STE WILLIAMS

5 ways to reduce advertising network latency

The Cyber Intelligence Sharing and Protection Act (CISPA), which allows private companies to share customer information with the NSA and others in the name of cybersecurity, is back on the legislative agenda.

Senator Dianne Feinstein (D-CA) today confirmed the draft law would be brought before the US Senate.

“I am working with Senator Saxby Chambliss (R-GA) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability,” Senator Feinstein told Mother Jones in a statement. “The legislation will … still maintain necessary privacy protections.”

The outgoing head of the NSA and US Cyber Command General Keith Alexander is a strong supporter of CISPA. Earlier this month he told the Telecommunications Industry Association’s annual conference that the legislation was essential to protect the functioning of businesses by heading off online attacks, citing the vulnerability of Wall Street to outside hacking as an example.

CISPA has had a rocky legislative road so far. Originally introduced to the US House of Representatives back in 2011, the act was crafted to allow government departments to share intelligence about online threats with commercial companies. In exchange, those companies had the option of handing over either anonymized or identifiable information about their customers, with full legal immunity.

The initial bill was passed by the House but was shot down in the Senate by a Republican filibuster. Then it was reintroduced in February and passed by 288-127 votes. However, President Obama warned that he might veto the legislation as it stood, citing privacy concerns.

After NSA whistleblower Edward Snowden started leaking details about Uncle Sam’s extensive communications surveillance operations, any further progress with the legislation was shelved – but now it appears Senator Feinstein feels the time is right to get it back in play. If the Senate passes the new law then the President will have to decide whether or not to exercise his veto.

The Senate version of CISPA is still being drafted, so the privacy protections (or lack thereof) that caused concern may yet be addressed. In the last round of politicking, companies including Google and Facebook spoke out in its favor, although back then no one knew that they were already passing information to the NSA under the PRISM project.

That said, there is a valid case for legislation that would allow greater information sharing between government and commerce about the latest computer security threats – currently there’s no legal framework for doing so. Once the proposed legislation is published privacy advocates will be poring over it to determine if safeguards are strong enough to make the payoff of better security for all worthwhile. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/22/cispa_back_on_the_agenda/

Panda Security, The Cloud Security Company, today announced that Panda Cloud Office Protection (PCOP) and Panda Cloud Systems Management (PCSM), the company’s cloud-based corporate solutions, are fully compatible with Microsoft’s new software releases: Windows 8.1 and Windows Server 2012 R2, now available. Panda Security customers who upgrade to Microsoft’s upcoming releases will enjoy maximum protection from day one.

Both Panda Cloud Office Protection (PCOP), Panda Security’s cloud solution for endpoints, laptops and servers; and Panda Cloud Systems Management (PCSM), the new way to manage, monitor and support IT systems in the office or on the road, are fully compatible with Microsoft’s newest operating systems.

“It is extremely important for Panda Security to be able to respond to users’ needs and to keep ourselves at the forefront of the ever-changing world of technology,” said Manuel Santamara, Product Manager Director at Panda Security. “Our product portfolio has been engineered to work with Microsoft’s new releases, so if any of our customers decide to upgrade to Windows 8.1 or Windows Server 2012 R2, they can rest assured they will enjoy maximum protection immediately.”

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 80 offices throughout the globe with US headquarters in Florida and European headquarters in Spain.

Panda Security collaborates with The Stella Project, a program aimed at promoting the incorporation into the community and workplace of people with Down syndrome and other intellectual disabilities, as part of its Corporate Social Responsibility policy. For more information, please visit http://www.pandasecurity.com/.

Article source: http://www.darkreading.com/applications/panda-securitys-corporate-solutions-now/240162988

SAN DIEGO, Oct. 22, 2013 /PRNewswire/ — Websense, Inc. continued its proven cybersecurity leadership today by advancing Websense(r) TRITON(r) defenses to thwart every stage of the targeted threat kill chain. Cybercriminals prey on organizations through reconnaissance, luring victims, redirecting web traffic, executing exploit kits, deploying dropper files, calling home and ultimately stealing critical data. Websense is the only security company that continues to protect organizations from targeted attacks and advanced persistent threats
(APTs) across the entire advanced threat kill chain.

Today’s new Websense TRITON 7.8 enhancements include advanced threat protection with expanded ThreatScope(TM) inline sandboxing, malware isolation to heighten data loss prevention, end-user phishing education and new platform support for pervasive deployment.

“Websense TRITON is the most advanced integrated security solution on the market,” said John McCormack, Websense CEO. “No other solution offers the broadest range of threat protection, across the entire advanced threat kill chain, in a completely integrated system. Organizations are vulnerable if they rely on security solutions that only address part of the problem. TRITON provides comprehensive security that stops attacks other solutions miss. Today’s enhancements are yet another important step forward for our customers in enhancing their security defenses.”

TRITON ThreatScope Web and Email Sandboxing Expanded in ACE

Websense ACE (Advanced Classification Engine) delivers real-time security ratings to all Websense TRITON products. ACE’s eight assessment areas and unique composite scoring capabilities enable TRITON solutions to detect threats that other security solutions miss. The predictive security engines can see developing trends and use contextual assessments to ensure accuracy and counter evasion techniques. With more than 10,000 analytics, ACE provides deep inspection and composite scoring to support effective decision-making.

TRITON ThreatScope enables an additional capability within ACE to automatically intercept files for behavioral sandboxing and forensic reporting. Organizations can also manually upload files to the on-demand sandbox and input links to a cloud-based URL analysis service. Each action generates detailed reports to support forensic investigations and threat mitigation. ThreatScope also marks suspicious email links for supplemental scrutiny through email URL sandboxing.
Real-time analysis of links occurs at point-of-click, which in some cases, can be long after the initial email arrives.

The Websense TRITON product portfolio provides intelligently integrated web, email and data protection. To access these new sandboxing and other enhancements, organizations can simply add TRITON ThreatScope to their existing TRITON solutions. To learn more about Websense ThreatScope, please visit:
www.websense.com/threatscope.

Malware Isolation, Phishing Education and New Platform Support

In addition to the inline ThreatScope sandboxing enhancements to ACE, Websense TRITON 7.8 includes advancements to data loss prevention identification, phishing education and amplifies deployment pervasiveness.

— Data Loss Prevention Stops Advanced Low and Slow Exfiltration: To
isolate potentially malware-infected systems, the new Websense TRITON
data loss prevention enhancements further analyze the type of data
moving into and out of an organization. Low and slow data exfiltration
is stopped based on Websense analysis and machine learning, which
determines data movement within complex obfuscation techniques to
isolate threats.
— End-User Phishing Education: Websense’s commitment to delivering a
cohesive APT security system is evident in the new phishing education
and profiling for end-users. Educating end-users about phishing attacks
is vital to corporate security strategy and long-term success. Websense
TRITON allows phishing messages, where the malicious link has been
rewritten and disarmed, to be delivered to end-users. This process shows
employees that even a legitimate looking email can be harmful. Users can
click the disarmed URL to view a customizable block page that further
reinforces end-user education. Added profiling also helps organizations
identify potentially targeted users.
— New Platform Support: As the worldwide threat landscape shifts and
technology advances, organization requirements inherently change. To
stay ahead of the security curve, Websense provides a pervasively
deployable technology with on-premise, cloud and hybrid options. That
commitment is evident with the company’s new Virtual Email Security
appliance and new i500 cloud appliance.

The new Websense Virtual Email Security appliance enables organizations
to combine the benefits of the Websense Email Security Gateway and Email
Security Gateway Anywhere solutions with their virtual infrastructure.
This is designed to maximize hardware resources, increase performance
and scalability and reduce appliance footprint.

Websense customers also have access to the new i500 cloud-assist
appliance to increase network traffic speed and control what traffic is
sent to the cloud. This appliance intelligently determines if traffic
requires additional content scanning for policy or security reasons. If
needed, content is redirected to Websense cloud resources for advanced
analysis. For more information about Websense platform support, please
visit www.websense.com/platforms.
To learn more about today’s Websense TRITON advances, please visit www.websense.com/triton.

About Websense, Inc.

Websense, Inc. is a global leader in protecting organizations from the latest cyber attacks and data theft. Websense TRITON comprehensive security solutions unify web security, email security, mobile security and data loss prevention
(DLP) at the lowest total cost of ownership. Tens of thousands of enterprises rely on Websense TRITON security intelligence to stop advanced persistent threats, targeted attacks and evolving malware. Websense prevents data breaches, intellectual property theft and enforces security compliance and best practices.

Article source: http://www.darkreading.com/websense-advances-defenses-against-targe/240162968

MORRISTOWN, N.J.–(BUSINESS WIRE)–DataMotion (www.datamotion.com), innovators in cloud-based email encryption services, today announced a partnership with Fidelity National Title Group (FNTG), the nation’s leading title and settlement service company, to bring powerful, and easy-to-use email encryption services to its settlement agents. Under the agreement, FNTG agents can take advantage of discounted rates for DataMotion SecureMail, SecureMail Gateway, and SecureContact encryption services. As a result, FNTG settlement agents can effectively address American Land Title Association (ALTA) best practices and other compliance concerns, while protecting against data breaches and the associated fines, liability and reputation damage.

FNTG’s title insurance underwriters – Fidelity National Title, Chicago Title, Commonwealth Land Title, and Alamo Title – collectively issue more title insurance policies than any other title company in the United States. FNTG supports the best practices for title insurance and settlement companies outlined by ALTA, including the recommendation for the use of secure delivery methods for transmitting Non-public Personal Information.

“We have been and continue to be committed to helping our agents adopt ALTA best practices by seeking out the best partnerships in the industry,” said Erika Meinhardt, President, Fidelity National Title Group – National Agency Operations. “Through our exclusive agreement with DataMotion, our settlement agents now have access to an industry-leading, easy-to-use, and affordable email encryption service that helps them meet the ALTA standards to secure all Non-public Personal Information.”

SecureMail, SecureMail Gateway, and SecureContact are suitable for organizations of all sizes. Each of these services provides compliance-grade encryption and built-in tracking for all email messages sent, received and opened, allowing organizations to improve compliance.

Benefits to agents include:

Exceptional ease of use for senders and recipients, reducing the need for IT support

Encryption that works within existing email systems

Fully optimized mobile experience with no app required

Reduced costs through lower overnight delivery, fax, and printing charges

“With SecureMail and SecureContact, FNTG settlement agents can ensure their sensitive emails are sent securely, offer the best customer protection possible, and help lower their operating expenses,” said DataMotion CEO Bob Bales. “We are thrilled to work with a leader like FNTG and look forward to a long and successful relationship.”

About DataMotion

DataMotion enables organizations to dramatically reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. The company’s easy-to-use solutions for secure email, file transfer, forms processing and customer contact leverage the DataMotion Platform for unified data delivery. In 2012, DataMotion expanded operations as a health information service provider (HISP) with its DataMotion Direct secure messaging service. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. DataMotion is privately held and based in Morristown, N.J. For the latest news and updates on DataMotion, visit www.datamotion.com, like DataMotion on Facebook or follow DataMotion on Twitter @datamotion.

Article source: http://www.darkreading.com/authentication/datamotion-brings-email-encryption-servi/240162969

San Diego, CA, October 22, 2013 – BeyondTrust, the security industry’s only provider of Context-Aware Security Intelligence, today announced the results of its recently concluded survey, Privilege Gone Wild that reveals employees are granted excessive privileges and access for their particular roles resulting in unnecessary risks to organizations. In its entirety, the survey highlights the significant industry challenge associated with proper identity and privilege management.

One of the most startling statistics from this survey reveals that 28% of respondents admitted to having retrieved information not relevant to their job. When asked what information was accessed, nearly one-quarter identified financial reports and almost half provided written responses specifying salary details, HR data and personnel documents, etc. To illustrate just how serious of an issue this is for organizations, one IT employee at a large, well-known critical infrastructure provider admitted to having retrieved financial reports while another IT employee at well well-known professional services firm admitted to retrieving RD plans, neither of which was relevant to their jobs.

The survey also revealed two-thirds have controls in place to monitor privilege access yet 54% of those respondents stated that they could circumvent those controls. This statistic illustrates that while current solutions are in place to detect privileged abuse, they’re easily defeated by the average end user.

“Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly,” said Brad Hibbert, EVP of product strategy at BeyondTrust. “The insider threat has always been a vulnerability we take very seriously at BeyondTrust and it’s our goal to help customers combat this growing problem.”

Additional key survey takeaways:

44% of employees have access rights that are not necessary to their current role

80% of respondents believe that it’s at least somewhat likely that employees access sensitive or confidential data out of curiosity

Over three-quarters of respondents say the risk to their organization caused by the insecurity of privileged users will increase over the next few years

Customer information is considered most likely at risk if there’s a lack of proper access controls over privileged users

To read more findings from the Privilege Gone Wild survey, please visit: http://www.beyondtrust.com/Content/images/Privilege-Gone-Wild.jpg

The survey reflects responses from 265 IT decision makers including security managers, and network and systems engineers across a number of industries including financial services, manufacturing, and government, among others.

About BeyondTrust

BeyondTrust is the only security solution vendor providing Context-Aware Security Intelligence, giving customers the visibility and controls necessary to reduce their IT security risks, while at the same time simplifying their compliance reporting.

BeyondTrust offers consistent policy-driven vulnerability and privilege management, role-based access control, monitoring, logging, auditing and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, mobile and cloud environments.

With more than 25 years of global success, BeyondTrust is the pioneer of both Threat Management and Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world’s 10 largest banks, eight of the world’s 10 largest aerospace and defense firms, and 7 of the 10 largest U.S. pharmaceutical companies, as well as renowned universities across the globe.

Follow BeyondTrust

Twitter: http://twitter.com/beyondtrust

Blog: http://blog.beyondtrust.com

LinkedIn: http://www.linkedin.com/companies/beyondtrust

Facebook: http://www.facebook.com/beyondtrust

Article source: http://www.darkreading.com/management/beyondtrust-survey-reveals-privileged-us/240162971

ARMONK, N.Y., Oct. 22, 2013 /PRNewswire/ — IBM (NYSE: IBM) today announced a new cloud solution that combines software analytics and cloud security services to fend off web-based Distributed Denial of Services (DDoS) attacks for organizations doing business on the web and in the cloud. The new software and services are based on a partnership with Akamai Technologies, Inc.

(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO)

DDoS attacks are focused on the disruption of web-based assets such as company home pages, e-commerce sites and web-based cloud services. These attacks work by overloading the bandwidth of a web site or cloud application, rendering its service inoperable and preventing legitimate clients from being able to connect to it. This can result in revenue loss for an organization, as customers and clients are unable to complete transactions online.

DDoS attacks can also be used as a distraction, allowing attackers to breach other systems in the enterprise while IT staffs are forced to make difficult risk-based decisions, possibly without visibility to the full scope of what is occurring.

Based on daily monitoring of security for more than 4,000 clients, IBM has determined that DDoS attacks are on the rise. The average large company must filter through 1,400 cyber attacks weekly according to the IBM Cyber Security Intelligence Index. But many organizations do not have the on-site expertise or the right IT skills and tools required to combat them. Also, many do not have an incident response program in place or rely on existing programs that are out of date, not regularly tested or recently updated to address the growing exponential threats.

As part of the cloud solution, IBM will integrate Akamai’s always-on cloud-based web security solution, “Kona Site Defender” with IBM’s Cloud Security Services portfolio.

“Our clients tell us there is a need to strengthen cloud security,” said Kris Lovejoy, general manager, IBM Security Services. “The partnership with Akamai combines a world-class security team and an intelligent network platform to strengthen cloud security. Together with Akamai, IBM can provide both proactive and reactive DDoS protection from the increasing frequency, scale and sophistication of these attacks.”

The companies will also share security intelligence insights gained by applying business analytics to extensive security monitoring data to better detect threats, identify security risks and areas of noncompliance and set priorities for remediation. IBM’s X-FORCE(r) research and development will contribute global analytics capabilities and the world’s most comprehensive threats and vulnerabilities database. IBM will also use its Q1Radar security solution, which gathers information from multiple sources and using analytics identifies potential threats and breaches.

The result for clients is managed DDoS protection that covers a full spectrum of services including:

— Preparation – development of readiness plans and response protocols

— Mitigation – proactively stop attacks before they affect clients’

networks

— Monitoring – monitor network traffic, DDoS alerts, and the real-time

health of IT resources

— Response – trained response experts on standby to assist with attacks;

to contain, eradicate, recover and identify primary and secondary

attacks

— Intelligence – deliver insights on internet threat conditions and

provide real-time DDoS metrics

“DDoS mitigation and prevention can be incredibly complex and resource intensive, and organizations often find they simply don’t have the right resources in place to be as effective as they need to be to meet the web security challenges they face,” explained Ronni Zehavi, senior vice president and general manager, Security Division, Akamai. “Together, IBM and Akamai can offer the right mix of technology and expertise to give our customers the peace of mind that their DDoS mitigation efforts are in the right hands.”

About Akamai

Akamai(r) is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform(TM) providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting

24/7 consumer demand, and enabling enterprises to securely leverage the cloud.

To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

About IBM Security

IBM Security Services delivers the expertise, skills, and technology to help reduce the cost and complexity of securing IT infrastructures for IBM clients.

Powered by IBM X-FORCE(r) research and development, IBM solutions include planning and design through implementation, testing, monitoring and management of multi-vendor environments.

Article source: http://www.darkreading.com/end-user/ibm-protects-clients-from-security-attac/240162970

SANTA BARBARA, Calif., October 22, 2013 – Service Objects, the leading provider of real-time contact validation for businesses, announced today the release of a new feature to its DOTS IP Address Validation product – the ability to detect TOR network users.

Using a TOR network, users can direct Internet traffic to conceal their true geographic location. This enables fraudsters to use these networks to conduct malicious and anonymous business transactions, such as placing bogus orders with stolen credit cards, and in turn, create havoc for retailers during the crucial holiday shopping season. Last year, online retailers reported over $3.9 billion in online fraud.

With the updated DOTS IP Address Validation, Service Objects customers can uncover real-time location and network information about the IP address linked to the user, warning them of contacts utilizing TOR and other anonymous proxies. Using this information, companies can make informed decisions about the risks associated with these types of online transactions.

“Service Objects is committed to helping businesses reduce fraud through data quality excellence,” said Geoffrey Grow, CEO of Service Objects. “TOR Network detection further improves DOTS IP Address Validation’s ability to detect suspicious transactions and alert businesses before they make a mistake in fulfilling a transaction, saving them valuable time, money and headaches in an important fourth quarter.”

Service Objects uses more than 50 authenticated sources that provide millions of unique IP records, making the service more accurate than any other geolocation offering currently on the market. In addition to its DOTS IP Address Validation service, Service Objects offers businesses a collection of data validation tools that provide a first line of defense against online fraud and bogus contact information.

For more information about DOTS IP Address Validation including a product demonstration, visit www.serviceobjects.com or contact [email protected].

About Service Objects

Founded in 2001, Service Objects is the leading provider of real-time contact validation services. It’s validation and location web services allow businesses to identify potentially fraudulent transactions, append additional contact information and process transactions in a more efficient manner. The Company works with major brands like American Express, LendingTree and Amazon; and it has validated over 1.5 billion contacts. For a full listing of products, visitwww.serviceobjects.com.

Article source: http://www.darkreading.com/service-objects-helps-online-retailers-f/240162990

Former US Vice President Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities to thwart possible assassination attempts, he said in an interview with CBS’s “60 Minutes” that aired on Sunday.

Cheney’s heart problems were bad: between 1978 and 2010, he suffered five heart attacks, underwent quadruple bypass surgery, and had a pump implanted directly to his heart. A defibrillator was implanted to regulate his heartbeat in 2007.

Cheney told his 60 Minutes interviewer, CNN Chief Medical Correspondent Dr. Sanjay Gupta, that at the time of the pacemaker implant, he was concerned about reports that attackers could hack the devices and kill their owners:

“I was aware of the danger, if you will, that existed.”

The TV show “Homeland” wasn’t even on the air yet, but a pacemaker assassination attempt was depicted at the end of last season.

Cheney found the assassination plot all too realistic, he said:

“I found [the depiction] credible because I knew from the experience that we had assessing the need for my own device that it was an accurate portrayal of what was possible.”

Cheney’s concerns were based on reality.

A year ago, the US Government Accountability Office (GAO), prodded by Congress, took the Food and Drug Administration (FDA) to task for ignoring the possibility that medical devices are susceptible to malware, unauthorized access and denial of service.

As the GAO’s report stated at the time, researchers had demonstrated the potential for incidents resulting from intentional threats in insulin pumps and implantable cardioverter defibrillators.

One example is the work done by the late Barnaby Jack.

In October 2011, Jack succeeded in overriding an insulin pump’s radio control and its vibrating alert safety feature, demonstrating the dumping of a potentially lethal dose of insulin without the pump alerting a wearer.

The FDA in June complied with the GAO’s marching orders, telling medical device makers and hospitals to strengthen security to prevent an intentional version of such hacking, unencrypted data transfer that can be manipulated or a host of other threat vectors.

Center for Internet Security President and CEO William F. Pelgrin told me that to date, there haven’t been any documented cases of successful attacks on mobile medical devices (other than those demonstrated in a research environment).

Nonetheless, he said, “the risk is real. Unsecured wireless devices are vulnerable to attack.”

Cheney’s revelation highlights the importance of protecting the devices, Pelgrin said.

In fact, these types of potential scenarios prompted the Center for Internet Security to launch a mobile medical device benchmark initiative earlier this year to develop solutions.

The resulting benchmarks will be recommended guidance for device makers, he said, focused on the detailed, step-by-step guidance of hardening a given device.

I asked Pelgrin why the effort to harden the devices has taken so long, and he remarked that the industry is actually getting ahead of the curve in proactively addressing these complex issues now, before a catastrophic event takes place.

Compare that with the auto or airline industries, for example, he said: in either industry, many accidents had to occur before changes were made to improve safety.

The changes certainly didn’t happen overnight, Pelgrin said:

What’s so encouraging to me in terms of mobile medical device security is that we are on the cusp of tremendous positive change, and we are doing it before accidents happen.

Besides, he said, when you’re dealing with mobile medical devices, availability is crucial. It’s one thing to hack a computer and knock it offline. That’s disruptive, but not necessarily fatal, he said.

But if a mobile medical device is hacked and unavailable – or altered – it can be “devastating”:

We must approach this process in a careful manner, with the input of many organizations and individuals, in order to develop security solutions without compromising the confidentiality, integrity and availability of the devices.

The Center is encouraging anyone who wants to join in the effort to contact them.

It plans on hosting a working session webinar later this month. To register and find more details, click here.

Follow @LisaVaas

Follow @NakedSecurity

Image of Dick Cheney courtesy of CBS’s “60 Minutes”.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/b9diI3G-qbY/

Tags: Backdoor, chet chat, cipher, cryptanalysis, cryptolocker, d-link, dlink, Exploit, Java, joel, one time pad, Oracle, Patch, ransomware, RC4, rce, sscc, stream cipher, vulnerability, WhatsApp

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/QdWCBF8V6nU/

Email delivery: 4 steps to get more email to the inbox

Security researchers say they have discovered a hidden backdoor in wireless routers from Chinese hardware manufacturer Tenda.

Craig Heffner, the same researcher who uncovered a backdoor in routers from D-link, found the latest problem. He uncovered the functionality, which ships with Tenda’s products, after unpacking firmware updates and locating what he described as “suspicious code”.

Attackers could take over the router and execute commands by sending a UDP packet with a special string, The Hacker News claims.

“The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner explains in a detailed advisory.

“My shiny new ReaverPro box made relatively short work of cracking WPS,” he claimed, “providing access to the WLAN and a subsequent root shell on the router.”

Heffner claims the backdoor exists on Tenda’s W302R and W330R router models as as well as re-branded models, such as the Medialink MWN-WAPR150N.

“They all use the same ‘w302r_mfg’ magic packet string,” he notes.

Follow-up work by other researchers uncovered a more comprehensive list of potentially backdoored products.

Source code for the GoAhead web server used in Tenda products has been made available on GitHub.

We’ve asked Tenda for its reaction but have yet to hear back from the firm. We’ll update this story as and when we hear more. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/22/tenda_router_backdoor/