Sign up for our Technology Newsletter 
Google Updates It’s SSL Certificate
Google has announced plans to upgrade its Secure Sockets Layer (SSL) certificates to 2048-bit keys by the end of 2013 to strengthen its SSL implementation.
Announcing the news on a blog post today, Google’s director of information security engineering Stephen McHenry said it will begin switching to the new 2048-bit certificates on 1 August to ensure adequate time for a careful rollout before the end of the year.
“We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” McHenry said.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications. This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.”
McHenry advised that for a smooth upgrade, client software that makes SSL connections to Google, for example, HTTPS must: “perform normal validation of the certificate chain; include a properly extensive set of root certificates contained […]; and support Subject Alternative Names (SANs)”.
He also recommended that clients support the Server Name Indication (SNI) extension because they might need to make an extra API call to set the hostname on an SSL connection.
He pointed out some of the problems that the change might trigger, and pointed to a FAQ addressing certificate changes, as well as instructions for developers on how to adapt to certificate changes.
F-secure’s security researcher Sean Sullivan advised, “By updating its SSL standards, Google will make it easier to spot forged certificates.
“Certificate authorities have been abused and/or hacked in the past. I imagine it will be more difficult to forge one of these upgraded certs. Therefore, users can have more confidence.”
Is Twitter Home To Malware?
May 1, 2013 by admin
Filed under Around The Net
Comments Off on Is Twitter Home To Malware?
Security outfit Trusteer has recently identified an active configuration of TorRAT targeting Twitter users. The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.
Dana Tamir, Enterprise Security Director for Trusteer the malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. But since Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.
The attack is carried out by injecting Javascript code into the victim’s Twitter account page. The malware collects the user’s authentication token, which enables it to make authorized calls to Twitter’s APIs, and then posts new, malicious tweets on behalf of the victim.
Tamir said that the attack is particularly difficult to defend against because it uses a new sophisticated approach to spear-phishing. Twitter users follow accounts that they trust. Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. The fact that the tweets include shortened URLs is not concerning: Twitter limits the number of characters in a message, so followers expect to get interesting news bits in the form of a short text message followed by a shortened URL. However, a shortened URL can be used to disguises the underlying URL address, so that followers have no way of knowing if the link is suspicious.
Bonets Attack U.S. Banks
January 18, 2013 by admin
Filed under Around The Net
Comments Off on Bonets Attack U.S. Banks
Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the responsible parties behind the ongoing DDoS attack campaign against U.S. financial institutions — thought by some to be the work of Iran — are using botnets for hire.
The compromised website contained a PHP-based backdoor script that was regularly instructed to send numerous HTTP and UDP (User Datagram Protocol) requests to the websites of several U.S. banks, including PNC Bank, HSBC and Fifth Third Bank, Ronen Atias, a security analyst at Web security services provider Incapsula, said Tuesday in a blog post.
Atias described the compromised site as a “small and seemingly harmless general interest UK website” that recently signed up for Incapsula’s services.
An analysis of the site and the server logs revealed that attackers were instructing the rogue script to send junk traffic to U.S. banking sites for limited periods of time varying between seven minutes and one hour. The commands were being renewed as soon as the banking sites showed signs of recovery, Atias said.
During breaks from attacking financial websites the backdoor script was being instructed to attack unrelated commercial and e-commerce sites. “This all led us to believe that we were monitoring the activities of a Botnet for hire,” Atias said.
“The use of a Web Site as a Botnet zombie for hire did not surprise us,” the security analyst wrote. “After all, this is just a part of a growing trend we’re seeing in our DDoS prevention work.”
Amazon Goes To Court
Amazon is suing Daniel Powers, its ex VP in charge of global sales for Amazon Web Services because he joined Google in a cloud role.
Taking the new job, asserts Amazon, violates Powers’ non-compete agreement with Amazon, which let Powers go this summer with a reasonable severance package.
There is a risk that Powers could take important information that he learned about the Amazon web services business to its rival, Google, and that is what the firm is seeking to stop.
According to Geekwire Amazon wants an injunction against Powers to prevent him from “engaging in any activities that directly or indirectly support any aspect of Google’s cloud computing business”.
A court filing claims that Amazon has an agreement with Powers that says he will not join a rival for a “limited time following the termination of his employment”.
Powers, it warns, is a veteran who knows the cloud business from “top to bottom”, adding that he has “acquired and currently possesses extensive knowledge of Amazon’s trade secrets and its highly confidential information”.
The complaint says that he has extensive and detailed information about Amazon Web Services’ prospects, business, potential business partners, pricing strategies and goals.
Amazon has not provided us with further comment.
Chase Building 1/2 Billion Dollar Data Center
August 24, 2012 by admin
Filed under Around The Net
Comments Off on Chase Building 1/2 Billion Dollar Data Center
The enthusiastic backer of Enron and serial over charger of mortgage payers, JPMorgan Chase has just splashed out on a new $500 million data center.
CEO Jamie Dimon announced the move which practically everyone in the IT industry finds a bit strange. While Chase is the US’s largest bank, the new facilities are a little big by anyone’s standard. It is about the same about of money that Google and Microsoft in their largest data centres for their cloud networks.
Dimon cited the figure as one of the advantages of being a big size. It can afford to invest cash in this way. Size lets Chase build a $500 million data centre that speeds up transactions and invest billions of dollars in products like ATMs and apps that allow your iPhone to deposit cheques, he enthused.
JPMorgan Chase operates two large data centres in Delaware and a 400,000 square foot facility. It also acquired data centres in its deals for distressed rivals Bear Stearns and Washington Mutual in the early days of the 2008 financial crisis. So why it needs a huge new one is anyone’s guess.
Microsoft’s Vista Infection Rates Climb
Microsoft said last week that an uptick in more security exploits on Windows Vista can be attributed to the demise of support for the operating system’s first service pack.
Data from the company’s newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That’s counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft’s Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition’s retirement from security support.
“This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform,” said Rains in a blog post last week.
Cisco Lends A Hand In Fighting Fraud
Cisco released an API at the Interop 2012 Conference this week for its branch routers designed to enable third-party developers to write applications to beef up the security of phone calls over the router network.
The Cisco UC Gateway Services API is a Web-based programming interface that allows customers and developers access to call information over a Cisco ISR G2 router at the edge of a voice network, such as signaling and media. This information can be used to detect and help prevent malicious activity such as social engineering and identity theft scams, contact center account takeover fraud, unauthorized network and service use, and denial-of-service attacks.
Applications written to the API can then apply appropriate action to terminate, redirect or record the call.
Cisco, citing data from the Communications Fraud Control Association, says global telecom fraud losses are estimated to be $40 billion annually.
More Trojan Malware Found On Macs
Following the outbreak of the Flashback Mac Trojan, security researchers have identified two more cases of Mac OS X malware. The good news is most Mac owners have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.
Fortunately, this malware isn’t a threat to most users for a few reasons: It may have only been used in targeted attacks, Raiu wrote, with links to malicious Websites sent via e-mail, and the domain used to fetch instructions for infected Macs has since been shut down.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as vector, distributed by e-mail.
Apple Has A Hole In MAC OS X
Apple has failed to fix a bug in its Mac OS X operating system that allows processes to bypass the sandbox protection in place.
The flaw was discovered by Anibal Sacco and Matias Eissler from Core Security Technologies. They let Apple know about the problem on 20 September, and while Apple acknowledged their submission, it said that it did not see any security threat, forcing the Core Security Technologies team to publish the report to the public this month.
The problem appears to be with the use of Apple events in several default profiles, including the no-network and no-internet ones. When Apple events are dispatched a process can escape the sandbox, which could be exploited by hackers.
The vulnerability could lead to a compromised application restricted by the use of the no-network profile gaining access to network resources through the use of Apple events to execute other applications that are not restricted by the sandbox, making it a significant security threat.
Only the more recent versions of Mac OS X are vulnerable to this bug, including 10.5.x, 10.6.x, and 10.7.x. Those using 10.4.x are safe from the exploit.
Mobile Security Threats Continue To Grow
October 15, 2011 by admin
Filed under Smartphones
Comments Off on Mobile Security Threats Continue To Grow
According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That’s great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must prepare for the fact that the criminals will target these devices with attack exploits, spyware,
and rogue applications.
And while IBM’s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past year.
The group also sees a number of other troubling mobile security trends. First, when software flaws do surface, many mobile phone makers do not rapidly deploy software patches to devices; malicious apps are often distributed through third-party app markets. Another troubling trend is that some mobile malware can collect end user’s personal information for use in phishing attacks.
An example of vulnerabilities that would make such attacks possible are the two recent Android security flaws that were reported to affect popular handsets including the AT&T Samsung Galaxy SII and various HTC devices.
The security find announced by security researcher Trevor Eckhart, called HTClogger (logging tools introduced by handset maker HTC) that could leak email account information, user location, phone numbers, and messaging logs.
Handset maker HTC said, in a statement, that it is working to quickly issue an update to its customers. “HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly,” the company said.