STE WILLIAMS

A 12-year-old Canadian boy has pleaded guilty to hacking government and police websites during the 2012 student uprising in Quebec under affiliation with the Anonymous brand of hacktivists.

According to the Toronto Sun, the fifth grader, who lives in the Montreal suburb of Notre-Dame-de-Grâce, appeared in youth court on Thursday, accompanied by his father.

The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun.

The student uprising of spring 2012, which lasted into that fall, was sparked by outrage at a proposed tuition hike and spiraled into a have v. have-nots version of Occupy Wall Street, marked by the use of Molotov cocktails on one occasion, police use of rubber bullets and tear gas, and serious injuries to both police and protesters.

Be that as it may, the boy’s lawyer told the court that the 12-year-old’s actions in hacking the sites weren’t politically motivated:

He saw it as a challenge, he was only 12 years old. … There was no political purpose.

The paper reports that the young hacker has been involved with computers since he was 9.

The court was told that the targeted sites suffered three types of attack:

• Distributed denial of service (DDoS) attack: An attack wherein the aggressors bombard a target with requests designed to consume so much of its resources that it becomes unusable.
• Defacement of pages. See Pastebin for a message posted on the Montreal police’s website in French and English.
• Exploiting security holes in order to access database servers.

Others have reportedly been arrested for the attacks, but it was the boy who opened the door to enable them, the court was told.

The young hacker reportedly managed to get at personal information belonging to the sites’ users and administrators.

According to the Toronto Sun, he traded the pirated information to Anonymous in exchange for video games.

He also taught others how to hack, police experts told the court, though he reportedly warned them against going overboard, lest they get caught.

The Toronto Sun says that the court heard testimony from somebody who said that the tween put it this way:

It’s easy to hack but do not go there too much, they will track you down.

I guess he went there too much, because they certainly did track him down.

Is he the youngest hacker ever to be caught?

Mafiaboy – the Canadian hacker who DOS’ed Yahoo, eBay and E*TRADE wound up in jail at the tender age of 15.

Canada: they grow more than maple trees up there!

Michael Calce – Mafiaboy’s real name – would go on to write in his book – “Mafiaboy: A Portrait of the Hacker as a Young Man” – that the attacks he unleashed in 2000 were “illegal, reckless and, in many ways, simply stupid.”

He wrote:

At the time, I didn’t realize the consequences of what I was doing.

Calce wound up pleading guilty to 56 counts stemming from hacking and attacking the sites and was sentenced to eight months in “open custody” at a rehabilitation home for youths, with another year spent on probation.

Parents, are your kids extremely talented with computers?

What are you doing to ensure they’re chatting rather than DDoSing? Programming for good instead of draining databases like some kind of cyber Dracula?

Please feel free to share with us how, exactly, you’re managing to rein in technical talent so you and your child stay out of court.

Follow @LisaVaas
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/kCnbX94OMIE/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits.

Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were compromised. The infected machine have been withdrawn from service, with their workloads migrated to new, more secure servers.

In a statement about the breach, the PHP.net team reassured developers that neither the source tarball downloads nor the Git repository were modified or compromised.

The possibility of code depositories being tainted is the worst possible outcome of this kind of breach, so it comes as a relief that nothing that might lead to the distribution of backdoor code has resulted as a consequence of the hack.

SSL access to php.net websites has been temporarily suspended pending the installation of a new SSL certificate. As an additional precaution, user passwords will be reset.

The team behind the php.net site explain their rationale for these actions, and their progress in restoring normal services, in a detailed blog post (extract below).

We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time.

All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read-only mode as services are brought back up in full.

As it’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.

Php.net has promised to produce a full post-mortem on the attack after its team gets through restoring services to normal. Problems with the php.net site were flagged up on Thursday when Google began blocking access to the site after its Safe Browsing technology – used in its Chrome browser, Mozilla’s Firefox browser and Apple’s Safari browser – detected that that some php.net pages were booby-trapped with links to malicious software.

This meant that surfers visiting the PHP.net site using Google Chrome, for example, were confronted by a warning (screenshot here) firmly instructing them not to proceed any further.

PHP is an open-source web development language used on millions of websites, including those powered by the popular WordPress and Joomla suites. Hundreds of thousands of developers were potentially exposed to the attack, even though it’s likely that only a small percentage were actually pwned.

The hack itself was quite devious and deliberately designed to resemble a false positive.

However, security researchers at Barracuda Networks captured and shared a PCAP (packet capture) file that shows the malicious behaviour.

Subsequent analysis by security tools firm Alien Vault exposed a sophisticated attack, featuring obfuscated content and DNS trickery, ultimately aimed at running drive-by download-style attacks through the Magnitude Exploit Kit. The hack ultimately targeted vulnerable Java or Adobe Acrobat Reader browser plugs in on the machines of visiting surfers.

“Based on that information we have determined that somehow the attackers were able to inject a malicious iFrame into the PHP.net website that was redirecting to an Exploit Kit,” a detailed blog post by Alien Vault’s Jamie Blasco explains.

As Barracuda notes, if the intention was simply to distribute malware, then hacking into the ad network of a popular site like php.net would have been the more logical and straightforward path to take. The unknown attackers behind the assault have taken the trouble to cook up something far more complex and this naturally leads to the suspicion that we’re more likely to be dealing with cyber-espionage of some sort, rather than more conventional profit-motivated malware distribution. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/25/phpnet_compromise_analysis/

ARMONK, N.Y., Oct. 25, 2013 /PRNewswire/ — IBM (NYSE: IBM) inventors have developed a technique for protecting sensitive data prior to transmitting it to the cloud. The patented invention will overcome barriers to client adoption of cloud computing solutions by ensuring that private or proprietary information is secured before transferring it for processing by cloud computing services.

(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO )

IBM’s patented security invention addresses cloud computing apprehensions by helping clients effectively protect confidential and private information in the cloud. This can help businesses meet regulatory requirements regarding the handling of sensitive client data. IBM received U.S. Patent #8,539,597: Securing sensitive data for cloud computing for the invention.

“Patents like this help to solve real-world security challenges that are inhibiting cloud computing growth,” said Josyula Rao, IBM Director of Security Research. “IBM’s investment in research and development is producing innovations that will advance the company’s cloud computing and security leadership.”

Maintaining the privacy and security of sensitive data is frequently cited as one of the main reasons for client anxiety about cloud computing. Consequently, protecting vulnerable data from unintended exposure is a prerequisite for cloud service providers.

IBM’s invention helps overcome security concerns by redacting, removing or replacing sensitive data from records that are being sent to the cloud for processing. It then restores the sensitive data when the records are returned from the cloud.

IBM’s patented cloud technique enables clients to use cloud-based services without risking the release of sensitive data into cloud environments, alleviating security and privacy concerns due to information disclosure or attribution.

IBM provides the security intelligence to help organizations protect their people, data, applications and infrastructure. IBM operates one of the world’s broadest security research and development organizations. IBM manages and monitors 15 billion security events every day for nearly 4,000 clients around the world and holds more than 3,000 security patents. For more information on IBM security, please visit: www.ibm.com/security.

Article source: http://www.darkreading.com/management/ibm-labs-develops-new-method-for-securin/240163163

JACKSONVILLE, Fla., Oct. 25, 2013 /PRNewswire/ — Retina-X Studios, LLC announced today the release of Net Orbit v3.0 monitoring software for company networks. The software allows employers to pinpoint slacking employees in real time by visually monitoring client workstations.

Inside the Net Orbit application, thumbnail images for all workstations are rapidly updated on the Manager’s desktop. They can see exactly what every employee is doing at any given moment. Single or multiple screens of each workstation can be silently viewed full size with the option of seizing remote control of any workstation.

Net Orbit enforces Acceptable Use Policies and gives employers the ability to hold evidence of embezzlement, harassment, poor performance or any other unauthorized activities that may occur on the company network.

“We originally purchased this software to monitor our web support team, but now I think it should be installed on all of our workstations,” explains Steven Covino, CFO for Covino Farms. “We suspected employees may be abusing company time, but now we will know for sure.”

For deployment, the manager installs the Admin Console onto their own workstation. A small hidden app is then quickly installed to each client workstation to be monitored. The manager then has the ability to view all of the monitored screens at once, or individually. This birds-eye view gives them the instant ability to see which employees are goofing off or worse.

“The risk of company loss is much greater when your employees are unsupervised,” explains Craig Thompson, Director of Support for Net Orbit. “Your own workers could be wasting work time on the computer and you wouldn’t know it. Net Orbit gives you the ability to see all their screens at one time so you can silently and instantly uncover the slackers.”

Once a problem individual is found, Net Orbit also helps in other ways. When dealing with employee termination, employers can use records obtained from Net Orbit for supporting arguments. Net Orbit is set up to continually keep track of applications used, websites visited, keystrokes, files used and chat conversations. It also stores periodic screenshots for later viewing.

Managers can also perform an array of administrative commands on any workstation from their own workstation. A partial list includes sending a pop-up message, locking the workstation, rebooting or taking full remote control of the workstation using the manager’s own mouse and keyboard.

Net Orbit is available now for computers running Windows XP, Vista, Windows 7 or 8 on a local area network. A version for Mac OS X clients is coming soon. Pricing starts at $249.97, which monitors up to 5 workstations. A 15-day Free Trial download is available. Complete details are available at http://www.net-orbit.com.

Media Contact: Craig Thompson, Email or 888-475-5345. Postal Inquires: Retina-X Studios, LLC, 13453 North Main Street, Suite 201, Jacksonville, Florida 32218.

About Retina-X Studios, LLC (RXS). RXS designs and develops cutting-edge tools that allow employers to monitor their individual computer, network or mobile devices. The tools help businesses monitor Mac and Windows computers, as well as iOS and Android devices issued to employees. RXS products have been mentioned by The Wall Street Journal, CNN, USA Today and other media outlets.

Read more news from Retina-X Studios.

Article source: http://www.darkreading.com/management/net-orbit-exposes-slacker-employees-on-c/240163164

Cupertino, CA – October 22, 2013 – Baidu Antivirus today announced that it developed a new method to detect and eliminate all variants of the malicious “Virut” botnet, making it the first known antivirus program with complete built-in protection from the threat.

The Virut botnet spreads through executable file infection (via infected USB sticks and other media), and through websites that use compromised HTML to infect vulnerable browsers. Infected computers can become hosts for DDoS attacks, spam, fraud, data theft, and illicit pay-per-install activities.

Despite aggressive action in January 2013 by Polish research and development organization Naukowa i Akademicka Sieć Komputerowa (NASK), the Virut malware remains an ongoing threat. Currently, most commercially available antivirus programs do not offer complete protection from it.

“Our new solution to Virut works so well because it takes an active approach rather than a passive approach,” said Baidu Antivirus team leader Zhiqiang Dong. “We find infected files in memory, unhook APIs and clear out any malicious code that’s been injected. Because of our proactive approach, all 23 million Baidu Antivirus cloud engine users are completely protected from Virut,” he said.

Virut has been in existence since 2006, with new variants appearing on a near-weekly basis. eWeek reported in January 2013 that Virut controlled roughly 300,000 computers. The botnet’s extremely fast mutation rate and its ability to look up alternate backup hosts makes it difficult to reliably detect, and even more difficult to remove.

Baidu Antivirus is a permanently free antivirus and cloud security application that has recently been awarded VB100 certification from Virus Bulletin, and Checkmark Certification from West Coast Labs. It can be downloaded for free at: http://antivirus.baidu.com.

Quick Tips to Keep Your PC Safe:

– Only install web browser plugins from trusted sources;

– Don’t open emails from people or companies that you’re not familiar with;

– When providing personal information online, look for “HTTPS” in the URL to make sure your connection is secure;

– Avoid using public computers to check your bank account, email, and other accounts that contain personal information;

– Make sure you’ve installed a trusted antivirus program that can guard against a wide variety of threats.

About Baidu

Baidu, Inc. is the leading Chinese language Internet search provider. As a technology-based media company, Baidu aims to provide the best and most equitable way for people to find what they are looking for. In addition to serving individual Internet search users, Baidu provides an effective platform for businesses to reach potential customers. Baidu’s ADSs trade on the NASDAQ Global Select Market under the symbol “BIDU.” Currently, ten ADSs represent one Class A ordinary share.

Article source: http://www.darkreading.com/endpoint/baidu-antivirus-is-first-to-eliminate-ma/240163176

Police officers in Manchester, UK have discovered a 3D printer which they initially believed criminals may have been using in an attempt to manufacture a gun.

During a raid on a local property in Manchester’s Baguley area on October 24, officers discovered what they thought was a trigger mechanism as well as another part that was originally identified as being a magazine capable of holding bullets.

The ‘gun parts’ were found alongside a 3D printer, leading to fears that those responsible may have been planning some sort of gun factory.

3D printers can by used to fabricate very intricate plastic objects, including knives and firearms.

Back in May, blueprints for the first ever gun that could be produced on a 3D printer – the Liberator – were downloaded over 100,000 times in the first 4 days after they were posted online. The U.S. State Department later ordered the website to remove the schematics because they could violate export regulations.

Following the raid and seizure of printed parts in Manchester one man was arrested on suspicion of creating gunpowder. He currently remains in custody for questioning.

Detective Inspector Chris Mossop, an officer from their Organised Crime Coordination Unit, is quoted on The Greater Manchester Police website explaining the significance of the find.

If what we have seized is proven to be viable components capable of constructing a genuine firearm, then it demonstrates that organised crime groups are acquiring technology that can be bought on the high street to produce the next generation of weapons.

In theory, the technology essentially allows offenders to produce their own guns in the privacy of their own home, which they can then supply to the criminal gangs who are causing such misery in our communities.

Because they are also plastic and can avoid X-ray detection, it makes them easy to conceal and smuggle.

These could be the next generation of firearms and a lot more work needs to be done to understand the technology and the scale of the problem.

If what we have seized today can, as we suspect, be used to make a genuine firearm then today will be an important milestone in the fight against this next generation of homemade weapons.

Further developments during the day, however, would suggest that what the police actually found was something less sinister entirely.

When Gigaom reported the story one of their users, Nuno Gato, was quick to suggest a plausible alternative purpose for the fabricated parts:

…just search mk8 on thingiverse.com and you will see that it’s a upgrade part for a printer.

Searching further on thingiverse.com highlights an image of a filament spool holder which looks almost identical to the part that police had originally thought was a magazine.

PC Pro spoke to Scott Crawford, head of 3D printing firm Revolv3D, who instantly identified the parts seized by the police as upgrades for the 3D printer.

I instantly thought ‘I know that part’ … I’m confident it’s an upgrade for the printer and not an actual gun part.”

Greater Manchester police released a second statement about five hours after their first that would suggest that by that time they were also having some doubts about what they found.

Clearly the fact we have seized a 3D printer and have intelligence about the possible production of a weapon using this technology is of concern. It is prudent we establish exactly what these parts can be used for and whether they pose any threat.

What this has also done is open up a wider debate about the emerging threat these next generation of weapons might pose.

The worrying thing is for me is that these printers can be used to make certain components of guns, while others can be legitimately ordered over the Internet without arousing suspicion. When put together, this could allow a person to construct a firearm in their own home.

Although it looks like this episode might have been an embarrassing false alarm the sensitivity of the police is perhaps understandable, particularly in a country like the UK which has extremely tight restrictions on firearms.

With printers already available to buy in the UK for around £1,000 and the cost of producing a Liberator estimated at around £16, 3D printing could yet prove to be a stealthy and affordable means for criminals to acquire lethal weapons.

Follow @Security_FAQs
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1q0p82aPIgM/

Email delivery: Hate phishing emails? You’ll love DMARC

An Austrian student is taking Ireland’s data protection watchdog to court after the privacy regulator declined to investigate allegations that Facebook allowed US spooks to slurp its data.

The Irish privacy office, headed up by data protection commissioner Billy Hawkes, told The Register that judicial review proceedings were now underway. It said:

In line with the [High] Court’s procedures, that request was dealt with on an ‘ex parte’ basis, i.e. the Commissioner was not present in Court, and the request was uncontested.

Now that the matter is the subject of ongoing court proceedings, this Office is not in a position to comment on the matter, other than to confirm that we will be vigorously defending our position.

Max Schrems, a long-time critic of Facebook’s perceived privacy-lite business practices in Europe who fronts the “europe-v-facebook” group, said he took action after Hawkes had dismissed his complaint.

He claimed, in light of the PRISM outrage, that Facebook could not protect the data of users in Europe if it was proved that the Mark Zuckerberg-run company – which transfers all the personal information it holds on 1.15 billion people to the US – was harvesting some of that data for National Security bods to snoop on.

“The DPC [Hawkes] simply wanted to get this hot potato off his table instead of doing his job,” Schrems argued.

But when it comes to the fundamental rights of millions of users and the biggest surveillance scandal in years, he will have to take responsibility and do something about it.” ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/25/irish_data_protection_commissioner_faces_possible_court_action_over_alleged_facebook_prism_data_harvesting/

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

The team behind popular developers’ site PHP.net are in the process of restoring services and tightening security in the aftermath of a hack that exposed surfers to JavaScript-based exploits.

Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were compromised. The infected machine have been withdrawn from service, with their workloads migrated to new, more secure servers.

In a statement about the breach, the PHP.net team reassured developers that neither the source tarball downloads nor the Git repository were modified or compromised.

The possibility of code depositories being tainted is the worst possible outcome of this kind of breach, so it comes as a relief that nothing that might lead to the distribution of backdoor code has resulted as a consequence of the hack.

SSL access to php.net websites has been temporarily suspended pending the installation of a new SSL certificate. As an additional precaution, user passwords will be reset.

The team behind the php.net site explain their rationale for these actions, and their progress in restoring normal services, in a detailed blog post (extract below).

We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time.

All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read-only mode as services are brought back up in full.

As it’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.

Php.net has promised to produce a full post-mortem on the attack after its team gets through restoring services to normal. Problems with the php.net site were flagged up on Thursday when Google began blocking access to the site after its Safe Browsing technology – used in its Chrome browser, Mozilla’s Firefox browser and Apple’s Safari browser – detected that that some php.net pages were booby-trapped with links to malicious software.

This meant that surfers visiting the PHP.net site using Google Chrome, for example, were confronted by a warning (screenshot here) firmly instructing them not to proceed any further.

PHP is an open-source web development language used on millions of websites, including those powered by the popular WordPress and Joomla suites. Hundreds of thousands of developers were potentially exposed to the attack, even though it’s likely that only a small percentage were actually pwned.

The hack itself was quite devious and deliberately designed to resemble a false positive.

However, security researchers at Barracuda Networks captured and shared a PCAP (packet capture) file that shows the malicious behaviour.

Subsequent analysis by security tools firm Alien Vault exposed a sophisticated attack, featuring obfuscated content and DNS trickery, ultimately aimed at running drive-by download-style attacks through the Magnitude Exploit Kit. The hack ultimately targeted vulnerable Java or Adobe Acrobat Reader browser plugs in on the machines of visiting surfers.

“Based on that information we have determined that somehow the attackers were able to inject a malicious iFrame into the PHP.net website that was redirecting to an Exploit Kit,” a detailed blog post by Alien Vault’s Jamie Blasco explains.

As Barracuda notes, if the intention was simply to distribute malware, then hacking into the ad network of a popular site like php.net would have been the more logical and straightforward path to take. The unknown attackers behind the assault have taken the trouble to cook up something far more complex and this naturally leads to the suspicion that we’re more likely to be dealing with cyber-espionage of some sort, rather than more conventional profit-motivated malware distribution. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/25/phpnet_compromise_analysis/

BITDEFENDER HQ, Oct. 23, 2013 – Bitdefender, the creator of the world’s most effective antivirus, has launched Tech Assist, a live service that dispatches one of the company’s elite engineers to solve tricky, annoying or dangerous computer problems.

Tech Assist, which is available for Windows, exterminates viruses and tunes up, optimizes or repairs clients’ PCs in the fastest, most thorough way possible – through live, human help from a world-class expert. The service cuts through the confusion so common in a world of generic automated solutions, vague drop-down menus and automated telephone systems.

Via an ultra-secure personal connection, Tech Assist provides direct problem-solving, 24 hours a day, to loyal Bitdefender users worldwide to maximize computer performance and ensure data safety.

A Bitdefender study conducted earlier in October in North America showed that almost half of experienced computer users regard system sluggishness as their top annoyance. This lack of performance usually arises from issues that could be resolved by one of the TechAssist’s four service areas.

With the PC Optimizer service, veteran Bitdefender experts clean up any errors, optimize configurations, and teach clients to maintain their systems at peak performance. Engineers will personally eliminate system slowdowns and errors under the System Repair service.

The Virus Exterminator service will dispatch a Bitdefender engineer to conduct an eyes-on hunt for viruses, exterminate any pests and make sure they never return while teaching users how to stay safe in the future.

Bitdefender clients can also opt for SetUp to receive live help from a Bitdefender engineer in installing and configuring a Bitdefender antivirus program to best fit the client’s needs. The service includes a tutorial by a world-leading internet security expert.

“The best engineers dream of being able to concentrate on a single issue for as long as necessary and get it solved with maximum efficiency and thoroughness,” said Bitdefender Chief Security Strategist Catalin Cosoi. “We are sure our clients would love that detailed attention as well. That’s why we came up with Tech Assist – it’s a way to fulfill an engineer’s dream to rid clients of any and all technical nightmares.”

* * *

About Bitdefender

Bitdefender is the creator of one of the world’s fastest and most effective lines of internationally certified internet security software. The company is an industry pioneer, introducing and developing award-winning protection since 2001. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.

Recently, Bitdefender won a series of important awards and accolades in the global security industry, including “Product of the Year” by AV-Comparatives, “Best Repair 2012” by AV-Test, and “Editor’s Choice” by PC Mag, that confirmed theantivirus software’s leadership status among security products. More information about Bitdefender’s products is available from the company’s security press room. Additionally, Bitdefender publishes the HOTforSecurity blog, where readers can find stories from the underworld of internet fraud, scams, malicious software – and gossip.

Article source: http://www.darkreading.com/end-user/bitdefender-introduces-tech-assist/240163134