Email
security has become part of the job description for every employee. All
it takes is one employee to cause a breach that opens up the entire
company. For example, consider The New York Times: the recent
breach by Chinese hackers was done via a phishing or spear phishing
email. All that was necessary was that one email to be opened, and The
New York Times network was accessible to the hackers. And once an
attacker is behind the firewall, then the hacker can do anything.
Without
proper training, it is easy for an employee to accidentally open and
launch a window for a hacker. It is the duty of every personnel
department to train new employees as to what to look for when receiving
email messages. This information should be included in employee manuals
and should also be posted on lunch room walls as reminders. With the
volume of emails we all receive on a daily basis, it is very easy to
forget that one of the emails could be a “Bomb” that could cause a
breach. And a network breach can lead to data loss, loss of reputation,
and denial of services for your employees and clients.
There are two types of phishing email messages: phishing and spear
phishing. Phishing is a generic type of email that is sent to everyone
in a company with the hope that someone will open the email and click on
a link or open an attachment. There are no names attached to it, the
subject line is generic, and the TO: line usually says
recipients_not_disclosed. That’s a dead giveaway! Finally, the FROM line
does not conform to corporate email standards.
The second form of phishing is called spear phishing. This type of email
is more insidious. Someone or some organization has taken the time to
find information about a specific employee and personalize an email
message to make it look like it has been sent to that person from
someone he or she knows. As a result, the email looks legitimate. This
email is designed through a few methods. The attacker scours Facebook,
LinkedIn, Twitter, and possibly financial information sites, such as,
Hoovers. The hacker may make calls to a company’s receptionist to find
other pertinent information regarding the email recipient, possibly
email address and/or phone number. In bigger companies, they may even
call the IT department and claim that they are the person of interest
and forgot their email password and ask for it to be reset. Hopefully,
there are policies in place with the IT department that make it
impossible for someone to change a password without multifactor
authentication (multiple types of ID must be given before the password
can be changed – this is an issue for another post). Spear phishing
emails are usually sent to management-level employees since they tend to
have more network privileges.
Once again, even with spear phishing, the questions one must ask
include: Are you expecting an email from this person and do you even
know him or her? Is there a link in the body of the email? If yes, do
not click on it. If you really must know what the link is, send it to
the IT department or your security team and let them confirm if it is
legitimate. Due to the speed of business these days, it may be difficult
to remember what to look for, but it’s also difficult to recover from a
breach. It can happen to anyone, don’t let it be you for your company’s
sake.
Host computers should all have a good virus scanner to scan inbound
emails and attachments. After that, here are some things to look for
when determining if you’re looking at a phishing email. Does the email
address in the FROM: line correspond to the corporate email layout? This
may mean: last name first, or first name last. When a message is sent
to you, are you expecting an email from that person or is the email
coming from someone you don’t know? Look at the subject line of the
email: Are there any misspellings in the subject line, and does it make
sense?
Make it a policy to never click on live links within an email message. A
live link (one that is colored and underlined) could look like a
legitimate link but the actual link may send you somewhere else. If you
really must know what the link is, copy and paste it into the notepad
program.
Sometimes
emails arrive in your inbox under the guise of legitimacy. They appear
to come from somewhere within your organization, but they’re not. An
email arrives and asks to change your security credentials – but don’t
be fooled. First of all, there should be a general announcement
regarding this topic distributed company-wide to all users. It will be
sent out by one person, not from “The Security Team.” Be aware of that.
Emails regarding this sensitive issue must be sent by individuals, not
groups, and an email sent by an internal employee will adhere to
corporate email structure, fakes do not.
Many breaches come from an email that looks legitimate from an internal
employee. So, look at the signature line at the bottom of the email. If
it isn’t the standard signature line that your company uses for all
emails, it’s probably suspect. I realize that checking an email to be
sure that it’s real can be time-consuming, but the more you look for
errors, the better you become at spotting them.
The larger a company is, the harder it is to remind employees about
staying vigilant. But in the long run, what’s worse: reminders or
hackers? You do the math.
Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Thursday, 28 March 2013
New malware targeting point-of-sale (POS) systems and ATMs
A new malware targeting point-of-sale (POS) systems and ATMs
has stolen payment card information from several US banks, researchers
say. The author behind the malware appears to have links to a Russian
cyber-crime gang. The malware scans the memory of point-of-sale systems and ATMs looking
for credit card data, researchers from Russia-based security company Group-IB told SecurityWeek.
The researchers believe the malware has already been used to steal data
from credit and debit cards issued by major US banks, including Chase,
Capital One, Citibank, and Union Bank of California.
Bluetooth Security
Many of us use and love Bluetooth technology. You can use it to send a
document from your laptop to a printer in another room via a radio
frequency. It’s easy to set up and convenient to use.
But you might want to think twice about what you use it for because that easy connection for you can also be an easy connection for a cybercreep.
THE RISKS:
1. You may be shouting out your information via your voice.
2. What makes Bluetooth easy to work for you, can make it open to someone to eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk around with the Bluetooth enabled on their smartphone when they don’t use it which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting that your phone is on & available for other to Bluetooth to it!
HOW THEY DO IT:
A hacker can run a program on the computer that scans for Bluetooth connections. When they find one, bingo, they connect and they are in.
WHAT THEY TYPICALLY STEAL:
What do they take? Typically things like your address book, possibly your calendar, photos, using your phone to make long distance calls, or they may turn your phone into an impromptu speaker and listen to your conversations.
Three TIPS TO PROTECT YOURSELF:
1. Turn your Bluetooth to “off” on devices such as your phone when not using the Bluetooth feature.
2. You can also look at your manufacturer settings to see if there is a “hidden” or “private” mode.
3. Refrain from sensitive and personal conversations using the Bluetooth device.
But you might want to think twice about what you use it for because that easy connection for you can also be an easy connection for a cybercreep.
THE RISKS:
1. You may be shouting out your information via your voice.
2. What makes Bluetooth easy to work for you, can make it open to someone to eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk around with the Bluetooth enabled on their smartphone when they don’t use it which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting that your phone is on & available for other to Bluetooth to it!
HOW THEY DO IT:
A hacker can run a program on the computer that scans for Bluetooth connections. When they find one, bingo, they connect and they are in.
WHAT THEY TYPICALLY STEAL:
What do they take? Typically things like your address book, possibly your calendar, photos, using your phone to make long distance calls, or they may turn your phone into an impromptu speaker and listen to your conversations.
Three TIPS TO PROTECT YOURSELF:
1. Turn your Bluetooth to “off” on devices such as your phone when not using the Bluetooth feature.
2. You can also look at your manufacturer settings to see if there is a “hidden” or “private” mode.
3. Refrain from sensitive and personal conversations using the Bluetooth device.
Internet slows down after DNS attack on Spamhaus
Hundreds of thousands of Britons are unsuspecting participants in one of the internet's biggest cyber-attacks ever – because their broadband router has been subverted.
Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.
A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.
"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.
Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.
Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.
In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.
"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.
Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.
Some of those requests will have been coming from UK users without their knowledge, If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."
Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.
"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."
Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.
A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.
"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.
Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.
Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.
In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.
"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.
Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.
Some of those requests will have been coming from UK users without their knowledge, If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."
Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.
"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."
Wednesday, 27 March 2013
How cars security are exploited and counter measures
THE HACK: A car’s telematics system, which can notify police in the event of a crash, remotely disable a stolen vehicle, and offer diagnostic information to customers, can also interface with multiple vehicle systems. Therefore, after gaining access to the telematics system, it’s possible to control the systems connected to the CAN bus. A hacker could, for example, disable a car’s ignition the same way an anti-theft system would.
THE DEFENSE: To demonstrate this kind of hack, researchers had to master and reverse-engineer an entire telematics system. Still, forward-looking automakers are already beefing up the security of external communications and in-car networks. OnStar, for example, has a “white list” of approved computers that are allowed to connect with cars.
MP3 MALWARE
THE HACK: Naughty boy. You downloaded your Odd Future tunes from an unauthorized file-sharing service. Little did you know that version of Goblin contains code that battles its way to your car’s CAN bus and disables your brakes.
THE DEFENSE: As infotainment systems gain functionality, carmakers are shielding them from more vital components without jeopardizing vehicle integration. “We harden all our safety-critical systems,” says OnStar’s security chief Gassenfeit. GM’s newer cars, such as the 2011 Chevy Volt, verify any data sent between two systems the same way online retailers process credit cards.
UNAUTHORIZED APPS
THE HACK: Just as smartphone manufacturers have app stores in which thousands of programs developed by third-party companies are available for download, carmakers are expanding their infotainment offerings through downloadable software. If a rogue app contains malware or a virus, however, it can infect your car without your knowledge.
THE DEFENSE: Carmakers are very strict in selecting which apps make it onto their systems. Ford’s MyFord Touch and Toyota’s Entune allow only a handful of preapproved programs, while GM’s MyLink goes so far as to route all software through remote servers so that users won’t inadvertently install infected apps on their cars.
OBD-II
THE HACK: The researchers at CAESS wrote a program that searched for and exploited vulnerable communications points where vehicle systems interface. They installed that program onto the car’s CAN bus through the OBD-II port. Once on the network, the program could control every system from the windshield wipers to the brakes. This is the most direct way to hack a car, as it sends code directly to the CAN bus.
THE DEFENSE: Until recently, most of the data sent among vehicle systems had not been encrypted, leaving cars wide open for enterprising hackers. Now, carmakers are starting to adopt routine security protocols from the information-technology field, such as protecting files with digital signatures. “What’s pretty much standard IT is now being applied to the automotive sector,” says Gassenfeit.
DOOR LOCKS
THE HACK: In most modern cars, the power-locking mechanism is connected to other vehicle systems so that doors can lock automatically when a car is put into drive and unlock if the airbags have been deployed or the keys are locked inside. That interconnectivity, theoretically, means that the locking mechanism can be breached to access other systems. If accelerating can engage a car’s power locks, a skilled hacker could use the power locks to force that car to accelerate.
THE DEFENSE: Infotainment and onboard diagnostic systems are still linked by a physical connection to the module that controls functions such as steering and braking, but on some systems, such as Ford’s, that connection goes only one way. “The only thing we allow is for the real-time module to send messages in one direction,” says Ford’s Strader.
KEY FOB
THE HACK: It sounds like one of those warnings that shows up in chain e-mails every few months, except it’s true. A wireless key fob is supposed to unlock and/or start the car only when the person holding the key-fob is directly next to the vehicle or already sitting inside. However, Swiss researchers have found a way to intercept and extend the signal up to 30 feet with parts that cost less than $100. The setup doesn’t replicate the signal—it just extends its range so the car thinks the key fob is closer than it actually is.
THE DEFENSE: There’s not much a car manufacturer can do here. These hackers haven’t broken the key fobs’ encryption in any way—they’ve just extended its range with a radio repeater. So keep an eye out for anyone loitering in a parking lot and holding a homemade antenna.
Remote attacks to hack and set cars to self-destruct?
Let’s say you’re driving and otherwise minding your own business, when like a scene out of Mission Impossible, a malicious hacker launches a “Self Destruct” attack on your vehicle. It could happen according to the Center for Automotive Embedded Systems Security. “It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.” McAfee executive Bruce Snell told Reuters, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary." Conversely, in regard to how vulnerable vehicles are to high tech hack attacks, John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said "You can definitely kill people."
The headlights go off; you’re touching the steering wheel but the car is instead responding to the steering of an unseen attacker, the brakes don’t respond no matter how hard you stomp on them because someone 1,000 miles away has remote control of your vehicle. It might seem like your car is haunted if it suddenly responded to nothing you did and everything an outside attacker did, but it’s not a job for Ghostbusters. So who you gonna call? How about Barnaby Jack! He’s made ATMs spit out cash like a person hit the big-time jackpot and showed the public just how easily medical devices can be remotely hacked in a public space from 300 feet away from the victim.
Although some news stories make it sound like McAfee Security Researcher Barnaby Jack just joined the hacking team to attack embedded devices and protect vehicles from viruses, Jack is a member of the McAfee TRACE (Threat Research and Central Intelligence Experts) team who specialize in embedded device security. Jack is part of the TRACE team investigating how to protect embedded systems, hardware and devices from next-generation hacking attacks. That research includes finding and fixing vulnerabilities such as those in medical devices and car systems. As we read about the endless attack vectors in the computer with four wheels in which we sit inside and drive at high speeds, it makes us feel a bit better to know Jack is on the job.
McAfee Labs is not the only security firm predicting [PDF] embedded hardware is "the promise land for sophisticated hackers." SANS Technology Institute reported on 2012 - 2013 security predictions, including malware that morphs into scareware and attacks embedded systems in your vehicle. Possible scenarios included being locked out or locked inside until you pay a ransom via your smartphone. Electronic control units (ECUs) connect to one another and to the Internet, “making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.” These ECU interconnected systems, ranging from the engine, brakes, navigation, lighting, ventilation, music and entertainment systems, and even Bluetooth headsets in cars, are vulnerable to remote attacks.
While some concerns are more privacy-centered, like your car’s black box is spying on you and may be used against you in court and the Nissan Leaf secretly leaking your location and speed to websites, other research, like war texting to steal a car or hacking to pwn a cop car, focuses more on security. SNOsoft Research exposed the level of risk associated with cars built after 2007 when it delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Another example was when Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego, created a virus to infect dealership diagnostic tools and pass the infection on to any car connected to it afterwards. Then his team, via the Internet, could “download just about any functionality we wanted -- disable the car, listen to conversations in the car, turn on the brakes, etc."
"Basically anything under computer control in a car is vulnerable to malicious attack," reported computer scientist Stephen Checkoway. “This includes the brakes, engine, lights, radio, wipers and electronic display. If a computer controls it, it can be controlled by an attacker.” Checkoway warned, that malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers."
Even doctored CDs inserted into players could be used as a vehicle attack vector [PDF]. Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington, explained that hackers could “deliver malicious input by encoding it into a CD or a song file, which may ‘live’ on an iPod or other MP3 player, or by installing software that attacks the car's media system when it connects to the Internet.” Roesner added, “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio."
Other car hacking and remote access warnings included that attackers could exploit computerized car components for sabotage, espionage, GPS tracking and overriding theft detection/prevention systems. Recently high tech car thieves stole a BMW in three minutes by using the on-board diagnostics (OBD) port to reprogram a blank key fob from outside the vehicle, used the cloned “key” to unlock and then make off with the BMW.
You probably don’t need to worry overmuch about this right now, but the fact that all these action/adventure or sci fi movie-type car hacks are possible is pretty alarming and sickeningly fascinating. At best, such an attack would freak us out; at worst, it could possibly crash and kill us.
The headlights go off; you’re touching the steering wheel but the car is instead responding to the steering of an unseen attacker, the brakes don’t respond no matter how hard you stomp on them because someone 1,000 miles away has remote control of your vehicle. It might seem like your car is haunted if it suddenly responded to nothing you did and everything an outside attacker did, but it’s not a job for Ghostbusters. So who you gonna call? How about Barnaby Jack! He’s made ATMs spit out cash like a person hit the big-time jackpot and showed the public just how easily medical devices can be remotely hacked in a public space from 300 feet away from the victim.
Although some news stories make it sound like McAfee Security Researcher Barnaby Jack just joined the hacking team to attack embedded devices and protect vehicles from viruses, Jack is a member of the McAfee TRACE (Threat Research and Central Intelligence Experts) team who specialize in embedded device security. Jack is part of the TRACE team investigating how to protect embedded systems, hardware and devices from next-generation hacking attacks. That research includes finding and fixing vulnerabilities such as those in medical devices and car systems. As we read about the endless attack vectors in the computer with four wheels in which we sit inside and drive at high speeds, it makes us feel a bit better to know Jack is on the job.
McAfee Labs is not the only security firm predicting [PDF] embedded hardware is "the promise land for sophisticated hackers." SANS Technology Institute reported on 2012 - 2013 security predictions, including malware that morphs into scareware and attacks embedded systems in your vehicle. Possible scenarios included being locked out or locked inside until you pay a ransom via your smartphone. Electronic control units (ECUs) connect to one another and to the Internet, “making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.” These ECU interconnected systems, ranging from the engine, brakes, navigation, lighting, ventilation, music and entertainment systems, and even Bluetooth headsets in cars, are vulnerable to remote attacks.
While some concerns are more privacy-centered, like your car’s black box is spying on you and may be used against you in court and the Nissan Leaf secretly leaking your location and speed to websites, other research, like war texting to steal a car or hacking to pwn a cop car, focuses more on security. SNOsoft Research exposed the level of risk associated with cars built after 2007 when it delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Another example was when Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego, created a virus to infect dealership diagnostic tools and pass the infection on to any car connected to it afterwards. Then his team, via the Internet, could “download just about any functionality we wanted -- disable the car, listen to conversations in the car, turn on the brakes, etc."
"Basically anything under computer control in a car is vulnerable to malicious attack," reported computer scientist Stephen Checkoway. “This includes the brakes, engine, lights, radio, wipers and electronic display. If a computer controls it, it can be controlled by an attacker.” Checkoway warned, that malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers."
Even doctored CDs inserted into players could be used as a vehicle attack vector [PDF]. Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington, explained that hackers could “deliver malicious input by encoding it into a CD or a song file, which may ‘live’ on an iPod or other MP3 player, or by installing software that attacks the car's media system when it connects to the Internet.” Roesner added, “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio."
Other car hacking and remote access warnings included that attackers could exploit computerized car components for sabotage, espionage, GPS tracking and overriding theft detection/prevention systems. Recently high tech car thieves stole a BMW in three minutes by using the on-board diagnostics (OBD) port to reprogram a blank key fob from outside the vehicle, used the cloned “key” to unlock and then make off with the BMW.
You probably don’t need to worry overmuch about this right now, but the fact that all these action/adventure or sci fi movie-type car hacks are possible is pretty alarming and sickeningly fascinating. At best, such an attack would freak us out; at worst, it could possibly crash and kill us.
cars and hack attacks
Hacking a car, once the stuff of spy novels and science fiction, is fast becoming a serious threat, forcing the industry to consider how to protect vehicles against cyber attacks.
“Cars are becoming connected devices,” said Ralf Lamberti, head of telematics and infotainment at Daimler. “[We’re] protecting vehicles with state of the art [equipment] to ensure attacks don’t happen.”
The modern car is, in essence, a sophisticated mobile computer, with software and electronics accounting for as much as 50 per cent of its value. Vehicles are fitted with long lengths of cable, several hundred megabytes of software and multiple computer networks.
Carmakers have also responded to demand from consumers for constant connectivity by installing wi-fi hotspots and cellular and Bluetooth connections. Each new connection and electronic device adds a potential target or means for a hacker to attack.
“The risk of car hacking today is still rather low since today’s car IT systems are still very heterogeneous, which requires costly, individual attacks,” said Marko Wolf at Escrypt, a security consultancy which helps customers in the automotive industry. “However, various successful proof-of-concept attacks have shown that risks for data security and privacy are real and they will increase with the increasing external connectivity of modern cars”.
In one scenario, tested by researchers at the University of California San Diego and the University of Washington, a car drives down a disused airport runway at 40mph. Behind it, a cyber attacker in a chase vehicle unleashes a digital payload from his laptop. Suddenly the electronic braking system of the car in front is disabled, leaving the helpless and frightened driver unable to stop.
“All major carmakers are aware of the necessity for protecting cars against security issues,” Mr Wolf said. “Most carmakers already have implemented various security protection solutions and have dedicated security divisions.”
Ford engineers try to ensure that the company’s Sync communications and entertainment system is as resistant to attack as possible. “We use a “threat-modelling” methodology to review potential attack vectors and security issues, and then have designed controls to address those items,” a company spokesman said. “Our hardware has a built-in firewall and separates the vehicle control systems network from the infotainment network and functions.”
Jack Pokrzywa at SAE International, a standard-setting organisation for the automotive industry, said the increasing use of electronics in vehicles “presents a challenge to the industry like never before”.
SAE has formed a committee to develop standards for electrical systems security which includes representatives of carmakers, suppliers, semiconductor manufacturers, and security and consulting firms. It aims to identify scenarios for possible cyber attacks on vehicles and outline strategies and techniques to prevent these security breaches..
Apple ID accounts reportedly vulnerable to password reset hack
Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino's system was discovered and first reported by The Verge. Turns out you can reset any Apple ID password with nothing more than a person's email address and date of birth -- two pieces of information that are pretty easy to come across.
There's a little more to the hack, but it's simple enough that even your non-tech savvy aunt or uncle could do it. After entering the target email address in the password reset form you can then select to answer security questions to validate your identity. The first task will be to enter a date of birth. If you enter that correctly then paste a particular URL into the address bar (which we will not be publishing for obvious reasons), press enter, then -- voilà -- instant password reset! Or, at least that's the story. While we were attempting to verify these claims Apple took down the password reset page for "maintenance." Though we've received no official confirmation from Apple, it seems the company is moving swiftly to shut down this particularly troublesome workaround before word of it spreads too far.
Update: We've heard back from Apple on the matter, which stated, "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix." No real surprises that a fix is in the works, but there you have it from the horse's mouth.
Update 2: The forgotten password page is back as of last Friday evening -- that was (relatively) quick. iMore reports (and we've verified ourselves) that the security hole is now closed
5 CyberCriminals arrested for stealing 2 million Euros via e-banking hacks
Slovenian Police performed 12 house searches and arrested five cyber criminals who are believed to be responsible for the malware attacks that steals money from companies bank accounts.
It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks. The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.
The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.
"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.
The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft. According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.
It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks. The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.
The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.
"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.
The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft. According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.
Monday, 25 March 2013
Emma Stone hacked
Emma Stone , an American actress has revealed that hackers have hijacked her twitter account and posted a series of tweets. Fans of Emma were worried when a tweet was made from her account, an anagram for "Andrew and Shailene sitting in a tree", which appeared to claim her boyfriend Andrew Garfield was cheating on her with their Amazing Spider-Man 2 co-star Shailene Woodley - according to the CASTANET report.
"I have never tweeted, my friend. I've tweeted one time to Seth MacFarlane. I said, 'Me too, oh boy' In an interview for On Air With Ryan Seacrest, she explained.
She is not able to access her account because the hackers changed her email id and password, but since the incident, she and her team are trying to delete her twitter account.
Emma also revealed it was only when the tweet about Shailene and Andrew made headlines that she found out she had been hacked.
"That was the first one I heard. And then I heard there was a rich history of other things I've tweeted and deleted, and I didn't know about any of this happening because I don't go on Twitter." Emma said.
To Clear some doubts about the Forum --- Please read this
The Cyberinfocts Ethcial Hackers Forum invitation was sent out to give everyone the opportunity to be part of the growth. Just a chance to learn new things and protect yourself from hack attacks. Culture of ethical hackers is give back to the community ... Johnny Long, Mark Zuckerberg and many more good ones. I believe this is my little contribution to my community, may not create a platform large as facebook, may not be able to feed thousands of poor African children a day. But helping those stocked in some issues with their PC , Networks, Gadgets, Database and provide adequate solutions that is my contribution to my community.
There have been positive response from those that attended the previous meet. My goal is to enhance our approach to information security, most people are victim of hack attacks cause of ignorance. When bad guys are out there sleepless nights learning new tricks on exploiting victims and you are out there as a certified Information Security Professional after u bag the certificate doing nothing remember the exploit of today may not likely work tomorrow. Hackers are coming out with new tools exploit and how can you protect your company infrastructure from latest hack attacks. Three hours a month is not too much in just a month, where latest tools, updates will be shared.... In the community everyone is a learner.... Note that an hacker doesn't have to come to Nigeria before he can hack, the latest hack attack is to Nigerian Government website, those people i doubt if they ever visited Nigeria before but they performed their exploit.
The forum is not to promote crime, but to enhance security, well the community is like the mother community NULL india a community of information Security professionals where information Security professional meet to discuss security as a whole.
Someone ask, why do we have to come with our laptop?
Is not compulsory to come with the laptop, will be more fun and interactive when you come with your devices.
Well the group is not only for IT security professionals cause what are we actually securing was developed by developers, network are managed by network admins, application Developers Network admins are also welcome , web admins, IT auditors, Forensics Investigators, Malware analysts, so also physical security professionals.
Note: Not all things are taught in class, a platform like this is another way to learn, i learnt new things from the last Forum. Am looking forward to the next one. Hope to see you all there.
Thanks.
There have been positive response from those that attended the previous meet. My goal is to enhance our approach to information security, most people are victim of hack attacks cause of ignorance. When bad guys are out there sleepless nights learning new tricks on exploiting victims and you are out there as a certified Information Security Professional after u bag the certificate doing nothing remember the exploit of today may not likely work tomorrow. Hackers are coming out with new tools exploit and how can you protect your company infrastructure from latest hack attacks. Three hours a month is not too much in just a month, where latest tools, updates will be shared.... In the community everyone is a learner.... Note that an hacker doesn't have to come to Nigeria before he can hack, the latest hack attack is to Nigerian Government website, those people i doubt if they ever visited Nigeria before but they performed their exploit.
The forum is not to promote crime, but to enhance security, well the community is like the mother community NULL india a community of information Security professionals where information Security professional meet to discuss security as a whole.
Someone ask, why do we have to come with our laptop?
Is not compulsory to come with the laptop, will be more fun and interactive when you come with your devices.
Well the group is not only for IT security professionals cause what are we actually securing was developed by developers, network are managed by network admins, application Developers Network admins are also welcome , web admins, IT auditors, Forensics Investigators, Malware analysts, so also physical security professionals.
Note: Not all things are taught in class, a platform like this is another way to learn, i learnt new things from the last Forum. Am looking forward to the next one. Hope to see you all there.
Thanks.
Friday, 22 March 2013
Nigerian Government websites hacked !!!
2013/03/16 | Pakhtun72 | H | M | R | narict.gov.ng | Linux | mirror | |||||
2013/03/15 | Dz-Boy Marwane | H | M | nationalplanning.gov.ng | Linux | mirror | ||||||
2013/03/15 | Dz-Boy Marwane | H | www.nmcp.gov.ng | Linux | mirror |
Hacking attack on South Korea traced to Chinese address, officials say
Seoul, South Korea (CNN) -- The suspected
cyberattack targeting South Korean banks and broadcasters originated
from an IP address in China, South Korean regulators said Thursday,
heightening suspicions of North Korean involvement.
The attack Wednesday
damaged 32,000 computers and servers at media and financial companies,
South Korea's Communications Commission said.
It infected banks' and
broadcasters' computer networks with a malicious program, or malware,
that slowed or shut down systems, officials and the semiofficial Yonhap
News Agency said.
Suspicion immediately
fell on North Korea, which has recently renewed threats to go to war
with the South amid rising tensions over Pyongyang's nuclear weapons,
and missile testing and international efforts to stop them.
Some past cyberattacks on
South Korean organizations that officials linked to North Korea were
traced to IP addresses in China. An IP address is the number that
identifies a network or device on the Internet.
Experiencing a potential cyberattack
Cybersecurity concerns for China, U.S.
China, which has been accused by U.S. organizations of supporting cyberattacks, said Thursday that it was aware of reports on the matter.
"We have pointed out many
times that hacking is a global issue. It is anonymous and
transnational," said Hong Lei, a Chinese foreign ministry spokesman.
"Hackers would often use IP addresses from other countries to launch
cyberattacks."
South Korean officials
are still analyzing the cause of the network crashes and are working to
prevent any further damage, the country's communications commission
said.
Increased alert level
The military has stepped
up its cyberdefense efforts in response to the widespread outages,
which hit nine companies, Yonhap reported, citing the National Police
Agency.
Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying.
A joint team from government, the military and private industry was responding.
A South Korean official
close to the investigation told CNN that malicious computer code spread
through hacking caused the outages.
How the hackers got in
and spread the code remains under investigation, and analysts are
examining the malware, the official said.
Australian banks 'not immune' to hack attack
A senior security analyst says the major hacking attack which paralysed several South Korean banks and TV broadcasters this week could happen in Australia. According to the Korea Internet Security Agency, television stations KBS, MBC, YTN and two large banks were "partially or entirely crippled" by the malware attack. Trend Micro Australia's senior security manager Adam Biviano says it was a sophisticated attack that could occur in Australia. "Absolutely. I certainly don't think we're immune to this type of attack if we let our guard down," Mr Biviano said. "It can happen anywhere - it's not simply a matter of it just being South Korea being the only attack target. "We're seeing attacks like this happening across the globe."
The ANZ, Commonwealth Bank, NAB and Westpac have declined to comment on whether they are susceptible to such an attack. The Australian Bankers' Association says it does not have enough information about the South Korean attack to say whether it is possible here. Chief executive Steve Münchenberg says its member banks regularly discuss security issues. "However the nature of these discussions needs to remain confidential as any detail may be misused by criminals," he said. The attack in South Korea began when several computer screens went black, while others were showing images of a skull and a "warning".
Trend Micro says it has acquired several samples of related malware which renders computers inoperable. The attack prevented computers from loading by overwriting the master boot record with a series of the words 'hastati' and 'principes' - types of infantry in the early Roman Republic. There is some speculation the hacking came from across the border in North Korea, however officials in Seoul have not blamed Pyongyang. The attack came just days after North Korea accused the South and the United States of a hacking attack that took some of its sites offline for two days. North Korea has in the past staged cyber attacks on the world's most wired country, targeting conservative newspapers, banks and government institutions.
The biggest attack by Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed 10 Days of Rain and which it said was a bid to probe the South's computer defences in the event of a real conflict.
The ANZ, Commonwealth Bank, NAB and Westpac have declined to comment on whether they are susceptible to such an attack. The Australian Bankers' Association says it does not have enough information about the South Korean attack to say whether it is possible here. Chief executive Steve Münchenberg says its member banks regularly discuss security issues. "However the nature of these discussions needs to remain confidential as any detail may be misused by criminals," he said. The attack in South Korea began when several computer screens went black, while others were showing images of a skull and a "warning".
Trend Micro says it has acquired several samples of related malware which renders computers inoperable. The attack prevented computers from loading by overwriting the master boot record with a series of the words 'hastati' and 'principes' - types of infantry in the early Roman Republic. There is some speculation the hacking came from across the border in North Korea, however officials in Seoul have not blamed Pyongyang. The attack came just days after North Korea accused the South and the United States of a hacking attack that took some of its sites offline for two days. North Korea has in the past staged cyber attacks on the world's most wired country, targeting conservative newspapers, banks and government institutions.
The biggest attack by Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed 10 Days of Rain and which it said was a bid to probe the South's computer defences in the event of a real conflict.
Syrian Electronic Army hacked 3 BBC Twitter accounts
Syrian Hacktivists known as "Syrian Electronic Army" has taken control of the three official Twitter accounts belong to BBC. The hackers hijacked the BBC Arabic Online(@BBCArabicOnline), BBC Weather account(@BBCWeather) and BBC Radio Ulster account (@bbcradioulster). After hijacking the BBCArabicOnline , the hacktivists tweeted "Syrian Electronic Army was here via @Official_SEA #SEA". "And that came in response to what BBC practiced of lies and fabrication of news and in addition to the bias to the bloody opposition" Hackers stated the reason for this cyber attack. Speaking to EHN, the hacker provided the email id, password of email id and passwords of Twitter accounts. At the time of writing, the BBC recovered their accounts back.
Wednesday, 20 March 2013
Bill Gates addresses cybersecurity threats, then gets hacked
Microsoft co-founder Bill Gates stopped by the Washington Post today and spoke about his support for addressing the threats of cybersecurity.
Coincidentally, Gates today became the latest celebrity to have his credit card, social security and other information posted online as part of an ongoing celebrity doxxing fiasco.
Gates’ SSN, date of birth, address and credit card info were posted to a mysterious website that has been publishing the personal data of various celebrities from Michelle Obama to Tiger Woods.
The hackers seem to be pulling data from one of three big credit reporting companies: Experian, Equifax or TransUnion.
President Barack Obama told ABC News Tuesday that U.S. authorities are looking into the matter.
“We should not be surprised that if we’ve got hackers that want to dig in and have a lot of resources, that they can access this information,” Obama told ABC News. “Again, not sure how accurate but … you’ve got websites out there that tell people’s credit card info. That’s how sophisticated they are.”
Coincidentally, Gates today became the latest celebrity to have his credit card, social security and other information posted online as part of an ongoing celebrity doxxing fiasco.
Gates’ SSN, date of birth, address and credit card info were posted to a mysterious website that has been publishing the personal data of various celebrities from Michelle Obama to Tiger Woods.
The hackers seem to be pulling data from one of three big credit reporting companies: Experian, Equifax or TransUnion.
President Barack Obama told ABC News Tuesday that U.S. authorities are looking into the matter.
“We should not be surprised that if we’ve got hackers that want to dig in and have a lot of resources, that they can access this information,” Obama told ABC News. “Again, not sure how accurate but … you’ve got websites out there that tell people’s credit card info. That’s how sophisticated they are.”
South Korea on alert after hackers strike banks, broadcasters
A
customer stands in front of automated teller machines at a branch of
Shinhan Bank in Seoul after the bank's computer networks were paralyzed
by hackers Wednesday.
The network provided by LG UPlus Corp. showed a page that said it had been hacked by a group calling itself the "Whois Team," an unknown group. It featured three skulls and a warning that this was the beginning of "Our Movement."
Servers at television networks YTN, MBC and KBS were affected as well as Shinhan Bank and NongHyup Bank, both major financial institutions, police and government officials said.
"We sent down teams to all affected sites. We are now assessing the situation. This incident is pretty massive, and it will take a few days to collect evidence," a police official said
Police and government officials declined to speculate on whether North Korea, which has threatened to attack both South Korea and the United States after it was hit with United Nations sanctions for its February nuclear test, was behind the cyber attack. North Korea has in the past staged cyberattacks on the world's most wired country, targeting conservative newspapers, banks and government institutions.
South Korea's military said it was not affected but raised its state of readiness in response.
None of South Korea's oil refineries, power stations, ports or airports was affected.
The biggest attack by Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed "Ten Days of Rain" and which it said was a bid to probe the South's computer defenses in the event of a real conflict.
Shinhan Bank, one of the financial institutions affected, said its servers were back up by 4 p.m. local time (3 a.m. ET).
Chase denies hacking in vanishing balances
Chase Bank experienced technical difficulties for over an hour Monday
night, worrying customers who logged into their accounts and saw their
balance at $0 or were unable to get any access to them at all.
A spokesman for the bank said it was strictly an internal technical issue and customers' accounts were not in danger.
"The problems are an issue with the checking account portion of chase.com, nothing to do with mortgage or credit banking. We have a technology problem regarding customers balance information that we are working to resolve," the spokesman to CBS News. "It has nothing to do with cyber threats or hacks. It is an internal issue. We are very sorry to our customers for the inconvenience."
Within two hours, the bank tweeted that the issue was resolved. Customers reported seeing their balances once again.
Still, hundreds of Chase users expressed their frustration on Twitter and Facebook. Many reported seeing their account balances listed as "$0" on mobile devices, while others said they got a "System Unavail" message when logged into the bank's website on their computers.
The hacking collective "Anonymous" said they were responsible for the vanishing balances on Twitter, but there is no evidence supporting their claim.
As CNET's Steven Musil notes, the scare was only natural given that the disappearing balances occurred "less than a week after a massive distributed-denial-of-service attack rendered Chase's Web sites useless for many hours." In that case, customers trying to use chase.com's banking tools were greeted with a note that the site was "temporarily down."
A spokesman for the bank said it was strictly an internal technical issue and customers' accounts were not in danger.
"The problems are an issue with the checking account portion of chase.com, nothing to do with mortgage or credit banking. We have a technology problem regarding customers balance information that we are working to resolve," the spokesman to CBS News. "It has nothing to do with cyber threats or hacks. It is an internal issue. We are very sorry to our customers for the inconvenience."
Within two hours, the bank tweeted that the issue was resolved. Customers reported seeing their balances once again.
Still, hundreds of Chase users expressed their frustration on Twitter and Facebook. Many reported seeing their account balances listed as "$0" on mobile devices, while others said they got a "System Unavail" message when logged into the bank's website on their computers.
The hacking collective "Anonymous" said they were responsible for the vanishing balances on Twitter, but there is no evidence supporting their claim.
As CNET's Steven Musil notes, the scare was only natural given that the disappearing balances occurred "less than a week after a massive distributed-denial-of-service attack rendered Chase's Web sites useless for many hours." In that case, customers trying to use chase.com's banking tools were greeted with a note that the site was "temporarily down."
Tuesday, 19 March 2013
Do you need help?
Websites are hack day in day out, are u worried about the security of your website feel free to contact us at cyberinfocts@yahoo.co.uk we will help to do your website security audit and help to implement adequate security for your website. We also have several security products to safe guard your website against hack attacks.
If you are in the vicinity of Lagos you can come around for our forth coming meet up- forum where we will discuss security controls on how we can secure our website from being hacked.
For your reservation visit: http://cyberinfoctshackersforum.eventbrite.com
For further details contact : cyberinfocts@yahoo.co.uk
+2347037288651
Subscribe to:
Posts (Atom)