Archive for the ‘backdoors’ Category

Crypto flaw made it easy for attackers to snoop on Juniper customers

July 14th, 2016

(credit: John Palmer)

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.

In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder.

"When a peer device presents a self-signed certificate as its end entity certificate with its issuer name matching one of the valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate is treated as valid," Wednesday's advisory stated. "This may allow an attacker to generate a specially crafted self-signed certificate and bypass certificate validation."

Read 6 remaining paragraphs | Comments

Posted in Uncategorized | Comments (0)

Malicious Pokémon Go App Installs Backdoor on Android Devices

July 11th, 2016
Researchers are warning would-be Pokémon Trainers that a malicious, backdoored version of the massively popular game Pokémon Go could be making the rounds soon.

Posted in Uncategorized | Comments (0)

After hiatus, in-the-wild Mac backdoors are suddenly back

July 6th, 2016

After a taking hiatus, Mac malware is suddenly back, with three newly discovered strains that have access to Web cameras, password keychains, and pretty much every other resource on an infected machine.

The first one, dubbed Eleanor by researchers at antivirus provider Bitdefender, is hidden inside EasyDoc Converter, a malicious app that is, or at least was, available on a software download site called MacUpdate. When double clicked, EasyDoc silently installs a backdoor that provides remote access to a Mac's file system and webcam, making it possible for attackers to download files, install new apps, and watch users who are in front of an infected machine. Eleanor communicates with control servers over the Tor anonymity service to prevent them from being taken down or being used to identify the attackers.

"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," Tiberius Axinte, technical leader of the Bitdefender Antimalware Lab, said in a blog post published Wednesday. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices."

Read 9 remaining paragraphs | Comments

Posted in Uncategorized | Comments (0)

Mark Zuckerberg is paranoid about webcam spies – for good reason

June 22nd, 2016
Zuckerberg's a taper! FBI Director James Comey's a taper! We want to make you a taper, too!

Posted in Uncategorized | Comments (0)

Judge dismisses police attempt to get Lauri Love’s encryption keys

May 11th, 2016
The Police have failed in their second attempt to get hacktivist Lauri Love to hand over encryption keys for six devices seized in 2013.

Posted in Uncategorized | Comments (0)

Apple says Feds haven’t proved they need its help unlocking iPhones

April 19th, 2016
The government's "utterly failed" to prove it needs such unusual technical support, Apple said in a Brooklyn court filing.

Posted in Uncategorized | Comments (0)

3.2 Million Servers Vulnerable to JBoss Attack

April 18th, 2016
Cisco Talos said that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks.

Posted in Uncategorized | Comments (0)

Why Silicon Valley is worried about the new Senate encryption bill

April 15th, 2016
The bill could put tech companies in a bind, essentially asking them to protect consumers' data with encryption but break that encryption on demand.

Posted in Uncategorized | Comments (0)

Why the FBI director puts tape over his webcam – and you should too

April 12th, 2016
The FBI director admitted last week that he covers his laptop's webcam with tape because "I saw somebody smarter than I am had a piece of tape over their camera"

Posted in Uncategorized | Comments (0)

Apple won’t demand to learn how FBI cracked terror suspect’s phone

April 8th, 2016

(credit: Ruben Molina)

Apple said Friday that it won't go to court to demand the Federal Bureau of Investigation to inform the gadget maker how the feds broke into the phone of Syed Farook, who along with his wife killed 14 people in a San Bernardino County office building in December.

An Apple attorney, who asked that he not be identified by name, told reporters in a conference call that Apple did not know how the authorities unlocked the 5C running iOS 9. The Apple attorney asked that he be paraphrased and not quoted directly, but he suspected that the hack won't last long as Apple continues to fortify its security.

Apple said it was unclear whether the FBI employed a software or hardware hack, and the company did not understand why it would only work on a 5C, as the government said. The Apple lawyer said the government has not come forward to Apple to explain the workaround.

Read 3 remaining paragraphs | Comments

Posted in Uncategorized | Comments (0)