Hasta La Gadget!

Kaspersky Labs discovered a new computer virus recently dubbed Gauss that targeted banking systems and financial information. According to Kaspersky Labs, the virus has infected over 2,500 computers, primarily located in Lebanon, and targets specific banks and financial institutions such as BlomBank and Credit Libanais. Now, web-based tools have been released that allows anyone to check if they’ve been infected by Gauss.

Kaspersky detects the virus by checking systems for a font that’s included when the virus infects a computer. The font, Palida Narrow, could be a play on words of Paladin Arrow, according to one Kaspersky Labs researcher. While the virus is primarily used for gathering financial information, there are parts of the code that obfuscate other abilities.

The information that the virus gathers isn’t limited to sensitive banking details, however, with the malicious software also targeting web browsing histories and passwords. The virus also creates a detailed snapshot of the targeted computer’s hardware, designed to help aid any future attacks. The origins of Gauss aren’t known, but experts believe it could be a state-designed virus due to the specific banking institutions it’s targeting. It could be an attempt to gather the financial activity of a group like Hezbollah or the Iranian government.

Even stranger, after the virus was first discovered by Kaspersky Lab back in July, the remote systems used to control it were abruptly shut down. The makeup of the virus also shares features with other espionage related viruses, further backing up the belief that it’s a state-designed effort. Other security experts, however, believe it could simply be the work of coders and criminals that have copied state designs.

[via The Washington Post]

Researchers develop Gauss detection tools is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The hack performed against Wired writer Mat Honan serves as a cautionary tale for others to ensure they back up their data, but what about the security issues found with the companies that helped facilitate the crime? Amazon fixed its own security hole yesterday, and now Apple has blocked customer service representatives from issuing password changes over the phone for Apple IDs.

According to an Apple employee that spoke to Wired, the company has placed a 24 hour freeze on any new over-the-phone password changes in order to give the team more time to think about and implement new security measures. When Wired once again tried to duplicate the social engineering used against Apple customer service representatives, they were told that the systems were prevented from resetting passwords, and that users had to do so via Apple’s website instead.

There’s still no official comment from Apple regarding the freeze, however, and it’s not yet clear what the company intends to do to prevent similar situations from occurring in the future. Amazon quietly fixed its own security issue yesterday, with a new policy in place that prevents callers from simply providing a name, email address, and home address to gain access to an account.

The hacker who reset Honan’s various Apple devices first went after his Amazon account, providing the easily gathered information to customer service representatives over the phone in order to gain access. Once the hacker managed that, the last four digits of Honan’s credit card were displayed in his account, information that Apple representatives happily accepted as proof as identity, allowing the individual to perform a password reset and gain access to the iCloud account.

Apple freezes over-the-phone password resets is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

This morning we’re inside a week of the OUYA Android-powered gaming console being done on Kickstarter – check out the games that are ready for it now, and get ready for some XBMC support as well! There’s a Nokia Windows Phone 8 device out there that looks rather similar to the past generation. And what’s perhaps the most important news this week continues here: When iCloud becomes the Perfect Storm – change your passwords!

You’ll want to tune in to see the Perseid meteor shower this Saturday. If you were trying to do some summer school homework last night, you may have noticed that Wikipedia was down for the count. Samsung is currently in another round of battle with Apple in the court case that’s got them suffering a Crisis of Design. HTC isn’t doing so fabulous as their July revenue drops by 45% – that’s a whopper.

Google Chrome is now taking up one third of the global browser market. The device known as the “nasne” has been delayed by Sony – for those of you that’ve never heard of it before, it’s a PS3 networked media recorder – a PVR. Keep up to date with the radically exciting Kodak patent auction as it speeds along to a halt!

As Apple lets us know that YouTube will no longer be featured as a staple in their basic build for the iPhone, iPad, and iPod touch, it becomes apparent that a new iCloud video rival is on the rise. Windows 8 will not boot to desktop if final build reports are true. If you’re loving the Olympics and you love Google, head over to their homepage to play some finger-bashing hurdles.

Have a peek at some new Mars photos from the Curiosity mission and watch some new descent videos as well!

SlashGear Morning Wrap-up: August 7th, 2012 is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

It’s already pretty easy to hate Ubisoft‘s UPlay DRM, which requires PC gamers to remain connected to the Internet at all times while playing, but today hating it got a whole lot easier. As it turns out, the UPlay client has a pretty major security vulnerability that could allow malicious websites to take control of your computer. The problem stems from the browser plugin that is installed by the UPlay launcher – instead of only granting access to UPlay, the plugin could potentially give a wide range of websites privileged access to your computer.

That’s according to Google information security engineer Tavis Ormandy, who explains on Seclists.org that he discovered the vulnerability as he was installing Assassin’s Creed Revelations. “While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it’s accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites.”

Obviously, this is a major problem. The vulnerability affects all of the games that use Ubisoft’s UPlay DRM (Geek.com counts 21 in total), ranging from all of the Assassin’s Creed games since AC2, a handful of Tom Clancy games, and more recent titles like Driver: San Francisco. Thankfully, Ubisoft has since fixed the vulnerability, updating UPlay so that the browser plugin can only access the UPlay application.

Still, despite Ubisoft’s quick delivery of a patch, this is an extremely scary development. We’re willing to give Ubisoft the benefit of the doubt and assume that it didn’t leave that backdoor in on purpose, but whether it was intentional or not, that doesn’t change the fact that UPlay housed a potentially devastating security vulnerability in the first place. The publisher catches enough flak for its use of always-on DRM, and we’re sure that already-disgruntled gamers aren’t going to let Ubisoft forget about this oversight anytime soon. Stay tuned, because we have a feeling that the vitriol hasn’t even begun to fly yet.

Major security vulnerability discovered in Ubisoft UPlay DRM is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The Black Hat security conference kicked off yesterday in Las Vegas, and one researcher has demonstrated an NFC exploit that affects Android and certain Nokia phones. Charlie Miller showed how NFC is typically enabled by default on most Android phones, and by getting close enough to the device it could be redirected automatically to malicious websites. In addition, he was able to send malware over to the device that exploits the browser, allowing the attacker to read cookie data, view web history, and even hijack the phone.

All of that could be done with no user interaction, Miller said. Certain posters use NFC tags to direct users to websites, and Miller detailed how modifying the tag on such posters could redirect users to malware or an exploited website. The problem lies with the NFC system automatically redirecting users to websites. Instead, phones should be secured so that the user receives a prompt, telling them that they’re being directed to a specific address.

In addition, Miller detailed how the Nexus S and Galaxy Nexus had bugs in the NFC parsing code, although he didn’t focus his attention on exploiting those holes. Ice Cream Sandwich reportedly patched the holes, but phones running Gingerbread are still vulnerable. Miller also pointed out a similar NFC issue on the MeeGo-based Nokia N9. That phone allows devices to be paired via NFC even if Bluetooth is turned off, which could allow an attacker to send text messages or make phone calls.

Still, it’s not all bad news: NFC doesn’t function when the device is locked and the screen is turned off. Even then, an attacker would need to get within a couple of centimeters of the device to trigger NFC connectivity. Having said that, passive attacks like the above poster example could be used to lure people into scanning malicious tags.

[via CNET]

Android and Nokia NFC exploits detailed at Black Hat is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.