Microsoft released a security alert and patch due to the disturbing news that the hugely complex Flame malware has spoofed MS-signed certificates, potentially making Microsoft Update a malware delivery mechanism. Yikes and double yikes.
In what security researcher Mikko Hypponen calls the “Holy Grail” of malware writers, the massive and complex Flame malware, linked to state-sponsored espionage and information-gathering, has managed to spoof Microsoft-signed digital certificates, creating the potential for man-in-the-middle attacks on the Microsoft Update system.
Clearly, as Hypponen points out, successfully exploiting this vast delivery mechanism for malware could be disastrous. If the Flame module successfully performs a man-in-the-middle attack, it drops a file called WUSETUPV.EXE on to the target computer. As of now, however, Hypponen says, “…It has not been used in large-scale attacks. Most likely this function was used to spread further inside an organization or to drop the initial infection on a specific system.”
Microsoft’s warning and patch are located on its support page. The full Technet Security Advisory is linked here:
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)
The investigation into the incident is ongoing, but the main takeaway for now is to patch immediately!
Hacking social media accounts is becoming prominent nowadays. A lot of accounts are being compromised by cyber criminals that can ruin your reputation or your privacy. In this post I will outline some ways on how you can secure your online accounts.
1. Generate strong passwords. It is recommended that a strong password consist of a mixture of lower and uppercase letters, and numbers. You should not used default names such as admin, your birthday, name of someone you love. Do not create passwords that even your friends are familiar with.
2. Sign-out if you are in a public computer. If you forgot to sign-out your account in an Internet shop, the next computer user can use your account. Although the password may not be changed but the person can post on your update status or access your private photos.
Turn off the remember your passwords when in public computer or just say NO if it ask you to remember the password. To turn this “AutoComplete'” feature in your browser. (In IE: Tools >Internet Options >Content tab >AutoComplete button – uncheck “usernames and passwords on forms;” clear passwords.)
Clear out the browser’s history so as to prevent the next customer in seeing the pages you recently visited.
3. Avoid using the same password for your other online accounts, such as email, bank, or social networking accounts. Since these accounts are inter-linked to each other, it is a precautionary measure to have separate passwords for each. If one account is compromise, the other accounts cannot be easily hack.
4. Do not reply to emails asking you to change your password. I used to received emails supposedly from hotmail asking me to change my password. However after checking the email header and the anchor link, it shows that source of the email came from an untrusted source. Rule of thumb, if you do not asked to change password then don’t entertain untrusted emails.
5. Update your antispyware software. Keyloggers is a type of malware that can send your data over the Internet . Updating your antivirus software can prevent your computer from being infected. A free antispyware can be downloaded here.
Privacy and securiy is a major issue in our Internet life. Following the initial steps above can help users in protecting their accounts from being compromised.
Megaupload founder Kim Dotcom is demanding access to 135 computers and hard drives that were seized from his home in January, so the data can be used for his defense. Until then, he refuses to give up passwords to encrypted data stored on the machines. Dotcom’s legal team is challenging the legality of the search warrants at the High Court in Auckland and is accusing the US Government of an unfair fight.
Megaupload continues its legal battle, both in the US and New Zealand. This week Dotcom and his legal team were at Auckland’s High Court to request a judicial review of the legality of the search warrants that were used to raid his Coatesville mansion in January.
During the hearing Dotcom’s lawyer Paul Davison demanded access to the data stored on the 135 computers and hard drives that were taken into custody.
The lawyer argued that the data is needed to mount a proper defense. Not only to fight the extradition, but also to show that “excessive police action’ was used during the raid. The raid was captured by CCTV data which is stored on the computers in question.
The FBI, however, is objecting to the data handover because some of the files are encrypted. Megaupload’s founder is refusing to hand over the passwords to these files before he’s guaranteed access to the data himself, supervised by the court if needed.
If all of sudden a window pop-up in front of your screen and locks your computer telling that the authorities already knows your illegal activities then most likely your system is infected with a Ransomware.
A new type of malware is spreading in European countries like Germany, France, Switzerland, Austria, and the Netherlands. Once the ransomware is installed, it locks the computer and asks the user to pay a fee before the ransomware unlocks itself.
The ransomware was first discovered by abuse.ch as exploit known as Blackhole. Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. the software is being sold in an underground community for cyber criminals wanting to gain extra bucks.
How does the malware works? Blackhole, just like any malicious malware, exploits un patched or un-updated security fix from software makers like Java. It install itself as a trojan on the users’s PC. As soon as it is completed in its installation it prompts the user that the computer has been locked due to illegal downloads like pirated music and videos.
The user is then prompted to pay a fee amounting to $80. The payment is to be made via Paysafecard. What it makes more realistic is that the logo of Metropolitan Police is displayed on top of the webpage.
The domain name used by the ransomware is pointing to a Russian website: joonwalker.com. The domain is registered to “Huth Matthias”. Abuse.ch suggests that the following domain names be blocked from the network because they are suspected to be owned by the same registrant.
Good news and bad news. Adobe has released security updates for the vulnerabilities of their Adobe software suite (Photoshop, Illustrator, Flash Professional and Shockwave). The bad news is Adobe users need to pay for the software’s upgrade in order to patch these vulnerabilities.
Patch for Adobe Shockwave is free, however there is no such patch available for CS5.5, or earlier versions of Photoshop, Illustrator, and Flash Professional. Users will cost at least $199 U.S. to upgrade to Photoshop CS6, $249 to upgrade to Illustrator CS6, and $99 to upgrade to Flash Professional CS6.
One of the vulnerability that Adobe had fixed is the potential to allow a remote user to execute arbitrary code and take complete control of the user’s computer.
What do you think? Should Adobe charge security updates for the past versions of Photoshop, Illustrator and Flash Professional?