STE WILLIAMS

Registered users of TechRadar have had personal details including their email addresses and dates of birth stolen in a breach of the UK consumer tech website’s database.

The online publication sent out emails to all users and posted an announcement on its site warning that its user registration database had been hacked, adding that details including usernames and passwords as well as emails and dates of birth had been taken.

“Our IT team has identified the cause of the problem and has taken action to rectify it,” TechRadar said on its site. “The forums have been closed and will remain closed until we are satisfied there are no further issues.”

The website said that the stolen passwords were encrypted, but it still advised users to change their password if they were using the same one on any other site.

TechRadar said it would be letting its users know how to sort out their passwords soon.

In the email sent out to users, the online publication, which is part of Future Publishing, said it wasn’t currently aware of “any misuse of this data”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/26/techradar_data_breach/

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company’s Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/26/ibm_goldcoast_supersecurity/

Trustwave’s SpiderLabs has completed an analysis of the passwords dumped on the Internet in this month’s eHarmony breach, and reached the depressing conclusion that too few people really seem to care about password strength.

Having recovered 80 percent of the 1.5 million passwords in the dump file, the company says only 0.5 percent contained a “special character”, with 41 percent containing letters only and 57 percent a combination of letters and digits.

The high popularity of purely alphabetical passwords was, the blog post by Trustwave’s Mike Kelly noted, made worse by the weak protection used by eHarmony. Its password storage was case-insensitive, as well as being in an unsalted MD5 format, reducing the time needed to crack the passwords.

As it was, more than 1.2 million passwords were cracked in 72 hours, using three NVIDIA GPUs and the oclHashcat and John the Ripper cracking tools.

Along with various discussions of the types of base words popular in passwords (dog names outnumber female names, only a small number of passwords included the word “password”, and so on) the analysis found that 89 percent of the recovered passwords were between six and ten characters long.

The post adds a further criticism to eHarmony, noting that its password reset function spits out passwords that are only five characters long, which can be bruteforced “in less than ten seconds” on one GPU.

There is, however, a caveat to the analysis: Threatpost says that since no single password was found more than three times in the 1.2 million recovered passwords, “this brings into question the integrity of the original dump and the possibility of modification by the dumper”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/25/people_slack_about_passwords/

The launch of a Twitter-like messaging service co-founded by UK politician Louise Mensch on Sunday has been accompanied by a huge security flap.

According to users who sent in complaints, Menshn.com allegedly harboured a variety of security flaws. Most glaring of these, one user insisted, was an alleged failure by the site – at least during its launch – to insist that users send their passwords over a secure (https) link, hence opening users to the potential risk of having their passwords or cookie credentials lifted.

Nick S, principal software engineer for Mobile Apps at Velti, documents one of the XSS issues that appeared on the site in a blog post here. The flaw created a means to expose surfers to malicious JavaScript, he said, and made clicking on any Menshn.com link from any outside source (such as Twitter) particularly dangerous.

However, Luke Bozier, who founded the site with Tory MP and chick lit queen Louise Mensch, has dismissed reports of problems with the site as bogus, reassuring early adopters that the social network is secure.

Bozier, a one-time Labour party flack who defected to the Tories this year, took to Twitter to issue a series of denials about supposed problems.

“It’s kinda funny when you read snippy geeks’ attempts at Sql Injection, but their SQL is really like what my 4 year-old would write,” he wrote. “Server has not crashed. No XSS attacks have succeeded. No SQL Inject attacks have succeeded. Menshn is a safe, clean secure environment. But I appreciate all the feedback from the tech community, and we are dealing with real issues that do arise,” he added.

The repeated reassurances flooded into Twitter well into the night, increasing in frequency after web designer Andrew White (@pixeltrix) claimed that passwords had initially been sent in the clear.

“Passwords are sent over normal http, not https – can be sniffed by other users in a coffee shop environment,” White warned.

White made this warning after obtaining Wireshark packet capture grabs. He later reported that menshn.com had applied secure login, resolving the problem.

“Passwords were being sent over the internet unencrypted until you switched to HTTPS… to deny problems will undermine trust, better to say there were problems, now fixed, no user data lost,” he wrote.

Another prominent critic of the initial security of the site was James Coglan, who warned about alleged cross-site scripting flaws and other problems. At times the extended exchanges between Bozier and Coglan, in particular, became more than a little tetchy.

Bozier claimed that there had never been any security problem with the service, describing warnings to the contrary as “spurious”.

“Reported security issues around menshn are unfounded. Your information (ie, your password) is safe unless your own computer has been hacked. I’m still waiting for somebody to prove menshn passwords can be stolen. Until then, perhaps best not to publish spurious claims.

“Menshn runs completely on an encrypted ‘https’ connection – all passwords, email addresses and everything else are secure,” Bozier concluded.

Screengrabs of these denials can be found here.

The Menshn.com social network aims to differentiate itself by offering access to online rooms featuring on-topic discussion of a particular theme. Euro 2012 and ukpolitics were selected as the two topics for discussion with the launch of the site in the UK on Sunday, 24 June. Comments posted to the service, which promises an environment free of spam and trolls, are deleted after a week. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/25/menshn_security/

Two LulzSec hacking suspects have admitted launching hacking attacks against the CIA and the UK’s Serious Organised Crime Agency.

Ryan Cleary, 20, of Wickford, Essex, and Jake Davis, 19, of Lerwick, Shetland, both admitted involvement in a string of computer hacking attacks at a hearing at London’s Southwark Crown Court on Monday. The two reportedly confessed to running distributed denial of service (DDoS) attacks against News International, Sony, Nintendo, Arizona State police, 20th Century Fox, HBGary Federal, Bethesda, Eve Online and others as part of operations run by various hacking groups including Anonymous, Internet Feds and LulzSec.

Cleary also admitted hacking into systems at the Pentagon.

However both men deny allegations they uploaded “unlawfully obtained confidential computer data” to public websites in order to encourage the commission of offences contrary to the Serious Crime Act.

Two other accused hacking suspects – Ryan Ackroyd, 25, of Mexborough, Doncaster, and a 17-year-old student from south London – deny charges stemming from their alleged participation in DDoS attack run by LulzSec. A trial of the pair on these charges was set for 8 April 2013.

LulzSec – or the Lulz Security hacking collective – began as an offshoot of the Anonymous hacking group. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/25/lulzsec_court_hearing/

The Internet Watch Foundation has made improvement of international co-operation a key objective in the next phase of its fight against the online distribution of child abuse content.

Establishing an international arm to fight paedophile content is at the centre of the Internet Watch Foundation’s (IWF) new three-year strategy, announced on Monday.

The IWF plans to share its expertise and skills with other countries as well as strengthening its global partnerships as part of push to repeat the progress made in tackling child abuse in the UK in other countries.

Last year, the IWF handled 41,000 reports of suspected criminal content, of which 13,100 were classified as images and videos of children being sexually abused.

The vast majority, more than 12,900, involved content hosted outside the UK. Three-quarters of youngsters abused in the depraved video clips and photos appeared to be 10 years old and under.

Close working relationships between the IWF and ISPs mean that child sexual abuse content hosted in the UK is typically removed in 60 minutes. Achieving take-downs of abusive content hosting overseas is often far less straightforward. Even so members of the IWF remove child abuse content when it is hosted abroad 40 per cent quicker than non-members.

Susie Hargreaves, IWF chief executive, said: “While we continue to excel at tackling online child sexual abuse content in the UK, the next three years will increasingly focus on sharing our expertise and skills internationally.

“From working closely with the online industry, we’ve reduced UK-hosted child sexual abuse content to less than 1 per cent compared to 18 per cent in 1997.

“We also have a great many partnerships with other charities, police, other INHOPE Hotlines and child protection and technology experts all over the world and we feel it’s our duty and the right time to have a closer focus on the international dimension,” she added.

The IWF was set up in 1996 by the internet industry in order to provide a UK internet hotline for the report of criminal online content, including child abuse images and criminally obscene adult content hosted in the UK. The IWF’s strategic plan can be downloaded here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/25/iwf_action_plan/

Hacker group Rex Mundi has published thousands of loan-applicant details it siphoned off from US payday loan outfit AmeriCash Advance.

The move follows AmeriCash Advance’s refusal to sump up $15,000 in what Rex Mundi describes as an idiot tax for maintaining insecure systems and what AmeriCash Advance characterises as an extortionate demand. Rex Mundi said it extracted AmeriCash Advance’s customer database on 15 June, via an insecure page designed for affiliates of the finance firm.

“This company which specializes in payday cash advances (basically small loans for low-income workers, which are vastly overpriced) left a confidential page unsecured on their server,” Rex Mundi explained. “This page allows its affiliates to see how many loan applicants they recruited and how much money they made. Not only was this page unsecured, it was actually referenced in their robots.txt file (Bad, bad move, guys).”

“We managed to download thousands of loan applicant records. This data contains the names of applicants, the amount they applied for, their email addresses and the last four digits of their SSN. In addition, some ‘problematic’ applications also include comments left by AmeriCash Advance’s employees about the applicant and the name of the applicant’s bank. As usual, we will publish those records on the internet if AmeriCash Advance does not pay us by next Tuesday,” it said.

In a statement supplied to Cnet.com, AmeriCash acknowledged that breach and condemned the alleged extortion attempt that followed, which it said it resisted.

On June 12, AmeriCash Advance received a fax, telling us that part of our website had been hacked. The letter went on to demand initial payment of $15,000 from us. We immediately notified the appropriate authorities and promptly took steps to ensure that no other data could be accessed. We will not cave in to blackmail, and are cooperating fully with the authorities to protect our customers and bring these criminals to justice.

AmeriCash added that it was in the process of notifying affected customers, warning them to be vigilant about possible follow-up phishing attacks or other malfeasance.

In response, Rex Mundi said it didn’t need to “hack” into AmeriCash Advance’s system because they were left wide open for anyone to enter.

AmeriCash Advance is yet to respond to our request for further comment on the breach. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/22/payday_loan_data_breach/

Julian Assange™ has spent his third night in the Ecuadorian embassy in London as he continued to await the outcome of his plea for political asylum from the South American country.

In the meantime, the WikiLeaker-in-chief has been grumbling to a radio station that his homeland of Australia had ditched him in his hour of need.

On Thursday, he told Australian Broadcasting Corporation (ABC) that the country where he was born had made an “effective declaration of abandonment” by declining to apply any political pressure to prevent Assange from being extradited to Sweden to face allegations of sexual molestation, rape and coercion.

He admitted, according to the Associated Press, that it was unclear whether Ecuador would recognise his plight.

“We had heard that the Ecuadoreans were sympathetic in relation to my struggles and the struggles of the organisation with the United States,” Assange explained to ABC.

However, Ecuador’s President, Rafael Correa, reportedly said yesterday that Assange’s asylum bid was still being carefully considered, and he did not indicate how quickly a decision might be made.

“We are going to have to discuss with and seek the opinions of other countries. We don’t wish to offend anyone, least of all a country we hold in such deep regard as the United Kingdom,” said Correa to reporters, after he arrived in Brazil for a climate summit.

He added: “Once a decision is made we can talk about safe passage and such things.”

That’s a statement which appears to suggest that Assange will indeed be granted political asylum in Ecuador: but which acknowledges the fact that he will be unable to reach South America without British consent.

As we reported on Wednesday, Assange’s bizarre plea for political asylum meant that the 40-year-old had broken one of the conditions of his UK bail terms, which had been in force since his arrest in December 2010.

He had been cuffed, courtesy of a European Arrest Warrant, by the Met’s extradition unit on behalf of Swedish authorities.

By taking up residence in the Ecuadorian Embassy’s flat in Knightsbridge, London, the computer hacker broke a curfew set out by Scotland Yard, which demanded that Assange remain holed up at his bail address between the hours of 22.00 and 8.00.

The moment he steps outside the door, Assange will be re-arrested under the Bail Act by police officers currently camped outside the embassy.

Meanwhile, Assange’s celebrity friends, some of whom raised more than £200,000 bail for his release, expressed surprise and embarrassment in response to Assange’s actions.

Long-term supporter Jemima Khan said on Twitter yesterday that she “personally would like to see Assange confront the rape allegations in Sweden and the 2 women at the centre have a right to a response”.

Before adding: “BUT there is no doubt that Assange has a real fear of being extradited to the US nor that the US gov is out to get WikiLeaks.”

She later clarified her comment by stating: “My tweet misinterpreted. Obvs I’d like Assange to answer allegations clear his name but I understand why he’s taken such drastic action.”

Earlier this week, Australian Prime Minister Julia Gillard said the WikiLeaks founder has enjoyed extensive consular assistance from Oz and added that he would continue to enjoy it. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/22/julian_assange_blames_australia_for_failing_to_save_wikileaks_chief/

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.

A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.

The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.

In a blog post published on Thursday, Symantec describes Milicenso as a “malware delivery vehicle for hire”. The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly “needed” to view content on compromised sites, and other similar ruses.

Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a “side effect” of the infection rather than the main goal of the cybercrooks behind the outbreak.

A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus’s main directory, as Symantec explains.

During the infection phase, a .spl file is created in [DRIVE_LETTER]system32SpoolPRINTERS[RANDOM].spl. Note the Windows’ default print spooler directory is %System%spoolprinters. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.

The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. “In our investigation, we observed various French sites being displayed at the end of the redirect chain,” Symantec reports.

Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/22/trojan_spews_gibberish_print_runs/

The Iranian government has warned of yet another cyberattack against its nuclear facilities.

Iranian state television reports that the discovery of the assault followed the breakdown on Tuesday of international talks related to Iran’s controversial nuclear programme, which Western governments allege is aimed at manufacturing nuclear weapons.

Iran’s Intelligence Minister Heydar Moslehi was quick to point the finger of blame towards the US, the UK and Israel over the attack.

“Based on obtained information, America and the Zionist regime (Israel) along with the MI6 planned an operation to launch a massive cyber attack against Iran’s facilities following the meeting between Iran and the P5+1 in Moscow,” Mosleh fumed to Iranian government mouthpiece Press TV (via Reuters).

“They still seek to carry out the plan, but we have taken necessary measures,” he added, without going into details about the assault.

The accusation follows the discovery last month of Flame, a cyber-espionage utility, that infected computers in Iran and other Middle Eastern countries. The latest theories suggest Flame carried out reconnaissance work on closed networks associated with Iran’s nuclear program which were later targeted by the infamous Stuxnet worm, which was discovered in June 2010.

Stuxnet was aimed at sabotaging high-speed centrifuges at the main Iranian enrichment facility after infecting systems on associated industrial control networks. An early version of Stuxnet features USB drive infection routines that match those from a Flame module and take advantage of the same Microsoft vulnerability, which was unlatched at the time of the original attacks.

It’s unclear if the cyber attack denounced by Moslehi was related to a variant of Flame or some new strain of malware.

Unnamed US officials have confirmed over recent weeks that both Stuxnet and Flame were developed as apart of a joint US/Israeli operation aimed at sabotaging or otherwise delaying Iran’s nuclear programme without resorting to air strikes against nuclear facilities. Both strains of malware were developed under Operation Olympic Games, an op that kicked off around 2006 under the Bush administration and was later continued under Barack Obama. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/22/iran_cyber_attack_complaint/