Tech News

Theres a manhunt for a hacker underway in the world of Bitcoin, and this time (yes, there was a last time) the bounty is nearly half a million dollars worth of the virtual currency. Cryptsy, a popular exchange for buying and selling bitcoins, announced the bounty in a blog post on Thursday, which also attempts to explain the companys numerous recent service interruptions: Cryptsy alleges it was hacked in 2014 and lost millions. Now, they want it all back, and theyre willing to pay. The post also states that the exchange is suspending all trading indefinitely. At the time of writing, Cryptsys website appears to be offline. (Update: the site came back online just before 3 PM EST.) The company didnt tell anybody about the hack in 2014, according to the blog post, apparently figuring that since they were making money at the time, and had reserves of currency they could lean on to keep the exchange afloat, everything was just fine. Heres how that brilliant business plan worked out: according to Cryptsys blog post, problems began when Coin Fire (now 99bitcoins) published an article in October of 2015 claiming Cryptsy was under federal investigation, which Cryptsy CEO Paul Vernon dismissed as libelous. This caused a bankrun, Cryptsys Thursday blog post states, and the coin in their reserves couldnt cover all their customers withdrawals. The timing of the Coin Fire article coincides with the worst of Cryptsys service interruptions, for which Cryptsy users have received various explanations, including server failures and DDoS attacks.

BugSec Group and Cynet discovered a severe vulnerability in Next Generation Firewalls. Head of Offensive Security Stas Volfus uncovered the vulnerability, dubbed FireStorm, which allows an internal entity or malicious code to interact and extract data out of the organization, completely bypassing the firewall limitation. It was discovered that the firewalls are designed to permit full TCP handshake regardless of the packet destination, in order to gather enough content for it to identify which application protocol is being used (web-browsing/telnet etc.). This is applicable if the devices are configured, for example, to allow Web browsing (HTTP/S) traffic from the LAN environment to specific locations on the internet (URL Filtering). This is true even with a single location. This allowed us to perform a full TCP handshake via the HTTP port with a C&C (Command and Control) server hosted by BugSec. From there, we were able to forge messages and tunnel them out through the TCP handshake process, bypassing the firewall to any destination on the Internet, regardless of firewall rules and client restrictions.

Some large portion of the Internet of Things has essentially left its backdoor wide open. This is according to a report released Wednesday by security researchers at SEC Consult examining SSH cryptographic keys and HTTPS secure server certificates from 4,000 different devices offered by 70 different manufacturers. As it turns out, these credentials are, more often than not, hard-coded and re-used among many different devices from sometimes even different companies. (SSH and HTTPS are two ways a device might "talk" to a server and, thus, the internet.) Of the 4,000 devices, SEC was able to identify only 580 unique keys. What does that mean? Imagine an apartment building of 4,000 rooms but with only 580 different locks; the odds would be pretty good that your neighbor and you share the same front-door key. It is a bit unsettling. Note that we are not talking about internet-connected toaster ovens and Roombas but (mostly) basic networking technologies: home routers, modems, IP cameras, VoIP phones. Vulnerabilities here are far from trivial.

If you use a VPN (virtual private network) connection, you might not be as anonymous or secure as you thought, as reports have surfaced of a security flaw that allows a users real IP address to be pinpointed. This news comes courtesy of a VPN provider by the name of Perfect Privacy, although there are certainly caveats when it comes to tracing a real IP using the vulnerability. The flaw is described as "port fail" and it affects virtual private network providers that offer port forwarding – if they have no protection implemented against this issue, of course.

Expect to hear a whole lot more about Li-Fi - a wireless technology that transmits high-speed data using visible light communication (VLC) - in the coming months. With scientists achieving speeds of 224 gigabits per second in the lab using Li-Fi earlier this year, the potential for this technology to change everything about the way we use the Internet is huge. And now, scientists have taken Li-Fi out of the lab for the first time, trialling it in offices and industrial environments in Tallinn, Estonia, reporting that they can achieve data transmission at 1 GB per second - that is 100 times faster than current average Wi-Fi speeds. We are doing a few pilot projects within different industries where we can utilise the VLC (visible light communication) technology, Deepak Solanki, CEO of Estonian tech company, Velmenni, told IBTimes UK. Currently we have designed a smart lighting solution for an industrial environment where the data communication is done through light. We are also doing a pilot project with a private client where we are setting up a Li-Fi network to access the Internet in their office space.

As quickly as researchers discover ways to remove and block Remote Access Trojans (RAT) used for spying on mobile devices and computers, hackers are creating new spyware strains from previously discovered malware – and they are developing more advanced capabilities from the original malware. Most recently, Egyptian hackers used the njRAT spyware exploit kit to create KilerRat, a new remote access tool (RAT) that targets the Windows operating system and allows the attacker to take over control of Windows computers. The attackers can remotely delete, edit, and rename files or folders; view the webcam of infected computers; monitor key logging on infected computers; and collect stored passwords in the computers browsers. The malware can also use the infected computers as a proxy for network traffic, enabling DDOS attacks, and convert .exe files to jpg, score, mp3, wav, txt mp4 or flv files. As a result, it is more difficult to identify computers that have been infected with the malware. In a blog post, AlienVault researcher Peter Ewane wrote that many antivirus tools "had a difficult time" detecting the malware at the time of the release.