Tuesday, June 25, 2013

Facebook Data-Leaking Bug Exposes 6 Million Users' Data | infosecurity-magazine.com

Facebook has admitted to a bug in its system that has given users of the Download Your Information (DYI) tool "additional email addresses or telephone numbers for their contacts or people with whom they have some connection."

Facebook apologized, stating that it has notified regulators in the US, Canada and Europe, and that it is contacting affected users by email. Security commentators, meanwhile, are trying to work out exactly what happened, and how.

Facebook has admitted that the bug caused the phone numbers and email addresses of six million users to be shared unintentionally. The number of UK users affected by the bug is believed to be around 200,000 according to the Telegraph.

Saturday, June 8, 2013

White-hat hacker fights cyber intrusions on NATO systems | NATO News

Cyber attacks around the world are becoming more frequent, alarming and complex. Our interconnected societies depend on new technologies, which are constantly being probed for vulnerabilities to exploit. NATO calls on the skills of cyber-security experts to assess its computer networks and takes measures to avert and defend against cyber attacks.

"I put myself in the mindset of a hacker and simulate cyber attacks so that I can identify potential weak points in our systems and then set up appropriate defences," explains Nuri Fattah, Senior Security Consultant, at the NATO Communications and Information Agency.

NSA has direct access to Google, Facebook, Apple servers | Help Net Security

After yesterday's news that Verizon is compelled to share all phone call metadata with the NSA on a daily basis comes the incendiary revelation that the spy agency has direct access to the servers - and the data contained on them - of a host of big U.S. Internet companies, including Microsoft, Facebook, Google, Yahoo, Apple, AOL, YouTube, Skype and PalTalk.

The Guardian and The Washington Post have both managed to get their hands on a top secret PowerPoint presentation that is used to inform intelligence operatives about the capabilities of the so-called PRISM program. It apparently allows access to email and chat content, videos, photos, stored data, transferred files, notifications, online social networking details, and more.

According to the presentation, the companies in question are knowingly participating in the program, but several of them (Google, Apple, Microsoft) have already denied it and knowing anything about it.

Microsoft, Feds Take Down Citadel Botnets | eSecurity

How did Microsoft shut down the notorious Citadel botnet ring, which stole more than $500 million from victims?
By Sean Michael Kerner

For over a year, Microsoft and its partners in the financial services community watched a big botnet operation siphon millions of dollars from victims. On Wednesday night, Microsoft announced that in coordination with the FBI, it had moved in to disrupt the massive botnet-based crime ring known as Citadel.

Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, told eSecurity Planet that there were more than 1,400 botnets associated with this malware. As such, it took Microsoft and its partners a significant amount of time to locate all of the Citadel botnets operating around the world.

"This was a lengthy process and we relied heavily on our financial services and technology industry partners to ensure that we would be able to take aggressive action against this threat," Boscovich said.

The Citadel malware infected PCs with a keylogger that monitored user activity on financial websites. The malware infected more than five million people across 90 countries and stole more than $500 million in assets.

Tool Time: Secunia Online Software Inspector (OSI) | hakin9.org

Mervyn Heng, CISSP – May 2013

The beauty of running Ubuntu Linux is the ease of maintaining your Operating System (OS) and software using the apt command or Update Manager. Both tools offer a single mechanism of keeping your system patched and up to date. The same cannot be said of Windows because the built-in update program only caters to Microsoft proprietary software such as the OS and Microsoft Office for examples.

Microsoft has enterprise tools like System Center Configuration Manager (SCCM) to install patches and upgrades to servers as well as endpoints but there are still standalone systems that require manual patching.

Besides Microsoft components, there are a host of other software (eg. Reader, Flash, Java) that are require to support business operations but highly susceptible to compromise. Maintaining them can be tedious, time consuming and insecure as an administrator may not apply a patch or upgrade in a timely manner.

There is a simple solution to this predicament. Secunia hosts a free tool called Online Software Inspector (OSI). Click Start Scanner to initiate a check on your system.

Black Hat security conference to include 110 talks | scmagazine.com

by Dan Kaplan, Executive Editor

When Black Hat's annual security conference rolls into Las Vegas at the end of July, event organizers promise one of the most "content-heavy" installments yet.

Last week, the conference, now in its 16th year, announced some of the planned presentations, most of which are known as "briefings" and which will span 11 tracks. In total, there will be 110 talks.

"Normally Black Hat accepts in the 80-90 range, but they expanded the number this year because there was so much incredible content – it was hard to fit it all in," a Black Hat spokeswoman told SCMagazine.com. "Not all of these talks have been announced on the website yet."