Posts Tagged ‘Microsoft’

Blackhats

Posted: January 19, 2015 by IntentionalPrivacy in Hacker gangs
Tags: , , , , ,

I saw the Blackhat movie yesterday, and in my opinion, it was not that great. Realistic? Yes, but formulaic and even predictable, with a little hacking thrown in to make it seem original. The script—while well-researched—felt as if it had been churned out of a script-writing program like Final Draft. I was hoping for a movie like Sneakers, which is realistic, but not at all formulaic and it’s very funny besides.

And speaking of blackhats, some purported members of Lizard Squad have recently been arrested for the Christmas attacks on Microsoft Xbox and Sony PlayStation networks during a joint investigation by the FBI and the British police. The Daily Mail reported that Jordan Lee-Bevan was arrested in Southport, Merseyside on January 16, 2015. In Finland, seventeen-year-old Julius “Ryan/Zeekill” Kivimäki was questioned last month, while Vincent Omari, Twickenham, south-west London, was arrested and released on bail shortly after they gave interviews to Sky News on December 27, 2014, about the alleged role of Lizard Squad in the Christmas gaming attacks.

Ironically, according to KrebsOnSecurity, Lizard Squad’s website, LizardStresser[dot]su, which they used to “coordinate attacks and sell subscriptions to its attacks-for-hire service” was hacked by another hacker group, Finest Squad. Brian Krebs acquired a copy of their user account information database—unfortunately stored unencrypted! Apparently the same information was also sent to the FBI. You can read more about the battles between Lizard Squad and Finest Squad on Business Insider’s article.

Gnu Bash Shellshock … what is it … and does it affect me?

Posted: September 28, 2014 by IntentionalPrivacy in Browser Vulnerabilities, Vulnerabilities, Worms
Tags: , , , , , , , ,

Shellshock (CVE-2014-6271 and CVE-2014-7169) is the name of a bug affecting the Gnu Bash (Bourne-again shell) command-line shell, which can be used on many Linux and UNIX operating systems, as well as Mac OS X. It does not affect Windows computers unless you’ve installed Bash with something like Cygwin. While it’s unlikely that most consumer computers will be targeted, it’s a good idea to watch for updates for operating systems, firewalls, routers, switches, modems, printers, and household items that can be assessed over the Internet–TVs, thermostats, IP cameras, and other items.

It is already being exploited by worms and other malware.

Cisco, Red Hat, Debian, and Ubuntu have already issued updates. The first patch issued did not completely fix the problem, so make sure you update to the version that addresses CVE-2014-7169 as well as CVE-2014-6271. Apple has not issued any updates as of September 28, 2014.

This bug has been around for a very long time; the latest (safe) Bash version is 3.2.53.  Brian J. Fox wrote Bash in 1987 and supported it for five years, and then Chet Ramey took over support–his unpaid hobby. Mr. Ramey thinks Shellshock was accidentally added in 1992.

We have a Macbook that was running a vulnerable version of Bash. I manually updated Bash per this article.

According to Qualys, here’s how to test for the vulnerabilities; at the command line, paste the following line (make sure this line is exact):

env var='() { ignore this;}; echo vulnerable’ bash -c /bin/true

If you have a vulnerable version of bash, the screen will display “vulnerable.” Just to be safe after updating, check the bash version by typing:

bash –version

Vulnerable versions will be before 3.2.53.

If you applied a patch before Friday, you might have a less-serious version of the error, which you can check by typing the following:

env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo

This line will display the date if bash has not been completely patched.  After patching, you will get an error when running this command.

A good reason to stop using Internet Explorer …

Posted: January 22, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Identity theft, Privacy, Uncategorized
Tags: , , , ,

A new vulnerability reported at bugtraq on December 11, 2012, has just come to my notice.  The compromise occurs if you visit a website displaying an ad containing the exploit, even so-called safe sites like YouTube or the New York Times. If you have any version of Internet Explorer open on a compromised website–even if the page is minimized or you’re not on the page–your mouse cursor movements can be tracked.

Microsoft’s position as stated in this article http://www.securityweek.com/microsoft-ie-mouse-tracking-exploit-poses-little-risk is that this vulnerability would be very difficult to exploit.

There is a demo of this issue in Internet Explorer at http://iedataleak.spider.io/demo. All I could see displayed was when the CTRL, SHIFT, or ALT keys were pressed; no other keys displayed. I could, however, tell when the browser window was dragged to my other screen. Note: Spider.io has a demo game set up. In order to play the game, they want you to log in with your Twitter account. I do not recommend signing into any site with credentials from Facebook, Twitter, LinkedIn, or any other social media site.

As stated in the article, the demo does not work if the URL is entered into a Firefox web browser.

My suggestion is to only use Internet Explorer if necessary, and to close any browser–IE, Firefox, Chrome, whatever–when you are done using it, especially if it has ads on it.