Security Technology

Since its initial release in February 2012 the Raspberry Pi – a very inexpensive, palm-sized computer meant to help teach computer science in schools –  has become a favorite of hobbyists, makers, and tech enthusiasts everywhere. Why wouldn’t it be? The Raspberry Pi offers tinkerers a very low-cost (both to buy and to run) computer in an extremely compact platform. In addition, because of its origins as an educational tool, it’s easy to use and is versatile. Accordingly, it can be used in all sorts of creative ways. However, its apparent simplicity and low cost comes with a downside. The Raspberry Pi is not a simple “device” with limited capabilities; it is a fully capable computer. The same pitfalls that befall normal desktop computing can  hit the Raspberry Pi, if it is not properly secured. Some uses of the Raspberry Pi actually turn them into servers, and that is something that users may not really know how to secure. For example, some people have made the Raspberry Pi into a server that controls their home automation system, or allows users to watch videos served by the Pi remotely. For many uses of the Raspberry Pi, security isn’t much of a concern – it will never be online or even exposed to external input that could be used as an infection vector. The trouble comes when it’s used in situations where it is online – particularly as a server – where it’s at potential risk. For example, some automated scanners are already trying to log in with the pi user. In short, the Raspberry Pi is only as secure as the uses you use it for. Good server security is not always easy; consider that even IT professionals make mistakes. Look into known server best practices if you do use a Raspberry Pi for these uses. Considering its origin as an educational tool, learning how to secure a server would be an appropriate use for a Raspberry Pi. Post from: Trendlabs Security Intelligence Blog - by Trend MicroIs The Raspberry Pi Secure?

On the heels of the Syrian Electronic Army compromising a number of high-profile accounts—including those of the Associated Press, The Guardian, and The Onion—Twitter has introduced a two-factor authentication feature that should make such attacks more difficult. In a blog post today, Jim O'Leary of Twitter's security team announced the release of "login verification," an optional security measure that requires a verified phone number and e-mail address. Twitter is a bit late to the two-factor authentication party. Word first spread that Twitter was working on a two-factor authentication scheme in February when the company advertised job openings for security engineers to develop "user-facing security features, such as multi-factor authentication and fraudulent login detection." Google has offered two-factor authentication since February of 2011, and Facebook introduced two-step login approval in May of 2011. Like Google's two-factor authentication, Twitter's login verification sends a code via SMS to be entered to confirm login. But unlike Google's system, the code will be sent every time users sign into Twitter through its website. This is the case even if it's from a computer or device that they've logged in from before. The phone has to be enrolled through Twitter's existing SMS service first—you have to text a code to Twitter to verify the phone first, which may not work with some phone carriers. The relationship between phones and accounts is also strictly one-to-one: if you have a shared business account, you're going to need to share a phone number too. If you have multiple accounts and only one phone number, then you can only secure a single account. Read 1 remaining paragraphs | Comments

Following a series of high-profile Twitter account hijacks, the microblogging service finally has delivered two-factor authentication.

The IE exploit was most recently used in watering hole attacks directed at the U.S. Department of Labor website.

This 127-page report was just published by the UK Defence Academy. I have not read it yet, but it looks really interesting. Executive Summary: This report presents a systematic way of thinking about cyberpower and its use by a variety of global players. The urgency of addressing cyberpower in this way is a consequence of the very high value of...

Duke University A Congressional survey of utility companies has revealed that the country's electric grid faces constant assault from hackers, with one power company reporting a whopping 10,000 attempted cyberattacks per month. US Reps. Edward Markey (D-MA) and Henry Waxman (D-CA) sent 15 questions to more than 150 utilities and received replies from 112 of them. Only 53 of those actually answered all the questions—the others provided incomplete responses or only "a few paragraphs containing non-specific information" without answering any of the questions. Results from those who did answer show utilities are under continuous assault: Read 8 remaining paragraphs | Comments

Last March, I blogged about the Andromeda, a well-known botnet that surfaced in 2011 and is making a comeback this year. Just months after my report, we are still seeing notable activities from the said botnet, in particular a sudden boost of GAMARUE variants last week. The Andromeda botnet is a spam botnet that delivers GAMARUE variants, which are known backdoors and have a noteworthy way of propagating via removable drives. We’re keeping track of the GAMARUE infection for the past weeks and observed some noteworthy activities. For the past 30 days, we noticed a sudden spike of its variants on May 17. In particular, there was a 82% increase from May 16 – May 17 and another 32% on May 18. A significant bulk of these malware, specifically 63%, is WORM_GAMARUE variants. Figure 1. GAMARUE detection for the past 30 days (April 20 – May 31) In my initial blog entry, I reported that the bulk of infection came from Australia. Last year, Germany was also one of the most GAMARUE-affected countries. However, just months after my first post, we are seeing a trend in which a majority of WORM_GAMARUE variants are affecting India, Turkey, and Mexico. Figure 2. Top countries affected by WORM_GAMARUE Currently, we can not readily determine why GAMARUE variants increased on the said dates. If anything, this trend shows that the botnet is still active and poses risks to users. Andromeda Botnet: Old Threat Repackaged In our 2013 1Q Security Roundup, we concluded that during this quarter, cybercrime was characterized by old threats made new. The Andromeda spam botnet is a good example of this trend, this time with aid of the Blackhole Exploit kits (BHEK) and some new neat tricks. This threat arrives as a spammed message containing a malicious attachment (GAMARUE variants) or links leading to certain sites, which now include those compromised by the notorious Blackhole Exploit kit. GAMARUE variants are known to propagate via removable drives. It also drops component files instead of copies of itself to make detection difficult. Taking cue from threats like DUQU and KULUOZ, GAMARUE variants also uses certain APIs to inject itself to normal process to evade detection. Propagating techniques aside, GAMARUE variants have backdoor capabilities since it communicates with certain C&C servers to send and receive commands. This communication, in effect, gives a remote malicious user control over the infected system. Some of the commands the malware can execute include downloading other malware onto the system, most notably info-stealing threats like ZeuS/ZBOT variants. Because some Andromeda-related spam messages eerily looks like legitimate email notification from vendors, the usual criteria for determining a spam are not sufficient. As an alternative, you can verify to see if the email you’ve received is legitimate or not. Since BHEK is known to exploit software vulnerabilities like Java, you must always update your system with the latest security patch or re-consider your use of Java. For better protection, install antimalware software like Trend Micro, which protects your system from spam, malicious URLs, and malware. Post from: Trendlabs Security Intelligence Blog - by Trend MicroKeeping Up With the Andromeda Botnet

Over the past three days, security companies announced acquisitions.

For a while now, I have been thinking about what civil disobedience looks like in the Internet Age. Certainly DDOS attacks, and politically motivated hacking in general, is a part of that. This is one of the reasons I found Molly Sauter's recent thesis, "Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet," so interesting:...

TerraCom's website offers free cell phones to low income customers; its call center company gave customers' personal data away. Call it security through absurdity: a pair of telecom firms have branded reporters for Scripps News as "hackers" after they discovered the personal data of over 170,000 customers—including social security numbers and other identifying data that could be used for identity theft—sitting on a publicly-accessible server. The reporters claim to have discovered the data with a simple Google search; the firms' lawyer claims they used "automated" means to gain access to the company's confidential data, and that in doing so the reporters violated the Computer Fraud and Abuse Act with their leet hacker skills. The files were records of applicants for the Federal Communications Commissions Lifeline subsidized cell phone program for low-income consumers. The applicants' information was collected for the telecom providers YourTel and TerraCom by Vcare, an India-based call center service contracted to verify applicants' eligibility. To qualify for the program, customers need to submit proof that they are enrolled in a federal or state assistance program such as Supplemental Security Income, food stamp programs, and the federally-funded free school lunch program. Vcare and the telecom providers are explicitly required to not retain this data under the regulations of the FCC program. However, the data was retained on Vcare's servers and posted to an open file-sharing area—and apparently indexed by Google's search engines in the process. Read 3 remaining paragraphs | Comments