beanlicker
09-12-2012, 09:25 PM
Don't Trust That Text
By John P. Mello Jr.
TechNewsWorld
08/20/12 6:00 AM PT
A flaw discovered in Apple's iOS operating system could help hackers spoof text-message conversations and ply info from targets who think they're communicating with a trusted friend. "SMS should not be considered a secure communication method," said Lookout Mobile Security's Derek Halliday. "Users should not be willing to disclose information over SMS that they expect to be secure."
A well-known iOS hacker who uses the handle "pod2g" revealed a flaw in Apple's mobile operating system, iOS, that he says can be exploited to alter the "reply to" information in SMS (http://en.wikipedia.org/wiki/SMS) messages.
Such a tactic could be used by cybermiscreants to pry sensitive information from the recipient of a message or divert them to a malicious website.
One of the problems with SMS messages is they only display the sender's number, according to Derek Halliday, senior security product manager at Lookout Mobile Security (http://www.mylookout.com/).
"The ideal implementation would give you context both about the origin number as well as the number you will reply to if you respond to the message," he told TechNewsWorld. "Having only one number displayed definitely leaves ambiguity if they are different."
He warned text messaging lovers:
"SMS should not be considered a secure communication method. Users should not be willing to disclose information over SMS that they expect to be secure, nor should they assume that it is a trustworthy channel for communications with their banking or other significant service providers."
More Middle East Malware Mayhem
Recent cyber attacks on Middle Eastern targets have been attributed to super malware programs suspected to be the work of nation-states. But that doesn't seem to be the case last week with the assault on the computers of Saudi Aramaco.
The company revealed the cyberforay on its Facebook page. It said it had disconnected all its electronic systems from the outside world as a "precautionary measure" following a disruption to its computer systems. The suspected cause of the disruption: a virus attack.
The assault on the Aramco systems affected some individual workstations but not the primary components of the network, the company said. Neither did it disrupt the company's industrial systems.
"This attack isn't on the same professional level as Flame, Stuxnet, Gauss or Duqu," Eric Byres, CTO and vice president for engineering for Belden's Tofino Security Products (http://www.belden.com/), told TechNewsWorld.
"It looks like they may have learned a few tricks from Stuxnet," he added. "They're not using the code, but they're using some of the concepts."
Unlike state-engineered malware, the Aramco hackers, who call themselves the "Arab Youth League," produced software that lacked subtlety, he observed. "It's not trying to stay under the radar," he observed.
"It destroys machines," he explained. "When machines are going down left, right and center around you, you know there's a problem."
One disturbing aspect of the attack is Aramco's shutting down of Internet access, according to Jeffrey Carr, CEO of Taia Global (http://www.taiaglobal.com/). It appears they had systems connected to the Internet that shouldn't have been connected to the Internet.
"If that's the case," he told TechNewsworld, "then they certainly are vulnerable to a hacker group with a relatively low skill level."
He reasoned that the hackers wanted to "make a statement" and weren't concerned with disrupting Aramco's industrial systems, as Stuxnet did to Iran's nuclear program.
"If your target was the PLCs [chips that control industrial processes], you wouldn't announce yourself by doing something so obvious as attacking the business network," he observed.
Malware-Sniffing Algorithm
An efficient way to ferret out the sources of malware and spam has been developed by a team of Swiss scientists.
The boffins have developed an algorithm that can identify the sources of online nastiness like spam and malicious software by monitoring a small percentage of the connections in a network.
Checking all the nodes on the Internet to target the sources of spam and malware is impossible, but with the algorithm -- described in a paper titled "Locating the Source of Diffusion in Large-scale Networks" published in Physical Review Letters on Aug. 10 -- those sources can be identified with 10 to 20 percent of the nodes on a network, sometimes even less.
The algorithm developed by the researchers at the Audiovisual Communications Laboratory of the Swiss Federal Institute of Technology can be useful for more than combatting the dregs of the Internet. It could also be used to identify the source of biological diseases like SARS.
Breach Diary
Aug. 13: WikiLeaks, known for posting classified government documents to the Web, is online again (http://threatpost.com/en_us/blogs/wikileaks-back-online-after-sustained-ddos-attack-081312) after prolonged Distributed Denial of Service Attack (DDoS) disrupted service at the site for a week. A group calling itself "Anti Leaks" is claiming credit for the attack.
Aug. 14: Oracle released a patch to its server product (http://www.securityweek.com/oracle-patches-vulnerability-disclosed-black-hat) to correct a flaw revealed at Black Hat 2012 by David Litchfield of Accuvant Labs. The vulnerability could be exploited to obtain credentials that could be used to hijack control of a server running Oracle's software.
Aug. 14: Apria Healthcare revealed that protected health information, including Social Security numbers, names and birth dates of as many of 11,000 patients may have been compromised (http://ehrintelligence.com/2012/08/14/stolen-laptop-leads-to-health-data-breach-at-apria-healthcare/) when a laptop was stolen from the locked car of an employee in Phoenix, Ariz.
Aug. 15: Someone calling him or herself "The Man Behind Anonymous" claimed to have stolen (http://www.forbes.com/sites/jasonevangelho/2012/08/15/anonymous-claims-another-sony-psn-breach-50gb-of-data-stolen/) from the Sony PlayStation Network 50 GB of user data. The claim was latter proved to be hoax.
Aug. 15: Sega Japan issued a security warning (http://www.tssznews.com/2012/08/15/sega-japan-warns-of-sega-id-security-breach/) to account holders of Sega ID about a malicious party attempting to login to numerous Sega ID accounts. No information was released as to how many accounts may have been compromised. The company urged Sega ID users to change their passwords.
Aug. 16: The Washington [D.C.] Metropolitan Area Transit Authority disclosed that it is working to fix a flaw in computer systems (http://www.wjla.com/articles/2012/08/metro-website-security-breach-made-personal-data-accessible-to-public-78897.html) that could allow unauthorized persons to access the personal information of anyone who has applied for a job at the authority.
Aug. 16: Symantec reported that it plugged a hole (http://www.networkworld.com/news/2012/081612-norton-breach-261701.html?hpg1=bn) in its Norton Online Backup service that allowed some of its users to view backups of other user's data on the system.
Calendar
Aug. 20-23: Gartner Catalyst Conference. (http://www.gartner.com/technology/summits/na/catalyst/) San Diego, Calif. Standard price: $2,295.
Aug. 23: Washington D.C. Tech-Security Conference. L'Enfant Plaza Hotel, 480 L'Enfant Plaza SW, Washington, D.C.
Aug. 29: Update Your Software or Die. (https://www302.livemeeting.com/lrs/1100003821/Registration.aspx?pageName=3fgc1jjpd098nd8q) 2 p.m. ET. Webcast. Sponsored by Qualys. Free.
Aug. 30: Business Beyond the Perimeter: Endpoint Security in the Cloud Era. (https://www.techwebonlineevents.com/ars/eventregistration.do;jsessionid=38C08CBACEFA560ED3 42F82734A3F2EB.tomcat1?mode=eventreg&F=1004759&K=1DR1ACNA) 10 a.m. PT. Webcast sponsored by GFI Software. Free with registration.
Sept. 12-14: UNITED (Using New Ideas to Empower Defenders) Security Summit (http://www.unitedsummit.org/). Grand Hyatt, San Francisco. Registration: $1,395.
Oct. 9-11: Crypto Commons. (http://www.rsaconference.com/events/2012/europe/agenda/crypto-commons.htm?utm_source=Responsys&utm_medium=newsletter&utm_content=europe-crypto&utm_campaign=newsletter-june-2012) Hilton London Metropole, UK. Early bird price (by Aug. 10): Pounds 800, plus VAT. Discount registration (by Sept. 12): Pounds 900. Standard registration: Pounds 1,025.
Oct. 16-18: ACM Conference on Computer and Communications Security. (http://sigsac.org/ccs/CCS2012/index.shtml) Sheraton Raleigh Hotel, Raleigh, N.C.
Oct. 18: Suits and Spooks Conference: Offensive Tactics Against Critical Infrastructure. (http://www.taiaglobal.com/suits-and-spooks/suits-and-spooks-boston-2012/) Larz Anderson Auto Museum, Brookline, Mass. Attendance Cap: 130. Registration: Super Early Bird, $195 (by Aug. 18); Early Bird, $295 (by Sept. 18); Standard, $395 (by Oct. 17).
Oct. 25-31 Hacker Halted Conference 2012. (http://www.prweb.com/releases/2012/7/prweb9710345.htm) Miami, Fla. Sponsored by EC-Council. Registration: $2,799-$3,599.http://www.ectnews.com/images/end-enn.gif (http://www.ectnews.com/images/end-enn.gif)
By John P. Mello Jr.
TechNewsWorld
08/20/12 6:00 AM PT
A flaw discovered in Apple's iOS operating system could help hackers spoof text-message conversations and ply info from targets who think they're communicating with a trusted friend. "SMS should not be considered a secure communication method," said Lookout Mobile Security's Derek Halliday. "Users should not be willing to disclose information over SMS that they expect to be secure."
A well-known iOS hacker who uses the handle "pod2g" revealed a flaw in Apple's mobile operating system, iOS, that he says can be exploited to alter the "reply to" information in SMS (http://en.wikipedia.org/wiki/SMS) messages.
Such a tactic could be used by cybermiscreants to pry sensitive information from the recipient of a message or divert them to a malicious website.
One of the problems with SMS messages is they only display the sender's number, according to Derek Halliday, senior security product manager at Lookout Mobile Security (http://www.mylookout.com/).
"The ideal implementation would give you context both about the origin number as well as the number you will reply to if you respond to the message," he told TechNewsWorld. "Having only one number displayed definitely leaves ambiguity if they are different."
He warned text messaging lovers:
"SMS should not be considered a secure communication method. Users should not be willing to disclose information over SMS that they expect to be secure, nor should they assume that it is a trustworthy channel for communications with their banking or other significant service providers."
More Middle East Malware Mayhem
Recent cyber attacks on Middle Eastern targets have been attributed to super malware programs suspected to be the work of nation-states. But that doesn't seem to be the case last week with the assault on the computers of Saudi Aramaco.
The company revealed the cyberforay on its Facebook page. It said it had disconnected all its electronic systems from the outside world as a "precautionary measure" following a disruption to its computer systems. The suspected cause of the disruption: a virus attack.
The assault on the Aramco systems affected some individual workstations but not the primary components of the network, the company said. Neither did it disrupt the company's industrial systems.
"This attack isn't on the same professional level as Flame, Stuxnet, Gauss or Duqu," Eric Byres, CTO and vice president for engineering for Belden's Tofino Security Products (http://www.belden.com/), told TechNewsWorld.
"It looks like they may have learned a few tricks from Stuxnet," he added. "They're not using the code, but they're using some of the concepts."
Unlike state-engineered malware, the Aramco hackers, who call themselves the "Arab Youth League," produced software that lacked subtlety, he observed. "It's not trying to stay under the radar," he observed.
"It destroys machines," he explained. "When machines are going down left, right and center around you, you know there's a problem."
One disturbing aspect of the attack is Aramco's shutting down of Internet access, according to Jeffrey Carr, CEO of Taia Global (http://www.taiaglobal.com/). It appears they had systems connected to the Internet that shouldn't have been connected to the Internet.
"If that's the case," he told TechNewsworld, "then they certainly are vulnerable to a hacker group with a relatively low skill level."
He reasoned that the hackers wanted to "make a statement" and weren't concerned with disrupting Aramco's industrial systems, as Stuxnet did to Iran's nuclear program.
"If your target was the PLCs [chips that control industrial processes], you wouldn't announce yourself by doing something so obvious as attacking the business network," he observed.
Malware-Sniffing Algorithm
An efficient way to ferret out the sources of malware and spam has been developed by a team of Swiss scientists.
The boffins have developed an algorithm that can identify the sources of online nastiness like spam and malicious software by monitoring a small percentage of the connections in a network.
Checking all the nodes on the Internet to target the sources of spam and malware is impossible, but with the algorithm -- described in a paper titled "Locating the Source of Diffusion in Large-scale Networks" published in Physical Review Letters on Aug. 10 -- those sources can be identified with 10 to 20 percent of the nodes on a network, sometimes even less.
The algorithm developed by the researchers at the Audiovisual Communications Laboratory of the Swiss Federal Institute of Technology can be useful for more than combatting the dregs of the Internet. It could also be used to identify the source of biological diseases like SARS.
Breach Diary
Aug. 13: WikiLeaks, known for posting classified government documents to the Web, is online again (http://threatpost.com/en_us/blogs/wikileaks-back-online-after-sustained-ddos-attack-081312) after prolonged Distributed Denial of Service Attack (DDoS) disrupted service at the site for a week. A group calling itself "Anti Leaks" is claiming credit for the attack.
Aug. 14: Oracle released a patch to its server product (http://www.securityweek.com/oracle-patches-vulnerability-disclosed-black-hat) to correct a flaw revealed at Black Hat 2012 by David Litchfield of Accuvant Labs. The vulnerability could be exploited to obtain credentials that could be used to hijack control of a server running Oracle's software.
Aug. 14: Apria Healthcare revealed that protected health information, including Social Security numbers, names and birth dates of as many of 11,000 patients may have been compromised (http://ehrintelligence.com/2012/08/14/stolen-laptop-leads-to-health-data-breach-at-apria-healthcare/) when a laptop was stolen from the locked car of an employee in Phoenix, Ariz.
Aug. 15: Someone calling him or herself "The Man Behind Anonymous" claimed to have stolen (http://www.forbes.com/sites/jasonevangelho/2012/08/15/anonymous-claims-another-sony-psn-breach-50gb-of-data-stolen/) from the Sony PlayStation Network 50 GB of user data. The claim was latter proved to be hoax.
Aug. 15: Sega Japan issued a security warning (http://www.tssznews.com/2012/08/15/sega-japan-warns-of-sega-id-security-breach/) to account holders of Sega ID about a malicious party attempting to login to numerous Sega ID accounts. No information was released as to how many accounts may have been compromised. The company urged Sega ID users to change their passwords.
Aug. 16: The Washington [D.C.] Metropolitan Area Transit Authority disclosed that it is working to fix a flaw in computer systems (http://www.wjla.com/articles/2012/08/metro-website-security-breach-made-personal-data-accessible-to-public-78897.html) that could allow unauthorized persons to access the personal information of anyone who has applied for a job at the authority.
Aug. 16: Symantec reported that it plugged a hole (http://www.networkworld.com/news/2012/081612-norton-breach-261701.html?hpg1=bn) in its Norton Online Backup service that allowed some of its users to view backups of other user's data on the system.
Calendar
Aug. 20-23: Gartner Catalyst Conference. (http://www.gartner.com/technology/summits/na/catalyst/) San Diego, Calif. Standard price: $2,295.
Aug. 23: Washington D.C. Tech-Security Conference. L'Enfant Plaza Hotel, 480 L'Enfant Plaza SW, Washington, D.C.
Aug. 29: Update Your Software or Die. (https://www302.livemeeting.com/lrs/1100003821/Registration.aspx?pageName=3fgc1jjpd098nd8q) 2 p.m. ET. Webcast. Sponsored by Qualys. Free.
Aug. 30: Business Beyond the Perimeter: Endpoint Security in the Cloud Era. (https://www.techwebonlineevents.com/ars/eventregistration.do;jsessionid=38C08CBACEFA560ED3 42F82734A3F2EB.tomcat1?mode=eventreg&F=1004759&K=1DR1ACNA) 10 a.m. PT. Webcast sponsored by GFI Software. Free with registration.
Sept. 12-14: UNITED (Using New Ideas to Empower Defenders) Security Summit (http://www.unitedsummit.org/). Grand Hyatt, San Francisco. Registration: $1,395.
Oct. 9-11: Crypto Commons. (http://www.rsaconference.com/events/2012/europe/agenda/crypto-commons.htm?utm_source=Responsys&utm_medium=newsletter&utm_content=europe-crypto&utm_campaign=newsletter-june-2012) Hilton London Metropole, UK. Early bird price (by Aug. 10): Pounds 800, plus VAT. Discount registration (by Sept. 12): Pounds 900. Standard registration: Pounds 1,025.
Oct. 16-18: ACM Conference on Computer and Communications Security. (http://sigsac.org/ccs/CCS2012/index.shtml) Sheraton Raleigh Hotel, Raleigh, N.C.
Oct. 18: Suits and Spooks Conference: Offensive Tactics Against Critical Infrastructure. (http://www.taiaglobal.com/suits-and-spooks/suits-and-spooks-boston-2012/) Larz Anderson Auto Museum, Brookline, Mass. Attendance Cap: 130. Registration: Super Early Bird, $195 (by Aug. 18); Early Bird, $295 (by Sept. 18); Standard, $395 (by Oct. 17).
Oct. 25-31 Hacker Halted Conference 2012. (http://www.prweb.com/releases/2012/7/prweb9710345.htm) Miami, Fla. Sponsored by EC-Council. Registration: $2,799-$3,599.http://www.ectnews.com/images/end-enn.gif (http://www.ectnews.com/images/end-enn.gif)