Researchers develop Gauss detection tools

Kaspersky Labs discovered a new computer virus recently dubbed Gauss that targeted banking systems and financial information. According to Kaspersky Labs, the virus has infected over 2,500 computers, primarily located in Lebanon, and targets specific banks and financial institutions such as BlomBank and Credit Libanais. Now, web-based tools have been released that allows anyone to check if they’ve been infected by Gauss.

Kaspersky detects the virus by checking systems for a font that’s included when the virus infects a computer. The font, Palida Narrow, could be a play on words of Paladin Arrow, according to one Kaspersky Labs researcher. While the virus is primarily used for gathering financial information, there are parts of the code that obfuscate other abilities.

The information that the virus gathers isn’t limited to sensitive banking details, however, with the malicious software also targeting web browsing histories and passwords. The virus also creates a detailed snapshot of the targeted computer’s hardware, designed to help aid any future attacks. The origins of Gauss aren’t known, but experts believe it could be a state-designed virus due to the specific banking institutions it’s targeting. It could be an attempt to gather the financial activity of a group like Hezbollah or the Iranian government.

Even stranger, after the virus was first discovered by Kaspersky Lab back in July, the remote systems used to control it were abruptly shut down. The makeup of the virus also shares features with other espionage related viruses, further backing up the belief that it’s a state-designed effort. Other security experts, however, believe it could simply be the work of coders and criminals that have copied state designs.

[via The Washington Post]


Researchers develop Gauss detection tools is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Facebook: Forward us your phishing emails

Take a look inside your spam folder and you’ll find a variety of phishing emails from the likes of eBay, PayPal, and Facebook. The social network has decided to take matters into its own hands, setting up an email address (phish@fb.com) that users can forward phishing emails to. Facebook will then investigate the emails, trying to determine where it came from and who sent it.

It’s a big problem for any popular commerce or social networking site on the internet, but Facebook is taking steps to try and ease the problem. Mark Hammel, a Facebook engineer, says, “We have a pretty robust team here to deal with bad actors. This will give us extra visibility into people’s e-mail inboxes, where there wasn’t a good feedback mechanism in place.”

So, what exactly does Facebook do with forwarded emails? The team takes a look at the URLs found within the emails and forwards them on to browser creators as well as search engines in an attempt to blacklist them. Once they’re added to a browser blacklist, for example, users should be warned and veered away without clicking through and inputting any sensitive information.

Trying to find the root of the problem is still Facebook’s primary goal, however. The team will send out cease-and-desist letters to any hosting companies found harboring the phishing websites, and potentially file criminal complaints if they discover who’s behind the emails. The big problem for Facebook is that phishers often move quickly, taking down and throwing up new websites in an attempt to circumvent blacklists. How effective the new email address is depends entirely on how fast the investigative team can move.

[via CNN Money]


Facebook: Forward us your phishing emails is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Apple freezes over-the-phone password resets

The hack performed against Wired writer Mat Honan serves as a cautionary tale for others to ensure they back up their data, but what about the security issues found with the companies that helped facilitate the crime? Amazon fixed its own security hole yesterday, and now Apple has blocked customer service representatives from issuing password changes over the phone for Apple IDs.

According to an Apple employee that spoke to Wired, the company has placed a 24 hour freeze on any new over-the-phone password changes in order to give the team more time to think about and implement new security measures. When Wired once again tried to duplicate the social engineering used against Apple customer service representatives, they were told that the systems were prevented from resetting passwords, and that users had to do so via Apple’s website instead.

There’s still no official comment from Apple regarding the freeze, however, and it’s not yet clear what the company intends to do to prevent similar situations from occurring in the future. Amazon quietly fixed its own security issue yesterday, with a new policy in place that prevents callers from simply providing a name, email address, and home address to gain access to an account.

The hacker who reset Honan’s various Apple devices first went after his Amazon account, providing the easily gathered information to customer service representatives over the phone in order to gain access. Once the hacker managed that, the last four digits of Honan’s credit card were displayed in his account, information that Apple representatives happily accepted as proof as identity, allowing the individual to perform a password reset and gain access to the iCloud account.


Apple freezes over-the-phone password resets is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Massive Amazon security hole “fixed” without comment

If you use the internet – and we know you do – you need to read about the massive “hacker” meltdown experienced by an online journalist this week due to security holes between cloud systems in two major networks. The “hack” as some are calling it – rather a clever realization, when it comes down to it – had one user’s account opened up with a simple phone call to Amazon. Once Amazon allowed the fake user to access one simple element in the victim’s account, the rest came tumbling down like a house of cards.

The key piece to this puzzle was the Amazon call-in policy that allowed anyone to change an email address of a user account just so long as they could identify the user’s name, email, and physical mailing address. This ability is no longer allowed as of this morning, with Amazon commenting to Wired that they changed the policy for “your security”, refusing to comment further.

The exploit – again this isn’t really a hack when it comes down to it, only needed the “hacker” to have the victim’s email – easy to guess – their full name – again, obvious – and their physical mailing address. This last bit was available, in this case, in a “whois” of a site that the victim owned. A “whois” is a listing of the ownership of a website, aka “Domain Registration Information” that many web hosts make available without question.

Once the hacker was able to change the email of his victim’s Amazon account, they were also able to see the last four digits of the victim’s credit card – these last four digits available to any person who is logged in to their own account, of course. Once the hackers had this, they were able to call in to Apple’s iCloud support with said information to “confirm” their way into his iCloud account as well. One company’s freely available account information used to easily bust in to another’s.

Now this “hole” is fixed, but you need to still be on your guard. Keep your eyes open for exploits such as these, have a peek at our post this morning about double-locking your Google account, for example, and simply stay smart.


Massive Amazon security hole “fixed” without comment is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


SlashGear Morning Wrap-up: August 7th, 2012

This morning we’re inside a week of the OUYA Android-powered gaming console being done on Kickstarter – check out the games that are ready for it now, and get ready for some XBMC support as well! There’s a Nokia Windows Phone 8 device out there that looks rather similar to the past generation. And what’s perhaps the most important news this week continues here: When iCloud becomes the Perfect Storm – change your passwords!

You’ll want to tune in to see the Perseid meteor shower this Saturday. If you were trying to do some summer school homework last night, you may have noticed that Wikipedia was down for the count. Samsung is currently in another round of battle with Apple in the court case that’s got them suffering a Crisis of Design. HTC isn’t doing so fabulous as their July revenue drops by 45% – that’s a whopper.

Google Chrome is now taking up one third of the global browser market. The device known as the “nasne” has been delayed by Sony – for those of you that’ve never heard of it before, it’s a PS3 networked media recorder – a PVR. Keep up to date with the radically exciting Kodak patent auction as it speeds along to a halt!

As Apple lets us know that YouTube will no longer be featured as a staple in their basic build for the iPhone, iPad, and iPod touch, it becomes apparent that a new iCloud video rival is on the rise. Windows 8 will not boot to desktop if final build reports are true. If you’re loving the Olympics and you love Google, head over to their homepage to play some finger-bashing hurdles.

Have a peek at some new Mars photos from the Curiosity mission and watch some new descent videos as well!


SlashGear Morning Wrap-up: August 7th, 2012 is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Google in trouble with France over Street View data

Google is finding itself in a bit of hot water today, as French privacy agency CNIL has asked the company to turn over Street View data which was collected on French citizens. Google initially promised it would delete this information after a 2010 investigation, but last week it told European privacy agencies that it still had some of the data it said it would purge. As a result, the UK’s Information Commissioner’s Office asked that Google turn this information over, and now CNIL is asking the same thing.


So, what’s the big deal about this information? Well, it wasn’t just up-close data for Google Maps the Street View team was collecting – they also intercepted some private emails and passwords from unsecured wireless connections. In other words, Google made a pretty big slip-up, and now these agencies in the UK and France want to know what kind of data Google still has lying around.

Google asked these agencies for permission to delete remaining data, but both the ICO and CNIL want Google to hold onto that data so they have a chance to review it. Hearing Google explain it, the fact that some of this data still exists sounds like a simple oversight, but the company could find itself in a lot of trouble nonetheless. Google also maintains that it never intended to collect this personal data in the first place, claiming that the whole thing was an engineering mistake.

It’s unclear what kind of fines will be imposed this time around, if any are at all. Of course, the fines aren’t nearly large enough for Google executives to lose any sleep over, but this new admission could do quite a bit to harm Google’s public image. We’ll likely be getting more information on this rogue data as these new investigations progress, so keep an ear to SlashGear for additional details.

[via CNET]


Google in trouble with France over Street View data is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Major security vulnerability discovered in Ubisoft UPlay DRM

It’s already pretty easy to hate Ubisoft‘s UPlay DRM, which requires PC gamers to remain connected to the Internet at all times while playing, but today hating it got a whole lot easier. As it turns out, the UPlay client has a pretty major security vulnerability that could allow malicious websites to take control of your computer. The problem stems from the browser plugin that is installed by the UPlay launcher – instead of only granting access to UPlay, the plugin could potentially give a wide range of websites privileged access to your computer.


That’s according to Google information security engineer Tavis Ormandy, who explains on Seclists.org that he discovered the vulnerability as he was installing Assassin’s Creed Revelations. “While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it’s accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites.”

Obviously, this is a major problem. The vulnerability affects all of the games that use Ubisoft’s UPlay DRM (Geek.com counts 21 in total), ranging from all of the Assassin’s Creed games since AC2, a handful of Tom Clancy games, and more recent titles like Driver: San Francisco. Thankfully, Ubisoft has since fixed the vulnerability, updating UPlay so that the browser plugin can only access the UPlay application.

Still, despite Ubisoft’s quick delivery of a patch, this is an extremely scary development. We’re willing to give Ubisoft the benefit of the doubt and assume that it didn’t leave that backdoor in on purpose, but whether it was intentional or not, that doesn’t change the fact that UPlay housed a potentially devastating security vulnerability in the first place. The publisher catches enough flak for its use of always-on DRM, and we’re sure that already-disgruntled gamers aren’t going to let Ubisoft forget about this oversight anytime soon. Stay tuned, because we have a feeling that the vitriol hasn’t even begun to fly yet.


Major security vulnerability discovered in Ubisoft UPlay DRM is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Apple purchases security firm AuthenTec for $356m

Apple has today purchased mobile security firm AuthenTec for the sum of $356 million. AuthenTec provides mobile security solutions for various platforms, including Android, and the company has worked with Apple in the past for security solutions for Mac OS. AuthenTec has provided fingerprint scanning solutions for Mac OS X, and more recently signed a mobile VPN agreement with Samsung for its Android devices.

It looks like Apple is hoping to beef up on mobile security in an attempt to stave off any future security breaches. AuthenTec seems to specialize in networking and authentication security, but has also provided secure streaming solutions for video companies in addition to government security solutions. The company attracts major clients too, including Alcatel-Lucent, Cisco, Fujitsu, HBO, HP, Lenovo, LG, Motorola, Nokia, Orange, Samsung, Sky, and Texas Instruments.

AuthenTec’s security solutions could be primarily applied to iOS devices, although its networking and secure video services could also fit nicely into Apple’s ecosystem. Security has generally been an issue for Apple as of late, with malware reportedly on the rise for OS X, prompting the introduction of Gatekeeper into Mountain Lion. More recently, a Russian hacker bypassed the in-app purchase system, an exploit that was quickly patched by Apple.


Apple purchases security firm AuthenTec for $356m is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Android and Nokia NFC exploits detailed at Black Hat

The Black Hat security conference kicked off yesterday in Las Vegas, and one researcher has demonstrated an NFC exploit that affects Android and certain Nokia phones. Charlie Miller showed how NFC is typically enabled by default on most Android phones, and by getting close enough to the device it could be redirected automatically to malicious websites. In addition, he was able to send malware over to the device that exploits the browser, allowing the attacker to read cookie data, view web history, and even hijack the phone.

All of that could be done with no user interaction, Miller said. Certain posters use NFC tags to direct users to websites, and Miller detailed how modifying the tag on such posters could redirect users to malware or an exploited website. The problem lies with the NFC system automatically redirecting users to websites. Instead, phones should be secured so that the user receives a prompt, telling them that they’re being directed to a specific address.

In addition, Miller detailed how the Nexus S and Galaxy Nexus had bugs in the NFC parsing code, although he didn’t focus his attention on exploiting those holes. Ice Cream Sandwich reportedly patched the holes, but phones running Gingerbread are still vulnerable. Miller also pointed out a similar NFC issue on the MeeGo-based Nokia N9. That phone allows devices to be paired via NFC even if Bluetooth is turned off, which could allow an attacker to send text messages or make phone calls.

Still, it’s not all bad news: NFC doesn’t function when the device is locked and the screen is turned off. Even then, an attacker would need to get within a couple of centimeters of the device to trigger NFC connectivity. Having said that, passive attacks like the above poster example could be used to lure people into scanning malicious tags.

[via CNET]


Android and Nokia NFC exploits detailed at Black Hat is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Former FBI agent urges hackers to help US fend off cyber-threats

As the world becomes more and more connected, the United States obviously faces threats that are purely cyber in nature. During his keynote at the Black Hat conference in Las Vegas today, former FBI agent Shawn Henry made a point of discussing cyber-threats and how the US government can defend against them. The government can’t do it alone, however, which is why Henry called on hackers with the know-how to help the country out when it comes to fending off cyber-attacks.


“I believe that the threat from computer network attack is the most significant threat we face as a society,” Henry said. “Other than a weapon of mass destruction, I think it’s the most significant threat there is.” Henry told the audience of 6,500 that the government needed “warriors” to help fight the battle against cyber-terrorists, who he claims are “calling for the use of cyber as a weapon.” That’s a pretty scary notion, considering that a cyber-terrorist who knows what he’s doing can cripple a nation without ever having to pick up a gun or put someone in the line of fire.

Henry claims that the United States is failing at keeping our data secure, saying that we need to come up with a defense that works on multiple levels, instead of simply attempting to keep attackers out like we are now. He clarified that he wasn’t condoning cyber-attacks against other nations, but rather that he thinks we can make a hostile environment for cyber-terrorists to work in right here at home.

“The government is not able to independently solve this problem, and civilians are on the front line of the battle every day,” he said. “I believe that our failure to step up now will be a failure for society.”

[via eWeek]


Former FBI agent urges hackers to help US fend off cyber-threats is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.