The Linux Kernel Got Hacked

Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.

According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.

“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.

The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.

Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.

According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.

The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.

Read More…

Prank Website Offers $49 HP TouchPads

With technophiles still scrambling to get their hands on the remaining Hewlett-Packard’s $99 TouchPads, a $49 deal just seems too good to be true.

And, as the thousand or so people who tried to buy cheap TouchPads on an HP look-alike website Tuesday learned, one should think twice about seemingly unbelievable deals.

The prank site — registered Tuesday as Hewlett-packard.org.uk — looks legitimate. In fact, many of the links on the site go to real HP addresses.

But anyone who tries to purchase the $49 TouchPad gets Rickrolled. It’s a popular type of Internet prank where the victim clicks on a seemingly irresistible link — a $49 TouchPad, or a sneak copy of a Kim Kardashian wedding video — and ends up instead sitting through a YouTube clip of schmaltzy soul singer Rick Astley singing his 1987 hit, “Never Gonna Give You Up.”

Read More….

Spam Is At A Two-Year High

Spam – particularly the kind with malicious attachments – is enjoying a growth spurt, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.

In fact spam traffic is about double what it was then, according to M86 Security Labs, which analyzes spam levels across selected domains.

“After multiple recent botnet takedowns, cybercriminal groups remain resilient clearly looking to build their botnets and distribute more fake AV in the process,” the company says in its blog. “It seems spammers have returned from a holiday break and are enthusiastically back to work.”

This report coincides with a report yesterday from Internet security company Commtouch, which says a spike in email-attached malware has just ended, but that further waves are expected.

M86 says in its blog that most of the spam is generated by the Cutwail botnet, and malicious spam accounted for 13% of the mix over the past week, which is unusually high, but even that spiked to 24% yesterday.

Read More…

Does Linkedin Share User Data?

Linkedin has upset many of its 100 million users by opting them into a programme that reveals their personal details to advertisers without telling anyone about it.

Linkedin changed its privacy policy to allow it to display the names and pictures of users with ads. The system works by showing friends and colleagues who’ve followed a brand name, effectively making them an unwitting salesperson for that brand, since people are more likely to click such advertisements on the basis that it looks like someone they know is recommending them. In reality, the other person has no idea that their photo and name are being used to sell things.

It’s a clever approach to advertising, but an absolutely abyssmal approach to privacy, as Linkedin has decided to automatically opt-in all of its users without informing them of the change.

Users can opt out if they want, but the option is buried in the Settings page, a ploy similar to that used by Facebook to hide its privacy settings. The big problem here is that if users don’t know that their name and photo are being used in this way, then how can they opt out of it?

Linkedin could face legal trouble for this decision. Digital Trends reports it is likely that Linkedin broke Dutch privacy law, which requires user consent for employing user images with advertisements. It could also be brought up before the European Commission and the UK Information Commissioner’s Office (ICO).

Read More…

China Debuts Apple iPhone Knock-Off

The latest version of Apple Inc’s popular iPhone has already hit the Chinese market — the counterfeit market that is.

The ‘hiPhone 5′ is selling for as little as 200 yuan ($31) on China’s top e-commerce platform Taobao, which is owned by Alibaba Group.

But one has to pay around 800 yuan for a more “genuine” one, according to some store representatives at a mobile phone market in Shanghai.

“Look at this. It’s not the same as the 300-400 yuan ones,” Shanghai-based daily Metro Express quoted a clerk as saying, pointing to one originally priced at 850 yuan.

The ‘hiPhone 5′ is based on leaked images of the yet-to-be-launched iPhone 5 and is thinner and with less rounded edges than the existing iPhone 4, according to the newspaper. However, it is extremely light, almost like a plastic toy, like most pirated mobile phones, it said.

Read More…

India Wants To Monitor Twitter & Facebook

India’s Communications Ministry has received a request from the Home Ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to organize attacks.

The request suggests that the Indian government is trying to expand the scope of its online surveillance for national security purposes.

Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook and Twitter, in accordance with their license agreements, Milind Deora, the minister of state for communications and IT, told Parliament, according to the country’s Press Information Bureau.

But there are certain communications which are encrypted, Deora said Friday.

The government did not provide details of what encrypted data they would like to have access to. A spokesman for the home ministry said on Monday that additional
information can only be provided in Parliament while it is in session.

Under new rules to the country’s IT Act that came into force earlier this year, websites and service providers are required to provide government security agencies with information on private accounts, including passwords, on request without a court order.

Most companies, however, are not willing to share information with law enforcement agencies unless they have a court order.

Twitter states in its guidelines for law enforcement that “non-public information about Twitter users is not released unless we have received a subpoena, court order, or other valid legal process document.”

Read More…

Accused Hacker Out On Bail In England

The accused ‘Topiary’, whose name is Jake Davis, was charged on Sunday and bailed by the courts yesterday. He was charged with five offences: Unauthorised access to a computer system, Encouraging or assisting offences, Conspiracy with others to carry out a Distributed Denial of Service Attack on the website of the Serious and Organised Crime Agency, Conspiracy to commit offences of Section 3 Computer Misuse Act 1990, and Conspiracy with others to commit offences of Section 3 Computer Misuse Act 1990 contrary to Section 1 of the Criminal Law Act 1977.

According to a report at the Guardian, his bail conditions are that Davis must wear an electronic tag, not access the internet, and not leave his house between 10pm and 7am.

Davis, who appeared outside court wearing sunglasses and holding a copy of “Free Radicals: The Secret Anarchy of Science” by Micheal Brooks and who allegedly authored the Rupert Murdoch is dead story that appeared on the hacked web site of the Sun newspaper, has already gained support on the internet in general and especially on Twitter.

Read More…

Google Rewrites Web Pages For Speed

Google has created a hosted service that analyzes Web pages, rewrites their code to make them perform better and serves them up from Google servers.

To use the Page Speed Service, Web publishers must sign up and point their site’s DNS entry to Google. The service grabs the site’s content, optimizes it for speed and delivers the pages to end users.

Visitors will continue to access a site in the same way as before but could see speed enhancements of 25% to 60%, according to Google.

The service is currently being offered free to a limited number of hand-selected webmasters. Google will announce pricing and other details later. Webmasters can sign up to receive information.

Read More…

SpyEye Poses Risk To Banking Defenses

Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.

SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.

In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.

SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.

Read More…..

More Citigroup Accounts Compromised Than Stated

Citigroup was apparently hit harder by a cyber-attack in May than what was originally reported; which is now 360,000 of its customers. Unfortunately, this number is double the number that Citigroup initially stated.

Citigroup is one of the biggest banks in the US and ranks number 3 overall. The breach occurred on May 10^th and was confirmed by Citigroup on June 8th^th. That said, around 360,080 North American Citigroup credit card accounts were impacted by the breach, Citigroup stated; which is around 1 per cent of their North American card customer’s base.

Read More….

« Previous Page — Next Page »