starts working in the background. The Trojan then attempts to spread through Wi-Fi and Bluetooth networks sending malicious files to other phones.

    Obad also exploits vulnerabilities in the Android OS. It can gain administrator privileges, making it virtually impossible for a user to delete it off a device. Another flaw in the Android OS relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application’s structure, define its launch parameters.

    "The malware modifies AndroidManifest.xml in such a way that it does not comply with Google standards, but is still correctly processed on a smartphone thanks to the exploitation of the identified vulnerability," said Roman Unuchek, Kaspersky Lab Expert. "All of this made it extremely difficult to run dynamic analysis on this Trojan."

    It also interferes with DEX2JAR code on the device, this converts APK files into JAR files. The disruption complicates analysis of the Trojan.

    The Trojan collects large amounts of data from the device, which it passes back to hackers through a command and control (C&C) server, according to Unuchek. The collected information is sent to the server in the form of an encrypted JSON object.

    This information is sent to the current C&C server every time a connection is established. In addition, the malicious program reports its current status to its owner: it sends the current table of premium numbers and prefixes to which to send text messages, the task list, and the list of C&C servers. During the first C&C communication session, it sends a blank table and a list of C&C addresses that were decrypted as described above. During the communication session, the Trojan may receive an updated table of premium numbers and a new list of C&C addresses.

    Unuchek said that the malware "looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits."
    "This means that the complexity of Android malware programs is growing rapidly alongside their numbers," he said.
    read more

    Friday, May 31, 2013

    PayPal vulnerability finally closed

  • Friday, May 31, 2013
  • asd
  • On Wednesday night, payment processor PayPal closed the security hole in its portal that had been publicly known for five days. The company had been aware of the vulnerability for about two weeks. The hole was a critical one: it allowed attackers to inject arbitrary JavaScript code into the PayPal site, potentially enabling them to harvest users' access credentials.
    Why PayPal took so long to fix the hole is incomprehensible – the information required to exploit the hole has been circulating on the net since last week and there was an urgent need for immediate action. In similar cases, affected companies tend to respond within 24 hours.

    Another cause for irritation is that, even as late as Tuesday, a PayPal spokesperson told The H's colleagues at heise Security that "at this moment, there is no indication" that PayPal customer data is at risk – despite heise Security providing proof to the contrary by embedding their own login form into the HTTPS-secured PayPal site. Attackers with a little more criminal motivation could have injected a phishing page that, at first glance, looked identical to the original.

    The vulnerability was discovered by Robert Kugler, a 17-year-old student, who originally wanted to report it via the bug bounty program that the company launched last year. When PayPal didn't allow him to participate in the program because he wasn't yet 18, the student released the details of his discovery on the Full Disclosure security mailing list, but only after giving PayPal a week's period of grace, which the company allowed to pass. 

    Kugler reports that he received another email from PayPal yesterday in which the company said: "the vulnerability you submitted was previously reported by another researcher", which suggests that the company knew of the problem for more than two weeks before moving to fix the issue. PayPal says it is for this reason that they are not paying Kugler the bug bounty and chastises Kugler for disclosing the issue to the public. The company is, though, offering to send the young researcher a "Letter of recognition" for his investigation.
    read more

    Drupal hacked, resets passwords after millions of accounts exposed

  • asd
  • Passwords for almost one million accounts on the Drupal.org website are being reset after hackers gained unauthorized access to sensitive user data.
    Drupal.org is the official website for the popular open-source content management platform. The breach is the result of an attack that exploited a vulnerability in an undisclosed third-party application, not in Drupal itself, Holly Ross, executive director of the Drupal Association, wrote in a blog post published Wednesday. The hack exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords, although investigators may discover additional types of information were compromised.
    "Malicious files were placed on association.drupal.org servers via a third-party application used by that site," Ross wrote. "Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability."

    There's no indication credit card data was intercepted. There's also no evidence that any unauthorized changes were made to Drupal source code or projects.

    Drupal.org administrators have responded by rebuilding production, staging, and development systems and enhancing most servers with grsecurity, a set of security patches for the Linux operating system. The admins have also hardened their configuration of the Apache Web server application and added antivirus scanning to their security routine. Some Dupal.org subsites, particularly those with older content, have been converted to static archives so they can't be updated in the future.

    Drupal.org account holders will be required to change their password by visiting this link, entering their username or e-mail address, and following the link included in the e-mail message that follows. Ross also encouraged account holders to change login credentials on other sites that used the same or a similar password used on Drupal.org.

    Most of the passwords stored by Drupal.org were both salted and, more importantly, passed through a cryptographic hash function multiple times using the open-source phpass application. Some older passwords weren't salted. If Drupal engineers followed good practices—and there's no indication they didn't—the repeated hash iterations will go a long way to preventing anyone who obtains the data from quickly cracking the hashes and exposing the underlying plaintext that generated them. (Cryptographic salting, which appends unique characters to each password before it's hashed, is also helpful, although people frequently overstate the protection it provides. For much more on password protection see the Ars feature Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”.)

    Ross didn't identify the exploited third-party application. Given Drupal.org's use of Apache, it's possible the site was compromised by the same attack that has plagued at least 20,000 other sites in recent weeks. Researchers still don't know how attackers are gaining almost unfettered, "root" access on these servers, but the same backdoor, often known as Linux/Cdorked, more recently started compromising sites that run on the nginx and Lighttpd Web servers too.

    The hacks are underscoring the growing vulnerability of websites to serious malware attacks. On Tuesday, evidence emerged that servers running the Ruby on Rails framework were being compromised and made part of a botnet. The attackers in that case were exploiting an extremely critical vulnerability that was patched in early January.

    Drupal's front page states there are 967,545 people in 228 countries (speaking 181 languages) using the platform.
    read more