75% of all new malware are trojans

Many many moons ago, we used to have viruses which were only made for "fun" or non-harmful purposes, and then we had viruses which were more to cause harm to the users rather than for personal gains.

Seems like more and more viruses now are there to steal money. Here is an interesting article around the statistics today.


FBI Takes Monitoring Social Networking Seriously

The FBI has released a RFI (Request For Information) to create a new tool/spider which will check across all social networking sites.


Dremhost Hacked!

Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information.
Their public announcement

23-Jan-12:  DreamHost resets passwords after database breach


Google Decides To Educate Users

Google is focusing on the importance of protecting personal information  in an unusual marketing campaign for a company that has been blasted for its own online privacy lapses and practices. The educational ads will start appearing Tuesday in dozens of U.S. newspapers, including The New York Times, USA Today, and The Wall Street Journal, and magazines, including Time and the New Yorker. Google Inc. also will splash its message across billboards within the subways of New York and Washington, as well as various Web sites.
Full story here...



So, what is all the commotion around these new bills. Here is an article for dummies. All the internet giants (Google, Wikipedia, Facebook, etc.) are opposing it.

21-Jan-2012:   Seems like the protest is working - Four of the co-sponsors of SOPA's Senate version, have withdrawn their support

03-Apr-2012:  Not much news around what is the current status of these bills. But, another good article around it.

19-Apr-2012:  As if this wasn't enough another bill CISPA is in the news now... Looks like the US Govt is trying to police the internet


Sign On Without A Password

Google, comes up with a new brilliant idea:

If you ever want to log into your Google account when you're at a public computer, where you're unsure whether or not there's a keylogger installed, there's now a simple solution. And it's from Google!

Google Sesame


Security Enhanced Android

Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
SE Android also refers to the reference implementation produced by the SE Android project. The current SE Android reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.


Hacked Gmail Account

A well written story, of how a poor guy managed to restore 4GB+ worth of data when a hacker took over her account.


Cyber Insurance

As if we didn't have all possible insurances in the world, this is also catching up.

Update: 22-Oct-2015
Not surprisingly the insurance sector is still behind when it comes to cyber-hacking. BitPay finds out the hard way!


Symantec's Data Leaked!!

This is story in the making, I am sure we will hear more about this.

04-Jan-2012:  Hackers claim to have stolen the source code of Symantec's Norton Antivirus. The hacker's post has been removed from pastebin, but here is the google cache. This group claimed that got this information from a hack of India's military computer network.

05-Jan-2012:  Out of all the places, Symantec decided to announce it on Facebook. Duh?

Here is another article with some more details.
On Wednesday, the group posted a Symantec description of how Norton Antivirus worked. Symantec said the 2,700-word document was a general description of the software from 12 years ago and didn't threaten security.
A day later, the group posted software code, which Symantec confirmed was for two enterprise security products from 2007 and 2008. One product is discontinued and the other has been extensively updated, Paden said, rendering the old code useless.

So, how did this Symantec document (even if it was old) get on the Military's computers? This is where the conspiracy starts. As per the leaked military documents:
"in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices. The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China.

09-Jan-2012:  Apple and RIM both have given public statements denying backdoor access was provided.

18-Jan-2012:  Symantec finally admits they were hacked. Source code for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere stolen!

26-Jan-2012:  Symantec recommends users to stop using pcAnywhere!

31-Jan-2012:  Symantec gives a go-ahead, and says the users can continue to use pcAnywhere. {Wonder if the problem has really been fixed, or is it only because it was too bad for the business to not say this}

07-Feb-2012:   Anonymous unsuccessfully try to extort $50,000 from Symantec, after which they released the hacked source-code on the internet. Email exchanges between the hacker and a Symantec employee is here.

8-Feb-2012:  Symantec expects more source code to be leaked!

09-Mar-2012:  Anonymous leaks more data, and also defaces " New York Ironworks" (a supplier of police equipment), in retaliation to the arrests made by the police

Endpoint attacks cost firms close to half a million dollars annually

Attacks against endpoints are costing the average organization around $470,000 annually, according to a survey sponsored by Symantec.
Full story here.

Sounds a bit ironical that Symantec themselves suffered data loss!!


Hack to Learn

One of the common questions I keep getting is, "How do I learn to hack". My usual answer is to grow up and get a life.

However, in case anyone is really interested in learning offensive security, or in other words would like to "hack to learn" from the experience, here is what I can recommend:

  • Backtrack:  The must have distro, with all the tools required. The new version is called Kali
  • The team which created Backtrack also runs a few certification programs. All of these are paid, but extremely helpful
  • This same group also has one free training program
  • To practice, and to get some experience around exploitation, here a few helpful and hack-able targets
    • McAfee's Hackme - A web based exploitable application. Here is a good tutorial with Hackme
    • WebGoat is a J2EE web app from OWASP, designed to teach web application security lessons

Pastebin shut down twice in a week by DDoS attacks

Complete story's here

Facebook locks down 45,000 accounts to stop 'worm' spreading

Here is the story.


Unauthorised withdrawals from Singapore's DBS accounts

Looks like another fraud is unfolding itself...

When I tested (05-Jan @ evening), the website and the mobile app, both seem to be unavailable - which I am guessing (and hope) is because too many people are logging on to check their own accounts.

NIST Protects BIOS With New Security Guidelines

New hardening guidelines for protecting the BIOS. Full story is here