Saturday, 18 May 2013

Apple iOS gets clearance for US military use alongside Android and BlackBerry

Samsung Galaxy S4 vs iPhone 5
Apple's iOS platform has been cleared for use by the US military as an approved mobile platform.
The US Defense Information Systems Agency (DISA) has declared the iOS platform to be suitably secure for use in field applications. The Apple platform passed the requirements for the Security Technical Implementation Guide (STIG), which outlines policies for the secure management of mobile handsets.
By complying with the guide, Apple now finds itself able to sell the iPhone, iPad and iPod Touch lines to the US Department of Defense, potentially granting the company access to lucrative US government contracts.
The DISA noted that the iOS platform was able to meet specific guidelines around the remote management of devices, including handsets and tablets which could be lost or stolen.
“All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks,” said Mark Orndorff, information assurance executive and program executive officer for mission assurance and network operations at DISA.
“DISA is running a pilot program today where we bring this all together.”
The agency noted that Apple is not the only company to have met its security standards. The BlackBerry platform and Samsung's Knox platform also meet the STIG requirements and are cleared for defense use.
Apple's approval could, however, pose a threat to BlackBerry's stranglehold on the Department of Defense mobile market. Renowned for its security features, the BlackBerry platform currently runs on some 470,000 devices according to a Department of Defense pilot study, Apple supplies just 41,000 and Android powers some 8,700 devices.

Financial Times latest victim of Syrian Electronic Army

Security threats - password theft
The Financial Times (FT) has become the latest high profile news outlet to be compromised by hackers affiliated with the Syrian Electronic Army.
The hacktivist group briefly seized control of both website and Twitter accounts from the FT on Friday, posting message to site and various Twitter feeds announcing the presence of the pro-Syrian hacking group.
The pages were soon cleaned and restored, though not before multiple news outlets and security researchers were able to document the compromise. By mid-afternoon BST the FT acknowledged the hack and confirmed that it was working to secure its accounts.
The hack adds the FT to a growing list of news outlets which have fallen victim to the Syrian Electronic Army. The pro-government group has previously laid claims to attacks on The Associated Press, NPR and The Onion. In each case, accounts were compromised when employees fell for a phishing attack which harvested account credentials.
Security experts have pointed out that media accounts are particularly vulnerable to such attacks because multiple users must share access to an account and use a common password. Sophos technology consultant Graham Cluley called on Twitter to implement better security controls, including two-factor authentication and author access controls, to help prevent such attacks.
“Twitter's approach inevitably leads to media agencies, who are pressured to tweet breaking stories around the clock, to share Twitter passwords with many staff worldwide - and hold their breath that none of them get hacked or have their credentials phished,” Cluley said.
“It would be great if Twitter could introduce two factor authentication. It would be great if Twitter could introduce a way for firms to give different staffers separate logins for the same account.”

Yahoo Japan suspects 22m IDs stolen

Yahoo Japan Corp. has said it suspects up to 22 million user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Yahoo! Japan portal.
We don't know if the file (of 22 million user IDs) was leaked or not, but we can't deny the possibility given the volume of traffic between our server and external" terminals, the company said in a statement late Friday.
The information did not include passwords and the kind of data necessary to verify a user's identity or reset passwords, it said, adding that the company had updated its security measures to prevent a repeat of the incident.
Yahoo Japan is 35.5 percent held by Japan's mobile phone operator SoftBank, and 34.7 percent held by US Internet giant Yahoo! Inc.
Its popular portal Yahoo! Japan holds the top search engine position in Japan with a more than 50 percent market share, compared with around 40 percent for rival Google.
In 2011, Sony said information such as usernames, passwords and birth dates of more than 100 million people may have been compromised after hackers struck the PlayStation Network and Sony Online Entertainment services.
Japan acknowledges that its preventative measures against cyberattacks remain underdeveloped, with the national police agency having announced this month it would launch a team to analyse and combat cyberattacks.
Japan Aerospace Exploration Agency said last month that information related to the International Space Station may have been leaked during an unauthorised attempt to access its system.

Pakistan hit hard by targeted cyber attack out of India

A new campaign by a family of information-stealing malware, which appears to originate out ofIndia, has been hittingPakistanhard over the last few months, according to American researchers.
Citing researchers at Eset, Dark Reading, a comprehensive news and information portal that focuses on IT security, said unlike other known cyber-espionage campaigns, this one appears oddly rudimentary in that it uses publicly available tools and basic obfuscation methods, and doesn’t encrypt its command-and-control communications.
“String obfuscation using simple rotation (a shift cipher), no cryptography used in network communication, persistence achieved through the startup menu and use of existing, publicly-available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks, wrote Jean-Ian Boutin, a malware researcher with Eset.
“On the other hand, maybe they see no need to implement stealthier techniques because the simple ways still work.”
The malware campaign is at least two years old and is spread via phishing emails with rigged Word and PDF files, according to Eset. It steals sensitive information via keyloggers, screenshots, and uploading stolen documents, unencrypted.
“The decision not to use encryption is puzzling considering that adding basic encryption would be easy and provide additional stealth to the operation,” Boutin says.
The attack uses a code-signing certificate issued in 2011 to aNew Delhi, India-based Technical and Commercial Consulting Pvt. Ltd., and is designed to ensure the malware binaries could spread within the victim organisation.
The certificate had been revoked in late March 2012, but was still in use, Dark Reading said. Eset contacted VeriSign, which revoked the cert. Eset found more than 70 binary files signed with the malicious certificate.
Among the attachments was one that appears to be about Indian military secrets, according to Dark Reading. “We do not have precise information as to which individuals or organizations were really specifically targeted by these files, but based on our investigations, it is our assumption that people and institutions in Pakistan were targeted,” Boutin says.
Nearly 80 per cent of the infections are in Pakistan, according to Eset. One version of the attack exploits a known and patched Microsoft Office flaw, CVE-2012-0158. The malware executes once the victim opens a malicious Word attachment; the other method used in the attack uses PE files that appear to be Word or PDF attachments.
The attackers used NirSoft’s WebPassView and Mail PassView tools for recovering passwords in email clients and browser stores; the tools were signed by the malicious cert.