SECURITY WARNINGS & Notices - Please post them here

[DavidR]

Serious yes, but I want to know if this POC would work on a site not hacked.

The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.

So there has to this network sniffer, piece of 'stealthy' javascript, where does it come from. It would either have to be inserted into the site page (hacked) or an off site loading/running of a script (cross site scripting XSS, again hacked site).

Well I'm looking at what protection can be offered in the form of the web shield (good on hacked sites and inserted script tags, etc.) and things like NoScript and RequestPolicy firefox add-ons to prevent local or XSS scripts from running (unless of course you gave permission).

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”

So again I don't see any mention in all of this of a systems local security software and how it plays out in this.

EDIT: incorrect formatting of quote.

[bob3160]

Beginning to wonder if anything is safe any more.

[DavidR]

I think there is a degree of hype/fear-mongering in this when it doesn't take any account of users security measures or even mention methods of combating it.

[Dwarden]

just note this PoC comes from researchers who already are responsible for another POC forcing Microsoft and Oracle to do out of band patch in past ...
so i would not understimate the seriousness ...
already it's discussed it takes only 5minutes to de-cypher and most sites has 10 minutes expire so this is nasty

also i hope this forces all websites to upgrade to 2nd revision of TLS 1.2 (SSL 3.3)

[CharleyO]

***

Russian hacker sells home and cars to pay RBS

A Russian hacker who breached the security of RBS' WorldPay service and stole $9m (£6m) has had his property sold to compensate the bank.
Viktor Pleshchuk's two flats and two cars, a BMW and a Lada, were auctioned off in Saint Petersburg on Monday.
According to a Russian news portal RIA Novosti, the sale raised 10m roubles (£200,000).

http://www.bbc.co.uk/news/technology-14989264


***

[Pondus]

Botnets on discount!
Creating a botnet has become insanely easy and cheap
http://blog.gdatasoftware.com/blog/article/botnets-on-discount.html

[CharleyO]

***

New malicious email attachments come with accusations, threats

The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop. It's all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming. Actually it's an .exe file that infects the machine but displays like a document.

The emails are dressed up to look like they come from real businesses that are upset because the recipient has been spamming them. "The emails even formally claims that legal action will be taken because of the spam you have sent," says the blog.

http://www.networkworld.com/news/2011/092111-malware-251104.html


***

[Asyn]

Aftermath - VASCO Announces Bankruptcy Filing by DigiNotar B.V.
http://www.vasco.com/company/press_room/news_archive/2011/news_vasco_announces_bankruptcy_filing_by_diginotar_bv.aspx

[Dch48]

I'm pretty sure nobody here would fall for it but I got an email purporting to be from Google about upgrading my gmail. The message was the following:

Dear Gmail Account User,

A DGTFX virus has been detected in your folders
Your email account has to be upgraded to our new
Secured DGTFX anti-virus 2011 version  to prevent
damages to our email log and your important
files.

Click your reply tab, Fill the columns below and
send back or your email account will be terminated
immediately to avoid spread of the virus.

USER ID:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:

Gmail Technical Team
Note that your password will be encrypted with
1024-bit RSA keys for your password safety to
avoid any unauthorized user.

It said it was from upgrade @gmail.com but a thorough inspection of the header revealed that it actually came from somebody in Romania since it had a .ro at the end of the address.

[Asyn]

Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html

[YoKenny]

Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html

Also

A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. 

http://blog.eset.com/2011/09/23/pdf-trojan-appears-on-mac-os-x

[Asyn]

Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

First solutions for SSL/TLS vulnerability
http://www.h-online.com/security/news/item/First-solutions-for-SSL-TLS-vulnerability-1349813.html

[polonus]

Hi Asyn,

There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)

polonus

[Asyn]

Hi Asyn,

There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)

polonus

Yes but sadly only for W7.

Chrome and Firefox use the Network Security Services (NSS), which only support TLS 1.0. Windows Vista, XP, 2000 and Server 2003 as well as Server 2008 are also incapable of using TLS 1.1 by default.

[Asyn]

Mysql.com hacked, infecting visitors with malware
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
https://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/