Tech News
On Tuesday, Microsoft issued a patch to plug a critical hole in Windows’ Remote Desktop Protocol. Fearing the possibility of an exploit being developed in the “next 30 days,” the company “strongly” advised the immediate deployment of this patch in a blog post detailing the said RDP vulnerability (CVE-2012-0002). Well, it seems that Microsoft was right about the vulnerability being highly attractive to hackers. Chinese hackers are said to have already published proof-of-concept (PoC) exploit code for the RDP hole. But there seems to be something even more troubling here than the exploit code itself. It’s feared that the hackers who published the code on a Chinese language forum might have had access to data from MAPP ( Microsoft Active Protections Program), which provides vulnerability information to security software partners prior to Microsoft\'s monthly installment of security updates “so partners can build enhanced customer protections.” Luigi Auriemma, the security researcher who first discovered the vulnerability, has alleged that the Chinese PoC is the “exact one” he provided to TippingPoint ZDI (Zero Day Initiative). He suspects a leak at either ZDI or Microsoft. “The packet I gave to ZDI wasn’t just a simple fuzzed packet. I modified at some points to make it unique,” Auriemma told ZDNet in an interview. If it’s indeed a MAPP leak than Microsoft has a huge problem on its hands. This is what Microsoft’s site says about MAPP: “You will receive advance vulnerability information for those vulnerabilities to be addressed in Microsoft’s regularly scheduled monthly security update releases. This information package will provide documents that outline our information on the vulnerability. These documents outline the steps used to reproduce the vulnerability as well as the steps used to detect the issue.”
Six suspected leaders of the international hacking organization known as Anonymous were charged by U.S. authorities of computer crimes, dealing a major blow to the loose-knit group that has wreaked havoc on the websites of government agencies and major corporations. Among those charged was Hector Xavier Monsegur, known as \"Sabu,\" who took responsibility for attacks on the websites of eBay\'s PayPal, MasterCard and Visa between December 2010 and June 2011, according to federal prosecutors and the FBI. The attacks were in retaliation for the refusal of those companies to process donations to Wikileaks, the group that leaked confidential diplomatic cables in 2010. The charges against Monsegur, in a case that was opened last summer, were filed in federal court in New York via a criminal information. Such a document typically means a suspect has been cooperating with the government. \"Sabu was seen as a leader ... Now that Anonymous realizes he was a snitch and was working on his own for the Fed, they must be thinking: \'If we can\'t trust Sabu, who can we trust?\' \" said Mikko Hypponen, chief research officer at Finnish computer security company F-Secure. \"It\'s probably not going to be the end of Anonymous, but it\'s going to take a while for them to recover, especially from the paranoia,\" Hypponen said. Monsegur pleaded guilty last August to 12 charges, including computer hacking and conspiracy, according to documents unsealed in New York federal court on Tuesday. He is free on a $50,000 bond. The charges carry a possible maximum prison term of 10 years.
A new version of a well-known family of Mac malware exploits vulnerabilities in Java to steal usernames and passwords for online payment, banking and credit card websites. Flashback.G is the first variant of the Trojan horse to use an attack vector that doesn\'t require any user interaction, said Intego Security, a French firm that specializes in Mac antivirus software. Most Mac malware needs help from users to get on a machine, if only to okay an installation by entering the system password. When users come across the new malware -- it\'s being served from an unknown number of malicious websites -- Flashback.G first tries to exploit a pair of Java bugs, one harking back to 2008, the other discovered last year. Apple has patched both vulnerabilities in its Java updates, fixing the 2011 bug in the most recent Java security update, issued last November. While Apple no longer packages Oracle\'s Java with its Mac operating system -- it stopped that practice with OS X 10.7, aka Lion, in July 2011 -- it continues to issue Java security updates to people running Lion as well as Mac OS X 10.6, better known as Snow Leopard. Even though it doesn\'t come with Lion, Java may have be on those systems: Users are prompted to install the Oracle software the first time they try to run a Java applet. If Flashback.G is unsuccessful because both bugs have been plugged -- or if Java isn\'t present on the Mac -- the malware switches to a backup tactic, where it tries to dupe users into running the attack code by posing as content digitally signed by Apple.
Iran has cut off access to the Internet, leaving millions of people without access to email and social networks. A source inside the country confirmed this morning that Gmail, Hotmail, and Yahoo email are no longer available. Ditto for Facebook. So far, the government has not made any announcement about the service interruption. But cyber-sophisticated Iranians are still able to circumvent the government by using proxy servers over VPN connections. \"The interesting thing is that when asked, they deny the fact that all these services are all blocked,\" an Iranian contacted by CNET said. This individual asked to remain unidentified. However, the Iranian noted that the regime has cut off the Internet during protests and that the buzz on the streets is that anti-government protests are planned for Saturday. Last month the country\'s information minister told the Islamic Republic News Agency that a firewalled national Internet would soon become operational. There was no word on when the government might plan to throw the switch on what essentially would be a vast \"intranet,\" but it could happen any day. And that prospect has cyber activists in Iran concerned. It would give the government a hand up in its cyber cat-and-mouse battle with opponents.
Online retailer Zappos.com is telling 24 million customers that their personal information has been hacked, and forcing all of them to reset their passwords. Cyber criminals may have accessed customers\' names, e-mail addresses, billing and shipping addresses, phone number, and the last four digits of consumers\' credit card numbers, the firm said in an announcement that was posted on Zappos\' Web site late Sunday night. Full credit card numbers were not stolen, the firm said, because they were stored separately. The announcement included the text of an e-mail that Zappos customers will soon receive. \"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation,\" says the e-mail, which is signed by Tony Hsieh, Zappos CEO. \"For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password. We also recommend that you change your password on any other web site where you use the same or a similar password.\" While passwords that may have been stolen were cryptographically scrambled, Zappos said, it is still requiring all consumers to change their passwords. Zappos also recommends that consumers who use their Zappos password on other sites — a common, if unsafe, practice — should change those passwords, too.
Hackers released another batch of data on Thursday pilfered from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend. The data purports to be the names and credit-card numbers of people who have purchased research from Stratfor plus hundreds of thousands of user names and e-mail addresses used to register with the website. The hackers, believed to be part of the Anonymous movement, described the data on Pastebin, then provided several links to websites hosting the information. They noted that some 50,000 of the e-mail addresses released end in \".mil\" or \".gov.\" The data comprises 75,000 names, credit card numbers and MD5 hashes, or cryptographic representations, of passwords for people who have paid Stratfor for research. The group also said the data contains 860,000 user names, e-mail addresses and MD5 hashes for passwords for anyone who has registered on Stratfor\'s website. Stratfor said on Thursday that it was offering a free one-year subscription to an identity protection service to those affected.