Usr6

Opera breached, has code cert stolen, possibly spreads malware - advice on what to do Norwegian-based Opera, makers of one of the most popular browsers outside the Big Four, has announced a scary-sounding network intrusion. The official story is still somewhat unclear. But here are the relevant paragraphs from Opera's official mea culpa document: On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments. The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate. The title of the article is Security breach stopped, but that doesn't sound quite right to me. The conclusions I reached, based on the announcement above, were: The network was breached. A code-signing key was stolen. Malware has been signed with it and circulated. At least one infected file was posted on an Opera server. That file may have been downloaded and installed by Opera itself. Cleanup and remediation has now been done at Opera. That sounds a bit more like Security breach not stopped to me. How else could a signed-and-infected file have been automatically downloaded by an already-installed instance of Opera? Anyway, wouldn't Opera's auto-update have failed or produced a warning due to the expired certificate? Until Opera has worked out the answer to these questions, Opera users probably want to assume the worst. The good news is that the malware involved is widely detected by anti-virus tools, and the period of possible exposure via Opera itself was at most 36 minutes. ? According to Opera, Sophos products block the offending file as Mal/Zbot-FG. So, if you are an Opera for Windows user: Download a fresh copy of the latest version (since the buggy download appears to be a thing of the past). Make sure your anti-virus is up to date. If you can spare the time, do an on-demand ("scan now") check of your computer. If we find out more detail about whether malware was distributed by existing Opera installations or not, we'll let you know. Sursa: Opera breached, has code cert stolen, possibly spreads malware – advice on what to do | Naked Security

https://github.com/hzeroo/Carberp

faci concurenta neloiala firmelor de taining:)), aia cer $ grei pe cursuri de exploiting si tu dai moka Felicitari! p.s. NTC-SEC (Neox Training Center: Software Exploitation Certification)

@Martin, incepi sa te intinzi mai mult decat e plapuma, data viitoare incearca sa contribui cu ceva la aceasta comunitate inainte sa-ti faci reclama pe spinarea ei blogurile personale (investigatie marca daatdraqq) se posteaz aici: https://rstforums.com/forum/bloguri-si-bloggeri.rst Cosul de gunoi, ambele Dollarcash-uri.

What’s new in Version 2013? Avira internet security 2013 free 1 year key Staying safe online isn’t merely about shielding your PC. It’s about being in control of your security and privacy, no matter how, when and where you connect. That’s why the new version of Avira is designed to revolve around you, protecting your PC, your smartphone and your web privacy. Extend security to every facet of your online life. Enhancements in Version 2013 include: Browser Tracking Blocker NEWStops over 600 companies from recording your web activities Protection Cloud NEWReal-time malware classification and extremely fast system scanning Website Safety Advisor NEWSecurity ratings in your search results—know before you go! Advanced AntiPhishing NEWProactive protection from the craftiest email scams Security for Android NEWLost phone recovery, privacy protection and call/SMS blocking Social Network Protection NEWIntelligent parental controls for Facebook and other social sites Download Avira Internet Security 2013 if you: Stream or download movies and TV Play computer games, especially with online partners Connect to wi-fi networks Access your bank accounts or investments on the web Shop in online stores or place bids at auction sites Make online phone calls, instant message or social networks Share your computer with your partner or family members Store your irreplaceable photos, music and videos on your PC Want to be sure your children are safe online Download: http://www.linuxhouse.eu/wp-content/uploads/2013/06/aviradownload.rar rar archive password: www.linuxhouse.eu Sursa: Avira internet security 2013 1 year key //le: key-ul din arhiva de mai sus: http://www.sendspace.com/file/2bb8c4 avira installer oficial: http://www.avira.com/en/for-home-avira-internet-security daca incearca cineva key-ul de mai sus si nu functioneaza, sa lase un mesaj pt a muta topicul la cosul de gunoi scuze pt orice incoveniente, site-ul care oferea licenta parea unul serios. //

In an age of smartphones and social networking, e-mail may strike many as quaint. But it remains the vehicle that millions of people use every day to send racy love letters, confidential business plans, and other communications both sender and receiver want to keep private. Following last week's revelations of a secret program that gives the National Security Agency (NSA) access to some e-mails sent over Gmail, Hotmail, and other services—and years after it emerged that the NSA had gained access to full fiber-optic taps of raw Internet traffic—you may be wondering what you can do to keep your messages under wraps. The answer is public key encryption, and we'll show you how to use it. The uses of asymmetry The full extent of the cooperation between the NSA and various technology companies is unclear. It will probably remain that way for the foreseeable future. For the time being, however, it seems likely that the standard cryptographic tools used to secure data "in flight"—that is to say, the SSL that protects data traveling between machines on the Internet—remain secure as long as certain best practices are used. That protects against some threats, such as wholesale monitoring of Internet traffic of the kind the NSA is known to engage in, but it doesn't do anything to protect data that's "at rest." That is to say, SSL doesn't do anything to prevent a company like Google or Microsoft from handing over an archive of your e-mail in response to a court order. The e-mails are just lying around on some Google server somewhere. If you don't want a government, service provider, employer, or unauthorized party to have access to your mail at rest, you need to encrypt the mail itself. But most encryption algorithms are symmetric, meaning that the encryption key serves a dual purpose: it both encrypts and decrypts. As such, people encrypting mail with a symmetric key would be able to decrypt other mail that used the same symmetric key. While this would protect against anyone without the key, it wouldn't be very useful as an encrypted e-mail system. The solution to this is asymmetric cryptography. In asymmetric encryption there are two opposite keys, and a message encrypted with one key can only be decrypted with the other. The two keys are known as a private key, which as the name might suggest is kept private, and a public key, which is broadcast to the world. Each time you want to send an e-mail to someone, you encrypt it with the recipient's public key. Asymmetric encryption is also used to perform mail signing. For this, the mail sender encrypts a hash, or mathematical fingerprint, of their file, producing a signature. Hashes are designed so that any small change to the message's text will produce a different hash value. Anyone reading the mail can then decrypt the signature using the sender's public key, giving them the original hash value. They can then compute the hash value of the mail they received and compare the two. If the values are the same, the message hasn't been modified. If they're not, it has—and we'll see the uses of this later on. Making things even more complex, having encryption support isn't itself enough. To a great extent, you don't control the things that are in your own inbox. That's all mail that someone else has sent you. If you want your inbox to contain encrypted mail that only you can read, you need to be sure that people sending you mail are encrypting that mail when they send it. And if you want to be sure that everything in your sent mail folder is encrypted, you'll need to send other people encrypted mail. As a result, e-mail encryption is not something you can impose unilaterally. To protect the contents of your account, you need to ensure that everyone you communicate with is in a position to handle encrypted mail—and is willing to use that ability. Finally, e-mail encryption doesn't encrypt everything. Certain metadata—including e-mail addresses of both sender and recipient, time and date of sending, and the e-mail's subject line—is unencrypted. Only the body of the mail (and any attachments) gets protected. If you're happy with these constraints, e-mail encryption is for you. Unfortunately, it can be complicated to use. Cutting through the complexity Few e-mail programs have PGP encryption features enabled by default. And even if they do, end users must still navigate a series of mazes that are long and confusing. Tasks include generating the key pair that will lock and unlock the communications and storing the private key in a location where no one else can get it. It also requires securely sharing a public key with every single person who wants to send you a private e-mail and securely getting a unique public key from each person you want to send encrypted e-mail to. No wonder most people—reportedly including Glenn Greenwald, the Guardian reporter who exposed aspects of the secret NSA dragnet—need time getting up to speed. Fortunately, free e-mail encryption programs are available for all major operating systems, and the ability to use them effectively isn't out of the grasp of average computer users if they know where to look. What follows is a set of step-by-step instructions for using GnuPG, the open-source implementation of the PGP encryption suite, to send and receive encrypted e-mails on machines running Microsoft Windows and Mac OS X. After that, we'll show readers how to use a similar crypto standard called S/MIME, which may prove simpler to deploy because it is already built into many desktop and mobile e-mail clients, including Outlook and Thunderbird. (Interested in S/MIME? Skip directly to page three.) Linux will be touched on only briefly because much of the functionality is already included in various distributions and because many Linux users already have PGP down cold. (Users are invited to provide Linux instructions and screenshots in the comments following this article.) PGP on Windows The basic element you'll need to encrypt mail is software to generate and manage your key pair and make them work with whatever e-mail program you happen to use. On Windows, there's no shortage of proprietary apps that will do both, with Symantec's PGP Desktop E-mail being perhaps the best known. There's nothing wrong with this offering, but it's almost $200 for a single-user license. This tutorial will instead focus on the open-source Gnu Privacy Guard, which is available for free on Windows, Mac, and Linux platforms. GnuPG, or simply GPG, is still available mostly as a command-line tool, meaning there's no graphical interface many end users would feel more comfortable using. Rather than learn a long list of GPG commands, many e-mail users are better off installing graphical implementation of GPG. On Windows, Gpg4win will give you everything you need to generate strongly encrypted messages that can be sent and later decrypted by the intended receiver using standard e-mail programs. At time of writing, the most recent version of Gpg4win is 2.1.1 and it's available here. After downloading such a sensitive piece of software you'll want to confirm the installer hasn't been tampered with and truly came from Gpg4win rather than a site masquerading as gpg4win.org. To do that, we'll need to check the SHA1 checksum for the downloaded file and make sure it matches the hash—a94b292c8944576e06fe8c697d5bb94e365cae25—listed on the Gpg4win download page. For those who prefer a graphical interface, use HashCalc. Install HashCalc and then open the program. In the "data" box, navigate to the folder where the downloaded gpg4win-2.1.1.exe file is located. In our case, since the SHA1 hash calculated by HashCalc matches the SHA1 digest provided on the Gpg4win download page, we have a high degree of confidence the file we're about to install is genuine. For readers who prefer command lines, Microsoft's File Checksum Integrity Verifier may be a better way to check the SHA1 hashes. You'll need to download and extract the FCIV package and follow the instructions in the readme text file, including making sure the folder containing the FCIV executable file has been added to the system path of Windows. With that out of the way, open a Windows command window and navigate to the folder containing the Gpg4win installer. Once you're sure you have the real gpg4win-2.1.1.exe, double-click on the file and click Yes to the User Access Control dialogue. When presented with the Gpg4win installation welcome screen, click Next, and then click Next at the following window to accept the Gpg4win license agreement. The next screen will allow you to choose the precise GPG components you want to install. Make sure you install all available components, including GPA, which is short for the GNU Privacy Assistant. Click Next at the Choose Components screen and again at the Destination and Install Options screens. At the Install Options screen, makes sure the "start menu" box is checked, click Next, and at the next window click Install. We won't be using S/MIME for now, so if you see any screens referring to Trustable Root Certificates, you can click the box to skip configuration and click Next. The installation is now complete. When you click on your Start menu and choose All Programs, you should now see a Gpg4win folder. Highlight it and choose GPA. This is the GNU Privacy Assistant. We'll use it to generate our key pair, and later we'll use it to store the public keys of people who will receive our encrypted messages. The first time you open GPA, you'll see a screen asking if you want to generate a private key. That's exactly what we want to do, so click "Generate key now." In the screens that follow, enter your name and e-mail address. When asked if you want to back up your key, choose "Do it later." It's not that this step isn't important, but we'll want to back up the key only after we're satisfied that we've done everything correctly. Next, you'll need to choose a passphrase to protect your key. Your passphrase is like the password protecting an e-mail or Web account. Except rather than preventing an unauthorized person from accessing your account, it prevents the person from using your private key should it ever be lost or stolen. In other words, the password is extremely sensitive. It should have a minimum of nine characters, but 18, 27, or even 36 characters are even better. For more tips on generating a strong password, see Ars Senior Reporter Jon Brodkin's discussion of master passwords here. When you're finished, you'll have generated your first key pair: the public key you will share with other people so they can send encrypted messages that only you can read, and the private key you'll use to decrypt those messages. Now that we've generated our first key pair, let's import the public key of someone else so we'll have it later when we're ready to send them our first encrypted e-mail. For this, get someone to give you their public key, preferably in person. It will look something like this: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.17 (MingW32) mQENBE/FhJ8BCADGhV//J7rdAKow2YlX2SwK5WtouAKnSncsw0gUc59zfMau95xA dCR/0zhZKUIVA9mvRthJ8YLnFQvaPyoiWq/rZJXRgA3ywA5Bi8aj/TJhHlTRRVIm llPMmaiKIrCJSG3oC7EXcGHK/ErfgnxIz/4ZGH4SEX9b7ERcjd5HVNgMizeKwNmJ ml5mUeKDd47H3uTeHkV9Ii5m7T2YHCklgtXtfPV0iIGAI48l3i3CUKiUYdOr96SM 6hglvSI3zOLNOHBDWHO0eRN9g7WDyX2o3GhlXK8B9m631hcyPieqZ7sIKy8O1EYR u78j5ASB9rvGc07FBCScIpXhkAKbsUet06TTABEBAAG0J0RhbiBHb29kaW4gPGRh bi5nb29kaW5AYXJzdGVjaG5pY2EuY29tPokBOAQTAQIAIgUCT8WEnwIbAwYLCQgH AwIGFQgCCQoLBBYCAwECHgECF4AACgkQxc+lYXUQQmw9CggAn5n3zOtWZkGEYOP4 IbTM0l10DEc0gucjFL0wfYqJXv6H7hi9j3K9zxCgBef6EIYRdWtAZScldfX9C1oD fwJIdSsPJecr3FJ6ia3O6CgilOMQo56kLMp2EzFMJSTog7jxd3MqANHclByVmwZe 6xFvhy+6lCYufDVlNgIAPewOTxzmoXBXWlXHj6ozJhJWEFcBZNB699rhpp9/ZmSY IePpJJNhFM4pSpKToxZNSvULWC6UNamnPxx/fGEb1HHhf/W276sxny7TzL1P5PAM J2VrdQHbHPt4LFeTMu/T7j8rs0WYrwAnu2sBZuovPnXcK6JWvm5+k2FSHBCIlbD6 F1zOCbkBDQRPxYSfAQgAyIsC4E4Jbry1SWfNzgUZ3KaXc/yHpKWvXK3iajj0l2gK BvxbIdWKd1S6Zu3rgLDLzTwWWhR5yMAh5GSXIzUOM8s2DxBDfKUwrYnJeK/AlQrS hIWEmM+38+q/i4Q65pTJnWkAPQmeoQk8j0DhmPaSPGYXZWFZh6i3ErNQ1IsdE2u4 aNeNW2UZdmjRnK0ys01yrCwF4MC1Y+m74G0UHfpj2i0Esj0YeDR2wnYVMxjhLEkz SklKYm1j8Tv3CWGaYluQUtn1AGAA6wtM714pLn5DRKuvpu0p/jcY4GajFTTzB3Nj Kubd61OOvwZfIOw/MyEM3l1DfJSOhjgGwCzPEpGbzwARAQABiQEfBBgBAgAJBQJP xYSfAhsMAAoJEMXPpWF1EEJsBBMH/jexz65+EnSS49H1q3p8qoM5LygP9b8K2cI4 1vPl3falThGV9EuQ3LifqXOg9BjyitYB09O+ARckzNd81j5kS9HFGJh3PaAbhHkn IUrCK46Rjz76zOkuunbInkc6Pbg4nHjl/wIHSFQXs7I+4khDJtBh0yFW5rV7yFIG v8zHSuZJqQ0FpwSJ19gBoBOtAVMKdJYvJRaw+JZcf2xqcYPOZIa/iCSe3LSVnIMV CXA28ZKQB10tZTm0y1V8fXXLuJd24+bN9hFr3fP1dj/w21EPQP1bCMGtNKCJ1DwR KTxdheirEBmS/0LO5nS561Y2UMQGhiK3Iku3RVCm7+qZLthAf7Q= =na8+ -----END PGP PUBLIC KEY BLOCK----- Take the public key of a real-world contact and save it to a file named something like key.txt. If you don't have a real-world contact who has a public key, save the above public key to a file and name it key.txt. Now, with GPA open, choose the "Import" icon, navigate to the disk location of key.txt, highlight the file, and click Open. Congratulations. You've just imported your first public key. Don't get too excited just yet. You'll need to import a public key for each person you want to send encrypted mail to. PGP on a Mac The process we've just shown above works pretty much the same for people running Apple's OS X, although the software will obviously be different. One of the best GPG front ends for the Mac is called GPGTools. Download it here and check the SHA1 checksum. To do that, open the terminal that's included in the Utilities folder of the OS X Applications, navigate to the folder where you saved the GPGTools installer, and type: openssl sha1 GPGTools-2013.5.20.dmg Because the hash that's returned—9f9fea935b3ce90d8d04542a754b8778f82a8b1b—matches the SHA1 hash listed on the download page, we have confidence that no one has modified it since it was put on the site. To install, double-click on GPGTools-2013.5.20.dmg and then double-click on the GPGTools icon in the window that opens. Click the next three "continue" buttons and be sure to accept the default installation of all packages included. You'll be prompted to enter the administrative password for your Mac, so be sure to have it ready. When you're done, you'll find a new addition to your Applications folder called GPG Keychain Access. The first time you open the app, you'll be prompted to create a new key pair. This is just what we want to do. You can also generate a key pair any time by choosing the "new" icon in the upper left-hand corner of the screen. When generating a key pair, enter the username and e-mail address the key will be used to protect and then click "Generate key." Note that by default the key will expire four years from the date you create it. You can change this setting by clicking the Advanced options section. Ars recommends that keys have a length of 2048 bits. As GPGTools generates the key, it will prompt you to keep your computer busy by typing text or moving the mouse around the screen. This advice is intended to create as much entropy as possible to ensure the elements of the key are as hard as possible for an adversary to guess. When you're done, you'll notice a new key has been added to the keychain. Now what? There are plenty of ways to receive someone's public key, but perhaps the easiest is in a simple text file. Once you have the .txt file of someone's public key, choose the Import button in GPA or GPGTools and select the file. If all goes according to plan, your key manager will now show two keys: the key pair you just generated and the public key you just imported. Keep in mind, however, that the integrity of any key exchange between you and a trusted party is crucial. If you mistakenly obtain Bob's public key when you wanted to obtain Alice's key, it will be impossible for Alice to read your message. Even worse, it will be trivial for Bob to decrypt your message. As a result, key exchanges should be done in person whenever possible, not over the phone, so each party can verbally confirm the fingerprint of the key being given to the other person. Remember, all the strong crypto in the world doesn't mean a thing if the public key in your possession doesn't belong to the person you think it does. The importance of this step can't be overstated. Now that we have private and public keys, it's time to use them to send and receive e-mails that make use of them. To do that, we're going to use Enigmail, a plugin that gives the Mozilla Thunderbird e-mail program powerful encryption and cryptographic signing capabilities. Install Enigmail the way you'd install any Mozilla plugin. That is: right-click on this link, choose "save link as" and save the file to your desktop or some other location you'll remember. Then, with Thunderbird open, go to Tools and choose "add-ons." An add-ons Manager tab will open and will look like this: Notice the pull down menu next to the search box. Click on it, choose "Install Add-on From File...", navigate to the file you just saved (titled enigmail-1.4.2-tb+sm.xpi), highlight it, and click Open. Then, in the next window, click on the button that says "Install Now." When you restart Thunderbird, you'll have a new menu item called "OpenPGP" similar to what's shown below. Putting it to the test OK, now it's time to send an encrypted e-mail. Prepare a new message the way you always do, by typing the address, subject, and body. The only requirement here is you must have the public key of the person you're e-mailing. Since we already imported the public key of a friend a little earlier, that's no problem. Now go to the OpenPGP menu and choose "Encrypt Message." You'll notice a check mark appears next to that selection, and you'll also see a key in the lower-right part of the message window turn amber. Click Send, read and click through the message boxes, and it's on its way. To anyone without the corresponding private key, the message will look like this: Notice that everything other than the e-mail addresses and subject line are in ciphertext. But look what happens when we open the same message on a system that has Enigmail installed and the corresponding private key: First, we get prompted for the passphrase that we chose when we the generated the key pair. This password is what prevents an adversary from reading your email in the event that your private key is lost or stolen. And when we type it in, voila! The ciphertext is converted to plaintext. The ability of strong cryptography to protect sensitive communications from powerful adversaries is nothing short of a breakthrough. Unless the NSA knows of top-secret vulnerabilities civilian cryptographers don't know about, it would require government spies to expend vast amounts of time and resources factoring keys. Such an effort would have to be repeated for each separate key pair sending a message the spies want to read. At the same time, it's important to remember what GPG and PGP encryption does and doesn't do. Before people can send you an encrypted e-mail, they will have to receive a genuine copy of your public key. Before you can send them encrypted messages, you will have to receive a genuine copy of their key too. And if you want to send 100 people an encrypted e-mail, you'll have to have all 100 of their public keys, too. Still, e-mail encryption is effective when done right. It may not be something you plan to use when e-mailing your Aunt Gertrude, but it remains a valuable tool that's worth having in your chest. S/MIME PGP, as outlined in the prior pages, is one way of using public key crypto to encrypt e-mail. However, a number of e-mail clients, including Microsoft Outlook, Mozilla Thunderbird, and Apple Mail, have built-in support for another encryption system: S/MIME. The overall concept is quite similar, but it's the details that matter. The two parts of the encryption key are stored separately. Operating systems and e-mail clients contain built-in storage for private keys. Public keys are distributed as certificates. A certificate includes a bunch of information describing who the certificate belongs to—for S/MIME purposes, this will typically be your name and e-mail address—along with the public key. These are all then cryptographically signed by the organization that issued the certificate, called a certificate authority. Personal certificates for e-mail can be obtained for free from a bunch of certificate authorities, including StartCom and Comodo. These free certificates typically only include information about your e-mail address. If you want more information, such as your name or company, that will cost money. The process to sign up will vary from service to service, but essentially all of them ask for your name and e-mail address and then give you a certificate that's installed into your browser. The certificate may be sent instantly, or it might take a few hours for manual validation to be performed. Generally, the certificates are installed directly into the certificate store your browser uses. If you use Chrome or Internet Explorer, that should be fine, as on Windows, they install certificates into the built-in Windows certificate store automatically. The Windows certificate store can be viewed by running certmgr.msc. Firefox has its own certificate storage, which can be viewed from its preferences dialog. Go to the Encryption tab of the Advanced page of the options dialog, and then click View Certificates to see them. If you're using OS X, we published instructions in 2011 that should hold more or less true today. What you do at this point depends on which combination of browser and e-mail client you intend to use. If both your browser and mail program use the system certificate store, you're all set to proceed. If, however, you intend to use Firefox or Thunderbird, you'll annoyingly have to move the certificate and private key around. Not only do those applications not use the system certificate store, they also don't even share a common store between them. To get the certificate out of Firefox, you'll need to go to Firefox's certificate view, as described above, select the certificate you want (you should find it in the "Your Certificates" section), click Backup, and follow the instructions. This will save the certificate and private key into a file. To get the certificate out of the system certificate store, open up the Windows certificate manager, also as described above, select the certificate you want (this time it should be in "Personal\Certificates"), right-click it, and choose All Tasks > Export. Most of the wizard's default options should be fine, but make sure that you choose the "export private key" option. This is not the default. At this point you'll have a file containing the certificate and private key. To import the certificate into the system store so that it can be used in a program such as Outlook, navigate to Personal\Certificates in the system certificate manager. Right-click an empty spot and choose All Tasks > Import. Point the wizard at the file you saved earlier. To use the certificate in Thunderbird, visit Thunderbird's counterpart to the Firefox certificate manager (it's in the same place in the user interface, though the dialog boxes look slightly different). Import the saved file. As far as the setup and configuration goes, that's about the extent of what needs doing. The process is straightforward enough, if a bit annoying in places. The next step is to actually use certificates to sign and encrypt e-mail. That's where things get more annoying. Sending an encrypted e-mail is, in principle, straightforward enough. In Outlook, there's a button on the ribbon to enable encryption for an individual message, and if you want to encrypt by default, you can do so in File > Options > Trust Center > Trust Center Settings > E-Mail Security. Thunderbird similarly has a security button on its toolbar for one-off encryption, and it allows encryption to be enabled by default with Options > Account Settings > Security. That's all great, but to send someone encrypted mail, as mentioned, it's not enough to have your own certificate (though you do need that too). You also need their certificate. If you try to send an encrypted message to someone whose certificate you don't have, you'll get a nice error message instead. The usual way this is handled is to get your intended recipient to first send you a mail that's signed but not encrypted. Your mail client will notice the certificate on that mail and plumb it in appropriately so that you can subsequently send encrypted mail to that person. This introduces some level of risk: is the signed mail you've received really from the person it purports to be from? Certificate authorities are supposed to provide the level of trustworthiness here. For the free certificates, which only include e-mail addresses rather than full identities, this isn't really much to go on. For paid certificates, which are in principle verified by the certificate authority, it is a slightly stronger guarantee. In either case, to be sure of the authenticity of a certificate, it's best to confirm it through some alternative channel (ideally in person). Once they've done this, the process is all quite transparent. Encrypted mails will be decrypted automatically, provided that they were sent using the right certificates and haven't been tampered with. If the e-mail is sent with the wrong certificate, it will be unreadable. In practice, using encrypted e-mail is awkward and annoying. Though S/MIME has been around for a long time and support is widespread both in desktop and mobile clients, its actual usage is rare. The same is true of PGP mail. PGP mail has essentially the same user experience and security features, just with less integration and less convenience. Its major virtue compared to S/MIME is that it doesn't depend on certificate authorities. This eliminates one source of costs (no need to buy certificates) and protects against a certificate authority being compromised by hackers or government forces. The long and the short of it is that e-mail isn't a very good system for secure communications. You're wholly dependent on other people doing the right thing and sending you properly encrypted mail. While conscientious correspondents who know what they're doing might be willing to do this, most people won't. Moreover, the all-too-common not-quite-spam that many of us receive on a regular basis—mailing lists, shopping receipts, bill notifications, and so on—won't ever send encrypted mail. They're simply not built to do so. The process is also error-prone. Since making encryption the default is in most cases impractical, most users of encrypted mail will be better served by encrypting only sensitive communications. This, however, carries with it the risk that they might forget to click the button. One solution might be to create a dedicated account only for encrypted communication (so that account could be configured to encrypt by default). But as you might have guessed, this just ramps up the inconvenience. Article updated to add details about key expiration, backup, and uploading of public key to servers. Sursa: Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away? | Ars Technica

Creator: Matt Briggs & Frank Poz Lab Requirements: - Virtual machine software (VMWare is recommended). -Windows system with IDA Pro (Free 5.0 is acceptable). -Microsoft Visual Studio 2008 redistributable package. As we store more of our confidential information on our computers, from bank account credentials, to company secrets, the reward to risk ratio increases as has the number malware (malicious software) threats. While anti-virus and intrusion detection systems have improved over the years, nothing can substitute a skilled malware analyst when a business needs to understand and mitigate a network intrusion. This class picks up where the Introduction to Reverse Engineering of Software course left off, exploring how static reverse engineering techniques can be used to understand what a piece of malware does and how it can be removed Topics include: - Understanding common malware features and behavior - Defeating code armoring and obfuscation - Signature creation and applying prior analysis - Dynamic analysis tools and how they can aid static analysis Cuprins: Day 1 Part 1 Prerequisites Day 1 Part 2 Analysis Goals Day 1 Part 3 Triage, Tasks, and Tools Day 1 Part 4 Malware Lab Setup Day 1 Part 5 Analysis Methods Day 1 Part 6 Execution and Persistence Day 1 Part 7 Know Your Tools Day 1 Part 8 Generic RE Algorithm Day 1 Part 9 Data Encoding Day 1 Part 10 Data Encoding - Common Algorithms - Caesar Cipher & XOR + variants Day 1 Part 11 Data Encoding - Common Algorithms - Base64 Day 1 Part 12 Data Encoding - Common Algorithms - Crypto Day 1 Part 13 Data Encoding - Common Algorithms - Compression Day 1 Part 14 Data Encoding - Common Algorithms - String Obfuscation Day 1 Part 15 Data Decoding Day 1 Part 16 How a Debugger Works Day 1 Part 17 Malware Unpacking Day 1 Part 18 Day 1 Review Day 2 Part 1 Network Communications - Introduction & Finding the Code Day 2 Part 2 Network Communications - Command & Control, Indicators Day 2 Part 3 DLL Analysis Day 2 Part 4 Anti-Analysis Day 2 Part 5 Anti-Analysis Examples Day 2 Part 6 How CreateFile() Works Day 2 Part 7 Shellcode Analysis Materials(lecture, malware sample, scripts): ReverseEngineeringMalware Video: curs oferit de: opensecuritytraining.info

Lecture 1: Intro, Ethics, & Overview: This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics. Lecture 2: Linux Overview: This lecture covers the basics to an OS, Kernel vs user space, system calls, unix permissions, ruid vs euid etc..., ext file system (for the limited focus of forensics), persistence mechanisms used by malware, and /var/log, and more. Lecture 3: Windows Overview This lecture provides an overview of the registry and registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview, window systems calls commonly used by malware, and the windows API. Lecture 4: Rootkits; Code Auditing The first half of this lecture covers rootkits and rootkit techniques for windows and linux. The second half covers code auditing concepts like design flaws, software analysis, vulnerability identification, signed bugs (int over/under flows), incorrect use of length params (strncpy, strncat, snprintf), format strings, … Lecture 5: x86 Reverse engineering This lecture is day one of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair. Lecture 6: This lecture is day two of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair. Lecture 7: Fuzzing and Exploit Development 101 This lecture covers a fuzzing overview, the basics of exploit development, environment variables, stack attacks, buffer overflow, nop-sleds, etc... Lecture 8: Shellcode and Exploit Development 102 Lectore topics: more on writing Shellcode (linux vs windows), win32 process memory map ... Lecture 9: Exploit Development 103: SEH Exploitation, Heap Sprays, and Executable Security Mechanisms This lecture covers SEH exploitation, heap sprays, and executable security mechanisms like ASLR, DEP/NX, Stack Cookies... Lecture 10: Networking 101: Data Layer, Link Layer, and IP layer This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122) Lecture 11: Networking 102: TCP layer, Important Protocols, Services, Portscanning, ARP This lecture finishes up the networking overview from last time. Lecture 12: Web application Hacking 101 Its a bit shorter than other videos as the class time was taken up going over homework beforehand. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics. Lecture 13: Web Application Hacking 102: Big picture of topics so far, SQLi, XSS This lecture's topices cover HTTP proxies, SQLi and XSS Lecture 14: Web Application Hacking 103: SSL attacks, advanced techniques This lecture's topics cover SSL/TLS, Certificate Authorities, and the serious problems with the Certificate Authority infrastructure, and a history of CA hacks / breaches, and SSL hacking tools like sslstrip ... Lecture 15: Web Application Hacking 104 & Exploit Development 104 This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF Lecture 16: Midterm review & Exploit Development 105 (ROP) This lecture's first half is a review of topics for the midterm. The second half introduces Return Oriented Programming. Lecture 17: The Modern History of Cyber Warfare This lecture covers just a small sample of the major events one might consider part of the history of cyber warfare. The lecture discusses some of the potential tactical and strategic differences between traditional warfare and cyber warfare - as well as the policy and perspective hurdles we face today. This lecture happened shortly after the ground-breaking APT1 report from Mandiant. Lecture 18: Social Engineering The first portion of this video is a continuation of the previous lecture on cyber warfare. Afterwards, this lecture offers a new spin on social engineering - by staring with fundamental psychological flaws in the human brain, and discussing how they can be exploited... Lecture 19: Metasploit This lecture covers the metasploit framework, its interfaces, basic usage, and some of its utilities, along with a brief discussion of the social-engineering toolkit (SET)... Lecture 20: Meterpreter and Post Exploitation This lecture starts by finishing the SET discussion from last time, covers Windows access-tokens, then delves into meterpreter and post exploitation... Lecture 21: Volatility and Incident Response: This lecture covers an overview of Incident Response and delves into Volatility and memory analysis.. Lecture 22: Physical Security Workshop: Lockpicking, USB mischief, and BacNET/SCADA system security This lecture covers physical security, with a hands-on workshop on lockpicking, along with a simultaneous discussion of USB-related-mischief, building hacking (BacNET / SCADA) .... Lectures & Videos: Offensive Security Home Page (CIS 4930 / CIS 5930) Spring 2013 Videos: https://www.youtube.com/user/gtg051x/videos?sort=da&view=0&flow=list Curs oferit de Florida State University

More than 1,400 Citadel botnets, responsible for over half a billion U.S. dollars in losses, were disrupted Microsoft and the U.S. Federal Bureau of Investigation have taken aim at a botnet network based on malware called Citadel that is held responsible for stealing people's online banking information and personal identities. The company, however, warned that because of Citadel's size and complexity, it does not expect to fully take out "all of the botnets in the world using the Citadel malware." Botnets are networks of computers infected by malware, which can be controlled by cybercriminals to send automated spam email, spread viruses, attack computers and servers, and commit other kinds of crime and fraud, without the knowledge of the owner of the computer. In an action, code-named Operation b54, more than 1,400 Citadel botnets, which are said to be responsible for over half a billion U.S. dollars in losses to people and businesses worldwide, were disrupted, according to a blog post late Wednesday by Richard Domingues Boscovich, assistant general counsel of Microsoft's Digital Crimes Unit. The malware has affected more than five million people, with some of the highest number of infections in the U.S., Europe, Hong Kong, Singapore, India, and Australia, Microsoft said in a statement. On Wednesday, Microsoft and U.S law enforcement seized data and evidence from the botnets, including servers from two data hosting facilities in New Jersey and Pennsylvania. Microsoft had earlier received authorization from the U.S. District Court for the Western District of North Carolina to simultaneously cut off communication between the 1,462 botnets and the infected computers under their control. During investigations started in early 2012, Microsoft and partners found that computers infected by the Citadel malware were keylogging, or monitoring and recording keystrokes, to gain access to a victim's bank account or any other online account in order to withdraw money or steal personal identities, according to a statement by Microsoft. Microsoft got assistance from the Financial Services - Information Sharing and Analysis Center, NACHA, and the American Bankers Association in its efforts to disrupt Citadel. NACHA manages the ACH Network, a backbone for the electronic movement of money and data. Tech companies Agari, A10 Networks, and Nominum also helped. The collaborative action is Microsoft's seventh operation against botnets. In the course of investigations, it was found that Citadel also blocked victims' access to many legitimate anti-virus and anti-malware sites, to prevent them from removing the threat from their computer. It was also found that cybercriminals are using fraudulently obtained product keys created by key generators for outdated Windows XP software to develop their malware. Microsoft cited it as evidence of "another link between software piracy and global cybersecurity threats." Windows Vista, Windows 7 and Windows 8 have measures in place to help protect against this type of misuse of product keys, Boscovich wrote. Sursa: Microsoft, US feds disrupt Citadel botnet network | ITworld

Kaspersky Lab a descoperit „Operatiunea NetTraveler”, o campanie de spionaj cibernetic la nivel global care a avut ca tinte organizatii guvernamentale si institute de cercetare Echipa de experti a Kaspersky Lab a publicat un nou raport de cercetare cu privire la NetTraveler, o familie de programe malware utilizate in operatiuni de tip Advanced Persistent Threat (APT) pentru a compromite cu succes peste 350 de victime foarte importante din 40 de tari diferite. Gruparea NetTraveler a infectat victime din numeroase organizatii, atat din sectorul public, cat si din cel privat, inclusiv institutii guvernamentale, ambasade, organizatii din industria de petrol si gaze, centre de cercetare, centre militare si organizatii de activisti. Potrivit raportului Kaspersky Lab, aceasta amenintare este activa inca din 2004, insa cel mai mare volum de activitate s-a inregistrat in perioada 2010 – 2013. Cele mai importante domenii de interes pentru gruparea de spionaj cibernetic NetTraveler au inclus recent explorarea spatiala, nanotehnologia, productia de energie, energia nucleara, tehnologia laser, medicina si comunicatiile. Metode de infectare: Atacatorii infectau sistemele victimelor trimitand e-mailuri de tip spear-phishing, care contineau atasamente Microsoft Office echipate cu doua vulnerabilita?i intens exploatate (CVE-2012-0158 si CVE-2010-3333). Chiar daca Microsoft a lansat deja patch-uri pentru aceste vulnerabilita?i, ele sunt in continuare exploatate pe scara larga in atacuri targetate, dovedindu-se a fi eficiente. Titlurile atasamentelor malitioase din e-mailurile de tip spear-phishing releva eforturile gruparii NetTraveler de a-si adapta atacurile pentru a putea infecta tintele foarte importante. Printre titlurile documentelor malitioase se numara: Army Cyber Security Policy 2013.doc Report – Asia Defense Spending Boom.doc Activity Details.doc His Holiness the Dalai Lama’s visit to Switzerland day 4 Freedom of Speech.doc Furtul si extragerea de informatii: In cadrul analizei Kaspersky Lab, echipa de experti a obtinut jurnalele de infectare de pe diferite servere de comanda si de control (C&C) ale gruparii NetTraveler. Serverele C&C erau utilizate pentru a instala un malware aditional pe dispozitivele infectate si pentru a extrage informatiile furate. Expertii Kaspersky Lab au estimat cantitatea de informatii furate stocate pe serverele de comanda si de control ale NetTraveler ca fiind de peste 22 gigabytes. Datele sustrase de pe sistemele infectate au inclus listari ale fisierelor, loguri de taste apasate, dar si alte tipuri de fisiere, cum ar fi PDF-uri, tabele Excel sau documente Word. In plus, toolkit-ul NetTraveler putea sa instaleze un malware suplimentar de tip backdoor creat pentru sustragerea datelor, care putea fi personalizat pentru a fura alte tipuri de informatii delicate, cum ar fi detalii de configurare pentru aplicatii sau fisiere de proiectare asistata de calculator (CAD). Statistici ale infectarii globale: Potrivit analizei Kaspersky Lab asupra serverelor de comanda si control ale gruparii NetTraveler, au existat, in total, 350 de victime in 40 de tari diferite, inclusiv Statele Unite, Canada, Marea Britanie, Rusia, Chile, Maroc, Grecia, Belgia, Austria, Ucraina, Lituania, Belarus, Australia, Hong Kong, Japonia, China, Mongolia, Iran, Turcia, India, Pakistan, Coreea de Sud, Thailanda, Qatar, Kazakhstan si Iordania. Pe langa analiza datelor cu privire la centrele ce control si comanda, expertii Kaspersky Lab au folosit Kaspersky Security Network (KSN) pentru a identifica statistici suplimentare cu privire la infectie. Primele 10 tari dupa numarul de victime detectate de KSN au fost Mongolia, urmata de Rusia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, Coreea de Sud, Spania si Germania. In timpul analizei Kaspersky Lab asupra NetTraveler, expertii companiei au identificat sase victime care au fost infectate atat de NetTraveler, cat si de Red October, o alta operatiune de spionaj cibernetic analizata de Kaspersky Lab in luna ianuarie 2013. Desi nu a fost identificata nicio legatura directa intre atacatorii NetTraveler si actorii implicati in operatiunea Red October, faptul ca anumite victime au fost afectate de ambele campanii de spionaj cibernetic demonstreaza ca aceste victime foarte importante sunt tinta mai multor atacatori din cauza ca informatiile pe care le detin sunt foarte valoroase. Raportul complet al analizei Kaspersky Lab, inclusiv indicatorii compromiterii, tehnicile de remediere si detaliile cu privire la operatiunea NetTraveler cu toate componentele sale malitioase, este disponibil pe Securelist. Produsele Kaspersky Lab detecteaza si neutralizeaza programele malitioase si toate versiunile folosite de Toolkit–ul NetTraveler, inclusiv Trojan-Spy.Win32.TravNet si Downloader.Win32.NetTraveler. Produsele Kaspersky Lab detecteaza exploit-urile Microsoft Office folosite in atacurile de tip spear-phishing, inclusiv Exploit.MSWord.CVE-2010-333, Exploit.Win32.CVE-2012-0158. Sursa: Kaspersky Lab a descoperit „Operatiunea NetTraveler”, o campanie de spionaj cibernetic la nivel global care a avut ca tinte organizatii guvernamentale si institute de cercetare

*Listare procese: tasklist wmic process list full *Listare procese + asociere servicii tasklist /svc *Servicii: net start sc query *Startup: wmic startup list full reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run *Conexiuni active: netstat -b *Firewall config: netsh firewall show config *Utilizatori: net user *Scheduled Tasks: schtasks *Loguri: eventvwr.msc pentru a tipari outputul unei comenzi intr-un fisier adaugati la sfarsitul comenzi " > output.txt" ex: "net user >output.txt"

So, we have prepared a CyberGhost Special Edition for you, which allows you to surf the Internet freely and anonymously, without bandwidth or traffic restrictions and you have access to servers from US, Germany, Romania and Switzerland. All you have to do is write your valid e-mail address in the box below and we’ll take care of the rest. We will send you by e-mail a serial code for 12 months CyberGhost Special Edition. link: CyberGhost VPN Registration Service

cu un pic de intarziere, hop si eu La multi ani man, chiar daca anii vin si vin, nu-i lasa niciodata sa te imbatraneasca

versiunea in lb romana a povestii: Sursa: Cel mai mare CYBER-JAF din istorie. România, una dintre victime - Gandul Procurorii americani au pus sub acuzare opt persoane care constituiau celula din New York a unei re?ele de ho?i ce combina fraudele pe Internet cu cele la bancomate. Ace?tia au reu?it s? fure în câteva ore, doar în cartierul new-yorkez Manhattan, aproape 3 milioane de dolari prin retrageri frauduloase de la bancomate, scrie Daily Mail. Paguba a fost îns? mult mai mare ?i s-a extins la nivel mondial: în aproximativ zece ore, re?eaua a retras 40 de milioane de dolari de la bancomate din 24 de ??ri, efectuând prin intermediari 36.000 de tranzac?ii. Astfel de retrageri de bani au avut loc ?i în România, îns? sumele au fost mici, de ordinul zecilor de mii de euro. Capii re?elei se pare c? nu se afl? în SUA, îns? autorit??ile americane nu au dat înc? mai multe detalii, conform Reuters. Liderul grupului din New York a fost g?sit asasinat în Republica Dominican?. Vineri, în Germania, procurorii au anun?at c? pe 19 februarie au re?inut doi cet??eni olandezi care f?ceau parte din aceast? re?ea – un b?rbat de 35 de ani ?i o femeie de 56 de ani. Cei doi au retras de la bancomate din Dusseldorf aproximativ 170.000 de euro, îns? paguba produs? în Germania este mult mai mare – 2,4 milioane de dolari. “În loc de arme ?i de m??ti, aceast? organiza?ie de cybercrime a folosit laptopuri ?i internetul. Mi?cându-se la fel de rapid precum datele de pe internet, organiza?ia ?i-a creat drum de la sistemul de computere al corpora?iilor interna?ionale pân? pe str?zile din New York”, a declarat Loretta Lynch, procurorul de caz din New York. Cum se fur? milioane de dolari de la bancomat, în câteva ore Performan?a re?elei, de neegalat pân? acum, a fost timpul foarte scurt în care a reu?it s? retrag? banii ?i anvergura interna?ional? a jafului. Totul a început cu spargerea, prin hacking, a unor computere care apar?ineau unor companii de procesare de carduri de credit – una în India, în decembrie 2012, ?i una în SUA, în februarie 2013. Apoi, tot prin hacking, re?eaua a m?rit limitele de credit ?i limitele de retragere de la bancomat pentru o serie de carduri prepl?tite Mastercard, emise de dou? b?nci arabe: Bank of Muscat, din Oman, ?i RAKBANK (National Bank of Ras Al Khaimah PSC), din Emiratele Arabe Unite. Practic, hackerii au transformat cardurile în carduri "cu opera?iuni nelimitate", eliminând orice limit? impus? de banc?. Ulterior, re?eaua a distribuit carduri bancare contraf?cute c?tre parteneri din întreaga lume. Ace?tia au retras în câteva ore milioane de dolari de la bancomate din 27 de ??ri, inclusiv din România. În Bucure?ti ?i în alte câteva ora?e din România, au avut loc retrageri de bani de la bancomate, fiind folosite carduri bancare trimise de re?eaua respectiv?, îns? sumele nu au fost foarte mari, de ordinul zecilor de mii de euro. Poli?ia Român? colaboreaz? cu autorit??ile americane de la începutul anului în acest caz, conform TVR. Alte ??ri unde au avut loc retragerile sunt Japonia, Canada, Germania, Emiratele Arabe Unite, Republica Dominican?, Mexic, Italia, Spania, Belgia, Fran?a, Marea Britanie, Letonia, Estonia, Thailanda sau Malaezia. Banii fura?i nu apar?ineau unor persoane, ci b?ncilor, acestea fiind singurele p?gubite. Cardurile ?i conturile fraudate erau de tip prepaid, folosite pentru c?l?torii. În New York, cei ?apte membri ai re?elei s-au r?spândit în ora?, pe 19 februarie, cu carduri care erau alimentate dintr-un singur cont al Bank of Muscat. 10 ore mai târziu, fuseser? efectuate 2.904 retrageri în valoare de 2,4 milioane de dolari, conform procurorilor americani. În acela?i timp, echipele complice din alte ??ri au f?cut la fel, sco?ând de la bancomate în jur de 40 de milioane de dolari apar?inând Bank of Muscat ?i alte 5 milioane de dolari de la RAKBANK. Au fost f?cute în jur de 40.500 de retrageri în 27 de ??ri. La sfâr?itul lunii februarie, Bank Of Muscat anun?ase un prejudiciu de 39 de milioane de dolari, frauda?i prin 12 carduri prepaid folosite la c?l?torii. Paguba echivaleaz? cu jum?tate din profitul b?ncii pe primul trimestru din 2013, conform Reuters. Liderul re?elei din New York, leg?turi cu mafia ruseasc? Alberto Lajud-Pena, poreclit V?rul sau Albertico, 23 de ani, era liderul re?elei din New York. El a fost g?sit mort în Republica Dominican?, pe 27 aprilie. Nu este îns? clar dac? asasinatul are leg?tur? cu frauda bancar?. El a fost g?sit împu?cat în urma unei tentative de jaf armat asupra unei case din San Francisco de Macoris, ora? aflat la nord-est de capitala Santo Domingo. Anchetatorii au g?sit 100.000 de dolari cash, o pu?c? de asalt M-16, dou? pistoale de 9 milimetri, o lunet? ?i muni?ie, toate apar?inând lui Lajud-Pena. Cei care l-au ucis au fost trei persoane, dintre care liderul era Carlos Manuel Jimenez, proeclit La Vaca Loca (Vaca nebun?), conform poli?iei locale, citate de Daily Mail. Lajud-Pena ar fi comunicat prin emailuri cu o organiza?ie criminal? din Sankt Petersburg, Rusia, specializat? în sp?larea de bani. El le-ar fi trimis bani în mai multe conturi, conform procurorilor americani. Banii erau cheltui?i pe bunuri de lux De cele mai multe ori, banii retra?i de la bancomate erau folosi?i pentru a cump?ra bunuri de lux, o mare parte fiind îns? trimis? liderilor re?elei. Re?eaua din New York p?stra în jur de 20% din prad?, restul fiind trimis? mai sus. Autorit??ile au confiscat de la cei aresta?i sute de mii de dolari, dar ?i dou? ceasuri Rolex, un SUV Mercedes, un Porsche Panamera sau haine Gucci. Exper?i: b?ncile arabe au securitate slab? Opera?iunea ar fi implicat câteva sute de persoane, printre care ?i câ?iva hackeri foarte capabili, specializa?i în penetrarea sistemelor de securitate financiare, consider? exper?ii cita?i de Reuters. Organiza?ia ar fi vizat b?nci din Orientul Mijlociu pentru c? acestea au tendin?a de a permite clien?ilor s? de?in? sume foarte mari pe carduri ?i nu îi monitorizeaz? atât de strict precum b?ncile din alte zone. Totodat?, securitatea cibernetic? a b?ncilor din zon? nu este la fel de sofisticat?. Un caz similar cu acesta a avut loc în 2009, când Royal Bank of Scotland a pierdut peste 9 milioane de dolari în mai pu?in de 12 ore, tot de pe carduri de debit prepl?tite. Acesta a fost primul caz de acest gen, îns? nu se compar? ca anvergur? cu cel descoperit în aceste zile. Nu este clar dac? b?ncile î?i vor putea recupera prejudiciul de la procesatorii de carduri care au fost ataca?i de hackeri. Conform exper?ilor, dac? regulile de securitate cibernetic? au fost respectate de c?tre procesatori, atunci b?ncile nu îi pot da în judecat?. Totu?i, b?ncile pot încerca s? se foloseasc? de poli?ele de asigurare, care acoper? în prezent ?i fraudele cibernetice Andrei Luca Popescu este reporter special al ziarului Gândul

Quick Overview In a typical drive-by download scenario, users visit a compromised website and are redirected to a web server hosting an exploit pack. The exploit pack server delivers the appropriate exploit to compromise the visiting user’s PC then uploads the malicious payload to finish the job. In order to infect as many users as possible, the exploit pack server needs to stay up for as long as possible. In the typical setup, the exploit pack server is exposed to every user who lands on its malicious pages. ? To improve its resiliency, exploit pack authors had to find ways to keep the exposure to a minimum. Over time, they deployed several tricks such as redirection rules, traffic distribution systems, dynamic DNS, using dedicated servers for exploits and another for payloads, and so on. But in the end, the exploit pack servers are still vulnerable to takedowns because they make their presence known even if they’re hiding behind a dynamic DNS. ? Enter RedKit RedKit was discovered around this time last year by the excellent researchers over at Trustwave and initially setup like a typical exploit pack. Several months ago, the author(s) of RedKit moved to a new kind of infrastructure, one that was designed to protect its main exploit pack server. It does this by leveraging compromised websites to act as proxies. The real exploit pack server would send files to these compromised websites and give them assigned roles: redirector, exploiter, and dropper. Here’s a typical RedKit infection chain: It starts off with a compromised website hosting a malicious iframe tag that leads the unsuspecting visitor to the first link in the chain: Each compromised website thereafter appears to have an .htaccess file which looks like the following. This redirects any request that comes to the website with a non-existing filename containing 1-4 alphanumeric characters ending in HTM, PDF, or JAR to the default.php page. This rewrite rule gives the authors the flexibility to change the filenames and URL format quite easily. The default.php file is different depending on the website’s role. It appears the role can be changed by the RedKit authors though it is not known how they determine the role a website plays and how the file gets updated. Redirector Role – Compromised websites tagged with this role have a script that redirects the user to another compromised website via a 301 redirect. This leads to the second link in the chain. Exploiter Role – The script used by compromised websites playing this role deploys the standard rules you see with other exploit packs to prevent multiple infections and to make sure the “undesirable” visitors are kept away. Otherwise it determines the user’s Java version and sends one of three malicious applets (CVE-2012-0422, CVE-2013-0422, CVE-2013-1493). The applets stored in this file are encoded as base64 (note: it has been removed for brevity’s sake). Here’s one of the checks it makes: This is the excerpt that primes the malicious Java applets: The script above creates an HTML page with the appropriate applet that will infect the visitor’s PC: A few months ago, the exploiter script did a curl to the RedKit backend server (the real exploit pack server) then downloaded and stored the Java applet on the compromised website in a special folder. If another visitor with the same Java version came along, the script would check if the applet was already in the folder and used that applet instead of pulling it down from the backend server again. Dropper Role – Compromised websites with this role send the payload to the visitor’s PC. The script does a curl to the RedKit backend server and obtains the malicious executable to deliver to the PC. Here’s what the packet capture shows when the “setup.exe” file is downloaded (which matches the above script): Although this has not been observed, since PHP scripts are used, it’s quite possible to update and/or combine roles quickly and easily. Not much is known about the backend, exploit pack server. Because of their infrastructure, the RedKit authors could easily monitor incoming connections and deploy an IP-whitelist to only allow connections from a list of websites they’ve compromised. Conclusion The RedKit authors have come up with a new strategy to sustain themselves by implementing a unique, resilient infrastructure. This strategy appears to serve several purposes: Takedowns become confusing and complicated since it appears that compromised (legitimate) websites are hosting the exploit pack. The setup gives RedKit authors the flexibility to change the URL formats quickly and easily making detection more difficult. Using compromised websites and updating/combining their roles make the entire infrastructure dynamic and resilient. The main exploit pack server is not part of the infection process so it’s never exposed. Managing one or two exploit pack servers and monitoring the chokepoints for suspicious activity is far easier to do, and do well. Although their strategy appears sound, it’s not without some disadvantages: Much more compromised websites are needed to build and maintain their infrastructure. Owners of compromised websites who detect and remove their scripts can disrupt or even break the infection chain. Relying on compromised websites makes their infrastructure somewhat fragile and unreliable. However, it appears the RedKit authors have consciously made stealthiness and resiliency of their own server a higher priority over the effectiveness and efficiency of drive-by infections. I suppose they prescribe to the school of thought that having poor loads/stats is better than not having any at all. Sursa: Digging Deeper into RedKit | Kahu Security Alte resurse pe acelasi subiect: Lifting the lid on the Redkit exploit kit | Naked Security A closer look at the malicious Redkit exploit kit | Naked Security

Sometimes attackers digitally sign their malicious software. Examining properties of the signature helps malware analysts understand the context of the incident. Moreover, analysts could use the signature as an indicator of compromise. Here are some tips and tools for determining whether a suspicious Windows executable has been signed and for extracting the embedded signature in a Linux environment. We'll look at Pyew, Disitool and get a bit of help from OpenSSL. Microsoft's Windows Authenticode Portable Executable Signature Format document explains that the signatures can be embedded "in a Windows PE file, in a location specified by the Certificate Table entry in Optional Header Data Directories." The location of the signature is stored within the PE header's OptionalHeader structure's Security field. One way to determine whether the file contains an embedded signature is to use Pyew, which is a command-line hex editor/disassembler for malware analysis. After loading the sample into Pyew, you can look at the size of the IMAGE_DIRECTORY_ENTRY_SECURITY field. A non-zero value indicates that the file probably includes an embedded signature.To do this, load the PE file into Pyew and enter the command "pyew.pe.OPTIONAL_HEADER.DATA_DIRECTORY". Then look at the size of IMAGE_DIRECTORY_ENTRY_SECURITY as shown below: In the Pyew output above, we see that the size of IMAGE_DIRECTORY_ENTRY_SECURITY is non-zero. This indicates that kiwi.exe probably includes an embedded signature. Disitool provides another way of determining whether a PE file includes a signature. This tool, created by Didier Stevens, can delete, copy, extract and add signatures. If you attempt to extract a signature from a non-signed file, Disitool will tell you "source file not signed." In the example below, we see that the file has been signed. The author of this malicious file seems to have used a stolen certificate to sign the specimen. Disitool's "extract" command pulled out the signature, so we can examine it. Disitool saves the extracted certificate in the binary DER format. You can look at the strings embedded in the DER file to examine its contents. Even better, you can use the following OpenSSL command to convert the DER file into a more informative text file: openssl pkcs7 -inform DER -print_certs -text -in INPUT_FILE > OUT_FILE Knowing how to spot signed files and extract signature details can be helpful for malware and forensic analysts. On Windows, you can gather some of these details by right-clicking on the PE file and looking at its properties, as well as with the help of Microsoft's Sign Tool and Sigcheck tools. On Linux, you can accomplish this with the help of Pyew, Disitool and OpenSSL, which are installed on REMnux for your convenience. Sursa:ISC Diary | Extracting Digital Signatures from Signed Malware

A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday -- and outmoded U.S. card technology may be partly to blame. Seven people are under arrest in the U.S. in connection with the case, which prosecutors said involved thousands of thefts from ATMs using bogus magnetic swipe cards carrying information from Middle Eastern banks. The fraudsters moved with astounding speed to loot financial institutions around the world, working in cells including one in New York, Brooklyn U.S. Attorney Loretta Lynch said. She called it "a massive 21st-century bank heist" carried out by brazen thieves. One of the suspects was caught on surveillance cameras, his backpack increasingly loaded down with cash, authorities said. Others took photos of themselves with giant wads of bills as they made their way up and down Manhattan. Here's how it worked: Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe -- an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes. A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn't say where they were located. It appears no individuals lost money. The thieves plundered funds held by the banks that back up prepaid credit cards, not individual or business accounts, Lynch said. She called it a "virtual criminal flash mob," and a security analyst said it was the biggest ATM fraud case she had heard of. There were two separate attacks, one in December that reaped $5 million worldwide and one in February that snared about $40 million in 10 hours with about 36,000 transactions. The scheme involved attacks on two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, prosecutors said. The plundered ATMs were in Japan, Russia, Romania, Egypt, Colombia, Britain, Sri Lanka, Canada and several other countries, and law enforcement agencies from more than a dozen nations were involved in the investigation, U.S. prosecutors said. The accused ringleader in the U.S. cell, Alberto Yusi Lajud-Pena, was reportedly killed in the Dominican Republic late last month, prosecutors said. More investigations continue and other arrests have been made in other countries, but prosecutors did not have details. An indictment unsealed Thursday accused Lajud-Pena and the other seven New York suspects of withdrawing $2.8 million in cash from hacked accounts in less than a day. Such ATM fraud schemes are not uncommon, but the $45 million stolen in this one was at least double the amount involved in previously known cases, said Avivah Litan, an analyst who covers security issues for Gartner Inc. Middle Eastern banks and payment processors are "a bit behind" on security and screening technologies that are supposed to prevent this kind of fraud, but it happens around the world, she said. "It's a really easy way to turn digits into cash," Litan said. Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favor of ones with built-in chips that are nearly impossible to copy. But because U.S. banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world. Lynch would not say who masterminded the attacks globally, who the hackers are or where they were located, citing an ongoing investigation. The New York suspects were U.S. citizens originally from the Dominican Republic, lived in the New York City suburb orf Yonkers and were mostly in their 20s. Lynch said they all knew one another and were recruited together, as were cells in other countries. They were charged with conspiracy and money laundering. If convicted, they face 10 years in prison. Arrests began in March. Lajud-Pena was found dead with a suitcase full of about $100,000 in cash, and the investigation into his death is continuing separately. Dominican officials said they arrested a man in the killing who said it was a botched robbery, and two other suspects were on the lam. The first federal study of ATM fraud was 30 years ago, when the use of computers in the financial community was growing rapidly. At the time, the Bureau of Justice Statistics found nationwide ATM bank loss from fraud ranged from $70 and $100 million a year. By 2008, that had risen to about $1 billion a year, said Ken Pickering, who works in security intelligence at CORE Security, a white-hat hacking firm that offers security to businesses. He said he expects news of the latest ring to inspire other criminals. "Once you see a large attack like this, that they made off with $45 million, that's going to wake up the cybercrime community," he said. "Ripping off cash, you don't get that back," he said. "There are suitcases full of cash floating around now, and that's just gone." Sursa: ATM hackers stole $45M in '21st century bank heist,' feds say | Fox News Stire in ro: Re?ea specializat? în furturi din conturi, anihilat? în SUA, în cooperare cu România ?i alte 15 ??ri - Mediafax

IBM just released an open source software package called HELib. The HE stands for homomorphic encryption. Although it doesn't sound terribly sexy or impressive, HELib is actually an interesting and important milestone in cryptography. HE is also a surprisingly relevant topic right now, with our ever-increasing attraction to cloud computing. Bear with me, and I'll try to explain. Imagine that I am your cloud provider, and I keep databases online for you. Imagine also that I am a security-conscious vendor, so I keep all your data encrypted, both when I serve it up to you, and when I save it to disk. That's about as good as it gets these days from a cloud security perspective It doesn't matter whether I'm a pure-play over-the-internet cloud provider, or just the manager of the server farm team in your own IT department. The situations are similar, though they may differ in degree: I've got your data, and you have no alternative but to trust me to do the right thing with it. Now imagine that you want me to search through your data, for example to see how many ACME-WIDGETS were bought by customers called DUCKLIN in the last year. Traditionally, the process would go something like this: You encrypt the search terms and upload them to me. I decrypt the search terms so I know what to look for. I decrypt your data (perhaps only record by record, not all at once - that's a detail that doesn't matter here) so I have somewhere to search. I perform the search using the decrypted data. I encrypt the search results, if there are any, and return them to you. Additionally, you hope that: I get rid of all remnants, on disk and in memory, of both the search terms and the decrypted data once the search is complete. I don't take advantage of you, since I'm decrypting your data for this search, to sneak in other searches at the same time, whether for my own benefit, or for my government, or for one of your competitors. There's a lot that could go wrong - for you, at any rate. The homomorphic difference Imagine, however, if I could simply take your encrypted search terms, leave them encrypted, search for them directly in the still-encrypted database, and get the same results. If I can perform calulations directly on your encrypted data, yet get the same results that you get from the unencrypted data, we both win enormously from a security and privacy point of view. You don't need to give me any decryption keys at all, so you no longer have to trust me not to lose, steal or sell your data. (You still have to trust me to tell you the truth about any results I work out for you, but that is a completely different issue.) And I no longer need your decryption keys, so I can't lose or abuse your data even if I wanted to. That's the promise of homomorphic encryption, which we mentioned at the start. Until 2009, no-one was sure whether homomorphic encryption was even possible. Then, a Stanford student and IBM researcher called Craig Gentry showed that it could be done, in a PhD thesis entitled simply, "A fully homomorphic encryption scheme." We weren't home and dry yet, though. Gentry had what amounted to an existence proof, showing that homomorphic encryption could no longer be considered impossible, but he didn't have a practicable real-world implementation of the concept. At the time, back in July 2009, well-known cryptographic personality Bruce Schneier praised Gentry's efforts, but pointed out that: Gentry's scheme is completely impractical... Gentry estimates that performing a Google search with encrypted keywords - a perfectly reasonable simple application of this algorithm - would increase the amount of computing time by about a trillion. Well, we're now a few steps further forwards, with IBM's release of the abovementioned software package HELib: HElib is a software library that implements homomorphic encryption (HE). Currently available is an implementation of the Brakerski-Gentry-Vaikuntanathan (BGV) scheme, along with many optimizations to make homomorphic evaluation runs faster, focusing mostly on effective use of the Smart-Vercauteren ciphertext packing techniques and the Gentry-Halevi-Smart optimizations. With a package description like that, it's obvious that consumer-facing homomorphic encryption tools aren't going to be a click away at the Play Store or the App Store for a while yet. On the other hand, four years ago we didn't even know whether it would be possible to have homomorphic encryption at all. So, watch this space! Sursa: IBM takes a big new step in cryptography: practical homomorphic encryption | Naked Security

Internet Explorer zero-day exploit targets nuclear weapons researchers (Updated) "Watering hole" attack targets workers browsing federal government website. Attackers exploited a previously unknown and currently unpatched security bug in Microsoft's Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday. The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don't appear to be vulnerable. Update: In an advisory published a couple hours after this article went live, Microsoft confirmed a code-execution vulnerability in IE8. Versions 6, 7, 9, and 10 of the browser are immune to the exploit. People using IE8 should upgrade to versions 9 or 10, if at all possible. Those who are unable to move away from version 8 should take the following mitigations: Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. The attack was triggered by a US Department of Labor website that was compromised to redirect visitors to a series of intermediary addresses that ultimately exploited the vulnerability, according to Invincea. The exploit caused vulnerable Windows machines to be compromised by "Poison Ivy," a notorious backdoor trojan that had been modified so it was detected by only two of 46 major antivirus programs in the hours immediately following the attack. The specific webpages that were hacked dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy, the blog post said, citing this report from NextGov. That's consistent with so-called "watering hole" attacks, in which employees of a targeted organization are infected by planting malware on the sites they're known to frequent. "The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," Invincea researchers wrote in a separate report published Wednesday. The report went on to cite this technical analysis from security firm AlienVault. It found indicators in the command servers Poison Ivy contacted that the attack was carried out by "DeepPanda," a group of hackers believed to be located in China and carry out espionage attacks on other countries. Initial reports about the Department of Labor website compromise said an older IE vulnerability that Microsoft patched in January had been exploited. It was only in Friday's report that Invincea said this assessment is incorrect. "For non-Invincea users, there are no known mitigations for this exploit that is currently in the wild," Friday's report warned. "For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high." Article updated to add details of Microsoft advisory, remove earlier statement. Sursa: http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/

A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions. Bx1?s profile page on darkode.com Hamza Bendelladj, who authorities say used the nickname “Bx1? online, is accused of operating a botnet powered by SpyEye, a complex banking trojan that he also allegedly sold and helped develop. Bendelladj was arraigned on May 2, 2013 in Atlanta, where he is accused of leasing a server from a local Internet company to help manage his SpyEye botnet. A redacted copy of the indictment (PDF) against Bendelladj was unsealed this week; the document says Bendelladj developed and customized components of SpyEye that helped customers steal online banking credentials and funds from specific banks. The government alleges that as Bx1, Bendelladj was an active member of darkode.com, an underground fraud forum that I’ve covered in numerous posts on this blog. Bx1?s core focus in the community was selling “web injects” — custom add-ons for SpyEye that can change the appearance and function of banking Web sites as displayed in a victim’s Web browser. More specifically, Bx1 sold a type of web inject called an automated transfer system or ATS; this type of malware component was used extensively with SpyEye — and with its close cousin the ZeuS Trojan — to silently and invisibly automate the execution of bank transfers just seconds after the owners of infected PCs logged into their bank accounts. “Zeus/SpyEYE/Ice9 ATS for Sale,” Bx1 announced in a post on darkode.com thread dated Jan. 16, 2012: “Hey all. I’m selling private ATS’s. Working and Tested. We got IT / DE / AT / UK / US / CO / NL / FR / AU Contact me for bank. can develop bank ATS from your choice.” The government alleges that Bx1/Bendelladj made millions selling SpyEye, SpyEye components and harvesting financial data from victims in his own SpyEye botnet. But Bx1 customers and associates on darkode.com expressed strong doubts about this claim, noting that someone who was making that kind of money would not blab or be as open about his activities as Bx1 apparently was. Darkode discusses Symlink’s arrest In my previous post on Bx1, I noted that he reached out to me on several occasions to brag about his botnet and to share information about his illicit activities. In one case, he even related a story about breaking into the networks of a rival ATS/web inject developer named Symlink. Bx1 said he told Symlink to expect a visit from the local cops if he didn’t pay Bx1 to keep his mouth shut. It’s not clear whether that story is true or if Symlink ever paid the money; in any case, Symlink was arrested on cybercrime charges in Oct. 2012 by authorities in Moldova. The redacted portions of the government indictment of Bendelladj are all references to Bx1?s partner — the author of the SpyEye Trojan and a malware developer known in the underground alternatively as “Gribodemon” and “Harderman.” In a conference call with reporters today, U.S. Attorney Sally Quillian Yates said the real name of the principal author of SpyEye was redacted from the indictment because he had not yet been arrested. Interestingly, several lengthy discussion threads on darkode.com show that Bx1 himself tried to warn fellow forum members that he had been approached by individuals either working for the FBI or acting as intermediaries for U.S. federal law enforcement. In another thread posted Jan. 21, 2011 and titled “Feds, Feds, Feds,” Bx1 pastes an excerpt from an online chat with an interloper who describes himself as an information broker who is seeking clues about the identities of Gribodemon and a hacker who went by the screen name “jam3s,” and who is suspected of leaking the source code to the ZeuS Trojan. In that thread, Bx1 urges fellow forum members to “double encrypt” their computer hard drives and to “make a contact with a good lawyer.” Most of the forum members simply dismiss Bx1 as paranoid. On Nov. 29, Bx1 posted an urgent thread on darkode.com titled, “FBI are after some members.” “I spoke today with a friend working on FBI. he said there is an operation to find some hackers, we spoke deeply and he mention darkode. so guys, please be careful.” [see screen shot below] If convicted, Bendelladj faces a maximum sentence of up to 30 years is prison on charges of conspiracy to commit wire and bank fraud, as well as sentences of five to 20 years for related charges. He also faces finds of up to $14 million. Less than a month before his arrest, Bx1 tries to warn fellow darkode.com members of the FBI’s interest. Sursa: Alleged SpyEye Seller ‘Bx1? Extradited to U.S. — Krebs on Security

Intel® Core™i3-540 / i5-760 Ram : 1GB Disk space: 50GB Bandwidth: 200GB FREE Server Management FREE CloudFlare CDN Free Per lifetime Link: 3 Jelly Free Vps 1GB , CPU i3 , 50GB Disk , Traffic 200GB Vps Free * nu am testat

Prin?i în flagrant cu aparatur? de skimming, în timp ce se preg?teau s? plece spre Fran?a. Cinci carderi în arestul IPJ Dolj CRAIOVA. Cinci persoane au fost arestate preventiv asear?, în baza mandatelor emise de Tribunalul Dolj, pentru constituire de grup infrac?ional organizat ?i infrac?iuni informatice. Cei cinci b?rba?i, cu vârste cuprinse între 31 ?i 34 de ani, trei din Bucure?ti ?i doi din Craiova sunt suspecta?i c? au confec?ionat aparatur? de skimming cu care tocmai se preg?teu s? plece în Fran?a, unde urma s? fie montat? pe bancomate. Doi dintre membrii grup?rii au fost prin?i ?i da?i jos chiar din autocarul cu care plecau, în bagajele lor fiind g?sit? ascuns? aparatura de skimming. Potrivit unui comunicat al Poli?iei Române, în baza unor informa?ii furnizate de SJIPI Dolj, poli?i?tii BCCO Craiova, cu sprijinul colegilor din Bucure?ti, DGPMB – Serviciul Ac?iuni Speciale, SJIPI Bucure?ti, IPJ Dolj – Serviciul Ac?iuni Speciale, împreun? cu un procuror din cadrul DIICOT – Serviciul Teritorial Craiova, au organizat o ac?iune pentru destructurarea unei grup?ri specializate în s?vâr?irea infrac?iunilor de skimming. Astfel, miercuri diminea??, în jurul orei 04.00, oamenii legii i-au prins în flagrant, în zona autog?rii Rahova, din Bucure?ti, pe Marin Boatc?, de 34 de ani, din Bucure?ti ?i pe Florentin Adam, de 34 de ani, tot din Bucure?ti. Cei doi b?rba?i urmau s? plece în Fran?a cu autocarul, pentru a monta aparatur? de skimming pe bancomate, aparatur? ce a fost g?sit? ascuns? în bagajele lor. Ulterior au fost efectuate ?apte perchezi?ii, 4 în Bucure?ti ?i 3 în Craiova, la locuin?ele membrilor grupului infrac?ional organizat, fiind g?site ?i ridicate 8 „guri de bancomat”, 4 baghete modificate, circuite electronice, componente artizanale, minicamere video disimulate ?i înc?rc?toare adaptate artizanal, un laptop, 3 hard – disk-uri, peste 267 de CD/DVD, 8 telefoane mobile, 19 SIM-uri, 5 carduri cu band? magnetic? ?i 4 carduri de memorie, dup? cum se arat? în comunicatul IGPR. La sediul DIICOT – Serviciul Teritorial Craiova au ajuns, pe lâng? cei doi bucure?teni, ?i Leonard Ogrezeanu, de 31 de ani, din Bucure?ti, Alexandru Sorin Sîrbu, de 32 de ani, din Craiova, cu antecedente penale pentru comiterea de infrac?iuni informatice ?i Alexandru Titiric?, de 32 de ani, din Craiova. Cei cinci au fost re?inu?i, iar asear?, târziu, au primit mandate de arestare preventiv? pentru 29 de zile. În cauz? a fost re?inut? s?vâr?irea infrac?iunilor de: falsificarea de instrumente de plat? electronic?, de?inerea de echipamente în vederea falsific?rii instrumentelor de plat? electronic? ?i efectuarea de opera?iuni financiare în mod fraudulos, acces f?r? drept la un sistem informatic, prin înc?lcarea m?surilor de securitate ?i vânzarea, importul sau distribuirea de dispozitive, programe informatice, parole ori coduri de acces, în scopul s?vâr?irii de infrac?iuni. Sursa: Ora de Stiri ? Prin?i în flagrant cu aparatur? de skimming, în timp ce se preg?teau s? plece spre Fran?a. Cinci carderi în arestul IPJ Dolj

"Nothing is safe once your Glass has been hacked," hacker warns. A smartphone hacker has provided conclusive proof that the futuristic computing headset known as Google Glass can be surreptitiously modified to give anyone with physical access almost complete control over the device. He called on Google engineers to improve the security of Glass—which currently is available only to developers—before it becomes available to the general public. Google engineers have stressed that the head-mounted computing device—which can capture nearby conversations and images and transmit them over the Internet—was meant to be hacked. But until now, it has been easy for end users to know when their all-seeing, all-hearing headsets were modified. All that has changed now that security consultant Jay "saurik" Freeman has fashioned an alternative way to gain almost unfettered "root" control. Using an exploit discovered seven months ago to root smartphones running Google's Android operating system, it takes him less than five minutes to hack the new device. From there, he can install a customized operating system that silently monitors everything the device sees or hears. Because it requires a device to be put into a special "debug mode," the exploit isn't considered much of a security threat for smartphone users. After all, debug mode can be invoked only after a user has unlocked the handset using a PIN code or other security mechanism. Glass, by contrast, has no form of screenlock, making it possible for someone with even brief access to a headset to make persistent changes. "With the security exploit, I can pick up your Glass, turn on debug mode, and get root access on it in a way that doesn't leave a trace," Freeman told Ars in a telephone interview. "Then I can modify any of the software on your device. I can make it so that for the rest of your Glass' lifetime I'm in there, too, able to get access to your camera, listen in on your microphone. I can turn off debug mode and make it look like there's nothing changed from your perspective. And when you get it back, you're screwed." Asked to comment on Freeman's claims, Google officials issued a statement that read: "We recognize the importance of building device-specific protections, and we're experimenting with solutions as we work to make Glass more broadly available. It's also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device." It's reassuring to know that Glass gives users the ability to control much of the content stored in their Google accounts. Still, the scenario painted by Freeman is unsettling. It suggests users who let the headsets out of their physical control for even a few minutes can't be sure the devices won't be turned into sophisticated spying devices that will relay intimate conversations and sensitive data to hackers. "Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer," Freeman, who developed the Cydia app store for jailbroken iOS devices, wrote in a 6,000-word blog post published Tuesday. "They have control over a camera and a microphone that are attached to your head. A bugged Glass doesn't just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn't know are your thoughts." He went on to describe how a hacked Glass headset could have a broad consequences for users. Since glass sees passwords and PIN codes being entered, the security of computers and smartphones is affected. Even physical security is impacted, since Glass can record building access codes and take pictures of keys that are detailed enough to allow copies to be made. "Nothing is safe once your Glass has been hacked," he warned. The grim assessment was accompanied by a blow-by-blow account of how Freeman was able to gain root on one of the first Glass devices to become available. Within seconds of turning it on last week, he noticed a "debug mode" buried in the settings menu. The adb—short for Android Debugging tool—allowed him to use a USB-connected computer to issue commands to his Google Glass headset, in much the way the Command prompt or Terminal window permit users to send and monitor internal processes running on Microsoft Windows and Apple Mac machines. With additional investigating, he stumbled upon the Android exploit and figured out how to use it to get root on his Glass headset. For a step-by-step tutorial, see the section subtitled "How can I use this exploit myself?" While Glass provides visual cues that its microphone and video camera are activated, Freeman said it wouldn't be hard for a skilled hacker to create a custom version of the OS that suppressed those warnings. It could also be possible to introduce code that takes pictures every 30 seconds or activates recording when the device detects certain key words are spoken. In Tuesday's treatise, Freeman called on Google to equip Glass with a screenlock of some sort and also to provide a foolproof way for users to know when the headset is recording still pictures, video, or audio. He proposed a "little sliding plastic shield" that would make it clear to both user and near-by people when they're being monitored. It wouldn't be surprising to see Glass get the security overhaul the security consultant is recommending. Fortunately, the company still has time to take action before the device gets in the hands of the masses. Sursa: http://arstechnica.com/security/2013/05/rooting-exploit-could-turn-google-glass-into-secret-surveillance-tool/

By Berk Veral, Senior Product Marketing Manager, RSA …And they did it, they managed to slow down the internet. Next thing you know, they will break it! I am referring to what’s been called “the largest publicly announced online attack in the history of the Internet.” And this week we read about the suspect; a 35-year old guy from Netherlands who was arrested in Spain (The Netherlands Public Prosecutor Service press release in Dutch). This is interesting for two reasons: 1.) Supposedly, a single person can slow down the internet 2.) Flaws and more importantly the vulnerabilities of the Internet are being discussed in the main stream media. Up until this news hit the media, the Internet was limitless in the public eye. A big endless digital universe where there are billions of websites for everything and for everyone. The only Internet “speed” issues for the majority of public users were due to their own system performance or the connection – remember modem days anyone? However, all of a sudden, there is news about a cyber attack actually slowing down the entire Internet. There were discussions about the specific details, the Geo-location effects, which users were impacted and how long, but regardless of the actual impact of this incident on Internet speed, the bigger impact might be how the perception of the Internet has changed; it doesn’t seem as limitless or abstract anymore. Also interesting, this incident wasn’t “achieved” by an army of researchers and sophisticated coding, it was a DDoS attack by a single person and most likely due to a dispute between two companies. It got so much media attention that not only technology and security media, but global news organizations like the BBC reported the incident. Naturally, as it happens with most big news stories, discussions and disputes followed and the story lost its attraction for most audiences. The real point is darker, though. It’s about the vulnerabilities that cybercriminals and more specifically a single cyber criminal, have caused a public discussion about the Internet. Let’s hope that the change in public opinion will also help everyone realize that we exist in a physical world but live in a digital world that can be far more dangerous. A world where our identities, reputations and finances are much more vulnerable. As we continue to discuss the Cyber Intelligence Sharing and Protection Act (CISPA), its positives, negatives and impacts on privacy, we are already reading news stories on how DDoS attacks are increasing across industries. Berk Veral is Senior Product Marketing Manager at RSA responsible for RSA FraudAction Anti-Phishing, Anti-Pharming, Anti-Trojan, and Anti Rogue App services as well as RSA FraudAction Intelligence and Cyber Crime Intelligence. Prior to joining RSA, Berk served as a senior member of product marketing teams at global technology companies where he worked closely with global financial institutions on technology solutions Sursa: The Biggest Online Attack in the History of the Internet?? ? Speaking of Security – The RSA Blog and Podcast

Un sofisticat program de computer permite unor robo?i virtuali s? se "înmul?easc?" ?i s? evolueze, iar unii dintre cei astfel rezulta?i sunt mai buni decât cei proiecta?i de oameni. Un clip video spectaculos documenteaz? aceast? evolu?ie digital?, care ar putea inspira ?i crearea unor robo?i reali mai performan?i. Programul a fost realizat de o echip? de cercet?tori din cadrul Creative Machines Lab de la Universitatea Cornell, SUA. Cea mai impresionant? particularitate a exprimentului este faptul c? se porne?te de la ceva extrem de simplu, iar designul este creat aproape exclusiv de computer, cu o minim? interven?ie din partea oamenilor. Practic, cercet?torii i-au pus la dispozi?ie computerului 4 tipuri de cuburi, – reprezentând un fel de "?esuturi" – unele rigide, altele moi ?i capabile s? se contracte ca mu?chii, ?i l-au l?sat s? creeze din ele robo?i virtuali capabili s? se mi?te. Instruc?iunile date computerului au fost foarte sumare ?i nu s-au dar niciun fel de indica?ii privitor la felul ar trebui s? arate robo?ii rezulta?i de-a lungul genera?iilor. Practic, a fost l?sat s? fac? treaba aproape singur, permi?ând evolu?iei s? se desf??oare. Robo?ii avea ?i posibilitatea de a se reproduce, fie "sexuat", f?când schimb de ADN virtual, fie "asexuat", cu mici schimb?ri genetice. Cei care se mi?cau mai agil, parcurgând distan?ele cele mai mari, erau r?spl?ti?i cu un avantaj evolutiv: aveau mai mul?i "urma?i". În rezumat, un fel de evolu?ie, generat? în întregime de computer ?i care simuleaz?, simplificat, evolu?ia lumii vii. Ce s-a întâmplat? Primii robo?i crea?i erau simpli ?i pu?in mobili, ar?tând ca ni?te cuburi tremur?toare . Dar, în urma "evolu?iei", a rezultat o diversitate impresionant? de creaturi virtuale, tot mai complexe si mai agile, dintre care cele mai reu?ite – preferatele cercet?torilor – pot fi v?zute în clipul video. Au diferite forme, diferite tipuri de mers, iar varietatea formelor ?i a mi?c?rilor i-a surprins ?i pe cercet?tori, care spun c? unii dintre robo?i se mi?c? în moduri la care niciun inginer nu s-ar fi gândit. Când, pentru a face o compara?ie, cercet?torii au cerut unor ingineri s? proiecteze "de mân?" câ?iva robo?i, pe baza acelora?i principii, niciul dintre cei crea?i în acest mod n-a putut concura cu cei genera?i de computer. Ace?ti robo?i sunt în întregime virtuali, dar designul lor ar putea, într-o bun? zi, s? inspire speciali?tii în crearea unor robo?i adev?ra?i mai eficien?i ?i mai performan?i. Sursa: Uimitor: robo?i care se reproduc ?i se proiecteaz? singuri (VIDEO)