Security Technology

Hc_07 Google is upgrading the digital certificates used to secure its Gmail, Calendar, and Web search services. Beginning on August 1, the company will start upgrading the RSA keys used to encrypt Web traffic and authenticate to 2048-bits, twice as many as are used now. The rollout affects the transport layer security (TLS) certificates that underpin HTTPS connections to Google properties. Sometimes involving the secure sockets layer (SSL) protocol, the technologies prevent attackers from reading the contents of traffic passing between end users and Google. They also provide a cryptographic assurance that servers claiming to be Google.com are in fact operated by Google, as opposed to being clones created by attackers exploiting age-old weaknesses in the way the Internet routes traffic. There are good reasons for Google to upgrade the strength of these crucial digital keys. The weaker the key strength of an RSA key pair, the easier it is for anyone to mathematically derive the "private key." Such attacks work by taking the certificate's "public key" that's published on the website and factoring it to derive the two prime numbers that make up the private key. Once the private key for a Google certificate has been factored, the attacker can impersonate an HTTPS-protected Google server and provide the same indications of cryptographic security as the legitimate service. Someone who was able to derive the secret primes to Google's private key, for instance, would be able to create convincing attacks that would fool many browsers and e-mail clients. Read 5 remaining paragraphs | Comments

Attorney General Eric Holder signed off on the controversial warrant application that the Justice Department used to obtain the personal emails of a Fox News reporter.

Countries in Latin America have been the primary targets in this campaign, researchers say.

Like they do with major news events and other holidays, online fraudsters are seeking to cash in on the upcoming Memorial Day weekend.

Attorney General Eric Holder is on record the Department of Justice supports legislation that generally would require the government to get a probable-cause warrant to read your e-mail. That we're having this discussion is because federal law, dating to the ...

Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission.

Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission.

Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line (see below). Once executed, this enables WORM_PIZZER.A to create copy of itself in archived files, particularly in .ZIP, .RAR and .RAR FX files. The worm does not harvest passwords from these archive files. The said command line is normal, in which a user can add file onto archived files so long as their system is installed with WINRAR. However, the malware abuses this to add copies of itself onto such files. Figure 1. WINRAR command file During our testing, this worm was downloaded by WORM_SWYSINN.SM from a particular site. This technique is reminiscent of WORM_PROLACO variants seen in 2010, in which variants were seen to archive certain .EXE files together with a copy of itself. But what makes WORM_PIZZER.A interesting is its clever way of creating copies of itself in archived files, even on password-protected ones. Unsuspecting users who extract these archived files would have no idea that they already contain this worm, thus likely to execute the malware along with their other files. Figure 2. WORM_PIZZER.A copy (bot.exe) in an archived file Trend Micro detects and deletes WORM_PIZZER.A if found and also blocks access to the site hosting the said malware. The first half of the year 2013 is shaping up to be a year of rehash, with dated threats like ZBOT, CARBERP, and GAMARUE using new techniques to evade detection or at least stealthier ways to slip into user’s system unnoticed. WORM_PIZZER.A is no different from this flock of repackaged threats. Because of the protective measure archived files afford, users might be too complacent in extracting and executing these files – providing the perfect cover up to propagate in an infected system. For protection, users must observe best computing practices, which include avoiding visiting unknown sites, and downloading files from unverified email messages. Because the malware can create copies of itself on archived files, users must be extra cautious in executing such files. We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how. With additional insights Threat researchers from Dexter To and Joseph Jiongco. Post from: Trendlabs Security Intelligence Blog - by Trend MicroWorm Creates Copies in Password-Protected Archived Files

Every Friday, after the SC Magazine news team has taken a few spins around the interwebs, we post some security-related links that we found interesting. We hope you do too.

Every Friday, after the SC Magazine news team has taken a few spins around the interwebs, we post some security-related links that we found interesting. We hope you do too.