Secret information from at least three separate government departments is available on the internet because of incompetent handling of sensitive material by Whitehall officials, The Daily Telegraph can disclose.
The Ministry of Defence, the Department of Health and the Department for Communities and Local Government have published sensitive documents online, but then failed to properly "redact" classified information.
As a result, information that is supposed to be hidden from public view can be read by anyone with access to a computer.
The Daily Telegraph discovered the security breaches yesterday after the Ministry of Defence admitted that secrets about Britain's nuclear submarines were obtainable from a government report online.
A technical error meant blackedout parts of the report could be read by "copying and pasting" its contents into another document.
Continued : http://www.telegraph.co.uk/news/uknews/defence/8457506/Secrets-put-on-internet-in-Whitehall-blunders.html
Also:
How NOT to redact a PDF - Nuclear submarine secrets spilled
Ministry of Defence fails at redacting nuclear sub secrets
Redaction FAIL: Dull nuke sub document revealed in full
Reply 1 : NEWS - April 18, 2011
The founders of three of the internet's largest gambling sites have been indicted and charged with bank fraud, money laundering and illegal gambling offenses by US authorities.
Eleven individuals have been charged in total by the US Department of Justice with running operations that violated the Unlawful Internet Gambling Enforcement Act of 2006.
Among those charged are executives from Isle-of-Man based Pokerstars, Ireland-based Full Tilt, and Costa-Rica based Absolute Poker.
The authorities have so-far arrested three individuals, all US citizens, and are working with international law enforcement agencies to arrest a further eight US citizens and foreign nationals in connection with the charges.
The individuals face a range of charges with different prison sentences and fines, while the US is also seeking at least $3bn held by the companies.
The feds have seized five domain names issued by the poker companies to their online businesses in the US, and have issued orders freezing 76 accounts in 14 counties. At time of writing, the Absolute Poker domain was among the domains seized.
Continued : http://www.theregister.co.uk/2011/04/16/feds_online_poker/
Also: Major Poker Sites Closed, Founders Indicted
FBI - NY Field Office:
Manhattan U.S. Attorney Charges Principals of Three Largest Internet Poker Companies with Bank Fraud, Illegal Gambling Offenses, and Laundering Billions in Illegal Gambling Proceeds
Eleven individuals have been charged in total by the US Department of Justice with running operations that violated the Unlawful Internet Gambling Enforcement Act of 2006.
Among those charged are executives from Isle-of-Man based Pokerstars, Ireland-based Full Tilt, and Costa-Rica based Absolute Poker.
The authorities have so-far arrested three individuals, all US citizens, and are working with international law enforcement agencies to arrest a further eight US citizens and foreign nationals in connection with the charges.
The individuals face a range of charges with different prison sentences and fines, while the US is also seeking at least $3bn held by the companies.
The feds have seized five domain names issued by the poker companies to their online businesses in the US, and have issued orders freezing 76 accounts in 14 counties. At time of writing, the Absolute Poker domain was among the domains seized.
Continued : http://www.theregister.co.uk/2011/04/16/feds_online_poker/
Also: Major Poker Sites Closed, Founders Indicted
FBI - NY Field Office:
Manhattan U.S. Attorney Charges Principals of Three Largest Internet Poker Companies with Bank Fraud, Illegal Gambling Offenses, and Laundering Billions in Illegal Gambling Proceeds
Reply 2 : NEWS - April 18, 2011
The website of the European Space Agency (ESA) has been hacked into and a list of FTP accounts, as well as email addresses and passwords for administrators and editors have been leaked.
The www.esa.int Web server was compromised by a well known Romanian grey hat hacker who uses the online moniker of TinKode.
The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed.
The published data includes FTP accounts for a range of ESA subsites with passwords in clear text.
A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password.
The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to website user accounts.
The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords.
At the time of writing this article the www.esa.int website remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile websites, the latest of which was an SQL injection in MySQL.com.
Continued : http://news.softpedia.com/news/European-Space-Agency-Website-Hacked-195487.shtml
Also:
Royal Navy hacker claims to have broken into space agency site
European Space Agency plays down hack impact
The www.esa.int Web server was compromised by a well known Romanian grey hat hacker who uses the online moniker of TinKode.
The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed.
The published data includes FTP accounts for a range of ESA subsites with passwords in clear text.
A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password.
The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to website user accounts.
The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords.
At the time of writing this article the www.esa.int website remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile websites, the latest of which was an SQL injection in MySQL.com.
Continued : http://news.softpedia.com/news/European-Space-Agency-Website-Hacked-195487.shtml
Also:
Royal Navy hacker claims to have broken into space agency site
European Space Agency plays down hack impact
Reply 3 : NEWS - April 18, 2011
Graham Cluley @ Sophos' Naked Security Blog:
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences.
A frequent refrain from users who contact us is, 'Why doesn't Facebook do more to protect us?'
We have identified three simple steps you can take to better protect your users:
1) PRIVACY BY DEFAULT
No more sharing of information without your users' express agreement (OPT-IN). Whenever you add a new feature to share additional information about your users, you should not assume that they want this feature turned on.
2) VETTED APP DEVELOPERS
It is far too easy to become a developer on Facebook. With over one million app developers already registered on the Facebook platform, it is hardly surprising that your service is riddled with rogue applications and viral scams. Only vetted and approved third-party developers should be allowed to publish apps on your platform.
Continued : http://nakedsecurity.sophos.com/2011/04/18/facebook-open-letter/
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences.
A frequent refrain from users who contact us is, 'Why doesn't Facebook do more to protect us?'
We have identified three simple steps you can take to better protect your users:
1) PRIVACY BY DEFAULT
No more sharing of information without your users' express agreement (OPT-IN). Whenever you add a new feature to share additional information about your users, you should not assume that they want this feature turned on.
2) VETTED APP DEVELOPERS
It is far too easy to become a developer on Facebook. With over one million app developers already registered on the Facebook platform, it is hardly surprising that your service is riddled with rogue applications and viral scams. Only vetted and approved third-party developers should be allowed to publish apps on your platform.
Continued : http://nakedsecurity.sophos.com/2011/04/18/facebook-open-letter/
Reply 4 : NEWS - April 18, 2011
"Online dating site Match.com says it will begin screening U.S. users against a national sex offender registry."
Anyone who's used an online dating service has probably felt like they were being virtually "checked out," but Match.com is getting ready to take that to a whole new level. According to the Associated Press, the online dating service plans to begin screening its U.S. users against a national sex offender registry, after a California woman sued the company after saying someone she met through the service assaulted her. [Screenshot]
According to comments by Match.com spokesperson Matthew Traub, the company had been considering the screening option for some time, and is not a direct response to the new lawsuit against the company. The company says it had been considering the option for some time, and had only now decided to go ahead with it because of improvements to the database and accuracy of matching systems, although the screening will still be imperfect. The screening procedure will be implemented in the next two to three months.
Continued : http://www.digitaltrends.com/lifestyle/match-com-to-screen-for-sex-offenders/
Anyone who's used an online dating service has probably felt like they were being virtually "checked out," but Match.com is getting ready to take that to a whole new level. According to the Associated Press, the online dating service plans to begin screening its U.S. users against a national sex offender registry, after a California woman sued the company after saying someone she met through the service assaulted her. [Screenshot]
According to comments by Match.com spokesperson Matthew Traub, the company had been considering the screening option for some time, and is not a direct response to the new lawsuit against the company. The company says it had been considering the option for some time, and had only now decided to go ahead with it because of improvements to the database and accuracy of matching systems, although the screening will still be imperfect. The screening procedure will be implemented in the next two to three months.
Continued : http://www.digitaltrends.com/lifestyle/match-com-to-screen-for-sex-offenders/
Reply 5 : NEWS - April 18, 2011
After Android developer Justin Case reported on a Skype vulnerability for its mobile app, Skype's been vocal about its responsive actions towards addressing the security loophole. "We are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application," said Adrian Asher, Skype's chief information security officer. But as of late Sunday, the Skype Mobile app for Android had still received no updates, and the company offers few details on when users can expect a full resolution.
If you recall, Skype's "privacy vulnerability" granted unwarranted access to private user info, including their username, chat records and contacts. Asher goes on to say that users should "take care in selecting which applications to download and install" on their smartphones, giving consumers a boost of common sense, but also deflecting some of Skype Mobile's responsibility in this particular case. Chet Wisniewski, a researcher at security firm Sophos, deems it smarter for consumers to simply delete Skype from their phones.
Continued : http://www.androidapps.com/tech/articles/7619-skype-tells-android-users-to-be-wary-of-app-downloads-no-kidding
Related: Bug in Skype for Android Could Expose Your Personal Data
See Vulnerabilities & Fixes: Skype for Android Insecure File Permissions Weakness
If you recall, Skype's "privacy vulnerability" granted unwarranted access to private user info, including their username, chat records and contacts. Asher goes on to say that users should "take care in selecting which applications to download and install" on their smartphones, giving consumers a boost of common sense, but also deflecting some of Skype Mobile's responsibility in this particular case. Chet Wisniewski, a researcher at security firm Sophos, deems it smarter for consumers to simply delete Skype from their phones.
Continued : http://www.androidapps.com/tech/articles/7619-skype-tells-android-users-to-be-wary-of-app-downloads-no-kidding
Related: Bug in Skype for Android Could Expose Your Personal Data
See Vulnerabilities & Fixes: Skype for Android Insecure File Permissions Weakness
Reply 6 : NEWS - April 18, 2011
77% of 13-16 year olds and 38% of 9-12 year olds in the EU have a profile on a social networking site, according to a pan-European survey carried out for the European Commission. Yet, a quarter of children who use social networking sites like Facebook say their profile is set to "public" meaning that everyone can see it, and many of these display their address and/or phone number.
The figures highlight the importance of the European Commission's upcoming review of the implementation of the Safer Social Networking Principles for the EU. This agreement was brokered by the Commission in 2009 when major social networking companies agreed to implement measures to ensure the online safety of their under 18s users.
Neelie Kroes, Vice President of the European Commission for the Digital Agenda said: "Growing numbers of children are on social networking sites but many are not taking all necessary steps to protect themselves online. These children are placing themselves in harm's way, vulnerable to stalkers and groomers. All social networking companies should therefore immediately make minors' profiles accessible by default only to their approved list of contacts and out of search engines' reach. And those companies that have not yet signed up to the EU's Safer Networking Principles should do so without delay so as to ensure our children's safety."
Continued : http://www.net-security.org/secworld.php?id=10916
Complete Report: http://www2.lse.ac.uk/media@lse/research/EUKidsOnline/ShortSNS.pdf
The figures highlight the importance of the European Commission's upcoming review of the implementation of the Safer Social Networking Principles for the EU. This agreement was brokered by the Commission in 2009 when major social networking companies agreed to implement measures to ensure the online safety of their under 18s users.
Neelie Kroes, Vice President of the European Commission for the Digital Agenda said: "Growing numbers of children are on social networking sites but many are not taking all necessary steps to protect themselves online. These children are placing themselves in harm's way, vulnerable to stalkers and groomers. All social networking companies should therefore immediately make minors' profiles accessible by default only to their approved list of contacts and out of search engines' reach. And those companies that have not yet signed up to the EU's Safer Networking Principles should do so without delay so as to ensure our children's safety."
Continued : http://www.net-security.org/secworld.php?id=10916
Complete Report: http://www2.lse.ac.uk/media@lse/research/EUKidsOnline/ShortSNS.pdf
Reply 7 : NEWS - April 18, 2011
From TrendLabs Malware Blog:
Facebook has expanded their number of offered services for its numerous users, making the site so much more than a place for users to interact. It has been said in several instances that Facebook is bound to replace email as a means of communication, as it provides a more convenient way for users to send messages.
It is this convenience that was leveraged by cybercriminals in a recent spam run we've seen, offering users to download an application called Facebook Messenger to make it easier for them to access messages sent to their Facebook account.
[Figure 1: Fake Facebook Notification] - [Figure 2: Download Page for Facebook Messenger]
The downloaded file named FacebookMessengerSetup.exe, is malicious and detected as BKDR_QUEJOB.EVL" target="_blank" rel="nofollow">BKDR_QUEJOB.EVL.
BKDR_QUEJOB.EVL opens TCP Port 1098 to listen for commands sent by a malicious attacker. The nature of the commands may include updating the malicious file, downloading and executing other malicious files, and starting certain processes. Furthermore, it also queries the system for information such as installed antivirus products and OS version, and then sends the gathered information to a certain SMTP.
The attack starts with spammed messages that appear similar to a Facebook notification. The email message alerts the user of a message sent to their Facebook account, and tells the user to click a link to view the message. Once the user clicks the message, however, they will see a download page for an application called Facebook Messenger.
Continued : http://blog.trendmicro.com/facebook-events-credits-and-passwords-being-used-for-attacks/
Facebook has expanded their number of offered services for its numerous users, making the site so much more than a place for users to interact. It has been said in several instances that Facebook is bound to replace email as a means of communication, as it provides a more convenient way for users to send messages.
It is this convenience that was leveraged by cybercriminals in a recent spam run we've seen, offering users to download an application called Facebook Messenger to make it easier for them to access messages sent to their Facebook account.
[Figure 1: Fake Facebook Notification] - [Figure 2: Download Page for Facebook Messenger]
The downloaded file named FacebookMessengerSetup.exe, is malicious and detected as BKDR_QUEJOB.EVL" target="_blank" rel="nofollow">BKDR_QUEJOB.EVL.
BKDR_QUEJOB.EVL opens TCP Port 1098 to listen for commands sent by a malicious attacker. The nature of the commands may include updating the malicious file, downloading and executing other malicious files, and starting certain processes. Furthermore, it also queries the system for information such as installed antivirus products and OS version, and then sends the gathered information to a certain SMTP.
The attack starts with spammed messages that appear similar to a Facebook notification. The email message alerts the user of a message sent to their Facebook account, and tells the user to click a link to view the message. Once the user clicks the message, however, they will see a download page for an application called Facebook Messenger.
Continued : http://blog.trendmicro.com/facebook-events-credits-and-passwords-being-used-for-attacks/
Reply 8 : NEWS - April 18, 2011
A senior Iranian military official says experts have determined the United States and Israel were behind a mysterious computer worm known as Stuxnet that has harmed Iran's nuclear program.
Gholam Reza Jalali says investigations by Iranian experts show that Stuxnet originated from the U.S. state of Texas and Israel.
Jalali heads a military unit called Passive Defense that primarily deals with sabotage. His comments were reported Saturday by Iran's official IRNA news agency.
Iran has acknowledged Stuxnet hit a limited number of centrifuges at its main uranium enrichment facility, the centerpiece of its nuclear program.
The U.S. and its allies accuse Iran of seeking to develop nuclear weapons, a charge Iran denies.
http://news.yahoo.com/s/ap/20110416/ap_on_re_us/iran_nuclear_virus
Also: Iranian general accuses Siemens of helping U.S., Israel build Stuxnet
Gholam Reza Jalali says investigations by Iranian experts show that Stuxnet originated from the U.S. state of Texas and Israel.
Jalali heads a military unit called Passive Defense that primarily deals with sabotage. His comments were reported Saturday by Iran's official IRNA news agency.
Iran has acknowledged Stuxnet hit a limited number of centrifuges at its main uranium enrichment facility, the centerpiece of its nuclear program.
The U.S. and its allies accuse Iran of seeking to develop nuclear weapons, a charge Iran denies.
http://news.yahoo.com/s/ap/20110416/ap_on_re_us/iran_nuclear_virus
Also: Iranian general accuses Siemens of helping U.S., Israel build Stuxnet
Reply 9 : NEWS - April 18, 2011
Yahoo on Friday reversed course on its data retention plans, and said it will hold on to user data for 18 months rather than three months.
Citing a changing "competitive landscape," Yahoo said that starting in July, it will wait an additional 15 months to anonymize raw search data.
"We will be closely examining what the right policy and time frame should be for other log file data," Anne Toth, Yahoo's chief trust officer, wrote in a blog post. "In announcing this change, we have gone back to the drawing board to ensure that our policies will support the innovative products we want to deliver for our consumers."
These raw search logs can include information like IP addresses, Internet provider, or Web sites visited. After a certain amount of time, companies "anonymize" this data and delete things like IP address or other IDs associated with the query.
There have been concerns from privacy groups as to how this data is used. In August 2008 Congress got involved and asked providers like Verizon, AT&T, Time Warner, Comcast, Microsoft, Yahoo, and Google to provide information about how they collect and store information about Web users' Internet activity; a request with which they complied.
Continued : http://www.pcmag.com/article2/0,2817,2383711,00.asp
Citing a changing "competitive landscape," Yahoo said that starting in July, it will wait an additional 15 months to anonymize raw search data.
"We will be closely examining what the right policy and time frame should be for other log file data," Anne Toth, Yahoo's chief trust officer, wrote in a blog post. "In announcing this change, we have gone back to the drawing board to ensure that our policies will support the innovative products we want to deliver for our consumers."
These raw search logs can include information like IP addresses, Internet provider, or Web sites visited. After a certain amount of time, companies "anonymize" this data and delete things like IP address or other IDs associated with the query.
There have been concerns from privacy groups as to how this data is used. In August 2008 Congress got involved and asked providers like Verizon, AT&T, Time Warner, Comcast, Microsoft, Yahoo, and Google to provide information about how they collect and store information about Web users' Internet activity; a request with which they complied.
Continued : http://www.pcmag.com/article2/0,2817,2383711,00.asp
Reply 10 : NEWS - April 18, 2011
Four months after a security researcher identified educational Websites that have been hijacked to redirect users to fake online stores, many of them remain unfixed.
Education and government Websites continue to redirect users to malicious Websites months after the hijacked pages were flagged in a report. Major search engines also continue to rank those pages high on search results pages.
A Zscaler researcher identified numerous hijacked domains belonging to government organizations and educational institutions in a report in January. A quick check of those domains revealed that some of them still redirect users to fake online stores selling discounted Microsoft, Adobe and Apple software, Julien Sobrier wrote on the Zscaler blog on April 13.
While "most of the domains" were cleaned up pretty quickly, Sobrier found that at least 68 domains from that initial list were still going to the same fake sites. The hijacked domains include major universities such as Harvard, Berkeley, Oklahoma State, Brown, Arizona State, Clemson, and Purdue. The Australian government's site at brokenhill.ses.nsw.gov.au was also compromised, according to Sobrier.
Continued : http://www.eweek.com/c/a/Security/University-Websites-Still-Redirecting-Users-to-Fake-Software-Sites-272259/
Education and government Websites continue to redirect users to malicious Websites months after the hijacked pages were flagged in a report. Major search engines also continue to rank those pages high on search results pages.
A Zscaler researcher identified numerous hijacked domains belonging to government organizations and educational institutions in a report in January. A quick check of those domains revealed that some of them still redirect users to fake online stores selling discounted Microsoft, Adobe and Apple software, Julien Sobrier wrote on the Zscaler blog on April 13.
While "most of the domains" were cleaned up pretty quickly, Sobrier found that at least 68 domains from that initial list were still going to the same fake sites. The hijacked domains include major universities such as Harvard, Berkeley, Oklahoma State, Brown, Arizona State, Clemson, and Purdue. The Australian government's site at brokenhill.ses.nsw.gov.au was also compromised, according to Sobrier.
Continued : http://www.eweek.com/c/a/Security/University-Websites-Still-Redirecting-Users-to-Fake-Software-Sites-272259/
Reply 11 : NEWS - April 18, 2011
.. precedent
The Department of Justice has killed the Coreflood botnet. Using the courts, they replaced the command center of the botnet itself, and told the drones to halt operations. They did this with nothing more than a Temporary Restraining Order (TRO), some research skill, and a single command. So what does this mean for the typical citizen and cyber investigations? Did the FBI go too far?
By now, considering the extensive hype, most of the technical world knows of the FBI's success. For those only vaguely aware of the story, it starts with one of the oldest botnets in existence, Coreflood. The Coreflood botnet started out as a proxy service and DDoS-for-hire operation. In the mid-2000's, it moved on to financial crime, hijacking the usernames and passwords of bank accounts entered via compromised systems.
Like other Malware that steals financial information, Coreflood captured all the information needed to allow someone to access your online banking application and siphon money. Coreflood has been found in systems on college campuses, law firms, defense contractors, and small businesses. No one knows the exact total when it comes to money lost due to Coreflood, but the Malware infected millions of systems globally, so the financial impact is nothing to undersell.
Continued : http://www.thetechherald.com/article.php/201116/7073/Coreflood-Botnet-takedown-introduces-a-potentially-risky-precedent
The Department of Justice has killed the Coreflood botnet. Using the courts, they replaced the command center of the botnet itself, and told the drones to halt operations. They did this with nothing more than a Temporary Restraining Order (TRO), some research skill, and a single command. So what does this mean for the typical citizen and cyber investigations? Did the FBI go too far?
By now, considering the extensive hype, most of the technical world knows of the FBI's success. For those only vaguely aware of the story, it starts with one of the oldest botnets in existence, Coreflood. The Coreflood botnet started out as a proxy service and DDoS-for-hire operation. In the mid-2000's, it moved on to financial crime, hijacking the usernames and passwords of bank accounts entered via compromised systems.
Like other Malware that steals financial information, Coreflood captured all the information needed to allow someone to access your online banking application and siphon money. Coreflood has been found in systems on college campuses, law firms, defense contractors, and small businesses. No one knows the exact total when it comes to money lost due to Coreflood, but the Malware infected millions of systems globally, so the financial impact is nothing to undersell.
Continued : http://www.thetechherald.com/article.php/201116/7073/Coreflood-Botnet-takedown-introduces-a-potentially-risky-precedent
No comments:
Post a Comment