STE WILLIAMS

The developer of DarkComet has quit further development of the controversial remote-access Trojan after it emerged that the technology was being used against Syrian dissidents.

Jean-Pierre Lesuer (DarkcoderSc) announced the decision to stop further development of DarkComet and cease downloads on Twitter, then provided a detailed explanation on the DarkComet RAT website.

Lesuer said that he wanted to remain in the field of computer security, and freeware software development, but wanted to stick to developing utilities that didn’t lend themselves to classification as malware.

His (slightly unclear and spelling-challenged) valedictory note mentions misuse of DarkComet, and references Syria in explaining his decision to quit development of the utility, which he stated was originally meant as a child-monitoring software utility or for auditing computer activity.

Unlike what a handful of people think I never cautioned small/huge hacker groups who used my software wrongly, my goals always where to provide access to tools more powerful than any paying/private existing tool in terms of security and all for free! (For familys who wished to keep there eye on their kids or regular folks looking into acquiring some experience with such tools, users who wished to keep track on their machine any place in the world etc.)

Why did i take such a decision? Like it was said above because of the misuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you.

The law is how it is and I must abide by the rules, yes its unfortunate for devs in security but thats how it is. Without mentioning what happened in Syria …

A follow up message on Twitter on Monday more clearly explains that misuse of the tool by the Syrian security service was only one of the reasons why further development on DarkComet was killed.

Can people STFU about the end of DarkComet, well now its an old news stop bumping that old subject and claiming you know better than me why I shutdown the project, stop thinking its only because the Syria because what happened in Syria is only one of the reason (without mentioning that what Syrian gov try to do with my tool just fail as i react immediately so don’t forget that), the major reason was that i was tired to code a tool mostly used by skidz.

Now i will focus on some more useful tools (free and not free).

Lesuer is turning his immediate attentions towards breaking down DarkComet and using its components to develop a remote administration tool. Source code from the DarkComet project, which has been running for four years, “will remain private and not for sale,” Lesuer added.

DarkComet is no longer available for download, but older versions of the software are still in circulation and will doubtless continue to be available to both script kiddies and Syrian secret policemen alike. But the absence of future upgrades and the likelihood that variants already in circulation will be more comprehensively detected by security scanners as time goes on may force the bad guys to look for alternatives sooner rather than later.

A blog post by anti-virus firm Malwarebytes that provides a detailed technical description about DarkComet can be found here.

Additional commentary on the decision to take the tool off life support can be found in a blog post by Symantec here. Symantec reckons Lesuer’s decision to kill off DarkComet was motivated by the possibility of possible prosecution, a suggestion the man himself emphatically denies. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/10/darkcomet_rat_killed_off/

Sections of Anonymous have once again turned their ire towards online sites frequented by child abusers.

OpPedoChat follows earlier campaigns by sections of the hacktivist groups that subjected websites linked to the distribution of paedophile material with denial of service attacks and membership exposure. For example, Operation Darknet in October 2011 targeted hidden child abuse hubs on .onion domains, only accessible to Tor users or through Tor gateways.

This time around the hacktivist group has set its sights on 100 domains that host forums allegedly used by child abusers for chat and picture sharing.

Anonymous has promised to deface or hijack targeted domains as well as tracing and exposing the personal details of (ie. doxing) their members. A number of data dumps have already appeared on Pastebin related to OpPedoChat, featuring emails and addresses purportedly taken from users of the targeted forums.

In a YouTube video, Anonymous sets out a manifesto for the operation and calls for public support, including lobbying of politicians and the media, to “create political and social pressure on these paedophile sites”.

Recently it has come to our attention that there has been a surge of websites dedicated to pedophiles for chat and picture sharing …

Anonymous aim to diminish if not eradicate this plague from the internet. For the good of our followers, for the good of mankind, and for our own enjoyment we shall expel from the internet and systematically destroy any such boards that continue to operate.

Anonymous recognises this as a serious undertaking and do not expect it to be completed in a short period of time. Factions of Anonymous from all over the globe are participating in sub-operations. Information on pedophiles is being gathered and released.

Anonymous prides itself on championing free speech, a stance somewhat at odds with denial of service attacks elements of the group frequently engage in. In this case the need to protect the innocence of children that might be abused takes precedence, the group argues. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/10/anonymous_targets_child_abuse_chat_forums/

The financially illiterate arts graduates MPs who tried to question Bob Diamond last week never stood a chance of getting down to how it was possible in the first place to screw with the single most important set of numbers in finance. So if you know an MP or someone at the Financial Services Authority, pass this on to them.

A few years ago, I wrote the code that calculates numbers for another part of the debt markets. Because banks have long shown frank incompetence in submitting prices and rates, more code was dedicated to filtering and checking than actually calculating what is basically an average.

Let’s assume you want LIBOR (the London Interbank Offered Rate) to go up and you know that the British Bankers Association (BBA) uses an inter-quartile filter. Out of the 15 to 16 rates that banks actually manage to submit (don’t get me started on how tough they find this decades-old task), the BBA bins the top four and bottom four values. This practice provides a mild resilience against everyday incompetence, where (as happens in some other systems) banks quote rates and prices 100 times the right amount or quotes for things that don’t exist.

That means you can’t just bung in a high number to move the average by 1/16th of your excess – because it won’t count. But contrary to what some people have said, it will still have an effect. Putting in a duff high number means that another high number now moves nearer the range, but that’s not very useful since ideally you would know both the average and the range of quotes so that you get included while still stretching it in the right direction.

You can guess where LIBOR is likely to be by looking at recent numbers on your Reuters screen. Yes, you can see what the other banks submitted yesterday and a quick bit of Excel will give you a rough range of where it is likely to be tomorrow. But if you need rates to move (or not move), knowing this won’t help you if your position is going very badly wrong and you need the right movement. That means you will need help from other traders before the 11am fixing the next day to give you a steer – and if there is no conflict with their position, they will notch up a favour by putting in a helpful value. Do not believe that traders are in competition.

In Red Blooded Risk, Aaron Brown, one of the smartest people on Wall Street, points out that in poker or markets you are playing with a market (or other players): ripping and running doesn’t make much money, so the favour will likely be returned.

But coordinating the quotes requires communication, and one reason Barclays is first in the queue for retribution is the incompetence demonstrated by their hapless rogues.

The first rule of LIBOR fixing

… is that you don’t talk about LIBOR fixing, not on a recorded phone, certainly. And as a Reg reader you won’t be as naive as the Barclays 14, who actually used their firm’s internal email to communicate with each other during their scam. I have to admit that until the Commodity Futures Trading Commission released the evidence, I didn’t think anyone could be that stupid and still be able to figure out how to breathe.

Social media is usually banned at banks and there are now monitoring systems, so if your bank allows you to Twitter or Facebook, it’s probably a trap. Personal mobiles are banned from trading floors, but the nearby fag shacks seem tempting.

If you’re an FX trader, you may recall recently being at a Bloomberg seminar where I asked if you were on our candidate database. You said “no” and I said “good” and walked away, leaving you wondering why a headhunter wasn’t interested in you. You had two BlackBerrys holding different sets of conversations, clearly believing a free PAYG SIM gave you anonymity. Tip: It doesn’t. Yanks call them cellphones for good reason and it’s really not hard to spot that two SIMs have a high location correlation and that traders whom you claim not to know or have met are often in the same bar at the same time as you. If you’d been one of my people I’d have felt obliged to tell you that, but I can still put you in touch with a good lawyer.

Ironically, the mess caused by the FSA’s blunt refusal to accept the limitations of the technology (and basic physics) of phone recording, coupled with Vodafone accidentally allowing banks to access each other’s recordings, means that the odds are that your company-provided mobile is probably still not recorded. But don’t take that chance. Do at least try using codewords when communicating your plot. It won’t keep you out of jail but you’ll look less stupid, and if you pick a good set then there’s a chance of following Nick Leeson and writing it up as a book and film.

Exploiting averages

Once you’re inside the range, things get easier because throwing away half the data means that you’re not 1/16 of the numbers, but 1/8th – and since you’re working with other banks, you get a double payback. Three banks acting together are not only nearly half the data used, they also partly determine which numbers are seen as “reasonable” by moving the range itself, forcing honest numbers out of the sample.

The position you hold will end up owning you

Each of the players has a different set of exposures to rates going up or down, which means cooperation will not be continuous and will take place on a “balance of favours” basis, hence the stupidly indiscreet messages full of exclamation marks and promised bottles of Bollinger (as I write this, compliance officers are searching for that word in your company email). Barclays spent £100m going through 27 million documents hunting rogues: you feeling lucky, punk?

You do get one break because you don’t need to signal very much. Part of trading is spotting when market prices are wrong and profiting from correcting them. One trader described his team to me as “enforcers of the Efficient Market Hypothesis”, a bit of economics that says prices reflect all available information.

The difference between a rogue trader and a star is getting through the inevitable phases where your position goes south big time, and because the market can remain irrational longer than you can remain solvent, it’s no coincidence that the most celebrated rogues all were piling up positions to get through the dips.

That means you will need to “nudge” rates to the sort of values that will keep you going and employed and you will also need to store up goodwill with your colleagues. Favours have real monetary value, so calling out “Anyone have a problem with this rate?” as they did at BarCap marks you as a good person to have on the team.

Who lost, who won?

When companies borrow, the contracts often specify LIBOR+X, or in some cases LIBOR-X, the idea being that they pay “the going rate” which is some function (perhaps a moving average) of LIBOR. Some politicians complain that this has pushed up the rates that people pay for their mortgages, credit cards etc – which is not even false, it simply isn’t known or even easily knowable.

Banks each have different exposures to interest rates and it will be in their interest sometimes for rates to be lower or higher, but even that’s not quite accurate. There is no such person as Barclays or Deutsche bank who would “want” rates to go up or down – and it is certain that at some points that different desks at the same bank will want different rate movements. It is also quite likely that they don’t know what’s good for the firm as a whole.

However, Barclays has been caught in another scam, selling interest rate swaps to small companies who don’t really understand them as a form of insurance.

We all know that when a major claim is made, the first instinct of an insurer is to try to get out of it. Does it really shock you that Barclays contracts often use LIBOR? Obviously, I can’t say for a fact that the two are linked but the timing is a remarkable coincidence and gets enough time on TV news that we can assume the FSA will do something, maybe even using both of its competent staff.

The sad thing is that insuring your business against the movement of rates can be entirely rational and can stop your business going to the wall – so this scandal not only means some firms have been trashed but also that in future others won’t take on insurance they ought to have.

Barclays definitely lost once they started sending in honest rates that were so much higher than those fed in by other firms that there was a fear that this implied to the market they were going bust. Which leads to the “ambiguity” over whether the regulators asked Barclays to lower their numbers and whether embattled former CEO Bob Diamond could have even reliably “told” his henchman what to do. The idea that this call was not taped in a big bank is bizarre and of itself it might be a breach of the regulations.

Since Bob Diamond would never lie to me, we now know that Barclays honest numbers were nowhere near anyone else’s – with a clear implication that there may not be any banks that were not lying in their LIBOR submissions.

The fact that no honest person can accurately show who was hurt by the rate-fixing – and by how much – will not stop the banks being sued big time. And here I stretch my own credibility, not just yours, when I try to scale the damages. Not only do they utterly dwarf the few hundred million in fines so far, even a tiny percentage of the turnover in interest rate derivatives, swaps, traded loans et al dwarfs the market capitalisation of Barclays – and one set of assumptions made the amounts larger than the market cap of all banks put together. So the result of all this is that IT forensics firms as well as lawyers are going to do very well out of this in the next few years. ®

Dominic Connor is a City headhunter who used to hang around the fixed income markets, writing code and doing questionable mathematics.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/10/pushing_libor/

Google is reportedly set to cough up a piddly penalty payment of $22.5m to the US Federal Trade Commission (FTC) to settle its sneaky bypassing of the default privacy settings of Apple’s Safari browser.

It was revealed by the Wall Street Journal in February this year that Google, Vibrant Media Inc, WPP PLC’s Media Innovation Group LLC and Gannett Co’s PointRoll Inc used code that “tricked” Safari into allowing users to have their online browsing habits tracked.

Apple’s browser blocks most tracking by default with exceptions for websites that, for example, require interaction from a user – such as the filling in of an online form. Google claimed at the time that it had “mischaraterised” the code used by the ad companies.

Google later disabled the code, which installed a temporary cookie on the phones or computers of Safari users; the search biz’s developers had embedded code into some of its ads that fooled the Apple browser into thinking that a form was being submitted to Google.

The WSJ is now reporting that Mountain View is close to settling with the FTC with a fine said to be the biggest of all time handed down by the regulator to a corporation.

Google offered up a withering statement to The Register that appeared to indicate that it had already accepted defeat.

We cannot comment on any specifics. However we do set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help centre page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.

The consent decree in question is the one the internet giant signed with the FTC in October last year, when Google agreed to be much more up front about its data-handling methods with its customers.

After Google’s Buzz privacy howler in 2010, the company is now subjected to biennial audits for the next 20 years.

Google, as part of that agreement, avoided being fined and did not have to admit that its biz practices had been unlawful. However, if that decree has been violated, then the FTC was always clear that a fine would be slapped on Google.

The penalty is calculated based on $16,000 per violation per day and the number of iPad, iPhone and Mac users affected by Google’s Safari privacy blunder could run into millions of customers.

However, as noted by the WSJ, Google racks up sales of over $20m roughly every five hours.

Perhaps Google just wants to pay the reported $22.5m fine and get on with fighting competition officials on the other side of the Atlantic. In Brussels, Belgium, the company is still fighting off “abuse of dominance” claims over its share of the search market in Europe.

The company’s chairman, Eric Schmidt, sent a letter to the European Commission containing a “proposal” that Google claimed addressed the four areas of concern expressed earlier this year by Euro antitrust commissioner Joaquin Almunia.

The commissioner’s office told El Reg this morning that competition officials were still perusing the contents of the letter, which has not been made public by Google.

Meanwhile, Google is undergoing a separate antitrust investigation in the US over claims the company unfairly manipulated results on its search engine to favour its own business. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/10/google_ftc_close_to_settlement_over_safari_privacy_gaffe/

Hacktivist group Anonymous is claiming responsibility for an attack on the computer systems of the Syrian government and its evil overlord Bashar Assad thanks to which over two million emails ended up in the hands of whistle-blowing site WikiLeaks.

As of last Thursday, the site began drip-feeding sections of the ‘Syria Files’ to its selected media partners, and given there are a total of 2.4m emails from 680 separate domains going all the way back to August 2006, it could take some time.

Anonymous revealed in a press release that its Op Syria team – comprising members of Anonymous Syria, AntiSec and sometime collaborator the Peoples Liberation Front – first breached multiple domains and servers in the war-torn country back in February.

“So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are ‘in country’) that the downloading of this data took several additional weeks,” the release said.

Not knowing quite what to do with the huge treasure trove of information it had snarfed, the group handed it over to WikiLeaks, the organisation it had partnered with before in the hack of private intelligence firm Stratfor.

There were no details of exactly how the attack took place but given the usual MO of Anonymous, you can expect it took advantage of some pretty obvious web application vulnerabilities.

The hacktivist group was also keen to portray itself as a force for good offline as well as on, claiming six of its members carried medical supplies across the border and that it has been helping local activists and protesters avoid surveillance efforts by the Assad regime.

Anti-government activists in Syria have been targeted by phishing campaigns and spyware for months, most recently the BlackShades Trojan which spreads via compromised Skype accounts. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/10/anonymous_syria_wikileaks_email_hack/

Deep packet inspection company Cyberoam has issued a hotfix to its devices, after earlier asserting that its technology “followed industry best practices for SSL bridging”.

The issue emerged when Tor Project researchers asserted that Cyberoam devices used the same skeleton certificate on all of its devices. This, the researchers argued, opened up dangerous possibilities for traffic interception.

Cyberoam has now issued an over-the-air fix which forces devices to generate unique CAs for each appliance. Devices that have implemented the fix should provide users with a message that the default CA certificate used in HTTPS scanning has been replaced – and that end users will need to re-import the certificate “for uninterrupted secure browsing”.

The network snooping security vendor says if the message is not displayed, the appliance “is still vulnerable” and users should change the default CA “using the CLI command meant for that purpose”.

In its previous response, Cyberoam had said that since all HTTPS scans take place in real time, there is no possibility of interception between different devices. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/09/cyberoam_issues_fix/

An inquiry by Congressional Representative Edward Markey (D-Mass) has revealed that the number of requests wireless carriers receive from US law enforcement for information about their customers has increased steadily, but just how often the police use mobile phones to track individuals’ whereabouts remains unclear.

Markey, who is co-chair of the Congressional Bi-partisan Privacy Caucus, launched his inquiry in response to an article that appeared in The New York Times on 1 April 2012, which claimed that hundreds of US local police departments have been aggressively tracking citizens’ mobes, often “with little or no court oversight.”

“We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers,” Markey said in a statement. “Law enforcement agencies are looking for a needle, but what are they doing with the haystack? We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information.”

To that end, Markey sent letters dated 2 May 2012 to nine American mobile carriers, including ATT, C Spire Wireless, Cricket Communications, MetroPCS, Sprint Wireless, T-Mobile, TracFone Wireless, U.S. Cellular, and Verizon Wireless. All of the carriers responded by the end of that month, and Markey made the responses public on his website on Monday.

According to the information Markey received, federal, state, and local law enforcement agencies issued some 1.3 million requests for phone records to US wireless carriers in 2011.

Most of the carriers reported that the number of requests from law enforcement had increased each year for the past five years. Verizon estimates it has seen about 15 per cent annual growth, while T-Mobile reckoned 12 to 16 per cent.

Aggressive law enforcement isn’t the only explanation for such numbers, however. Cricket Communications noted that the number of requests it received had increased by 77 per cent since 2007, but that this figure was in keeping with the growth of its subscriber base.

All of the carriers queried said they considered whether law enforcement had obtained a warrant before responding to a request, as the law requires.

All of the carriers said they distinguished between emergency and non-emergency situations when considering requests. In general, carriers are quicker to comply with law enforcement requests when “exigent circumstances” are present, such as when someone’s life is in immediate danger.

Several of the carriers said they did collect fees to make up for the cost of complying with surveillance requests, but most were quick to note that they were not entitled to actually profit from services to law enforcement. ATT says it does not believe the fees it currently charges cover its actual costs.

All of the carriers denied actively marketing their provision of information to law enforcement as a feature of their services, but all said they complied with any valid requests as required by law.

When asked directly, most of the carriers replied that they were “unaware” of any misuse of mobile phone surveillance by law enforcement.

At the same time, all of them admitted that they had rejected some requests, most often due a legal procedural reason. A subpoena might have been submitted without a signature, for example, or a subpoena may have been used when some other legal process was required for that specific case.

As to the issue of the extent to which law enforcement has been using individuals’ mobes to track their whereabouts, though, the information Markey obtained is murky at best. While many requests are for simple voice calling or SMS records, others demand more, and whether and how to comply with those requests is not always clear.

Sprint was surprisingly candid on this matter. “There is no statute that directly addresses the provision of location data of a mobile device to the government,” its letter to Markey’s office explains. “Given the importance of this issue and the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel.”

But even if Congress takes action, any information obtained from audits of wireless carrier data may show only the tip of the iceberg of mobile-phone tracking.

As ATT points out in its letter to Markey’s office, carriers aren’t the only potential sources for location data on mobile phone users. Third-party app makers might also gather location data, either from the phone’s GPS receiver or from Wi-Fi–hotspot or cell-tower mapping.

“The information from these sources is not available to or obtainable from ATT (or any other carrier),” ATT’s letter explains, “but can be every bit as detailed and comprehensive as any carrier information.”

Just how many times law enforcement may have requested information from these other sources, who they might be, and how many times they complied with requests, remains unknown. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/09/markey_wireless_snooping/

The DNSChanger Working Group’s replacement DNS servers were taken offline as scheduled on Monday, 9 July.

However, rather than leaving an estimated 300,000 machines without internet services it seems that many ISP have configured their own substitute DNS servers, so that at least some pox-ridden machines still have a safety net.

What this means is that “infection count continues to decrease without a major crisis in support calls,” according to a blog post by net security firm F-Secure. The Finnish security firm fielded three DNSChanger support queries of its own on Monday.

DNSChanger screwed the domain name system (DNS) settings of infected machines, redirecting surfers to dodgy websites as part of a long-running cybercrime. The FBI dismantled the botnet’s command-and-control infrastructure back in November, as part of Operation GhostClick.

The takedown would have left compromised Windows machines without the ability to reach services that resolved domain names into IP addresses, leaving them effectively cut off from the net. A court order, twice extended, allowed the Feds to set up replacement DNS Servers. This provision was allowed to die off on Monday, but even after months in which to act – and more latterly warnings from Google and Facebook – a minority of machines remained infected.

More than four million Windows PCs were infected by DNSChanger. This figure has dropped to below 270,000 or lower over the weekend (estimates vary).

Sean Sullivan, security advisor at F-Secure said: “According to the latest IP count, the number of affected users in the UK has dropped to just 13,832, down from 19,589 on June 11. Clearly, the publicity surrounding the deadline has helped to raise awareness and the message is getting through that users need to clean up their computers.

“What we have seen is that some large Internet Service Providers have set up their own substitute DNS servers so their customers can stay online,” Sullivan said. “So, despite the FBI being out of the game, that doesn’t necessarily mean that customers will be cut-off. It won’t solve the problem completely though, and these users will find that they can’t access the internet on their laptops from a Wi-Fi hotspot or friend’s house.”

Clean-up instructions and more background on the history of the malware and the operation that dismantled the huge cybercrime operation that exploited it can be found on the DNSChanger Working Group website here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/09/dnschanger_plug_pulled/

In an outstanding example of data-loss stupidity, a DVD containing email addresses and encrypted passwords for Australia’s Stay Smart Online Alert service has gone astray in the mail during a handover between contractors.

An e-mail sent to subscribers on 6 July and passed on to The Register by a reader states “the Department has been advised by a former external contractor that a DVD which included information provided by Stay Smart Online Alert Service subscribers was lost in Australia Post’s system, after being posted on 11 April 2012.”

The service is currently being re-developed, apparently by a company called Ladoo since its links exist in the advisory e-mail (more on this below).

The service is managed by the Department of Broadband, Communications and the Digital Economy, which has yet to respond to questions sent by The Register via e-mail during the weekend.

The e-mail also states “The Department has no reason to believe that this information has been found and misused by any third party and we do not believe that there is a privacy risk. We are informing subscribers consistent with a ‘best practice’ approach for privacy matters.

“However, if you have used the same username, memorable phrase and/or password for other websites or services you may wish to consider whether these need to be changed.”

For information, the e-mail suggests users visit the site www.staysmartonline.com.au, but in an ironic twist, the e-mail uses obfuscated links that redirect via ladoo.com.au for the Stay Smart Online Website, user preferences, and the “unsubscribe” link.

As Stay Smart Online states on its Website: “Don’t click on links in the message or paste a link from the message into your Web browser.”

The full e-mail is below. The Register has added the Ladoo links where they appear. In case the links are specific to the recipient, The Register has replaced the HTML file names at the end of redirected links. reg

Update: Since this story was first posted, a reader has alerted El Reg that the prior contractor, which sent the DVD by mail, was AUSCERT, as reported by Fairfax. reg

6 July 2012

Notification of Subscriber Data Loss

Dear Subscriber

We are writing to notify you that the Department has been advised by a former external contractor that a DVD which included information provided by Stay Smart Online Alert Service subscribers was lost in Australia Posts’ system, after being posted on 11 April 2012.

The external contractor provided the Alert Service on behalf of the Department of Broadband, Communications and the Digital Economy (‘the Department’) from 2008 until 29 April 2012, when its contract with the Department expired. As you may be aware, the Stay Smart Online Alert Service is currently being re-developed by the Department in collaboration with two new contractors.

As part of the expiry of contract handover process, the original contractor advised that it copied its SSO Alert Service subscriber database onto a DVD and, on 11 April 2012, posted this DVD to the Department using Australia Post’s express post service. Unfortunately, this DVD was never received by the Department. The original contractor has informed the Department that information on the missing DVD included subscribers’: usernames; email addresses; memorable phrases; and passwords which are unreadable (as cryptographic hash).

The Department has no reason to believe that this information has been found and misused by any third party and we do not believe that there is a privacy risk. We are informing subscribers consistent with a ‘best practice’ approach for privacy matters.

However, if you have used the same username, memorable phrase and/or password for other websites or services you may wish to consider whether these need to be changed.

For information on password security and other tips and advice on how to be safe and secure online, visit Stay Smart Online website (www.staysmartonline.gov.au). [Link: http://send.ladoo.com.au/ch/38192/1bjbv/1662928/LINK.html]

Regards

Stay Smart Online Team

CONTACT US Email: [email protected] [Link: [email protected]]

www.staysmartonline.gov.au [Link: http://send.ladoo.com.au/ch/38192/1bjbv/1662783/LINK.html]

You are receiving this message at the address [Removed for privacy reasons]

Click here [Link: http://send.ladoo.com.au/ch/38192/1bjbv/1658692/LINK.html] to update your profile preferences. If you no longer wish to receive the SSO newsletter, you can unsubscribe. [Link: http://send.ladoo.com.au/ch/38192/1bjbv/1656647/LINK.html]

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/08/stupid_stay_smart_contractor_posts_dvd/

Security researchers are warning of yet another Android malware outbreak which has spread to nine app stores and infected 100,000 with code designed to covertly purchase apps and content from China Mobile’s Mobile Market.

Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications, including those from Sina and media streaming company Funinhand, as well as travel and weather apps.

The malware has already been placed in nine different third party Android app markets in China, infecting over 100,000, the firm said.

Once downloaded, the Trojan will automatically place orders for paid content and apps at China Mobile’s official Mobile Market online store without informing the user.

It is able to intercept China Mobile’s verification SMS and post the code to the Mobile Market web site in order to complete the purchase, said TrustGo.

In the event of CAPTCHA being triggered at this stage, the malware will apparently send the relevant image to a remote server for analysis.

The advice from the security experts at TrustGo is for users to only download Android apps from trusted app stores and to have some form of real-time mobile security scanner installed on their device to prevent any dodgy downloads.

Visiting an apparently legit app store is no guarantee you’re going to get a malware-free experience, however.

Malware is frequently turning up on the official Android marketplace Google Play – although admittedly less frequently than on some of the more dubious third party sites.

The latest discovery came at the tail end of last week when researchers found malware that lifts the victim’s location data and address book info.

China in particular has been a hotbed of malicious Android activity for some time.

In April, the Chinese authorities were forced to publically reprimand the country’s two biggest mobile carriers, China Mobile and China Telecom, after uncovering “many problems” in their respective app stores.

Globally too, Android continues to be a favourite with cyber criminals.

Security firm Trend Micro is predicting the discovery of 129,000 malicious apps by the end of the year and has compiled this handy infographic detailing the main threats. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/09/android_trustgo_china_mobile/