STE WILLIAMS

Free report : Avere FXT with FlashMove and FlashMirror

Microsoft made a second attempt to cleanly patch an “important” security flaw in its Active Directory Federation Services technology on Monday – days after yanking the original update for causing stability problems.

The original MS13-066 upgrade caused the active directory service to stop working entirely in some cases. The second iteration of the security patch is, we are assured, a much more stable fix.

Bear in mind it should applied to server software usually run within enterprise environments to provide corporate users with Single Sign-On access to internet applications and the like.

“As the vulnerability it was attempting to fix had only been privately reported, and was not believed to be being exploited in the wild, it’s possible that the fix had actually turned into a bigger problem than the one it was attempting to solve – on Windows Server 2008 systems at least,” notes security watcher Graham Cluley.

The withdrawal of security updates by Redmond is rare but not unprecedented: August’s Patch Tuesday suffered a similar cock-up, forcing Redmond to withdraw a dodgy update for Exchange Server 2013 after it emerged the critical security patch broke the mail indexing service. MS13-061 worked fine on Exchange 2007 and 2010 but not on the latest version of Microsoft’s email server software.

The update grapples three vulnerabilities in Microsoft Exchange that stem from bugs in the third-party library Outside In; this is licensed from Oracle and allows Web Access users to view PDF files and such stuff. Exchange Server 2013 users are advised to turn off the functionality as a workaround pending the availability of a working security update. ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/ad_security_fix_reissued/

Free report : Avere FXT with FlashMove and FlashMirror

David Miranda, the partner of a journalist at the heart of the Edward Snowden NSA surveillance firestorm, handed over to British intelligence the crypto passwords for digital files they seized from him when he stopped over in the UK en route from a meeting with a US film-maker who was also involved with the Snowden disclosures. It has also emerged that the US government was aware that the British intelligence services intended to target Miranda during his journey.

“There was a heads up that was provided by the British government,” said Josh Earnest, the principal deputy White House press secretary, at a press conference

“This is something we had an indication that was likely to occur,” he said, “but it’s not something that we requested, it was something that was done by British law enforcement officials. The United States was not involved in that decision or in that action.”

Earnest didn’t say if the US had received copies of the information taken from Miranda during his questioning, and when asked to rule out any receipt, Earnest replied, “I’m not in a position to do that right now.”

Miranda is the partner of Glenn Greenwald, the Guardian journalist who has been instrumental in revealing information on highly secret, massive internet surveillance by the United States’ NSA and Britain’s GCHQ electronic-intelligence agencies. Miranda was stopped and interrogated by British police during a stopover at Heathrow airport while flying from Germany back to his and Greenwald’s home in Brazil at the Guardian‘s expense. He had travelled to Germany to meet with Laura Poitras, an American film-maker also involved in the Snowden leaks.

The Brazilian government has torn a strip off the UK government over the interrogation, calling the detention of one of its citizens “without justification” in a statement, and saying it does not want a repeat of the incident.

The detention has caused a political storm in the UK, with British MP Tom Watson saying it was a clear attempt at intimidation and an attack on journalism. The Prime Minister’s office has declined to answer questions on the detention, saying it was an “operational matter” for the police.

David Anderson, the UK’s independent reviewer of terrorism legislation, said that the case was “unusual,” since of the 60,000 to 70,000 people stopped under Schedule 7 each year, only 40 have been held for more than six hours. Anderson also said that he had requested a ministerial briefing on the case. British police say that the detention of Miranda was “legally and procedurally sound.”

Glenn Greenwald and David Miranda (right) reunited in Rio

In his first interview since arriving safely in Brazil, Miranda said that he was forced to hand over the passwords for his laptop and mobile phone after British police officers threatened him with prison if he refused. Also taken were an external hard drive, two memory sticks, a games console, and two newly-bought watches and phones which were still in their packaging.

“They were threatening me all the time and saying I would be put in jail if I didn’t co-operate,” said Miranda. “They treated me like I was a criminal or someone about to attack the UK … It was exhausting and frustrating, but I knew I wasn’t doing anything wrong.”

Miranda said that as soon as his plane landed at Heathrow, passengers were asked to display their passports, and that the second he stepped off the aircraft he was detained by four officers. He was then held for nine hours, the maximum allowed under Schedule 7 of the 2000 Terrorism Act.

Despite this, Miranda said he wasn’t asked about terrorism by his British interrogators. Instead, he was extensively quizzed about his visit to Berlin-based filmmaker Laura Poitras, the activities of his partner Glenn Greenwald, and if there were plans to publish more papers from the NSA whistleblower Edward Snowden.

“They even asked me about the protests in Brazil, why people were unhappy, and who I knew in the government,” said Miranda.

After nine hours of questioning, Miranda was informed that he was free to leave for a connecting flight to his home in Brazil. Since he’d missed his connection, and another flight wasn’t scheduled for a while, the police released him onto British soil.

“It was ridiculous,” he said. “First they treat me like a terrorist suspect. Then they are ready to release me in the UK.” ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/british_gave_us_heads_up_over_interrogation_of_snowden_hacks_partner/

Free report : Avere FXT with FlashMove and FlashMirror

Blogger Pamela Jones will shut down her award-winning legal news website Groklaw following revelations that the NSA is intercepting the world’s internet communications.

Jones, also known as PJ, said in a final farewell article that the shutdown of encrypted email provider Lavabit, used by whistleblower Edward Snowden, had prompted her decision to discontinue the site.

“The owner of Lavabit tells us that he’s stopped using email and if we knew what he knew, we’d stop too,” she said. “There is no way to do Groklaw without email. Therein lies the conundrum.”

Recounting the time her apartment in New York was burgled and how she felt her privacy had been violated as a result, Jones added: “I feel like that now, knowing that persons I don’t know can paw through all my thoughts and hopes and plans in my emails with you.”

Ladar Levison, Lavabit’s owner, closed down his firm after being served with a secret federal court order, which likely sought to induce him to hand over information on Snowden to investigators working on the case.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” Levinson said in a statement on the firm’s homepage. “After significant soul searching, I have decided to suspend operations.”

Jones gave similar reasons for shutting down Groklaw, saying there was no way to shield website operators from “forced exposure”.

“The foundation of Groklaw is over. I can’t do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate,” she wrote.

Groklaw started as a law blog just over ten years ago and covered technology-related legal issues surrounding software patents and illegal file sharing, court action against Linux and open-source software (notably the epic battles of SCO v IBM et al), and copyright issues. ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/groklaw_to_shut_down/

Free report : Avere FXT with FlashMove and FlashMirror

GCHQ spooks reportedly rocked up at The Guardian‘s London headquarters and oversaw the destruction of some computer hardware – because the machines may have stored copies of documents leaked by whistleblower Edward Snowden.

The move came after the newspaper’s editor-in-chief Alan Rusbridger refused to comply with demands to return material leaked to the newspaper by Snowden, who has blown the lid off the NSA’s controversial global internet dragnets. Top-secret information on America’s surveillance operations provided by Snowden was revealed to the world in a series of articles published by the paper.

Battle-hardened by its experience as a media ally of WikiLeaks three years ago – when the left-wing organ played a part in disseminating classified Afghanistan war logs and other sensitive American documents – The Guardian ran its reporting of the Snowden affair from its US offices, rather than the UK where press laws are tougher and pre-publication injunctions rampant.

But this failed to deter British spooks, Rusbridger explained:

The mood toughened just over a month ago, when I received a phone call from the centre of [the UK] government telling me: “You’ve had your fun. Now we want the stuff back.” There followed further meetings with shadowy Whitehall figures. The demand was the same: hand the Snowden material back or destroy it. I explained that we could not research and report on this subject if we complied with this request. The man from Whitehall looked mystified. “You’ve had your debate. There’s no need to write any more.”

Yet there was more to follow, as demands from Blighty’s g-men went even further, the spooks seemingly unaware that Guardian staff are capable of backing up files off-site. Rusbridger added:

I explained to the man from Whitehall about the nature of international collaborations and the way in which, these days, media organisations could take advantage of the most permissive legal environments. Bluntly, we did not have to do our reporting from London … The man was unmoved. And so one of the more bizarre moments in the Guardian’s long history occurred – with two GCHQ security experts overseeing the destruction of hard drives in the Guardian’s basement just to make sure there was nothing in the mangled bits of metal which could possibly be of any interest to passing Chinese agents. “We can call off the black helicopters,” joked one as we swept up the remains of a MacBook Pro.

The bespectacled editor said the destruction of his newspaper’s kit, which he describes as a “peculiarly pointless piece of symbolism”, satisfied Whitehall. He related the episode for the first time on Monday in a piece defiantly stating that the destruction of the computers will have a limited effect on the Guardian‘s reporting of NSA and GCHQ surveillance – in fact, just as much effect as the seizure of a laptop, phones, hard drives and camera from David Miranda, the partner of Guardian journalist Glenn Greenwald, over the weekend.

Miranda was held by anti-terror cops for nine hours and his digital equipment seized at London Heathrow airport, as the Brazilian was en route to Rio de Janeiro from a meeting in Berlin with Laura Poitras, the US filmmaker who has worked with Greenwald on the Snowden files. The Guardian paid for Miranda’s flight.

This sort of mission has become a regular occurrence according to Rusbridger, who said Guardian hacks and their associates are flying around the world to have face-to-face meetings about the Snowden leaks, essentially because they have lost faith in the security of any form of electronic communication.

“It would be highly unadvisable for Greenwald (or any other journalist) to regard any electronic means of communication as safe,” Rusbridger explained. “The Guardian’s work on the Snowden story has involved many individuals taking a huge number of flights in order to have face-to-face meetings. Not good for the environment, but increasingly the only way to operate. Soon we will be back to pen and paper.”

It’s unclear how many machines were involved in the smash-up operation, or how they were selected. In follow-up responses to readers, Rusbridger doesn’t get into specifics but does say that no drives were actually seized for forensic examination. He’s keen to portray the whole exercise as both petty and futile.

“They never touched the hard drives, so, no they got nothing from them,” Rusbridger said. “We explained to the UK government on a number of occasions that there were other copies not on UK soil.” ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/snowden_drives_destruction_gchq_tempora/

Free report : Avere FXT with FlashMove and FlashMirror

LastPass has patched a flaw that meant Windows versions of its password-management software were capable of leaking login credentials that had been auto-filled into fields by its password manager.

The bug – which affected Internet Explorer users on Windows only – meant that an attacker who managed to obtain a memory dump of Internet Explorer would be able to extract unencrypted password strings.

“This is the same sort of attack that we have written about frequently in the context of banking malware,” writes security researcher Paul Ducklin on the Sophos security blog.

Pulling off the attack would normally require either physical access to a targeted machine or an attack involving the planting of malware on a mark’s PC, a level of compromise that makes most security protections redundant.

LastPass resolved the issue with a security update that also comes with a variety of performance enhancements and other tweaks. The relevant portion of the advisory explains: “Resolved: Security issue with IE exclusively while logged in to LastPass only: Prevent IE from adding passwords to in memory decryption cache”.

The security fix is one of 18 items in LastPass v2.5.0/1/2, which also offers improved synchronisation and support for upcoming versions of Windows 8 and Internet Explorer 11.

The issue was first unearthed by a reader of PC Mag (story here). ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/lastpass_security_update/

Free report : Avere FXT with FlashMove and FlashMirror

The White House has confirmed that the British authorities gave them a “heads up” that police planned to detain David Miranda, partner of Guardian journalist Glenn Greenwald, but has denied that the US instigated the interrogation.

“There was a heads up that was provided by the British government,” said Josh Earnest, the principal deputy White House press secretary, at a press conference

“This is something we had an indication that was likely to occur,” he said, “but it’s not something that we requested, it was something that was done by British law enforcement officials. The United States was not involved in that decision or in that action.”

Earnest didn’t say if the US had received copies of the information taken from Miranda during his questioning, and when asked to rule out any receipt, Earnest replied, “I’m not in a position to do that right now.”

The Brazilian government has torn a strip off the UK government over the interrogation, calling the detention of one of its citizens “without justification” in a statement, and saying it does not want a repeat of the incident.

The detention has caused a political storm in the UK, with British MP Tom Watson saying it was a clear attempt at intimidation and an attack on journalism. The Prime Minister’s office has declined to answer questions on the detention, saying it was an “operational matter” for the police.

David Anderson, the UK’s independent reviewer of terrorism legislation, said that the case was “unusual,” since of the 60,000 to 70,000 people stopped under Schedule 7 each year, only 40 have been held for more than six hours. Anderson also said that he had requested a ministerial briefing on the case. British police say that the detention of Miranda was “legally and procedurally sound.”

Glenn Greenwald and David Miranda (right) reunited in Rio

In his first interview since arriving safely in Brazil, Miranda said that he was forced to hand over the passwords for his laptop and mobile phone after British police officers threatened him with prison if he refused. Also taken were an external hard drive, two memory sticks, a games console, and two newly-bought watches and phones which were still in their packaging.

“They were threatening me all the time and saying I would be put in jail if I didn’t co-operate,” said Miranda. “They treated me like I was a criminal or someone about to attack the UK. … It was exhausting and frustrating, but I knew I wasn’t doing anything wrong.”

Miranda said that as soon as his plane landed at Heathrow, passengers were asked to display their passports, and that the second he stepped off the aircraft he was detained by four officers. He was then held for nine hours, the maximum allowed under Schedule 7 of the 2000 Terrorism Act.

Despite this, Miranda said he wasn’t asked about terrorism by his British interrogators. Instead, he was extensively quizzed about his visit to Berlin-based filmmaker Laura Poitras, the activities of his partner Glenn Greenwald, and if there were plans to publish more papers from the NSA whistleblower Edward Snowden.

“They even asked me about the protests in Brazil, why people were unhappy, and who I knew in the government,” said Miranda.

After nine hours of questioning, Miranda was informed that he was free to leave for a connecting flight to his home in Brazil. Since he’d missed his connection, and another flight wasn’t scheduled for a while, the police released him onto British soil.

“It was ridiculous,” he said. “First they treat me like a terrorist suspect. Then they are ready to release me in the UK.” ®

Free report : Avere FXT with FlashMove and FlashMirror

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/british_gave_us_heads_up_over_interrogation_of_snowden_hacks_partner/

Free whitepaper : Supercharge your infrastructure

The Brazilian partner of Guardian journalist Glenn Greenwald – Edward Snowden’s go-to reporter for the dissemination of sensitive papers about the NSA’s dragnet surveillance programmes – has been released from custody. The 28-year-old was held for almost nine hours for questioning by Metropolitan Police officers when he passed through London’s Heathrow Airport en route to Brazil on Sunday night.

David Michael Miranda was stopped and questioned under the Terrorism Act 2000. He was held for nine hours, the maximum allowed before police are obliged to arrest someone under that legislation.

Miranda was released without charge but investigators seized his mobile phone, laptop, memory sticks, DVDs and a game console.

The 28-year-old had spent the previous week in Berlin, where he stayed with Laura Poitras, the US filmmaker who has worked with Greenwald on the Snowden files. Miranda was detained on his way back home to Rio de Janeiro. The Guardian has admitted that it paid for his flights, so it would be reasonable to speculate that Miranda’s trip was concerned with Greenwald and Poitras’ work with the paper on Snowden’s revelations.

The legal grounds for his detention are currently being disputed by Labour MP Keith Vaz, among others, who told Radio 4 he was concerned about the apparent use of “terrorism legislation for something that does not appear to relate to terrorism”.

The chances are, however, that terrorism legislation was used simply because the police officers concerned came from what is now known as the Counter Terrorism Command (SO15) of the Metropolitan Police. This organisation absorbed the former Special Branch (SO12) on being formed in 2006.

One of the functions of Special Branch was (and still is under the CTC) to employ police powers in support of the British intelligence and security services. As the spooks have no power of arrest, detention or seizure themselves, when they need such things done the CTC (or, occasionally, Special Branch officers from regional forces) handle the matter. Miranda might have been stopped and his kit seized using a variety of different legislation, but CTC coppers these days are probably most familiar with the Terrorism Act.

Vaz added that he was not aware that personal property could be confiscated under the laws. Schedule 7 of the Terrorism Act 2000 does provide for the search of goods and for their seizure (11.1) but only if the individual being searched fulfils the identified criteria for a “terrorist” under section 40 of the Terrorism Act 2000.

Under the law, Miranda should get his kit back within seven days unless it is used as evidence in criminal proceedings, but Tor project developer Jacob Appelbaum was not so lucky. When US Immigration and Customs Enforcement officials seized his electronic kit back in 2010 – purportedly due to his involvement with WikiLeaks – it was never returned. Many other people have had kit containing data likely to be of interest to intelligence agencies seized at airports (or elsewhere) by Special Branch cops or their overseas equivalents over the years. This is a routine hazard for people of interest to spooks or serious police investigations, and it could be seen as a little odd that Greenwald, Miranda and Poitras didn’t anticipate it.

Greenwald described the detention of his partner as a “failed attempt at intimidation”.

“To detain my partner for a full nine hours while denying him a lawyer, and then seize large amounts of his possessions, is clearly intended to send a message of intimidation to those of us who have been reporting on the NSA and GCHQ,” Greenwald told The Guardian.

In fact, however, it seems more likely that the spooks were primarily interested in any information they may be able to harvest from Miranda’s gadgetry, which might give them a better picture of what yet-to-be-published information Snowden has passed to Greenwald and/or Poitras. It’s known that Snowden has held back a lot of what he has – but not exactly what. The British spooks and their colleagues in the USA will be very interested in just what further revelations are (and are not) to be expected, far more than in the limited amount of deterrent effect one could achieve against the world’s journalists with the example of a 9-hour interrogation at Heathrow.

The Brazilian foreign ministry issued a statement criticising Miranda’s “unjustified” detention. “The Brazilian government expresses grave concern about the episode that happened today in London, where a Brazilian citizen was held without communication at Heathrow airport for 9 hours, in an action based in the British anti-terrorism legislation,” it said.

“This measure is without justification since it involves an individual against whom there are no charges that can legitimate the use of that legislation. The Brazilian government expects that incidents such as the one that happened to the Brazilian citizen today [are] not repeat[ed].” ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/19/greenwald_partner_detention_outrage/

Free whitepaper : Supercharge your infrastructure

A group of researchers presenting at Usenix last week turned up a startling new way to sneak malicious apps through the AppStore and onto iOS devices. By spreading malicious chunks of code through an apparently-innocuous app for activation later, the researchers say they were able to evade Apple’s test regime.

The Georgia Tech-led team’s aim, described in this paper, was to create code that could be rearranged after it had passed AppStore’s tests. That way, the code would look innocuous running in the test environment, be approved and signed, and would later be turned into a malicious app.

For their proof-of-concept, the researchers created an app that operated as a Georgia Tech “news” feed. They explain that the malicious code was distributed throughout the app as “code gadgets” that were idle until the app received the instruction to rearrange them. “After the app passes the App Review and lands on the end user device, the attacker can remotely exploit the planted vulnerabilities and assemble the malicious logic at runtime by chaining the code gadgets together”, they write.

The instructions for reassembly of the app arrive through a phone-home after the app is installed.

The researchers continue that “despite running inside the iOS sandbox, [the] Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities.”

Long Lu, a Stony Brook University researcher who took part in the project, explained to Technology Review that the exploit exists because apps only run in the Apple test suite “for a few seconds”.

“The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen,” Lu told Technology Review. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/19/fooling_the_appstore_one_codechunk_at_a_time/

Free whitepaper : Supercharge your infrastructure

A Palestinian IT graduate has had his account disabled and been told he won’t be paid a bug bounty after demonstrating a Facebook security vulnerability by posting an image into Mark Zuckerburg’s timeline.

As explained in this blog post, Khalil Shreateh discovered a vulnerability that allows an attacker to post images into someone else’s timeline, even though they’re not in the target’s friend list.

Shreateh claims he tried to report the problem to Facebook’s security account twice. The problem, however, was that since Facebook’s team wasn’t friends with the target account he used to demonstrate the bug, they could not see the links he provided.

To try and escalate the issue, Shreateh then took what might be regarded as the “nuclear option” and posted an image into Mark Zuckerburg’s timeline, providing the link to Facebook as proof of the bug. He was then contacted by Facebook security engineer Ola Okelola requesting details of the vulnerability, which he provided.

This is where things went sour: because demonstrating the vulnerability constitutes a violation of Facebook’s terms of service, Shreateh had his account suspended. The same ToS violation was given as the reason that Shreateh won’t be paid under Facebook’s bug bounty.

Shreateh’s replay of the bug is in the video below. reg

Watch Video

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/18/bugfinder_chucked_for_posting_to_zuck/

Win Spectre Laptop with HP and The Register

China is reportedly preparing to look into NSA whistleblower Edward Snowden’s claims that US spooks hacked into IBM, Oracle and EMC products sold to the Asian nation’s universities.

The three American corporations could face a probe by Chinese police and government officials on the subject of “security issues”. The investigation would come in the wake of Snowden’s allegations that the trio’s kit was compromised by Uncle Sam’s PRISM programme of mass global surveillance of foreigners.

News of the potential probe comes from Reuters, which cites quotes in the Shanghai Securities News, although the original piece from the state-run newswire seems to have vanished.

The action will be undertaken by China’s Ministry of Public Security, according to the newswire. The ministry has declined to comment on the reported probe.

It was former NSA contractor Snowden who revealed the existence of the US National Security Agency’s PRISM, an impressive operation for collecting personal communications and messages of foreigners, purportedly in the US national interest.

Snowden’s leaked NSA documents and the Washington Post‘s report made repeated reference to US companies such as Microsoft, Google, Facebook and Yahoo!, which operate online voice and data services.

But it seems China has turned its attention to the US-based enterprise computing trio – companies with diverse operations but which overlap in the areas of storage, information access and hardware.

According to one unnamed source in the Reuters report: “At present, thanks to their technological superiority, many of our core information technology systems are basically dominated by foreign hardware and software firms, but the PRISM scandal implies security problems.”

The report echoes anxieties in the West over the connections that Chinese tech companies – specifically Huawei and Lenovo – have with the People’s Government and the Red Army, especially when they are running growing chunks of critical national infrastructure. Huawei has denied there is any cause for concern, and has called claims of snooping “tired, unsubstantiated” and “racist corporate defamation”.

Ironically for Oracle, its chief executive Larry Ellison this week came out in support of NSA snooping. On US TV programme This Morning Ellison called US domestic surveillance “great” and “essential” to minimising attacks like the Boston Marathon bombing in April. Which, of course took place despite the existence of Prism’s carte blanche data schlup.

Separately, meanwhile, industry group the Cloud Security Alliance last month warned that US companies are losing orders from foreigners alarmed about the NSA spooks ability to access their data and communications.

The Register has contacted IBM, Oracle and EMC for comment, but they’ve yet to get back to us. We’ll update if we hear a response. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/16/ibm_emc_oracle_prism_probe/