What you need to know for your personal cyber security life…
Number twenty-three in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.
# # #
HEADLINES…for this issue…
- Google fixes 7 Chrome security holes just before CanSecWest
- 75 Percent of Hospitals and Clinics Are Worried about HealthCare.gov Hacks
- NSA’s automated hacking engine offers hands-free pwning of the world
- For EC-Council Mum’s the word
- Investors flock to cyber security start-ups
- Adobe, Microsoft Push Security Updates
- Top UK e-commerce sites fail to protect ‘password’ password-h
avers from selves
- Reverse Wardriving: Tracking Apple and Google Commuter Buses by Their Wi-Fi Clouds
- Blackstone to Acquire Cybersecur
ity Firm Accuvant
- NSA Nominee Confirms Ukraine Is Under Cyberattac
Google fixes 7 Chrome security holes just before CanSecWest
- By Seth Rosenblatt
- CNET News
- March 12, 2014
Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.
The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.
Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.
# # #
75 Percent of Hospitals and Clinics Are Worried about HealthCare
- By Aliya Sternstein
- March 12, 2014
A major concern about Obamacare is that the online swap of patient information between providers and the federal government’s data hub will jeopardize consumers’ privacy and security, according to a new study by the Ponemon Institute.
As far as cyber threats that affect patients, “the Affordable Care Act (ACA) is seen as a contributing factor because of the documented insecure websites, databases and health information exchanges that are highly vulnerable to insider and outsider threats,” state the findings of the report released on Wednesday.
Health and Human Services officials have maintained, ever since registration for Obamacare plans launched on Jan. 1, that HealthCare.gov is safe and that there have not been any breaches detected.
About 70 percent of hospitals and clinics said they believe the Affordable Care Act, in general, increases the risk of compromising patient data.
# # #
NSA’s automated hacking engine offers hands-free pwning of the world
- By Sean Gallagher
- Ars Technica
- March 12, 2014
Since 2010, the National Security Agency has kept a push-button hacking system called Turbine that allows the agency to scale up the number of networks it has access to from hundreds to potentially millions. The news comes from new Edward Snowden documents published by Ryan Gallagher and Glenn Greenwald in The Intercept today. The leaked information details how the NSA has used Turbine to ramp up its hacking capacity to “industrial scale,” plant malware that breaks the security on virtual private networks (VPNs) and digital voice communications, and collect data and subvert targeted networks on a once-unimaginable scale.
Turbine is part of Turbulence, the collection of systems that also includes the Turmoil network surveillance system that feeds the NSA’s XKeyscore surveillance database. While it is controlled from NSA and GCHQ headquarters, it is a distributed set of attack systems equipped with packaged “exploits” that take advantage of the ability the NSA and GCHQ have to insert themselves as a “man in the middle” at Internet chokepoints. Using that position of power, Turbine can automate functions of Turbulence systems to corrupt data in transit between two Internet addresses, adding malware to webpages being viewed or otherwise attacking the communications stream.
Since Turbine went online in 2010, it has allowed the NSA to scale up from managing hundreds of hacking operations each day to handling millions of them. It does so by taking people out of the loop of managing attacks, instead using software to identify, target, and attack Internet-connected devices by installing malware referred to as “implants.” According to the documents, NSA analysts can simply specify the type of information required and let the system figure out how to get to it without having to know the details of the application being attacked.
The “selectors” that analysts can use to target victims through Turbine are significant. Using Turmoil as a targeting system, Turbine can look for identifying cookies from a number of Web services, including Google, Yahoo, Twitter, Facebook, Hotmail, and DoubleClick, as well as those from the Russian services Mail.ru, Rambler, and Yandex. Those cookies are all available for targeting purposes, as is user account information from a whole host of services.
# # #
, Mum’s the word
- By William Knowles
- Senior Editor
- InfoSec News
- March 12, 2013
We have been following the compromise, Web defacement, and subsequent silence of EC-Council for a couple of weeks now. On February 22nd the Albuquerque, NM based EC-Council Web site was broken into and defaced three separate times. If you hold a certification from EC-Council your confidential information is rumored to have been stolen during this period.
After the EC-Council administrators wrested back control of their site the first time, a known password was used to deface the Web site again. The second defacement showed the mail from Edward Snowden’s Yokota Air Base email address requesting an exam code, along with a copy of his U.S. Passport and a letter signed by John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan.
All told, the website was compromised three times in a single week.
Conspiracy rumors abound about who attacked the EC-Council Web site. Foreign training companies, Secret Squirrels, The Chinese, The Russians, Non-state actors were all considered possible suspects. However, the folks at r000t’s blag did some digging and their conclusions provide pretty damning evidence identifying the likely culprit.
Since the attack, EC-Council has kept a very low profile, InfoSec News has reached out several times to Founder Jay Bavisi for a comment, but the attempts have fallen on deaf ears. Now nearly three weeks later, the EC-Council finally commented on the attack.
# # #
Investors flock to cyber security start-ups
- By Hannah Kuchler in San Francisco
- March 12, 2014
Cyber security start-ups have become the latest fascination for Silicon Valley investors, who have flooded the sector with venture capital investment as they seek to back the latest technology to combat criminals online.
Early-stage funding for the sector soared by almost 60 per cent last year to $244m worldwide, according to data from research group PrivCo. The number of deals rose even faster, up more than 100 per cent year-on-year to more than one a week. The figures imply multibillion-dollar valuations in total for these young companies, which often only have a small number of employees.
The investment boom in cyber security companies comes as cyber crime is on the rise and recent high-profile attacks, such as the data breach at US retailer Target and the theft of customer details at Adobe, the software company, have highlighted the extent of the threat.
Ted Schlein, a partner at Kleiner Perkins Caufield Byers, the Silicon Valley venture capital firm, says there has been a “huge mental shift” in companies and they are increasingly willing to spend on cyber security.
# # #
Adobe, Microsoft Push Security Updates
- By Brian Krebs
- Krebs on Security
- March 11, 2014
Adobe and Microsoft today each released software updates to fix serious security flaws in their products. Adobe pushed an update that plugs a pair of holes in its Flash Player software. Microsoft issued five updates, including one that addresses a zero-day vulnerability in Internet Explorer that attackers have been exploiting of late.
Microsoft’s five bulletins address 23 distinct security weaknesses in Microsoft Windows, Internet Explorer and Silverlight. The Internet Explorer patch is rated critical for virtually all supported versions of IE, and plugs at least 18 security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks.
Microsoft notes that the exploits targeting the IE bug seen so far appear to perform a check for the presence of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET); according to Microsoft, the exploits fail to proceed if EMET is detected. I’ve recommended EMET on several occasions, and would encourage any Windows users who haven’t yet deployed this tool to spend a few minutes reading this post and consider taking advantage of it to further harden their systems. The latest version — 4.1 — is available at this link and requires Microsoft’s .NET Framework 4 platform. For those of you who don’t mind beta-testing software, Microsoft has released a preview version of the next generation of EMET — EMET 5.0 Technical Preview.
This month’s updates include a fix for another dangerous bug – deep within the operating system on just about every major version of Windows – that also was publicly disclosed prior to today’s patches. Microsoft’s Technet Blog has more details on these and other bulletins released today.
# # #
Top UK e-commerce sites fail to protect ‘password’ password-h
- By John Leyden
- The Register
- 11 Mar 2014
Top UK e-commerce sites are not doing enough to safeguard users from their own password-related foibles, according to a new study.
A review of password security at the top 100 e-commerce sites found two in three (66 per cent) accept notoriously weak passwords such as “123456” or “password”, putting users in danger.
The first quarterly review by password manager and digital wallet firm Dashlane also found two in three (66 per cent) of e-commerce sites make no attempt to block entry after 10 incorrect password entries.
Sites that fail to implement rudimentary measures to block brute force attacks include Amazon UK, Next, Tesco and New Look. Hackers often run malicious software that can run thousands of passwords during log-ins to breach accounts, a tactic that a simple policy of locking out individuals after a given number of failed password entries would thwart.
Dashlane examined the e-commerce sites using a set of 26 criteria, including mandatory password length, acceptance of the 10 most commonly hacked passwords and whether or not they displayed users’ password in plain text. Each criterion was given a merit or demote point value, leading to a possible total score between -100 and 100 for each site.
# # #
: Tracking Apple and Google Commuter Buses by Their Wi-Fi Clouds
- By Kevin Poulsen
- Threat Level
Silicon Valley shuttle buses have become a symbol of San Francisco’s gentrification anxiety — Facebook, eBay, Genentech, Yahoo, and most famously Google all have their own private bus lines shuttling workers in and out of the city, hiding them behind tinted glass and bathing them in free Wi-Fi so the riders can have a productive commute.
My home happens to be placed along one of Apple’s commuter bus lines, and the giant, silver buses have long felt like a constant presence on the residential street, powering up and down the hill, plowing past my window, honking a polite warning as they pass while I double-park to unload groceries. Apple workers have seen me in pajamas, stepping outside to get the paper or throw a dirty diaper in the trash. They’ve seen me chasing my kids into the car for the morning for the ride to school. In the evening the Apple Bus sometimes sees me waiting in my car for it to pass, so I can open the door without losing it to the bus’s grill.
Last week, it occurred to me that I might start monitoring the local Wi-Fi environment to determine how often the Apple Bus really comes by. My wife guessed 10 times a day. I’d have said 20.
After a week of reverse-wardriving, it appears the Apple Bus passes my house an average of 36 times a day, and is uncannily punctual, especially in the a.m., when the first bus reliably pops up on my Wi-Fi radar between 6:23:33 and 6:23:56 every morning.
# # #
Blackstone to Acquire Cybersecur
- By William Alden
- The New York Times
- March 11, 2014
With the prospect of cyberattacks keeping corporations on edge, the Blackstone Group is investing in a company that aims to counteract such threats.
Blackstone, the world’s largest private equity firm, announced on Tuesday that it had agreed to buy a majority stake in Accuvant, a 12-year-old company that offers cybersecurity software and consulting services to companies and governments.
Sverica International, a private equity firm that owns a stake in Accuvant, is investing alongside Blackstone, according to the announcement. Accuvant’s management is also investing in the deal.
The deal is worth $225 million, including debt financing, a person briefed on the matter said. The equity portion — from Blackstone, Sverica and Accuvant’s management — is worth $150 million, this person said.
# # #
NSA Nominee Confirms Ukraine Is Under Cyberattac
- By Brendan Sasso
- National Journal
- March 11, 2014
A top U.S. military official said Tuesday he believes hackers are attacking Ukrainian computer and communications networks — but he declined to point the finger at Russia.
“In an open unclassified forum, I’m not prepared to comment on the specifics of nation-state behavior,” Vice Adm. Michael Rogers told the Senate Armed Services Committee when asked whether Russia is using cyberattacks against Ukraine. Rogers currently runs the Navy’s cyber unit and is President Obama’s nominee to head both the National Security Agency and U.S. Cyber Command.
“Clearly cyber will be an element of almost any crisis we are going to see in the future. It has been in the past. I believe we see it today in the Ukraine. We’ve seen it in Syria, Georgia. It increasingly is becoming a norm,” Rogers said.
Ukrainian officials have said in recent weeks that government, media, and telecommunications systems have come under cyberattack. The attacks were designed to jam communications and hinder the government’s response to the crisis in Crimea, the officials said.
# # #