Jeremy Kirk

Author Archives: Jeremy Kirk

Startup launches subscription model for buying SSL certificates

A Utah-based startup has launched a subscription model for buying SSL certificates, an essential but at times onerous task.SSL and its successor, TLS (Transport Layer Security), are cornerstones of Web security, encrypting data exchanged between two machines. It underpins virtually every kind of transaction that requires privacy on the Web, from email to e-commerce. It’s signified by “https” in the URL bar of a browser.Companies and organizations are using more and more SSL certificates as the need for secure machine-to-machine communication has increased with cloud computing, virtualization and mobile devices.To read this article in full or to leave a comment, please click here

Google develops new defense against phishing

Google has developed a new extension for its Chrome browser that aims to stop people from falling prey to phishing sites.The free Password Alert extension stores an encrypted version of a person’s password and warns if it is typed into a site that isn’t a Google sign-in page, according to a blog post on Wednesday. It will then prompt a person to change their password.Although security companies collaborate to detect and blacklist phishing sites, such attacks are commonly used by hackers to capture valuable sign-in details. Phishing sites may only be active for a short time before they’re blacklisted, but it’s still a window of risk.To read this article in full or to leave a comment, please click here

Romania, Panama cutting back on spam

Romania and Panama, two of the world’s notable sources of spam, now have fewer computers producing it, according to security vendor Cloudmark.The U.S. remains first in having the most systems blocked by IP address for sending junk mail, though by the percentage of its total IP addresses, it ranks fairly low.Cloudmark, which specializes in providing antispam products to ISPs, said it is blocking 13 percent fewer IP addresses worldwide for sending spam, with notable improvements in a few small countries, according to its first quarterly report for this year. The report covered IPv4 addresses, which are used for the vast majority of Internet traffic.To read this article in full or to leave a comment, please click here

SendGrid resets passwords as investigation reveals deeper breach

SendGrid is resetting the passwords for all of its customers after an investigation showed a cyberattack it sustained earlier this month was more extensive than first realized.The company, which provides a service for companies to mass email their customers without getting blocked, said earlier this month an account of a Bitcoin-related customer was compromised and used to send phishing emails.Further investigation by FireEye’s Mandiant division had showed the attackers also compromised a SendGrid employee’s account and accessed internal systems on three days in February and March, wrote David Campbell, the company’s chief security officer.To read this article in full or to leave a comment, please click here

WordPress quickly patches second critical vulnerability

WordPress patched a second critical vulnerability in its Web publishing platform on Monday, less than a week after fixing a similar problem.Administrators are advised to upgrade to WordPress version 4.2.1. Some WordPress sites that are compatible with and use a plugin called Background Update Tester will update automatically.WordPress is one of the most-used Web publishing platforms. By the company’s own estimation, it runs 23 percent of the sites on the Internet, including major publishers such as Time and CNN.To read this article in full or to leave a comment, please click here

SAP patches login flaw in ASE database

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.To read this article in full or to leave a comment, please click here

Hackers exploit Magento e-commerce vulnerability

Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.To read this article in full or to leave a comment, please click here

HP partners with FireEye for cyberattack investigation and response

Hewlett-Packard is partnering with computer security company FireEye to give it a technological edge in detecting and investigating cyberattacks.FireEye’s threat detection and incident response capabilities will be incorporated into HP’s Enterprise Services. The companies are planning to offer an “industry standard reference architecture” centered around advanced threat protection and incident response, according to a news release Tuesday from the RSA security conference in San Francisco.To read this article in full or to leave a comment, please click here

HP partners with FireEye for cyberattack investigation and response

Hewlett-Packard is partnering with computer security company FireEye to give it a technological edge in detecting and investigating cyberattacks.FireEye’s threat detection and incident response capabilities will be incorporated into HP’s Enterprise Services. The companies are planning to offer an “industry standard reference architecture” centered around advanced threat protection and incident response, according to a news release Tuesday from the RSA security conference in San Francisco.To read this article in full or to leave a comment, please click here

Pushdo spamming botnet gains strength again

Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down.At one time, Pushdo-infected computers sent as many as 7.7 billion spam messages per day. Security analysts have tried to kill it four times by commandeering its infrastructure, but a new version of the malware has emerged once again, with high concentrations of infections in countries such as India, Indonesia, Turkey and Vietnam.“Pushdo was very successful in what it did, so coming up with various revisions or versions of it makes a lot of sense for the bad guys,” said Mike Buratowski, vice president of cybersecurity services at Fidelis Cybersecurity, based in Austin, Texas.To read this article in full or to leave a comment, please click here

Russian hackers uses Flash, Windows zero-day flaws

A fresh attack by a long-known hacking group suspected to be linked with Russia did little to mask its activity in an attack a week ago.The computer security firm FireEye wrote on Saturday that the group—called APT 28—attacked an “international government entity” on April 13, using two recently disclosed software flaws, one of which has not been patched.The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems’ Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.To read this article in full or to leave a comment, please click here

Whistleblowers at risk when using US government websites

More than two dozen U.S. government websites should be urgently upgraded to use encryption, as whistleblowers are potentially at risk, according to the American Civil Liberties Union.At least 29 websites that can be used for reporting abuse and fraud don’t use encryption, the ACLU said in a letter sent on Tuesday to the U.S.’s top technology chief, CIO Tony Scott.There has been a broad push recently to move websites to using SSL/TLS (secure sockets layer/transport security layer) encryption. Most e-commerce sites use SSL/TLS, but the case has grown stronger for its broader adoption because of a surge in state-sponsored espionage and cybercriminal activity.To read this article in full or to leave a comment, please click here

YouTube flaw allowed copying comments from one video to another

An Egypt-based security researcher said Google has fixed an interesting vulnerability he and a colleague found in YouTube.Ahmed Aboul-Ela wrote on his blog that he and a fellow researcher, Ibrahim Mosaad, wanted to find a problem in a feature on YouTube “that not many bug hunters have tested.”They focused on a setting in YouTube that holds comments for review before they’re published. If that feature is enabled, comments are then listed in a control panel labeled “held for review.”Aboul-Ela wrote he intercepted the http request that is sent to Google when a comment is approved. The request contains two parameters: “comment_id” and “video_id.”To read this article in full or to leave a comment, please click here

Dropbox to pay security researchers for bugs

Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.“In addition to hiring world class experts, we believe it’s important to get all the help we can from the security research community, too,” wrote Devdatta Akhawe, a Dropbox security engineer.Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company’s applications are analyzed by a larger number of people with diverse security skills.To read this article in full or to leave a comment, please click here

AirDroid app fixes severe authentication vulnerability

AirDroid, a popular management tool for Android devices, has fixed a severe authentication software flaw in its Web interface that could give a hacker complete control over a mobile phone.The problem was fixed in an update released last month, wrote Matt Bryant, a consultant with the security company Bishop Fox, who discovered the flaw. Versions 3.0.4 and earlier of the tool are affected.AirDroid lets people manage their phone from a Windows or Mac tablet or through a Web interface. To do that, it asks for a lot of permissions, such as the ability to send text messages, turn on a camera and have access to the phone, among many others.To read this article in full or to leave a comment, please click here

Windows vulnerability can compromise credentials

A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials, according to a security advisory released Monday.A researcher with security vendor Cylance, Brian Wallace, found a new way to exploit a flaw originally found in 1997. Wallace wrote on Monday the flaw affects any PC, tablet or server running Windows and could compromise as many as 31 software programs.He wrote the flaw was not resolved long ago, but that “we hope that our research will compel Microsoft to reconsider the vulnerabilities.”The vulnerability, called Redirect to SMB, can be exploited if an attacker can intercept communications with a Web server using a man-in-the-middle attack.To read this article in full or to leave a comment, please click here

Windows vulnerability can compromise credentials

A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials, according to a security advisory released Monday.A researcher with security vendor Cylance, Brian Wallace, found a new way to exploit a flaw originally found in 1997. Wallace wrote on Monday the flaw affects any PC, tablet or server running Windows and could compromise as many as 31 software programs.He wrote the flaw was not resolved long ago, but that “we hope that our research will compel Microsoft to reconsider the vulnerabilities.”The vulnerability, called Redirect to SMB, can be exploited if an attacker can intercept communications with a Web server using a man-in-the-middle attack.To read this article in full or to leave a comment, please click here

Chinese hacker group among first to target networks isolated from Internet

An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye.The computer security firm released a 69-page technical report on Sunday on the group, which it calls APT (Advanced Persistent Threat) 30, which targeted organizations in southeast Asia and India.FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.To read this article in full or to leave a comment, please click here

White Lodging Services confirms second payment card breach

A large hotel management company has confirmed a second payment card breach in less than 14 months, underscoring the difficulties businesses are having with data thieves.White Lodging Services said the second breach was detected on Jan. 27 after unusual payment card activity was discovered on credit cards used at four Marriott-branded hotels. The compromised data includes customer names, card numbers, security codes and expiration dates, it said in a statement.The Merrillville, Indiana-based company manages hotels under agreements with hotels owners and is a separate entity from the specific hotel brands it operates.To read this article in full or to leave a comment, please click here

Encryption startup Vera locks down transferred documents

In Silicon Valley, the recruiting game is extremely competitive, according to Ron Harrison, founder of Jivaro Professional Headhunters, a specialist in placing technology candidates.In some cases, Harrison said the difference between getting nothing and a US$30,000 fee has come down to the few slim minutes between when one recruiter sent a resume to a company and a competing recruiter did.“It’s a dirty business,” Harrison said in a phone interview.Recruiting is complicated by the fact that companies may share resumes, even if the receiving company isn’t a client of the recruiter. Essentially, it means a recruiter loses its intellectual property through a gaping hole: an unencrypted document can be sent to anyone.To read this article in full or to leave a comment, please click here