STE WILLIAMS

MCLEAN, Va., Nov. 6, 2013 /PRNewswire/ — The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch (NASDAQ:
CTCH), a leading provider of Internet security technology and cloud-based services.

(Logo: http://photos.prnewswire.com/prnh/20130731/MM56946LOGO)

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%.
PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch’s GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

“The Q3 Trend Report highlights that the complexity of cybercriminal attacks is increasing,” said Lior Kohavi, Chief Technical Officer at Commtouch. “Their campaigns are usually targeting end users – to protect the users, Internet service providers, email hosters, and content providers must be aware of these trends and continually improve their tools to fight these cybercriminals.”

Other report highlights:

— In the third quarter of 2013, spam levels continued to drop. The average
daily amount of spam for the quarter was 69 billion messages compared to
the second quarter’s 83 billion – a drop of approximately 17%. Although
the quarterly level is the lowest in more than four years, the average
per month had been increasing since June’s historic low of 63 billion
messages per day until the drop in September. During Q3, spam
represented 70% of all emails sent globally, dropping as low as 62% at
the start of August.
— The most popular spam topic was dieting with a share of 40.2% (in Q2 it
took position three, with 10.8%). Stock spam moved from 7th position
(4.7%) in Q2 to 2nd position (20%) – so called penny stock spam could be
seen on a regular basis in the last quarter.
— The average daily amount of malware found in emails remained almost
unchanged compared to last quarter at nearly 2 billion emails per day.
This average hides the steady increase from July to September which
included outbreaks of double the daily average.
— India remains the world’s top zombie hoster: During the third quarter of
2013, India stayed in first place with the most spam-sending bots –
although their share dropped by 6% to 13.2%. Russia appeared to absorb
most of this percentage and moved from 8th place into 2nd. New entries
include Ukraine, Saudi Arabia, and Spain, while the United States,
Serbia, and Mexico dropped out of the top 15.
The Commtouch Security Lab’s quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch’s GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit:
www.commtouch.com/threat-report

About Commtouch
Commtouch (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer’s solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch’s email, Web, and antivirus capabilities easily integrate into our customers’ products and solutions, keeping safe more than 550 million end users. To learn more, visit www.commtouch.com.

— Blog: http://blog.commtouch.com/cafe
— Facebook: www.facebook.com/commtouch
— LinkedIn: www.linkedin.com/company/commtouch
— Twitter: @Commtouch
Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch. All other trademarks are the property of their respective owners.

Article source: http://www.darkreading.com/attacks-breaches/commtouch-q3-internet-threats-trend-repo/240163634

The alleged paedophile wanted 15 minutes of what he thought would be a 10-year-old naked Filipina girl giving him a sex performance in front of a webcam.

He didn’t want to pay too much, though.

The “girl” – a CGI character named “Sweetie” created by researchers from the Netherlands charity Terre des Hommes – asked for $15 (£9), but the alleged predator talked her down to $10 (£6).

A sample of the conversation was reproduced in the charity’s PDFwriteup of a mass paedophile sting undertaken to battle webcam sex tourism.

It took place on 26 April between a researcher, who posed as Sweetie using an application – “Sweetie1000” – that relies on cutting-edge, Hollywood-style animation, and the predator, identified as a 35-year-old father of two from Atlanta, Georgia, in the US.

The predator was only one of 1,000 identified by Terre des Hommes researchers after the alleged child abusers were caught in the act of soliciting webcam sex performances from Filipino children.

The number of alleged predators who have been identified is, in turn, only a small percentage of the 20,172 predators from 71 countries who responded to the researchers’ lure, asking for webcam sex performances.

The researchers identified the suspects using information available in public online databases and data provided by predators, they said:

No computer hacking or illegal methods were applied. Instead, we just asked predators to provide identifying information under the fictional pretext – a technique known as “social hacking.”

Four researchers spent a combined total of 1,600 hours over the course of 10 weeks posing as prepubescent Filipina girls in 19 public online chat rooms.

Details of the suspects’ identities and activities have been submitted to Interpol.

The researchers gave these details in an FAQ to depict how the extremely convincing character of Sweetie came to life:

First, her face and body were modeled to resemble a 10-year-old Filipina girl. In that model, specific points were marked at which her joins [sic] and muscles move. Then we used motion sensors to record the exact sequence of motions that a person performs while chatting with people online – typing, smiling, frowning, looking up, down, and side to side. Those motions were captured and recorded from a human model wearing motion sensors and the motion sequences were programed into an application that controls the way Sweetie moves on command. We used a control board that had pre-programmed motions and facial expressions, so while the researchers chatted with predators, predators would see Sweetie typing while the researchers typed to ensure precise timing.

Terre des Hommes’s research suggests that predators will pay between $10 and $100 per show, depending on whether transactions are made through a pimp or a middleman, how long the show lasts, and the nature of the performance.

The suspected predators will only be prosecuted if police manage to gather their own evidence.

The biggest problem in battling this type of child abuse is that police don’t investigate predation until a crime is reported, the charity says.

But in the case of webcam sex tourism, victims don’t usually report the crimes for a number of reasons, whether it’s financial dependency or that they’re trafficked slaves held captive in “dens” where they may also endure physical abuse and neglect, the charity says.

Often … children are intimidated and fearful of consequences or they and their families depend on the income generated through webcam sex performances.

How is this not entrapment?

Terre des Hommes explains:

[Avoiding entrapment] is done by using as little overt “influence” as possible and luring individuals rather than targeting them based on suspicion. Luring individuals with an opportunity to commit a specific crime is a passive method of identifying people who are already inclined to commit that crime.

For example, researchers lured individuals via chat names that suggested that they were prepubescent girls, the charity said:

The opportunity to commit a crime was presented when adults in chat rooms were faced with a supposed minor whom they had the option to respect or abuse. Individuals who contacted the supposed minor were presumed innocent until they actually committed a crime on their own volition.

Terre des Hommes regards individuals who initiate contact and request a sexual webcam show from someone claiming to be a child as predators actively attempting to abuse children.

Such individuals are, in fact, considered to be inclined or predisposed to committing the crime, the charity says.

I agree with Terre des Hommes.

Do you? Let us know in the comments section below.

Terres des Hommes is offering law enforcement agencies a toolkit that explains its method of finding and identifying online predators. It’s also offering operational Sweetie1000 software and training in its use.

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/kLo8jMQnfpM/

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Apple has joined Facebook, Google, Microsoft, Twitter, and Yahoo!’s transparency club, releasing a detailed report on the numbers and types of requests for personal records it has received from law enforcement and government agencies around the world.

“We have reported all the information we are legally allowed to share,” the report, issued Tuesday, states, “and Apple will continue to advocate for greater transparency about the requests we receive.”

The report’s Account Information Requests table, below (click to make readable), lists the exact number of requests received, acted upon, and other details from the 31 countries from which Apple received such requests. “Some countries are not listed in this report,” a note reads, “because Apple has not received any information requests from the government there.”

Among the 31, only one country disallows companies from revealing the exact number of requests. Yes, you guessed right: the good ol’ U.S. of A.

“At the time of this report,” Apple notes, “the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts.”

Account requests, Apple says, commonly involve law enforcement asking for information regarding robberies or other crimes, as well as searches for missing persons or kidnapping victims.

“In very rare cases,” the report says about account requests, “we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances.”

In the report, Apple manages the somewhat contortionistic feat of simultaneously patting itself on the back while sticking its thumbs in the eyes of such companies as Google, Facebook, Twitter, and the like. After saying that the privacy of their customers is “a consideration from the earliest stages of design for all our products and services” and that they “work hard to deliver the most secure hardware and software in the world,” the thumbs comes out:

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form. … Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information.

In addition to the information on requests for account information, Apple also provides details on device requests, of which they say “the vast majority” relate to lost or stolen devices. “These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.”

Apple also notes that it has never received an order to release information under Section 215 of the USA PATRIOT* Act.

That section, under challenge by such civil liberties organizations as the EFF and the ACLU, allows the FBI – and who knows what other federal authorities – to obtain secret clearance from the FISA court to obtain information from a company about you and your activities, ostensibly to “to protect against international terrorism or clandestine intelligence activities.” The company must hand over that info to the investigators under a gag order that prevents them from ever informing you+world+dog that they even received the order.

“We would expect to challenge such an order if served on us,” Apple says. However, we may never know whether or not they were so served, or if they challenged such an order. Section 215 remains the law of the the land here in the good ol’ U.S. of A. ®

Bootnote

* Do know that the USA PATRIOT Act is so capitalized because its common name is an acronym for its full name: the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/05/apple_transparency_report_sticks_thumb_in_eyes_of_google_facebook/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Cyber-crooks are making the first steps towards using advanced malware to target mission-critical corporate ERP applications, such as SAP.

A new variant of the well-known Shiz remote access trojan (RAT) searches infected systems for the existence of SAP applications. Previous versions of the malware were designed simply to compromise Windows PCs with a remotely-accessible backdoor before stealing confidential data such as passwords and cryptographic certificates connected to online banking.

The new variant includes all of these standard remote access trojan capabilities as well as SAP-related features whose immediate purpose is unclear.

“All it does right now is to check which systems have SAP applications installed,” according to Alexander Polykov from SAP security specialists ERPScan. “However, this might be the beginning for future attacks.”

Dana Tamir, director of enterprise security at Trusteer, an IBM-owned anti-malware firm, said the latest variant of Shiv might be further developed to hook into corporate ERP systems to either steal data or cause disruption.

“SAP provides workstation client software that communicates with SAP application servers,” Tamir explains in a blog post. “These clients serve as the entry point to a wide range of the business SAP applications. The configuration files of these SAP client applications contain the IP addresses of the SAP servers they connect to. Once attackers have remote access to the infected PC, they can easily read the configuration files and GUI automation scripts, grab user credentials, and even hook into the application processes.”

“SAP applications provide an integrated view of business processes that range from finance and accounting to extended supply chain operations. Large enterprises and global companies rely on these mission-critical applications to provide accurate, up-to-the-minute operations and financial information. Attacks against SAP applications that cause downtime or result in data leakage can put businesses at significant risk,” she added. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/sap_rat_malfeasance/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software.

TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data on discs.

Cryptography expert Bruce Schneier uses TrueCrypt on an air-gapped PC to work on NSA files leaked by Edward Snowden. Yet this isn’t quite the ringing endorsement it might seem at first.

Schneier, who has found flaws with the hidden volume feature of the software in the distant past, uses the utility in preference to Microsoft’s BitLocker and Symantec’s PGPDisk, essentially because it’s independently developed rather then because he wholeheartedly trusts the tool.

The source code for the Windows, Linux and Mac OS X utility is publicly available for inspection but this alone has failed to convince security experts that it’s secure. Researchers had been unable to prove that the downloadable Windows executable, built by the anonymous TrueCrypt team, can be put together from the published source code, This in turn spawned nagging doubts that the extra code might contains hooks to a backdoor that could permit the decryption of users’ data without a password.

Concerns about TrueCrypt have risen to the fore because of the ongoing controversy over Bullrun, the NSA’s effort to work with hardware and software technology vendors to weaken encryption systems and their underlying components.

The IsTrueCryptAuditedYet project, established by security experts three weeks ago, aims to put confidence in TrueCrypt on a sound footing by raising funds to run an independent cryptographic and security audit. Kenn White, a systems engineer who co-founded BAO Systems, a hosted services provider to the health sector, and Matthew Green, a cryptographer and research professor at Johns Hopkins University, and the two main founders of the project, whose manifesto can be found here.

As well as running a cryptanalysis and security audit of TrueCrypt version 7.1a, one of the latest builds, the team behind the project also want to sort out licensing issues that have prevented TrueCrypt from being bundled with Linux distributions including Ubuntu, Debian and Red Hat. There’s also talk of setting up a bug bounty scheme.

Huge strides have already been made both by the project itself and its allies. The project has attracted donations of $22,000 through 126 pledges to FundFill as well as a further $35,000 through Indiegogo, well past its initial funding target on the latter site of $25,000 within two months.

Researcher compiles TrueCrypt from the public source – is it repeatable?

A security researcher has compiled TrueCrypt 7.1a for Win32 and matched the official binaries.

Xavier de Carné de Carnavalet a master’s student in information systems security at Concordia University, Canada, explains how he carried out this task in a detailed blog post here. In order to attain the goal of a “fully audited, independently verified repository and software distribution” for TrueCrypt it would be beneficial if other researchers were able to repeat this process, if for no other reason than to verify de Carnavalet’s claim.

In other developments, TrueCrypt’s anonymous developers have been in touch with the researchers behind IsTrueCryptAuditedYet project to offer their support to the audit.

“We have made contact with the TrueCrypt development team,” an update to auditing project’s blog explains. “They have stated a commitment to a thorough, independent security audit and cryptanalysis of the code. They did ask that we remind the community (and fellow researchers) of the TrueCrypt security model, and related caveats of what the software does and does not guarantee to do.”

TrueCrypt’s developers are open about the fact that the software is unable to secure data on a computer compromised by malware or a hardware keylogger. Data stored in volatile memory is also up for grabs, given physical access to a powered-up machine; an aspect of the technology well known in the computer forensics business – if not in the wider IT community – for some years.

Encryption tools are not a panacea. Unless a user follows best practices, and operational security guidelines are followed, then any protection will be stripped away by intelligence agencies or other capable attackers.

The audit of TrueCrypt is proposed more in the spirit of verifying the security of the software rather than a search to confirm suspicions. TrueCrypt’s developers have stated there’s no backdoor in the software – but such statements can no longer be taken on trust, hence the need for independent cryptanalysis and a code review.

Both are painstaking tasks requiring a particular mindset and (normally) years of experience, hence the need to solicit donations to hire a professional firm to carry out the task. Expecting the job to be done by hobbyists is unrealistic.

In a Twitter update last Friday, Green confirmed that the pieces are falling into place for a professional audit to be carried out.

In (hopefully) non-NSA news, the Truecrypt audit is happening! We received a formal SoW for a very thorough commercial audit.

— Matthew Green (@matthew_d_green) November 1, 2013

He added in later tweets that the name of the firm who submitted the tender is being withheld pending evaluation of its offer and those from potential rival bids.

In the meantime the request for further donations is continuing. “Funding is strong will continue [for around] 45 days,” White told El Reg. “We’ve got multiple commercial bids in prep now.” ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/truecrypt_audit_is_go/

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Apple has joined Facebook, Google, Microsoft, Twitter, and Yahoo!’s transparency club, releasing a detailed report on the numbers and types of requests for personal records it has received from law enforcement and government agencies around the world.

“We have reported all the information we are legally allowed to share,” the report, issued Tuesday, states, “and Apple will continue to advocate for greater transparency about the requests we receive.”

The report’s Account Information Requests table, below (click to make readable), lists the exact number of requests received, acted upon, and other details from the 31 countries from which Apple received such requests. “Some countries are not listed in this report,” a note reads, “because Apple has not received any information requests from the government there.”

Among the 31, only one country disallows companies from revealing the exact number of requests. Yes, you guessed right: the good ol’ U.S. of A.

“At the time of this report,” Apple notes, “the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts.”

Account requests, Apple says, commonly involve law enforcement asking for information regarding robberies or other crimes, as well as searches for missing persons or kidnapping victims.

“In very rare cases,” the report says about account requests, “we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances.”

In the report, Apple manages the somewhat contortionistic feat of simultaneously patting itself on the back while sticking its thumbs in the eyes of such companies as Google, Facebook, Twitter, and the like. After saying that the privacy of their customers is “a consideration from the earliest stages of design for all our products and services” and that they “work hard to deliver the most secure hardware and software in the world,” the thumbs comes out:

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form. … Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information.

In addition to the information on requests for account information, Apple also provides details on device requests, of which they say “the vast majority” relate to lost or stolen devices. “These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.”

Apple also notes that it has never received an order to release information under Section 215 of the USA PATRIOT* Act.

That section, under challenge by such civil liberties organizations as the EFF and the ACLU, allows the FBI – and who knows what other federal authorities – to obtain secret clearance from the FISA court to obtain information from a company about you and your activities, ostensibly to “to protect against international terrorism or clandestine intelligence activities.” The company must hand over that info to the investigators under a gag order that prevents them from ever informing you+world+dog that they even received the order.

“We would expect to challenge such an order if served on us,” Apple says. However, we may never know whether or not they were so served, or if they challenged such an order. Section 215 remains the law of the the land here in the good ol’ U.S. of A. ®

Bootnote

* Do know that the USA PATRIOT Act is so capitalized because its common name is an acronym for its full name: the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/05/apple_transparency_report_sticks_thumb_in_eyes_of_google_facebook/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Personal information, financial records and salacious details about 850,000 celebrities, top executives and other customers were swiped by hackers from a limo-booking software company, it is claimed.

The attacked biz, said to be CorporateCarOnline based in Missouri, brokers reservations for limousines and other rental cars nationwide. The firm has yet to respond to The Register‘s request for comment.

Fortune-500 chief execs and A-list celebs are believed to be among those whose credit card details and addresses were dumped in a plain-text archive on the same servers that housed source code and private data slurped from Adobe and PR Newswire by miscreants.

Investigative journo Brian Krebs, who broke the news of the data raid with Hold Security, reckons the limo bookings grab is therefore part of a larger hacking operation.

“On September 28, Hold Security Deep Web Monitoring identified a database with nearly 10 million records on the same server where Adobe and PR Newswire data was found,” Hold said in its report. “[The database] was identified to belong to CorporateCarOnline, who later confirmed the ownership.”

It’s likely the attackers exploited security shortcomings in Adobe’s ColdFusion platform to lift the database some time before September 10.

According to Krebs, the infiltrators were able to access details on captains of industry to film and basketball stars. Other possible casualties of the attack include a number of US politicians and executives at companies including Boeing, Morgan Stanley and, er, Lego.

In addition to plundering customer credit-card details and exposing VIPs’ travel plans, Krebs suggested that miscreants armed with the treasure trove of information could blackmail or coerce high-profile targets or otherwise compromise their businesses and family lives.

“This database would be a gold mine of information for would-be corporate spies or for those engaged in other types of espionage,” he wrote. “Records in the limo reservation database telegraphed the future dates and locations of travel for many important people.”

Perhaps he’s also referring to this message found in the data dump, which was apparently sent to a customer after a stretch Hummer was rented: “We do not allow any sexual activities in the car and we have found sex toy while cleaning the car. We have charged your card for cleaning fee of $100 since we had to send [the] limousine to the car wash to get it detailed after all the activities during your rental.”

Oh-err. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/hackers_claim_celebrity_data_from_limo_site_heist/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

An international sting has trapped “international Webcam sex tourists” from 65 countries by using an avatar in place of a 10-year-old child to solicit viewers into asking for on-camera sex acts.

The avatar, dubbed “Sweetie”, was developed and operated by the Dutch arm of international group Terres Des Hommes, and was operated from The Netherlands. The group claims it identified more than 1,000 adults “willing to pay children in developing countries to perform sexual acts in front of the webcam” by using the avatar.

In all, the group claims that 20,000 people approached the “child”, and through those interactions, Terres Des Hommes researchers sought further information via social media to try and identify the individuals making the approaches. The group is using its research as the basis of a world-wide petition for governments to “adopt proactive investigation policies”, it says.

While the report doesn’t identify the list of countries in which predators were identified, other news reports have included Australia, Britain, the USA, Canada, Ireland, Japan and Korea.

Terres Des Hommes’ child-like avatar

Not everybody is delighted at the result. Europol told Reuters that “criminal investigations using intrusive surveillance measures should be the exclusive responsibility of law enforcement agencies”, while Andy Baker of the UK’s National Crime Agency http://www.bbc.co.uk/news/uk-24818769 told the BBC that “tackling child sex abusers is best left to specialist law enforcement agencies”.

Terres Des Hommes defends its actions, stating that it hasn’t indulged in entrapment: “Individuals who initiate contact and request a sexual webcam show from someone claiming to be a prepubertal child are not victims of entrapment. Terre des Hommes Netherlands regards those individuals as predators who are actively attempting to abuse children through WCST and who can therefore be considered “inclined” or predisposed to commit this crime.”

The group has posted a YouTube video about its use of “Sweetie” here. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/child_protection_group_deploys_avatar_to_trap_webcam_creeps/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Government websites were defaced in the Philippines by hackers who claim affiliation with Anonymous amid a protest against alleged corruption.

The vandals hijacked sites on Sunday with a message that attempted to rally support for a demonstration against lawmakers’ alleged misuse of public money, and demanded the abolition of so-called “pork-barrel funds”. Both federal and local government agencies were hit by the online attack, which involved replacing the content of websites with political graffiti.

The state postal agency, the Insurance Commission, an anti-piracy agency (always a popular type of target when Anons are on the loose), and the Sugar Regulatory Administration were among those redecorated. The Philippine embassy’s website in Seoul, South Korea, was also compromised, Reuters reports.

“We apologise for this inconvenience, but this is the easiest way we could convey our message to you, our dear brothers and sisters who are tired of this cruelty and this false democracy, tired of this government and the politicians who only think about themselves,” the hacktivists’ politely worded message stated.

Amid the row over the alleged misuse of public cash, Philippines President Benigno Aquino has insisted that he is cracking down on corruption. Meanwhile, the brouhaha has made it difficult for the top politician to push forward his planned economic reforms.

The Philippine Daily Inquirer offers further context, here; the controversy has been rumbling on for 14 months, during which government websites have come under waves of attack by defacers.

The latest ‘net assault in the Philippines comes a week after the website of Singapore’s main paper The Straits Times was hacked by someone also claiming to be a part of the infamous Anonymous hackivist collective.

Jason Hart, veep for cloud solutions at SafeNet and a computer security expert, argued the recent run of attacks in southeast Asia ought to serve as a wake-up call to organizations all over the world.

“The Straits Times and the Philippine government websites are the latest casualties in a long list of organisations who have fallen victim to a website defacement,” according to Hart. “While no data was taken on this occasion, with hacking attempts becoming almost a daily occurrence, it’s clear that being breached is not a question of ‘if’ but ‘when’. Therefore, companies need to ensure they are taking the necessary precautions. This means using best practice data protection to guarantee that data is effectively useless when it falls into unauthorized hands.

“Too many security departments hold on to the past when it comes to strategy, focusing on breach prevention rather than securing the data that they are trying so hard to protect.

“If a cyber-criminal wants to hack the system or steal data, then they will find one way or another to do so. Thus companies need to focus on what matters most – the data – by utilizing technologies such as encryption that render any data useless to an unauthorized party.” ®

Bootnote

To mark the Fifth of November – Guy Fawkes’ Day in England – Anonymous is promoting street protests in the US, Philippines and many locations elsewhere under the rallying callhashtag ‬MillionMaskMarch.

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/anon_philippines_defacement_protest/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Android’s Achilles Heel is not Google, but vendors who pack their devices chock-full of dodgy software.

That’s the conclusion reached by North Carolina State University researchers led by Xuxian Jiang, who has spent some time analysing Android security.

In the latest work, co-authored with Lei Wu, Michael Grace, Yajin Zhou and Chiachih Wu, the NCSU researchers analysed ten phones from five vendors. Their top-line results are:

• More than 85 per cent of pre-loaded smartphone apps carry excessive privileges;
• Most of those overprivileged apps were vendors’ own customisations; and
• Between 64 per cent and 85 per cent of the vulnerabilities the researchers discovered arose directly from vendor customisations.

The vendor phones they examined included Google’s own Nexus 4 and Nexus S; Samsung’s Galaxy S2 and S3; HTC’s Wildfire S and One X; LG’s Optimus P350 and P880; and Sony’s Xperia SL and Arc S variants.

In devices released before November 2012, the Nexus S and Wildfire S led the shame-walk. In both of these devices, more than 90 percent of pre-installed apps had excessive privileges (that is, they demanded access to features that were either unnecessary to the app, or exposed the users); while in post-2012 release kit, the worst offenders were the Optimus P880 (more than 90 per cent of apps) and the Galaxy S3 (more than 87 percent).

Considering that the best performer in the entire test sample, the HTC One X, still had more than 78 per cent of pre-loaded apps claiming excessive privilege, there’s hardly any reason for any vendor to laugh-and-point at the worst offenders.

The One X had the best vulnerability performance, at just 1.79 per cent of pre-loaded apps, while the Wildfire S was the worst at 14.97 per cent of apps.

The researchers also noted that the number of vulnerabilities on devices had no correlation to the number of apps or the size of pre-loaded code on them: “both Sony devices perform very well, despite having a very large number of apps, while the LG devices do poorly on security even though they have the fewest apps of any non-reference device”, they write. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/06/android_security_problems_come_from_phone_vendor_apps/