Yahoo Spreading Malware?

Some advertisements on Yahoo Inc’s European websites last week spread malicious software, Yahoo said on Sunday, potentially infecting the computers of thousands of users.

Last Friday, Fox-IT, a Delft, Netherlands-based computer security firm, wrote in a blog that attackers had inserted malicious ads served by ads.yahoo.com.

In a recently released statement, a Yahoo spokesman, said: “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.” Yahoo said it promptly removed the bad ads, and that users of Mac computers and mobile devices were not affected.

Malware is software used to disrupt a computer’s operations, gather sensitive information, or gain access to private computer systems.

Fox-IT estimated that on Friday, the malware was being delivered to approximately 300,000 users per hour, leading to about 27,000 infections per hour. The countries with the most affected users were Romania, Britain, and France.

“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors,” Fox-IT wrote in the January 3 blog post.

Source

Twitter Tightens Security

Twitter Inc said it has put in place a security technology that makes it harder to spy on its users and called on other Internet firms to do the same, as Web providers look to thwart spying by government intelligence agencies.

The online messaging service, which began scrambling communications in 2011 using traditional HTTPS encryption, said on Friday it has added an advanced layer of protection for HTTPS known as “forward secrecy.”

“A year and a half ago, Twitter was first served completely over HTTPS,” the company said in a blog posting. “Since then, it has become clearer and clearer how important that step was to protecting our users’ privacy.”

Twitter’s move is the latest response from U.S. Internet firms following disclosures by former spy agency contractor Edward Snowden about widespread, classified U.S. government surveillance programs.

Facebook Inc, Google Inc, Microsoft Corp and Yahoo Inc have publicly complained that the government does not let them disclose data collection efforts. Some have adopted new privacy technologies to better secure user data.

Forward secrecy prevents attackers from exploiting one potential weakness in HTTPS, which is that large quantities of data can be unscrambled if spies are able to steal a single private “key” that is then used to encrypt all the data, said Dan Kaminsky, a well-known Internet security expert.

The more advanced technique repeatedly creates individual keys as new communications sessions are opened, making it impossible to use a master key to decrypt them, Kaminsky said.

“It is a good thing to do,” he said. “I’m glad this is the direction the industry is taking.”

Source

Will Skype 3RD Party API’s End?

Angry Developers, a breed not unlike Angry Birds but without the desire to fling themselves at naughty pigs, have started a petition asking Microsoft to withdraw its plan to switch off the desktop API for Skype.

The news follows Microsoft’s announcement that support for third party applications will end in December. The change.org petition explains, “The decision to discontinue Skype’s Desktop API impacts our ability to use Skype within my normal Skype calling activities.” It goes on to request that, “Skype/Microsoft provide continued support for third party Skype utilities that have become mission critical to Skype’s users.”

The API runs a range of services, including call recording clients, and in some cases third party hardware including certain headsets. Its discontinuation will most likely see problems for third party instant messaging (IM) services that rely on the API to aggregate IM services, as Skype does not use the Jabber protocol.

Microsoft’s explanation of this was fairly straightforward. It said, “The Desktop API was created in 2004 and it doesn’t support mobile application development. We have, therefore, decided to retire the Desktop API in December 2013.”

However, many developers who receive income from their products using the Skype API are unsatisfied with this.

Although Skype has had a mobile client dating back as far as Windows Mobile 5, it has never had parity with the desktop version and there remains some bewilderment as to why Microsoft has made this decision.

At the time of writing shortly after launch on Friday, the petition had 540 signatures and rising, showing that there is a groundswell of support for the initiative.

Source

Cyber Attacks Increasing In Middle East

Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.

More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.

“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.

He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.

“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.

DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.

The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.

Beek described SEA as similar to Anonymous.

“There’s a group leading operations, with a support group of other people that can help,” said Beek.

McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.

Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.

“It’s where the wealth and critical infrastructure is concentrated,” he said.

The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.

“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”

Source

Google Encrypts Data

Google officially announced it will by default encrypt data warehoused in its Cloud Storage service.

The server-side encryption is now active for all new data written to Cloud Storage, and older data will be encrypted in the coming months, wrote Dave Barth, a Google product manager, in a blog post.

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Barth wrote. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

The data and metadata around an object stored in Cloud Storage is encrypted with a unique key using 128-bit Advanced Encryption Standard algorithm, and the “per-object key itself is encrypted with a unique key associated with the object owner,” Barth wrote.

“These keys are additionally encrypted by one of a regularly rotated set of master keys,” he wrote. “Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”

Data collection programs revealed by former U.S. National Security Agency contractor Edward Snowden have raised questions about U.S. government data requests made to Internet companies such as Google for national security investigations.

A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

“Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process,” she wrote. “When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.”

Source

Is The FBI Snooping TOR?

The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.

The FBI might be behind a security assault on the TOR network that grabs users’ information.

Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.

“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.

He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.

“Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.

“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”

The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.

Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.

A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.

“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.

“There are a variety of [rumors] about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site,” it said.

“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”

Source

Is Twitter Home To Malware?

Security outfit Trusteer has recently identified an active configuration of TorRAT targeting Twitter users. The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.

Dana Tamir, Enterprise Security Director for Trusteer the malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. But since Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.

The attack is carried out by injecting Javascript code into the victim’s Twitter account page. The malware collects the user’s authentication token, which enables it to make authorized calls to Twitter’s APIs, and then posts new, malicious tweets on behalf of the victim.

Tamir said that the attack is particularly difficult to defend against because it uses a new sophisticated approach to spear-phishing. Twitter users follow accounts that they trust. Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. The fact that the tweets include shortened URLs is not concerning: Twitter limits the number of characters in a message, so followers expect to get interesting news bits in the form of a short text message followed by a shortened URL. However, a shortened URL can be used to disguises the underlying URL address, so that followers have no way of knowing if the link is suspicious.

Source

EPIC Wants Biometric Data From The FBI

The Electronic Privacy Information Center (EPIC) has pressed the US Federal Bureau of Investigation (FBI) for access to its database of US citizens’ biometric data.

EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).

It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.

The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.

The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.

“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.

“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.

In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.

EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.

It said that so far it has received no information from the FBI in response to its requests.

Source

IDL Goes Live

The Internet has a cluster of superheroes ready to defend it, the Internet Defence League (IDL).

The IDL was set up by protest group Fight for the Future following the recent outbreak of web site blackouts that were launched to protest against legislation like SOPA and PIPA. It offers web sites a way to show that they are always ready to defend the internet against attack.

“The Internet Defense League takes the tactic that killed SOPA and PIPA and turns it into a permanent force for defending the internet, and making it better,” it says on its homepage. “Think of it like the internet’s Emergency Broadcast System, or its bat signal!”

Like those earlier protests, the idea is to get the more informed people, people that are actually operating internet properties, into the debate.

“Internet freedom and individual power are changing the course of history. But entrenched institutions and monopolies want this to stop,” explains the group. “Elected leaders often don’t understand the internet, so they’re easily confused or corrupted.”

Anyone that runs a web site is invited to join, and the idea is to get millions of people involved. Once they have joined the IDL they will be given software code to add to their web sites to show that they are members.

Source…

PayPal Wooing SMB’s With Payments Service

PayPal is focusing on small businesses, service providers, and casual sellers on the move with its new PayPal Here service which allows vendors to process a variety of payments including checks and cards using their mobile phones.

The new service unveiled Thursday includes a free app and encrypted thumb-sized card reader, which allows merchants with an iPhone, and later Android smartphones, to process payments.

Merchants can accept payments by swiping cards in the card reader, scanning cards and checks using their phone cameras, or by entering card information manually into the app, the eBay unit said. They can also send an invoice and set payment terms, and accept PayPal payments from the app. The check facility is however only available in the U.S.

An iPhone version of the card reader and merchant app is available from Thursday to select merchants in the U.S., Canada, Australia and Hong Kong, with general availability in those countries scheduled for April. PayPal also plans to have an Android version of the merchant app by then. It will announce the availability of the service in more countries soon, it said.

Merchants pay a flat rate of 2.7 percent for card swipes and PayPal payments, while checks will be processed free of charge. Scanning of cards or typing the card information will be charged extra. PayPal Here merchants will also receive a business debit card for access to cash and 1 percent cash-back on eligible purchases.

PayPal will be competing with mobile payment systems from other providers such as Square and Intuit.

The key differentiator for PayPal Here in comparison to other small business mobile payment services is that it comes from a trusted brand in the online payments industry, with more than 100 million customers globally, David Marcus, vice president of mobile at PayPal said in a blog post.

« Previous Page — Next Page »