Saturday, March 28, 2015
When we think of cloud security, more often than not it is in terms of protecting our data in transit and at rest. However, sometimes it helps to broaden our view of the cloud security threatscape because when we do then all sorts of risks sitting on the periphery come into view. Risks such as those posed by cloud credential phishers. Cloud what now? Well, everyone should be well aware of those cyber criminals who seek to con victims into visiting a 'clone bank site' in order to grab the login credentials of the user and then wipe their accounts of cash. Equally, most folk know about email document attachments, which actually execute a malware installation, often with a similar credential-scraping payload. However, as more and more of us gain this awareness of the techniques used so the less effective they become. This effectiveness is further hampered by improvements in online banking security including the use of two-factor authentication for example. So the bad guys are looking for new routes to the same old credentials and new ways to get that malware installed. Which is where the cloud comes in.
Friday, March 27, 2015
Which 12 year old operating system which is still running on 11 million servers is about to die? Yep, that's the one: Microsoft Windows Server 2003 reaches 'end of life' status on July 14th. One of the longest running discussions on DaniWeb asks the question Why does Windows XP refuse to die? and I have my suspicions that we may be asking the same of Windows Server 2003 in the years to come. Which is fine as far as it goes, unfortunately that's not very far in terms of security as there will be no more security patches, updates or assisted technical support. One industry expert has described this as being the "biggest security threat of 2015" and published a white paper on the subject with the very apt title of 'Server 2003 is dead. What are you going to do?'
Thursday, March 26, 2015
Senior AVG developer Jakub Kroustek found that this constantly evolving piece of financial malware that uses fairly typical API hooking and injection techniques to steal login credentials, financial data, private keys and ultimately execute transactions from compromised accounts is anything but typical upon closer examination. In a white paper which goes into some depth regarding the technologies implemented by Vawtrak, Kroustek shows this variant has been using steganography to hide update files in tiny 4Kb encrypted favicon graphics that are in turn distributed using the Tor network via a proxy. This use of steganography, where data can be hidden inside the white space (or Least Significant Bits as this is known) of image files without being detected, has allowed Vawtrak to embed command and control server URLs.
It's that time of year again, and the latest Secunia Vulnerability Review has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised if you tend to think of Microsoft as being the bad guy when it comes to vulnerable products.
Sunday, March 22, 2015
The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. According to security researcher and bug bounty hunter Laxman Muthiyah Facebook's photo sync feature came with a critical flaw which "allows any malicious Facebook application to read your mobile photos." The vulnerability concerns Facebook's Photo Sync feature for mobile users, which was introduced back in 2012 but because it was an opt-in thing might have luckily passed many users by. If you had, however, have turned it on then any photos you took with the phone would automatically be uploaded to the Facebook cloud where they would be stored for future use. That use could be for including in your Facebook postings, and the sync feature would give you quicker access to all your images in theory, or maybe it could be seen as a handy backup system in case anything happened to your phone. The photos in the Facebook cloud were marked as private so could not be seen by anyone else, again in theory. In practise, third party apps that you had authorised to access your mobile photos could see them as well.
Thursday, March 19, 2015
Halifax is the town in West Yorkshire where I live, and it also happens to be the name of a well known UK Bank which started life there. Best known on the this side of the pond for TV adverts featuring a friendly chap called Howard Brown, a former customer services representative and sales ambassador for HBOS which owns the Halifax. If recent reports are correct, then before long the Halifax could also gain notoriety for replacing passwords and PIN codes with bio-metrics. Not just any old biometrics mind, none of this old-fashioned fingerprint scanning malarkey for Howard and co; the Halifax wants to verify customer identify using their heartbeat. With wearables becoming the media luvvie dish of the day, and not just in the tech media space either now that Apple is entering the market for fashion conscious hype junkies, the Halifax would appear to be following suit and assuming that customers will be happy to wear an electronic tag. OK, not the kind that some offenders are required to sport but rather a Nymi wristband. I think that not only is that assumption wrong (my elderly mother would certainly not wear one and nor, for that matter, would my punk rocker teenage son) but the Halifax are equally erroneous when it comes to the identity verification side of things as well.
Wednesday, March 18, 2015
Facebook distributing malware is nothing new, nor are shortened URLs for obfuscation, in-the-cloud servers for anonymity or porn as a lure. However the latest Kilim-family variant which hit Facebook last week uses all of them and with a twist: this worm keeps cutting itself in half to evade detection. Jerome Segura, security researcher at Malwarebytes, spotted the worm using Facebook with a lure of what appeared to be a link to pornographic video which, unsurprisingly, actually links to a malicious executable instead. If clicked, this kicks off the social media infection process by leveraging that user's contacts who see a message posted by the victim promising some very dubious pornographic photos. This is where the link-chopping starts with the URL being obfuscated by the use of the ow.ly URL shortening service. That in itself is not newsworthy, however the multi-layer redirection architecture which uses ow.ly in conjunction with multiple cloud platforms (Amazon Web Services and Box.com) is.
Tuesday, March 17, 2015
I don't usually write about acquisitions and all that financial stuff, but news that PayPal has acquired CyActive caught my eye as apparently this brings the promise of 'bio-inspired predictive security' into the online payments provider threat protection mix. Which made me think, just what the heck is bio-inspired predictive security when it's at home, and why has PayPal bought into it? My first port of call in trying to get a line on this was the official PayPal blog posting on the thing. "While we have industry-leading fraud models and verification techniques, and a world-class security team" James Barrese, Chief Technology Officer and Senior Vice President, Payment Services, PayPal says "we're always looking for ways to make our systems even more secure." Which is where the CyActive acquisition comes in, along with the establishment of a security center in Israel that will "tap into the country's cutting-edge technology and top cybersecurity talent." CyActive being part of that tapping into process, being an outfit which specializes in predictive technology that focuses on how malware will develop and by so doing adds an element of future-proofing (or at least that's the idea) to PayPal security measures.
Thursday, March 12, 2015
Online business owners need to take hacking attacks very seriously indeed, no matter what guise they come in. Data breaches, Denial of Service attacks or compromised sites being used to distribute malware will all have an impact on your business; and that includes the small business sector. In fact, small businesses are likely to suffer greater consequences as a result of of being hacked than the larger enterprise, which has the financial reliance and organisational resources to bounce back in double quick time. Ask yourself this: could your online business survive the website being offline for a week, your email service not working for days on end or the reputational (and data protection regulatory) fallout of customer data being compromised? And that doesn’t even take into account time – the most precious commodity you have as a small business owner – wasted identifying and resolving the problem. Sadly there’s no 100% guarantee that your business will be hack-free in the connected world of online business. However, here are five simple tips that will make life much harder for the would be hacker...
Wednesday, March 11, 2015
Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not it isn't WordPress itself that is the problem but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the SoakSoak malware linked to the RevSlider plug-in a couple of months back, and that's just the tip of the iceberg. Now a new survey of more than 500 WordPress users by CodeGuard (http://www.CodeGuard.com) has revealed how they are just making things worse by not being properly educated regarding backing up their sites or updating software. According to the survey while 54% do update WordPress somewhere between once a week and every few weeks there were 21% who backed up only occasionally. Some 24% used a website backup plugin, but only 23% have any real training in the use of these tools while 47% had either none or very little idea of how to use WordPress.