Archive for October 2013 | Monthly archive page

java logo drawn

Bumper security update for Java released

Bumper security update for Java released

oracle java logo

Oracle has released a bumper update package for Java that closes lots of security holes in the software.

The update fixes 51 separate security bugs in Java, which owner Oracle says is used on billions of devices.

About a dozen of the bugs were serious enough to allow attackers to take remote control of a compromised system, researchers said.

Java is one of the most popular targets for cyber-thieves and malware writers seeking to hijack home computers.

In its advisory about the update, Oracle urged customers to patch the software as soon as possible “due to the threat posed by a successful attack”.

Programming language Java has proved popular because software written with it can easily be made to run on many different types of computer.

Twelve of the holes in Java addressed by the update topped the table that ranked the severity of security weaknesses in software, wrote Qualys security expert Wolfgang Kandek in a blogpost.

If these bugs were exploited, attackers could bypass ID controls and take over a target system, he added.

He said those seeking to exploit Java would probably seed web pages with booby-trapped links in a bid to catch vulnerable machines.

Security glitches in Java are favourites among those that write and run so-called “exploit kits” that seek to compromise vulnerable websites and other systems.

Security blogger Brian Krebs said if people needed to run Java, it was well worth taking time to apply the update.

Those that did not need the software should consider disabling it altogether, he said.

“This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants,” he wrote.

The update is available via the main Java website and has prompted follow-up action from other electronics firms. Apple has released an update to the version of Java that runs on its computers. This update points people towards the official version of Java from Oracle instead of that supplied by Apple.

In the past, Apple has faced criticism over the speed with which it updated its version of Java.

This article originally appeared on the BBC News website

Irish Web Design – Bumper security update for Java released

black hole

Suspected Malware Criminal Arrested

Blackhole malware exploit kit suspect arrested

Russian police have reportedly arrested a man on suspicion of masterminding two infamous hacking tools.

He is suspected of being the man behind the alias Paunch – the nickname used by the creator of the Blackhole and Cool exploit kits, sold to cybercriminals to infect web users with malware.

The Russian authorities have not confirmed the details.

But security firms said they had already detected a decline in the programs’ use.

A spokesman for the law enforcement agency Europol told the BBC: “Europol and the European Cybercrime Centre has been informed that a high-level suspected cyber criminal has been arrested.

“We can only refer you to the Russian authorities, they are the ones who should speak about this topic.”

The Russian police’s press office said it had nothing to add at this time.

However, Alexander Gostev, chief security expert at the Moscow-based internet protection provider Kaspersky Lab, said the arrest had been confirmed to him by “anonymous sources”.

Blackhole software The Blackhole kit offered an interface used to manage malware attacks

 

Spreading malware

The Blackhole kit, released in 2010, dominated the crimeware market throughout 2012 and the start of 2013, according to Fraser Howard, a researcher at the anti-virus company Sophos.

He said the code had been sold for an annual licence of $1,500 (£940) or could be rented from its creator for $200 (£125) for one week’s use, among other price plans.

The software targeted a range of vulnerabilities in the Java programming language, Adobe’s Flash media player, Windows software and PDF files.

It had two ways of doing this:

  • adding malicious code to hundreds of thousands of legitimate websites, which then copied malware to visitors computers
  • creating links in spam messages to specially created sites that infected PCs
Blackhole email
Sophos said that Blackhole was used to send links that directed users to sites that downloaded malware

Among the malware downloaded was:

  • fake anti-virus software that falsely claimed the PC was infected and urged the user to pay a fee to remove viruses
  • Trojans that attempted to steal financial records stored on the PC
  • the ZeroAccess rootkit, which downloaded other software that hijacked the PC for use in a botnet – a facility used to overwhelm websites with traffic and force them offline
  • key loggers that took a record of what was typed on the PC
  • ransomware that attempted to blackmail the PC owner

Although Mr Howard said Blackhole was once the biggest threat of its kind, he added that in recent months it had been overshadowed by rival kits, including Sweet Orange and Neutrino.

According to the researcher, the Blackhole and Cool kits put together were only involved in about 4% of all malware detected by Sophos in August, down from 28% the previous year.

The figure had since dropped to 2% in recent days, he added.

Another independent security blogger stressed that the arrest was still significant.

“If it’s true that the brains behind the Blackhole has been apprehended it’s a very big deal – a real coup for the cybercrime-fighting authorities, and hopefully cause disruption to the development of one of the most notorious exploit kits the web has ever seen,” said Graham Cluley.

“However, it’s worth remembering that nature abhors a vacuum, and there would surely be other online criminals waiting to take their place, promoting their alternative exploit kits and malicious code.”

Mikko Hypponen, chief research officer at F-Secure, agreed.

“If indeed it is Paunch that they arrested, that is a major arrest – he is a big deal,” he told the BBC.

“He was clearly the biggest player in providing exploit kits – not just by selling them, but also renting and leasing them to online criminals.

“Both Blackhole and its successor Cool have been very popular.

“Users didn’t have to be very technical to operate them – there was a manual that came with them – they just had to get them running and be able to break into a high-profile website, or create a new one from scratch, to install something bad on your computer.”

This story appeared on the BBC News Technology Section

Suspected Malware Criminal Arrested – Irish Web Design

silk road caravan

Clandestine Silk Road online marketplace closed

The value of bitcoins has dropped after the closure of the clandestine Silk Road online marketplace.

The FBI seized bitcoins worth approximately $3.6m (£2.2m) on Tuesday.

The price of a bitcoin, a virtual currency for use online, fell steeply after the arrest of suspected website administrator Ross Ulbricht.

Investor confidence may have been shaken by the association of bitcoins with illegal activity, according to a security expert.

silk-road-marketplace-seized
Visitors trying to access the Silk Road are now presented with a seizure notice

“When there’s a big bust, that’s going to knock people’s confidence in investing,” said Rik Ferguson, a senior researcher at security company Trend Micro.

“The more a currency is associated with illegal activity, the more people will be nervous about using it,” he said.

Silk Road, which allowed users to trade in illegal drugs, required transactions to be made using the virtual currency.

silk road closed down

US authorities believe that 29-year-old Ross William Ulbricht, arrested on Wednesday, is Dread Pirate Roberts (DPR) – the administrator of the notorious Silk Road online marketplace.

 

It was an underground website where people from all over the world were able to buy drugs.

In the months leading up to Mr Ulbricht’s arrest, investigators undertook a painstaking process of piecing together the suspect’s digital footprint, going back years into his history of communicating with others online.

The detail of how the FBI has built its case was outlined in a court complaint document published on Wednesday.

The search started with work from Agent-1, the codename given to the expert cited in the court documents, who undertook an “extensive search of the internet” that sifted through pages dating back to January 2011.

The trail began with a post made on a web forum where users discussed the use of magic mushrooms.

In a post titled “Anonymous market online?”, a user nicknamed Altoid started publicising the site.

“I came across this website called Silk Road,” Altoid wrote. “Let me know what you think.”

The post contained a link to a site hosted by the popular blogging platform WordPress. This provided another link to the Silk Road’s location on the so-called “dark web”.

Records obtained by Agent-1 from WordPress discovered, unsurprisingly, that the blog had been set up by an anonymous user who had hidden their location.

But then Altoid appeared in another place: a discussion site about virtual currency, bitcointalk.org.

Altoid – who the FBI claimed is Mr Ulbricht – was using “common online marketing” tactics. In other words, he was trying to make Silk Road go viral.

Months later, in October, Altoid appeared again – but made a slip-up, granting investigators a major lead.

In a post asking seeking to find an IT expert with knowledge of Bitcoin, he asked people to contact him via rossulbricht@gmail.com.

With a Gmail address to hand, Agent-1 linked this address to accounts on the Google+ social network and YouTube video site. There he discovered some of Mr Ulbricht’s interests.

Among them, according to the viewing history, was economics. In particular, Mr Ulbricht’s account had “favourited” several clips from the Ludwig von Mises Institute, a renowned Austrian school of economics.

Years later, on the Silk Road discussion forums, Dread Pirate Roberts would make several references to the Mises Institute and its work.

Covering tracks

According to the court complaint document, it was the discovery of the rossulbricht@gmail.com email address that gave investigators a major boost in their search.

Through records “obtained from Google”, details of IP addresses – and therefore locations – used to log into Mr Ulbricht’s account focused the search on San Francisco, specifically an internet cafe on Laguna Street.

Furthermore, detailed analysis of Silk Road’s source code highlighted a function that restricted who was able to log in to control the site, locking it down to just one IP address.

As would be expected, Dread Pirate Roberts was using a VPN – virtual private network – to generate a “false” IP address, designed to cover his tracks.

Google Streetview image of Hickory Street, San Francisco
Mr Ulbricht said to have been running Silk Road from Hickory Street in San Francisco

However, the provider of the VPN was subpoenaed by the FBI.

While efforts had been made by DPR to delete data, the VPN server’s records showed a user logged in from an internet cafe just 500 yards from an address on Hickory Street, known to be the home of a close friend of Mr Ulbricht’s, and a location that had also been used to log in to the Gmail account.

At this point in the investigation, these clues, investigators concluded, were enough to suggest that Mr Ulbricht and DPR – if not the same person – were at the very least in the same location at the same time.

Fake IDs

The court complaint went into detail about further leads that followed.

In July of this year, by coincidence, a routine border check of a package from Canada discovered forged documents for several fake identities all containing photographs of the same person.

It was headed to San Francisco’s 15th Street. Homeland security visited the address, and found the man in the photographs – Mr Ulbricht.

He told officers that the people he lived with knew him simply as Josh – one housemate described him as being “always home in his room on the computer”.

Around the same time, investigators working on the Silk Road case later discovered, DPR had been communicating with users privately to ask for advice on obtaining fake IDs – needed in order to purchase more servers.

Further activity attributed to Mr Ulbricht took place on Stack Overflow – a question-and-answer website for programmers – where a user named Frosty asked questions about intricate coding that later became part of the source code of Silk Road.

In another apparent slip-up, one of Frosty’s messages initially identified itself as being written by Ross Ulbricht – before being quickly corrected.

“I believe that Ulbricht changed his username to ‘frosty’ in order to conceal his association with the message he had posted one minute before,” lead prosecutor Christopher Tarbell wrote in court documents.

“The posting was accessible to anyone on the internet and implicated him in operating a Tor hidden service.”

HOW BITCOINS WORK

Bitcoin is often referred to as a new kind of currency.

But it may be better to think of its units as being virtual tokens that have value because enough people believe they do and there is a finite number of them.

Each bitcoin is represented by a unique online registration number.

These numbers are created through a process called “mining”, which involves a computer solving a difficult mathematical problem with a 64-digit solution.

Each time a problem is solved the computer’s owner is rewarded with bitcoins.

To receive a bitcoin, a user must also have a Bitcoin address – a randomly generated string of 27 to 34 letters and numbers – which acts as a kind of virtual postbox to and from which the bitcoins are sent.

Since there is no registry of these addresses, people can use them to protect their anonymity when making a transaction.

These addresses are in turn stored in Bitcoin wallets, which are used to manage savings. They operate like privately run bank accounts – with the proviso that if the data is lost, so are the bitcoins contained.

Price drop

News of the closure was followed by a rapid drop in the price of bitcoins, according to figures from the Mt. Gox bitcoin exchange.

The going rate for the virtual currency dropped from more than $140 (£86) to around $110, before climbing back up to $123 (£75).

Investors may have been concerned about the FBI’s ability to confiscate bitcoins, said Mr Ferguson.

“Knowing that a currency could be seized or shut down could pressure people to look for alternative investment vehicles,” he said.

The FBI seized the virtual currency by getting hold of encryption keys for the bitcoins, according to Jerry Brito, George Mason University’s technology policy director.

The keys were made available through seized computer equipment, Mr Brito said in a blog post.

The FBI then transferred the bitcoins to an address controlled by the US government, according to the seizure order.

The content of this article originally appeared on the BBC News website and BBC News Technology

Clandestine Silk Road online marketplace closed – bitcoin seized – Irish Web Design

Adobe-Noida-Buildings

Adobe information stolen in cyber attack on website

News has emerged that software giant Adobe information stolen in cyber attack on website

Adobe has confirmed that 2.9 million customers have had private information stolen during a “sophisticated” cyber attack on its website.

The attackers accessed encrypted customer passwords and payment card numbers, the company said.

But it does not believe decrypted debit or credit card data was removed.

Adobe Icons

Adobe also revealed that it was investigating the “illegal access” of source code for numerous products, including Adobe Acrobat and ColdFusion.

“We deeply regret that this incident occurred,” said Brad Arkin, Adobe’s chief security officer.

“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” he said.

But Chester Wisniewski, senior adviser at internet security company Sophos, told the BBC: “Access to the source code could be very serious.

“Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines.

“This is on the same level as a Microsoft security breach,” he added.

Adobe said it had been helped in its investigation by internet security journalist Brian Krebs and security expert Alex Holden.

The two discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis.

Mr Krebs said the Adobe code was on a server he believed the hackers used.

Compromised

Adobe said that it is resetting passwords for the customer accounts it believes were compromised, and that those customers will get an email alerting them to the change.

It is also recommending that, as a precaution, customers affected change their passwords and user information for other websites for which they used the same ID.

For those customers whose debit or credit card information is suspected of being accessed, Adobe is offering a complimentary one-year subscription to a credit-monitoring programme.

Finally, the company said it had notified law enforcement officials and is working to identify the hackers.

Adobe information stolen in cyber attack on website.

This article originally appeared on the BBC News website

Visit Us On TwitterVisit Us On FacebookCheck Our Feed