Apr 09
2014

The Heartbleed Bug

A critical vulnerability with OpenSSL, known as "The Heartbleed Bug" was recently announced that could potentially impact your server. You can learn more about it at http://heartbleed.com/.

Are you vulnerable?
If you are running certain versions of OpenSSL on your Linux server, you may be at risk.

How can you check?
Run the test available at http://filippo.io/Heartbleed/ — this will tell you whether or not your server is impacted.

What if your server is at risk?
  1. Update your server to the latest version of OpenSSL. We have instructions for you here.
  2. Restart all Apache services on your server.
  3. Rekey any SSL your server uses. This removes any future potential risk. We have instructions for rekeying certificates you purchased through us here.
  4. Ensure you’re using your SSL properly by using an SSL configuration tool (Qualys SSL Labs has one here) and a mail server configuration tool (we recommend CheckTLS.com).
How do you know you are safe?
Double-check your domain name at http://filippo.io/Heartbleed/ and make sure you get an "All good" response.

Please note, Heartbleed is a critical vulnerability. It has affected nearly two-thirds of the Internet and many large Internet companies have been working long hours to update their services to keep our customers and visitors safe.
Posted in Uncategorized | Leave a comment
Jan 24
2014

Microsoft’s secret battle against the Tor botnet

In August 2013, 4 million infected computers woke up and waited instructions from their master.

The pathogen was Sefnit, a nasty bit of malware that makes infected computers mine bitcoins. Once the computers woke up, they worked under the command of Ukranian and Israeli hackers named Scorpion and Dekadent. The malware communicated with the two by downloading Tor, the powerful anonymizing software, and talking over encrypted channels. It was the first time a botnet, as a collection of slave computers is called, used Tor in such a potentially powerful way.

By using an unconventional method to exploit Windows, the hackers unwittingly forced Microsoft to show a hand few knew it had: The ability to remotely remove progams en masse from people’s computers, without them even knowing it. Continue reading

Posted in Uncategorized | Leave a comment
Jan 19
2014

A disaster in the making: 95% of ATMs still run Windows XP

 

A disaster in the making: 95% of ATMs still run Windows XP
.

 

As we’ve mentioned multiple times, now is really the time to upgrade from Windows XP if you haven’t done so already. Even though Microsoft will extend support for its Windows XP security products through July 2015, the company has warned that “the effectiveness of antimalware solutions on out-of-support operating systems is limited.” Bloomberg Businessweek reports that some of the most important machines that desperately need to upgrade from Windows XP are ATMs, of which an estimated 95% still run on Microsoft’s older operating system.

There’s some good news and bad news about this. On the plus side, Bloomberg Businessweek says that the more advanced fleets of ATMs should be able to upgrade their machines to a newer version of Windows through their network. Older ATMs, however, will still have to have a new version of Windows installed one by one, which means that technicians will be making lots of trips to different convenience stores this spring to make sure upgrades are going as planned.

“My bank operates an ATM that looks like it must be 20 years old, and there’s no way that it can supportWindows 7,” Suzanne Cluckey, the editor of trade publication ATM Marketplace, tells Bloomberg Businessweek. “A lot of ATMs will have to either have their components upgraded or be discarded altogether and sold into the aftermarket—or just junked.”

Posted in InfoWarfare, Pentest | Leave a comment
Nov 19
2013

US NAVY: Hackers ‘Jumping The Air Gap’ Would ‘Disrupt The World Balance Of Power’

 

Navy Zumwalt

The next generation hackers may be taking to sound waves, and the Navy is understandably spooked. Speaking at last week’s Defense One conference, retired Capt. Mark Hagerott cited recent reports about sonic computer viruses as one way that hackers could “jump the air gap” and target systems that are not connected to the Internet.

“If you take a cybernetic view of what’s happening [in the Navy], right now our approach is unplug it or don’t use a thumb drive,” Hagerott said. But if hackers “are able to jump the air gap, we are talking about fleets coming to a stop.”

For a long time the thought was that an air gap (systems that are not connected to the Internet) rendered networks pretty much impenetrable.

Then the Stuxnet virus happened — an Iranian nuclear scientist with an infected thumb drive walked a virus through the air gap and unknowingly uploaded a destructive virus onto a network controlling nuclear centrifuges. This attack not only damaged Iran’s nuclear facilities, but it also signaled the dawn of kinetic cyber attacks (the kind that cause physical damage) and the revealed the vulnerability of air gaps.

It’s not just thumb drives though. Hagerott cited reporting by Arstechnica’s Dan Goodin on a virus that supposedly transmitted via high-frequency sound waves.

Goodin called the malware “the advanced persistent threat equivalent of a Bigfoot sighting.”

From Arstechnica:

[Security consultant Dragos] Ruiu said he arrived at the theory about badBIOS’s high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer.

The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine’s power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine.

Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

There are a few analysts out there who say this type of BIOS hack of a computer’s speakers is impossible, but nonetheless, the military applications of such a hack would be astonishing.

Exploiting and remotely shutting down a Navy ship’s software “gives you a nonlethal warfare capacity at sea,” Peter Singer, a Brookings Institution national security analyst, said in an interview after speaking at the Defense One Summit. Commanders could give an order like, “Don’t let this enemy fleet seize these island chains, but also don’t let it turn into a shooting war.”

Ships would find their targeting software exploited and shut down, possibly even hijacked.

“The ships are floating SCADA systems,” Hagerott said, making reference to the same highly vulnerable Supervisory Control And Data Acquisition networks that run utilities in America.

“If you could jump the air gap” on America’s Navy, largely the backbone of the U.S. military’s projection of power abroad, ”that would disrupt the world balance of power,” Hagerott said, adding that Navy might even have to go back to instrumentation used in the early 1900s as a response to the exploit.

Of course, the ships aren’t exactly sitting ducks. Singer said serious security consultants look at air gaps “like the balloons nuns use to keep students from touching each other at a dance,” implying that other safe guards are always employed as a safety.

No network is impenetrable, Singer said, and right now the focus should be on resiliency, a technical term which assumes that an attack will slip through, and puts emphasis on survivability.

Still, “I’m sure there are a lot of people in room somewhere thinking about this [type of sonic exploit]” Hagerott said.

 

Posted in Uncategorized | Leave a comment
Nov 13
2013

The American-made Stuxnet virus has infected the International Space Station

Last year, news broke that a virus sabotaged the Iranian uranium enrichment program. It seemed all too convenient at the time — and as it turned out, the virus, Stuxnet, was actually engineered by the United States and Israel. Now, the man-made virus has ventured into space, and made its way to the International Space Station.

The virus wasn’t planted there by a species of locust-like space aliens hell-bent on revenge for a defeat at the hands of humans during a certain day of historical importance. Instead, the virus has reportedly gone rogue — or at least become too big for its creators to control. Reports state that Stuxnet is hitting nuclear plants in countries for which the virus was not originally intended, and has somehow even made its way up to space. Eugene Kaspersky, famed head of IT security at Kaspersky Labs, states that a friend who works at a nuclear plant in Russia has informed him that the virus has managed to infect the plant’s internal network, which was not connected to the internet. Continue reading

Posted in InfoWarfare, Malware | Leave a comment
Nov 07
2013

The “BadBIOS” virus that jumps airgaps and takes over your firmware

The “BadBIOS” virus that jumps airgaps and takes over your firmware

What it does

Here are some of the claims that have been made about the BadBIOS virus:

It is said to infect the low-level system firmware of your computer, so it can’t be removed or disabled simply by rebooting.
It is said to include components that work at the operating system level, so it affects the high-level operation of your computer, too.
It is said to be multi-platform, affecting at least Windows, OS X, and OpenBSD systems.
It is said to prevent infected systems being booted from CD drives.
It is said to spread itself to new victim computers using Software Defined Radio (SDR) program code, even with all wireless hardware removed.
It is said to spread itself to new victim computers using the speakers on an infected device to talk to the microphone on an uninfected one.
It is said to infect simply by plugging in a USB key, with no other action required.
It is said to infect the firmware on USB sticks.
It is said to render USB sticks unusable if they aren’t ejected cleanly; these sticks work properly again if inserted into an infected computer.
It is said to use TTF (font) files, apparently in large numbers, as a vector when spreading.
It is said to block access to Russian websites that deal with reflashing software.
It is said to render any hardware used in researching the threat useless for further testing.
It is said to have first been seen more than three years ago on a Macbook.
By now, you may be thinking that this sounds more like a science fiction movie than real life.
Continue reading

Posted in Uncategorized | Leave a comment
Nov 05
2013

Microsoft warns flaw in Windows Vista, Server 2008, Office 2003-2010, and Lync exploited in targeted attacks

Microsoft is investigating a new remote code execution vulnerability in Windows Vista, Windows Server 2008, Office 2003, Office 2007, Office 2010, and all supported versions of Microsoft Lync that is currently being exploited. The company has issued a security advisory because it has confirmed reports that the flaw is being exploited as part of targeted attacks “largely in the Middle East and South Asia.”
The good news is that current versions of Windows (including Windows 7 and Windows 8) as well as Office (Microsoft Office 2013 and Office 365) are not affected by this issue. Furthermore, the exploit requires user interaction: the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment (although, Microsoft does say that attackers can create websites that take advantage of the security hole as well). Continue reading

Posted in Uncategorized | Leave a comment
Oct 26
2013

Anonymous Hacked Quebec Government Sites With a Fifth Grader’s Help

Middle school boys can be a handful. Tracking dirt into the house, crashing their bikes, helping Anonymous take down the local government’s websites. Wait, what?

Continue reading

Posted in Hackers, Website | Leave a comment
Oct 26
2013

Man arrested for biggest cyberattack in Internet history

MADRID –  A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyberattack in Internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said Sunday.

The suspect traveled in Spain using his van “as a mobile computing office, equipped with various antennas to scan frequencies,” an Interior Ministry statement said.

‘[He was using his van] as a mobile computing office, equipped with various antennas to scan frequencies.’

- Interior Ministry statement

 

Agents arrested him Thursday in the city of Granollers, 22 miles north of Barcelona, complying with a European arrest warrant issued by Dutch authorities. Continue reading

Posted in Hackers, Hacking | Leave a comment