Archive for the ‘Biz & IT’ Category

Bug in French government’s WhatsApp replacement let anyone join Élysée chats

April 22nd, 2019
Rows of people in uniform march into a palace.

Enlarge / Around the same time French President was greeting firefighters who saved Notre Dame Cathedral from fire, a security researcher was burning a new "secure" chat application for French government officials intended to keep them off WhatsApp and Telegram. (credit: Christian Böhmer/picture alliance via Getty Images)

On April 17, the French government introduced an Android application meant to be used by government employees as an internal secure channel for communications. Called Tchap, it was touted as a replacement for WhatsApp and Telegram, providing (in theory) both group and private messaging channels to which only people with government email addresses could join.

Tchap is not intended to be a classified communications system—it runs on regular Android phones and uses the public Internet. But as the DINSIC, the French inter-ministry directorate for information systems that runs Tchap put it, Tchap "is an instant messenger allowing government employees to exchange real-time information on everyday professional issues, ensuring that the conversations remain hosted on the national territory." In other words, it's to keep official government business off of Facebook's and Telegram's servers outside France.

Based on the Riot.im chat application from the open source project Matrix, Tchap is officially still in "beta," according to DINSIC. And that beta test is getting off to a rough start. Within two days, French security researcher Baptiste Robert—who goes by the Twitter handle @fs0c131y (aka Elliot Alderson)—had tapped into Tchap and subsequently viewed all of the internal "public" discussion channels hosted by the service.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, Elysée, Emmanuel Macron, France, French, French Government, Macron | Comments (0)

Loose online lips sink hack targeting governments and embassies

April 22nd, 2019
The word

Enlarge (credit: Frank Lindecke / Flickr)

Security researchers gave mixed grades to a recently discovered hacking campaign targeting government finance authorities and embassies. On the one hand, the attacks used carefully crafted decoy documents to trick carefully selected targets into installing malware that could gain full control of computers. On the other, a developer involved in the operation sometimes discussed the work in public forums.

The campaign has been active since at least 2018 when it sent Excel documents claiming to contain top-secret US data to people inside governments and embassies in Europe, security firm Check Point reported in a post published Monday. Macros in the documents would send a screenshot and user details of the target’s PC to a control server and then install a malicious version of TeamViewer that claimed to offer additional functionality. The trojan would then gain complete control over the infected computer.

A poorly secured control server allowed Check Point researchers to periodically see screenshots that were uploaded from infected computers, at least until the server was locked down. Most of the targets had a connection to public finance and government officials from revenue authorities. Using the intercepted images and telemetry data, Check Point researchers compiled a partial list of countries where targets were located. It included:

Read 5 remaining paragraphs | Comments

Posted in Biz & IT | Comments (0)

Millimeter-wave 5G will never scale beyond dense urban areas, T-Mobile says

April 22nd, 2019
T-Mobile CTO Neville Ray stands in front of a backdrop that says,

Enlarge / T-Mobile CTO Neville Ray. (credit: T-Mobile)

5G mobile networks have started arriving but only in very limited areas and amidst misleading claims by wireless carriers.

While all four major nationwide carriers in the United States have overhyped 5G to varying degrees, T-Mobile today made a notable admission about 5G's key limitation. T-Mobile Chief Technology Officer Neville Ray wrote in a blog post that millimeter-wave spectrum used for 5G "will never materially scale beyond small pockets of 5G hotspots in dense urban environments." That would seem to rule out the possibility of 5G's fastest speeds reaching rural areas or perhaps even suburbs.

Ray made his point with this GIF, apparently showing that millimeter-wave frequencies are immediately blocked by a door closing halfway while the lower 600MHz signal is unaffected:

Read 17 remaining paragraphs | Comments

Posted in 5G, Biz & IT, t-mobile | Comments (0)

Charter avoids getting kicked out of New York, agrees to new merger conditions

April 22nd, 2019
A Charter Spectrum service vehicle.

Enlarge / A Charter Spectrum vehicle. (credit: Charter)

Charter Communications won't be kicked out of New York after all.

Nine months after a New York government agency ordered Charter to leave the state over its alleged failure to comply with merger conditions, state officials have announced a settlement that will let Charter stay in New York in exchange for further broadband expansions. The settlement will enforce a new version of the original merger conditions and require a $12 million payment, about half of which could help other ISPs deploy broadband.

The State Public Service Commission (PSC) had voted in July 2018 to revoke its approval of Charter's 2016 purchase of Time Warner Cable (TWC), saying Charter failed to meet interim deadlines for broadband-expansion requirements. The order, which came just a month after a $2 million fine, would have required Charter to sell the TWC system to another provider. But the PSC never enforced the merger revocation order as it repeatedly granted deadline extensions to Charter while the sides held settlement talks.

Read 17 remaining paragraphs | Comments

Posted in Biz & IT, broadband, Charter, new york, Policy | Comments (0)

Ars asks: What’s stopping your workplace from adopting newer technology?

April 22nd, 2019
Artist's impression of some fancy tech that you probably can't have because the company that makes it isn't on your company's list of approved vendors.

Enlarge / Artist's impression of some fancy tech that you probably can't have because the company that makes it isn't on your company's list of approved vendors. (credit: Caiaimage / Robert Daly / Getty)

One of the things I enjoy most about writing for Ars is the opportunity to interact with such an enormous pool of brilliant IT folks. The Ars readership is overflowing with that most valuable of demographics: the proverbial "IT decision maker," or just "ITDM." From the sysadmin trenches to the C-suite, you guys do it all—not just turning the wrenches that keep business operational, but deciding which wrenches to buy, too.

But even while so many of us work at businesses whose products shape the future, as ITDMs we also often find ourselves faced with a tremendous number of obstacles when it comes to modernizing our own business tech and processes. You all know the drill, because you've all been through it—a new vendor shows up with a product that seems like it would solve so many of your problems, and you're interested in evaluating it, but the solution they're pitching gets shot down by a steering committee or design review board because it might require some unforecasted expense to conduct a mandatory IT security audit of the thing. Or because the head of the steering committee once had a bad experience with that vendor three jobs ago. Or simply because it's different, and here at $COMPANY, we do things a certain way.

Or perhaps you work in a large company with a tremendous amount of "IT inertia," and change happens as slowly as steering the Titanic. Maybe your company sees current and future IT trends like "edge computing" or the "hybrid cloud" not as desirable directions but as enormous security and regulatory nightmares waiting to be unleashed. Maybe you work in an industry with iron-clad change control requirements; maybe you're at a Fortune 100 company that is just now starting to consider alternatives to the traditional "datacenter full of servers and SANs" architecture.

Read 5 remaining paragraphs | Comments

Posted in ars asks, Biz & IT, business technology, Compliance, future technology, futures, regulations, survey | Comments (0)

A mystery agent is doxing Iran’s hackers and dumping their code

April 21st, 2019
Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

Nearly three years after the mysterious group called the Shadow Brokers began disemboweling the NSA's hackers and leaking their hacking tools onto the open Web, Iran's hackers are getting their own taste of that unnerving experience. For the last month, a mystery person or group has been targeting a top Iranian hacker team, dumping its secret data, tools, and even identities onto a public Telegram channel—and the leak shows no signs of stopping.

Since March 25, a Telegram channel called Read My Lips or Lab Dookhtegan—which translates from Farsi as "sewn lips"—has been systematically spilling the secrets of a hacker group known as APT34 or OilRig, which researchers have long believed to be working in service of the Iranian government. So far, the leaker or leakers have published a collection of the hackers' tools, evidence of their intrusion points for 66 victim organizations across the world, the IP addresses of servers used by Iranian intelligence, and even the identities and photographs of alleged hackers working with the OilRig group.

"We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran's neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks," read the original message posted to Telegram by the hackers in late March. "We hope that other Iranian citizens will act for exposing this regime's real ugly face!"

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, hacking, Iran | Comments (0)

Marcus Hutchins, slayer of WannaCry worm, pleads guilty to malware charges

April 19th, 2019
Then-23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges.

Enlarge / Then-23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges. (credit: Chris Ratcliffe/Bloomberg via Getty Images)

Marcus Hutchins, the security researcher who helped neutralize the virulent WannaCry ransomware worm, has pleaded guilty to federal charges of creating and distributing malware used to break into online bank accounts.

“I regret these actions and accept full responsibility for my mistakes,” Hutchins wrote in a short post. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins was changed in August 2017 with creating Kronos, a banking trojan that stole online bank account passwords from infected computers. A superseding indictment filed 10 months later charged him with 10 felony counts that alleged he created a second piece of malware called UPAS Kit. Hutchins, whose online persona MalwareTech attracts more than 143,000 followers on Twitter, had a league of vocal defenders claiming the allegations were false.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, Kronos, MalwareTech, Marcus Hutchins, WannaCry | Comments (0)

Unexpected security feature in Microsoft Edge could allow for file theft

April 19th, 2019
Unexpected security feature in Microsoft Edge could allow for file theft

Enlarge (credit: Brian Smithson / Flickr)

A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser.

The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file downloaded with Internet Explorer, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It’s no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.)

Below this paragraph in Page's post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer's system.ini file to a remote server. Interestingly, while Page's post says his exploit is triggered when the malicious file is downloaded by IE, and makes no mention of Edge at all, the video shows the file being downloaded with the newer Microsoft browser.

Read 15 remaining paragraphs | Comments

Posted in Biz & IT, EDGE, exploits, Internet Explorer, vulnerabilities, Windows | Comments (0)

In new gaffe, Facebook improperly collects email contacts for 1.5 million

April 18th, 2019
In new gaffe, Facebook improperly collects email contacts for 1.5 million

Enlarge (credit: Getty Images)

Facebook's privacy gaffes keep coming. On Wednesday, the social media company said it collected the stored email address lists of as many as 1.5 million users without permission. On Thursday, the company said the number of Instagram users affected by a previously reported password storage error was in the "millions," not the "tens of thousands" as previously estimated.

Facebook said the email contact collection was the result of a highly flawed verification technique that instructed some users to supply the password for the email address associated with their account if they wanted to continue using Facebook. Security experts almost unanimously criticized the practice, and Facebook dropped it as soon as it was reported.

In a statement issued to reporters, Facebook wrote:

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, email, Facebook, passwords, Privacy | Comments (0)

The wave of domain hijackings besetting the Internet is worse than we thought

April 17th, 2019
Artist's impression of state-sponsored "Sea Turtle" hacking campaign.

Enlarge / Artist's impression of state-sponsored "Sea Turtle" hacking campaign. (credit: Chunumunu / Getty Images)

The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation.

The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was targeted in an attempt to re-establish access to Netnod infrastructure.

Reverse DNS records show that in late March nsd.cafax.com resolved to a malicious IP address controlled by the attackers. NSD is often used to abbreviate name server demon, an open-source app for managing DNS servers. It looks unlikely that the attackers succeeded in actually compromising Cafax, although it wasn't possible to rule out the possibility.

Read 22 remaining paragraphs | Comments

Posted in Biz & IT, DNS hijacking, domain name system, exploits, Policy, vulnerabilities | Comments (0)