Fighting all the things that threaten privacy, security and our Internet
See all
Members (3,136)
Darren Kitchen's profile photo
Robb Dunphy's profile photo
Shannon Morse's profile photo
Adam Compton's profile photo
! 'DEUTSCHLAND 'GOOGLE !'s profile photo
Adam Goddard's profile photo
100001091057100001 1's profile photo
Adam Pratt's profile photo
AC Perdon's profile photo
AJ W (IronHead)'s profile photo
ALW ALW's profile photo
Aaron Wookey's profile photo
Aaron Bay's profile photo
Adam Pryke's profile photo
Adam Goddard's profile photo
Abdushakur Arina Jamwa's profile photo
Aaron King's profile photo
Aaron Steger's profile photo
Adam May's profile photo
Aaron Sparling's profile photo
Aaron Muccino (PrescRx)'s profile photo
Aaron Ogle's profile photo
Adam Boss's profile photo
AdDwishBader Faisal's profile photo

Stream

Join this community to post or comment

rami ram

Free and Open Internet  - 
 
A bipartisan bill introduced in Congress Tuesday would end government spying on ordinary Americans by repealing the Patriot Act as advocates rush to reauthorize the law's most controversial provisions before a June deadline. The Surveillance State...
4
Chris Stith's profile photo
 
Well, it would remove some of the authorization for the spying. We'd have to get that mythical open administration in place to be sure the actual spying stopped.
Add a comment...

rami ram

Discussion  - 
 
Global technology giants like Google and Microsoft have teamed up with civil liberties groups to get Congress to change the country’s spying laws.
1
Add a comment...

rami ram

Privacy  - 
 
Despite being the most widely used authentication system of the digital world, Password based authentication have their own set of issues and challenges. Whether it be the compromised security situation due to leakage and brute-forcing of passwords or be it the inconvenience of memorizing passwords and the hassle to input them every time for access. Microsoft has tried to tackle the issue in Windows 8 by using Picture Login Feature, their are als...
1
Add a comment...
 
New Cryptolocker variant targets gamers - encrypts game files

Remember Cryptolocker, that nasty little program that encrypts your files and then demands expensive bitcoins for your files' decryption? While it is still making the rounds on the internet, a new version of the malware has surfaced, and it is reportedly targeting gamers.
According to a report by Bromium Labs, the new variant of the Cryptolocker ransomware, which goes by the name TeslaCrypt, aims to extort money from gamers by making them pay to unlock game files which they already own. The malware apparently impacts data files of over 20 games, and is distributed through a drive-by download attack from a website which then redirects an unknowing user to the Angler exploit kit by utilizing a Flash clip. The compromised website is purportedly running under WordPress, where a malware attack has also been hosted before. 

The malware targets 185 file extensions, and encrypts game saves, maps, mods, replays, and other user-generated game content, which cannot be retrieved if a game is reinstalled. The list of games that are affected by the malware program includes Call of Duty, StarCraft, Diablo, Fallout, Minecraft, Assassin's Creed, Half Life 2, and Bioshock 2, among others. Digital game distribution platform Steam is allegedly targeted, as well as game development software such as RPG Maker, Unity3D, and Unreal Engine.
1
1
Fervent Dissent's profile photo
Add a comment...

rami ram

Privacy  - 
 
National Security Agency whistleblower Edward Snowden spent the weekend popping up at tech conferences across the globe, accusing governments of falsely equating terrorism with mass surveillance and c
4
Add a comment...

rami ram

Privacy  - 
 
A group of Canadian researchers and journalists have built the world’s first fully-indexed online archive of Edward Snowden’s leaked NSA surveillance documents.
8
2
Jose Villasenor's profile photoRyan Gibson's profile photo
Add a comment...

rami ram

Security  - 
 
There's bad news for any Windows users who were thinking that the recently-announced FREAK vulnerability wasn't something they had to worry about
5
2
Den Zuk's profile photoRoberto Perdomo's profile photo
Add a comment...
1
Add a comment...

rami ram

Security  - 
 
Freak new Vulnerability in SSL and TLS protocols

Freak is a vulnerability or a new vulnerability is found in the SSL and TLS protocols. that which when successfully exploited this vulnerability allows a hacker to intercept and decrypt communications between visitors and web server. it is certainly the potential for hackers to obtain sensitive information from the victim.

Freak which stands for Attack on RSA Factoring-Export Key. security researchers explain how when someone who is visiting several sites popular sites are vulnerable, apparently forcing the user's browser to use encryption lower and make the users become involved vulnerable

Freak itself originally a results of some security experts. and they estimate less than 10% of 1 million servers listed in alexa, declared safe and free from the threat of the vulnerability. which means almost 90% of web sites in the world otherwise prone to this Freak.

Man in the Middle
Simply put Freak This is an attack that could be done by someone who called Man in the Middle is a person who can intercept and divert network traffic between users and servers. and forced to use Encryption "Export Grade", which is a form of encryption that is very weak and is still used today.

Encryption Export Grade itself originally appeared after the policy of the US government in 1990, which requires the use of cryptographic software to export using 512bit encryption or less. despite 512bit encryption has considered unsafe and other emerging new policy, this type of encryption is used in SSL / TLS. whereas for the moment only actually existing 2048bit encryption is considered much safer.

The iPhone and Android Affected risk of this vulnerability.
Shocking truth is, for the Android and iPhone users around the world at risk of this vulnerability. and after hearing these vulnerabilities, either from google Iphone also promised to fix these vulnerabilities.

As stated by Apple spokesman Ryan James who said that Apple is working to develop the latest patch to counteract these vulnerabilities in their browser is Safari. and the patch is expected to be released next week.

Other case with Google android owner, although the google through a spokeswoman Liz Markman promised to soon release a new patch. but not explained when terbru patch will be released. and in addition, Google also said it will not release the latest patch for android users jellybeans down. whereas there are about 1 billion android users are still using jelly beans.
1
Add a comment...

About this community

Threat Wire by Hak5 is a YouTube show covering the security and privacy issues threatening our Internet. From breaches and policies to social networks and censorship, Threat Wire takes the practical and tinfoil hat angles to dispel fear, uncertainty and doubt.

rami ram

Security  - 
 
Exploits pluck passwords and other sensitive data out of encrypted data streams.
1
Add a comment...

rami ram

Security  - 
 
Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide

Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network.

The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis (PDF) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence.

Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks.

HOW VAWTRAK SPREADS ?
AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to steal a wide range of victims’ login credentials.

 The Vawtrak Banking Trojan spreads by using one of the three ways:

    Drive-by download – spam email attachments or links to compromised sites
    Malware downloader – like Zemot or Chaintor
    Exploit kit – like as Angler Exploit Kit

 LATEST FEATURES
According to the researcher, Vawtrak is using the Tor2Web proxy to receive updates from its developers.

    "Of particular interest from a security standpoint is that by using Tor2web proxy, it can access update servers that are hosted on the Tor hidden web services without installing specialist software such as Torbrowser," Kroustek says. "Moreover, the communication with the remote server is done over SSL, which adds further encryption."

The latest Vawtrak sample uses steganography to hide update files within favicons in order to conceal the malicious downloads. Favicons are the small images used by the websites to add icon to website bookmarks and browser tabs.

Once executed in the victim’s machine, Vawtrak performs the following actions:

    Disables antivirus protection.
    Inject custom code in a user-displayed web pages (this is mostly related to online banking)
    Steals passwords, digital certificates, browser history, and cookies.
    Surveillance of the victim (key logging, taking screenshots, capturing video)
    Creates a remote access to a user’s machine (VNC, SOCKS)
    Automatic updating.

Vawtrak supports three major browsers to operate in – Internet Explorer, Firefox, and Chrome. It also supports password stealing from the other browsers.

AFFECTED COUNTRIES
Based on their statistics, Vawktrak is infecting banking, gaming and social network users mainly across the countries including United Kingdom, the United States, and Germany. Although, users in Australia, New Zealand, and across Europe are also affected.

AVG concluded following their analysis of the malware that "Vawtrak is like a Swiss Army knife for its operators because of its wide range of applications and available features."
1
Add a comment...

rami ram

Privacy  - 
 
Former U.S. intelligence analyst Edward Snowden has accused the U.S. National Security Agency of routinely passing private, unedited communications of Americans to Israel, an expert on the intelligence agency said Wednesday.
4
1
Robb Dunphy's profile photoAlan Hacker's profile photo
 
This is hardly surprising to be honest considering the US and Israels relationship.
Add a comment...

rami ram

Privacy  - 
 
Android IMSI-Catcher Detector. Build Status Development Status GooglePlay CoverityScan. Android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Feel free to read the Press Releases about us, spread the word with our Media Material and help us solving ...
6
4
Joshua Loscar's profile photoDean Ayres's profile photo
Add a comment...

rami ram

Discussion  - 
 
For the remaining folks that haven't given up on Yahoo!'s email, news from SxSW may be a vindication of sorts. Thumbing its nose at the NSA, Yahoo! has released the end-to-end email encryption source to be used in its new browser plugin.
10
2
Ryan Gibson's profile photoShawn S's profile photo
Add a comment...
 
n00bs CTF Labs by Infosec Institute - 15 mini challenges that have bounties for hackers out there
n00bs CTF (Capture the Flag) Labs is a web application presented by Infosec Institute. It has 15 mini Capture the Flag challenges intended for beginners an
2
Add a comment...

rami ram

Security  - 
 
Documents leaked by Edward Snowden detail how the CIA repeatedly tried to crack the security in Mac OS X and iOS applications.
4
Add a comment...

rami ram

Security  - 
 
SMACK: State Machine AttaCKs. Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes and key exchange methods, where each combination may prescribe a different message sequence between the client and the ...
1
Add a comment...
 
Angler Exploit Kit Uses Domain Shadowing technique to Evade Detection

Wednesday, March 04, 2015 Swati KhandelwalThe world’s infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit, with a host of exploits including zero-days and a new technique added to it.Angler Exploit Kit's newest technique is dubbed "Domain Shadowing" which is considered to be the next evolution of online crime. Domain Shadowing, first appeared in 2011, is the process of using users domain registration logins to create subdomains.WHAT IS DOMAIN SHADOWING ?With the help of Domain Shadowingtechnique used in a recent Angler campaign, attackers are stealing domain registrant credentials to create tens of thousands of sub-domains that are used in hit-and-run style attacks in order to either redirect victims to the attack sites, or serve them malicious payloads.Security researcher Nick Biasini of Cisco’s Talos intelligence team analysed the campaign and said the "massive" and ongoing Angler campaign targeting Adobe Flash and Microsoft Silverlight vulnerabilities dramatically shooted up in the past three months."Domain shadowing using compromised registrant credentials is the most effective, difficult to stop, technique that threat actors have used to date. The accounts are largely random so there is no way to track which domains will be used next," said Nick Biasini."Additionally, the subdomains are very high volume, short lived, and random, with no discernible patterns. This makes blocking increasingly difficult. Finally, it has also hindered research. It has become progressively more difficult to get active samples from an exploit kit landing page that is active for less than an hour. This helps increase the attack window for threat actors since researchers have to increase the level of effort to gather and analyze the samples."HOW HACKERS MADE IT ?In the recent campaign, the cyber criminals are taking advantage of the fact that most of the domain owners do not regularly monitor their domain registrant accounts, which are typically compromised through phishing attacks. This leverages attackers to create a seemingly endless supply of sub-domains to be used in further attacks.A new technique called Fast Flux allows hackers to change the IP address associated with a domain to evade detection and blacklisting techniques. Unlike Domain Shadowing which rotates sub-domains associated with a single domain or small group of IP addresses, Fast Flux rapidly rotates a single domain or DNS entry to a large list of IP addresses.GODADDY ACCOUNTS AT RISKCisco has found up to 10,000 malicious sub-domains on accounts — most of them linked to GoDaddy customers, although the security researchers noted that this was not the result of any data breach, but this is because the GoDaddy controls a third of domains on the Internet.ATTACK VECTORThere are multiple tiers to the attack, with different malicious subdomains being created for different stages listed below:Users are served malicious advertisements on the web browser.The malicious ad redirects the user to the first tier of subdomains known as "gate".First tier is responsible for the redirection of victims to a landing page that hosts the Angler Exploit Kit serving an Adobe Flash or Microsoft Silverlight exploit.This final page is being rotated heavily and sometimes, those pages are active only for a matter of minutes."The same IP is utilized across multiple subdomains for a single domain and multiple domains from a single domain account," Biasini wrote. "There are also multiple accounts with subdomains pointed to the same IP. The addresses are being rotated periodically with new addresses being used regularly. Currently more than 75 unique IPs have been seen utilizing malicious subdomains."With numerous of evasion techniques, zero-day exploits and high level of sophistication, Angler Exploit Kit has elevated as the more formidable hacker toolkits available in the market.The previous best-selling exploit kit known as BlackHole was known to be the dangerous toolkit, but last year after thearrest of 'Paunch', the mastermind behind infamous BlackHole exploit kit, the exploit kit disappeared from the market.
1
Add a comment...