Archive

Category Archives for "Network World Security"

Many attackers lurk undetected for months, then pounce, study finds

Attackers who penetrate company networks often pose as legitimate users for long periods of time, causing lengthy delays before victims figure out they’ve been hacked.FireEye’s Mandiant forensics service found that it took a median of 205 days for an organization to detect a compromise, down slightly from 229 days in 2013, according to its 2015 Threat Report.The drop is nearly insignificant. “I don’t think it’s enough to make a claim that people are getting better at this,” said Matt Hastings, a senior consultant with Mandiant who works on incident response.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 24

As HP reports numbers, questions will be on its splitHewlett-Packard is due to report its first-quarter results on Tuesday afternoon, but analysts will be more interested in hearing updates from CEO Meg Whitman on plans for the company’s split into two, says re/code. The company’s earnings are expected to hit $27.4 billion.GOPers on FCC want to delay net neutrality voteThe two Republican members of the Federal Communications Commission want to put a last-minute roadblock in the way of a proposal to reclassify the Internet as a utility and put stronger net neutrality protections in place. In a move that’s unlikely to succeed, Commissioners Ajit Pai and Mike O’Rielly want to delay the vote scheduled for Thursday, and have the FCC open the 332-page proposal to the public for comment. An agency spokeswoman said that the FCC already has already gotten “unprecedented levels of public comment on a variety of options” for net neutrality rules.To read this article in full or to leave a comment, please click here

Telegram dimisses claim of a flaw in its secure messaging application

Telegram, a messaging application that markets itself as a secure communication tool, doesn’t handle encrypted conversations securely, according to the founder of a mobile security company.Zuk Avraham of Zimperium wrote in a blog post Monday that he found several weak points that allowed him to recover plain text messages.Avraham didn’t try to directly crack messages encrypted by Telegram, which is backed by Pavel Durov, founder of the popular Russian social networking site Vkontakte. Instead, Avraham focused on an alternative attack using a kernel exploit to gain root access on an Android device and then looking at how Telegram handled messages in memory.To read this article in full or to leave a comment, please click here

NSA director wants gov’t access to encrypted communications

It probably comes as no surprise that the director of the U.S. National Security Agency wants access to encrypted data on computers and other devices.The U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to, NSA director Michael Rogers said during an appearance at a cybersecurity policy event Monday.Asked if the U.S. government should have backdoors to encrypted devices, Rogers said the U.S. government needs to develop a “framework.”“You don’t want the FBI and you don’t want the NSA unilaterally deciding, ‘So, what are we going to access and what are we not going to access?’” Rogers said during his appearance at the New America Foundation. “That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it.”To read this article in full or to leave a comment, please click here

‘Secure’ advertising tool PrivDog compromises HTTPS security

New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.To read this article in full or to leave a comment, please click here

New weapons offer hope against advanced cyber-attacks

One of the most frightening things about modern cyber-attacks is that a breach can remain undetected within networks for weeks, months or even years. This time gives hackers the luxury of lateral movement within a network, meaning they can acquire better credentials, compromise more systems and search for the most profitable and most damaging information. And perimeter defense tools are almost worthless once hackers are quietly rampaging behind the lines. But malware has to communicate back to the hackers somehow, and new monitoring tools have emerged that can identify that traffic. As such, traffic monitoring tools could very well be the next big thing in network security, protecting networks against cyber-attacks and helping even if a breach has already happened.To read this article in full or to leave a comment, please click here(Insider Story)

New tools can detect hidden malware

New tools can detect hidden malwareImage by ShutterstockWe tested new security appliances from Damballa, Lancope and LightCyber that are designed to detect the latest cyber-attacks by monitoring network traffic and identifying when a piece of malware is communicating back to its command and control center. (Read the full review here.)To read this article in full or to leave a comment, please click here

Edward Snowden documentary Citizenfour wins Oscar

A documentary on whistleblower Edward Snowden won the Oscar for the best documentary feature, in a shot in the arm for people worldwide protesting against alleged U.S. intrusions into the privacy of people in the country and abroad.The 87th Academy Awards were held Sunday in Los Angeles and presents film awards in 24 categories.Snowden, a former contractor of the U.S. National Security Agency, shook up the security establishment starting in June 2013, when he disclosed through newspapers that the agency was collecting in bulk phone data of Verizon’s U.S. customers, the first of many revelations by him.To read this article in full or to leave a comment, please click here

Lenovo hit with lawsuit over Superfish snafu

Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.To read this article in full or to leave a comment, please click here

Superfish security flaw also exists in other apps, non-Lenovo systems

On Thursday security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops, opened computers to attack. However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs.Superfish uses a man-in-the-middle proxy component to interfere with encrypted HTTPS connections, undermining the trust between users and websites. It does this by installing its own root certificate in Windows and uses that certificate to re-sign SSL certificates presented by legitimate websites.To read this article in full or to leave a comment, please click here

Google agrees to Italian privacy authority audits in the US

Google has agreed to on-the-spot audits at its U.S. headquarters in order to comply with Italy’s data protection laws.The Italian data protection authority (DPA) imposed several privacy measures on Google after an investigation into the company’s policies that was completed in July 2014. On Friday, the authority said Google will comply with all demands.The process to verify compliance calls for the DPA to check up on Google’s progress at its U.S. headquarters. It remains unclear when that will happen, though. “There is no precise appointment at the moment but there is an agreement to be able to go there,” a spokesman for the authority said.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Friday, February 20

Intelligence agencies may have your phone’s encryption keysBritish and American government agents hacked into SIM card maker Gemalto’s network to take smartphone encryption keys potentially used by customers of hundreds of mobile phone carriers worldwide. That let the spy agencies monitor a vast swathe of the world’s mobile phone voice and data traffic, reported The Intercept. It’s the latest revelation from the trove of information leaked by former NSA analyst Edward Snowden.To read this article in full or to leave a comment, please click here

TrueCrypt audit back on track after silence and uncertainty

An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.For years TrueCrypt has been the go-to open-source tool for people looking to encrypt files on their computers, especially since it’s one of the few solutions to allow encrypting the OS volume.In October 2013, cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt. This was partly prompted by the leaks from former U.S. National Security Agency contractor Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption.To read this article in full or to leave a comment, please click here

Android malware fakes phone shutdown to steal data

Next time you turn off your Android phone, you might want take the battery out just to be certain.Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.When someone presses the power button on a device, a fake dialog box is shown. The malware then mimics the shutdown animation and appears to be off, AVG’s mobile malware research team said in a blog post.“Although the screen is black, it is still on,” they said. “While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.”To read this article in full or to leave a comment, please click here

Lenovo admits to Superfish screw-up, will release clean-up tool

Lenovo has admitted it “messed up badly” by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it.“I have a bunch of very embarrassed engineers on my staff right now,” Lenovo CTO Peter Hortensius said in an interview Thursday. “They missed this.”Users have been complaining since September about the third-party program, called Superfish, which injects product recommendations into search results. But it only emerged Wednesday that the program also opens a serious security hole.To read this article in full or to leave a comment, please click here

Google Cloud offers security scanning for customer apps

Google has released a security scanner to help its cloud customers guard against attacks on their Web applications.Google Cloud Security Scanner, now available as a free beta for Google App Engine users, is designed to overcome a number of limitations often found in commercial Web application security scanners, noted Google security engineering manager Rob Mann in a blog post announcing the new service.Commercials scanners can be difficult to set up. They can over-report issues, leading to too many false positives. They are designed more for security professionals than developers.To read this article in full or to leave a comment, please click here

NSA, UK’s GCHQ reportedly hacked encryption of SIM card maker

U.S. and U.K. intelligence agencies have reportedly hacked into the computer network of giant SIM card maker Gemalto and taken smartphone encryption keys potentially used by customers of hundreds of mobile phone carriers worldwide.The Gemalto hack, by the U.S. National Security Agency and the U.K. Government Communications Headquarters (GCHQ), allowed the two spy agencies to monitor a large portion of the world’s mobile phone voice and data traffic, according to a story in The Intercept.The hack was detailed in a 2010 GCHQ document leaked by former NSA contractor Edward Snowden, the story said.To read this article in full or to leave a comment, please click here

How to remove the dangerous Superfish adware preinstalled on Lenovo PCs

Lenovo’s been caught going a bit too far in its quest for bloatware money, and the results have put its users at risk. The company has been preloading Superfish, a "visual search" tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014. Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake.MORE ON NETWORK WORLD: Free security tools you should try You can read all the sordid details here. This article is dedicated to helping you discover whether your Lenovo PC is infected with Superfish, and how to eradicate it if you are.To read this article in full or to leave a comment, please click here

Lenovo PCs ship with adware that puts computers at risk

Some Windows laptops made by Lenovo come pre-loaded with an adware program that exposes users to security risks.The software, Superfish Visual Discovery, is designed to insert product ads into search results on other websites, including Google.However, since Google and some other search engines use HTTPS (HTTP Secure), the connections between them and users’ browsers are encrypted and cannot be manipulated to inject content.To overcome this, Superfish installs a self-generated root certificate into the Windows certificate store and then acts as a proxy, re-signing all certificates presented by HTTPS sites with its own certificate. Because the Superfish root certificate is placed in the OS certificate store, browsers will trust all fake certificates generated by Superfish for those websites.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, February 19

Samsung pushes into mobile payments with LoopPay acquisitionSamsung Electronics is stepping up to Apple and Google on the mobile payments front: On Wednesday it said it would buy LoopPay and roll it into its mobile division. The Massachusetts startup’s technology is, like competitors, basically a virtual wallet for payment cards, but it works with existing magnetic card readers in the U.S.Qualcomm getting set to roll out 64-bit mobile chipsQualcomm is readying new chips for mobile devices that are the first to implement its homegrown 64-bit architecture. The design will appear first in high-end Snapdragon chips for premium products, and test units will be shipping by the end of the year.To read this article in full or to leave a comment, please click here