Posts Tagged ‘Internet’

The company Hacking Team internally tested its code against a wide range of antivirus engines and Internet security apps. Testing was done using Windows 7, 64bit. In this color coded scheme, red means the code was not only detected but issued an alert whereas black just blocked with no notification. Click on the image for the full list.

  • Green – Antivirus does not react to the launch of the agent.
  • Yellow – Agent connects to the server, but can sometimes issues a warning. The antivirus has a non-standard configuration (ie the firewall turned off).
  • Black – the agent can not connect to the server, but there is no anti-virus warnings, or agent is in the antivirus black list.
  • Red – the agent can not connect to the server, an antivirus warning appears (agent is detected as malicious).

av-chart-hackingteam

Source: [exploit.in]

8edb1-url

Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.

Hacking Team documentation accompanying the Flash exploit said it targeted “the most beautiful Flash bug for the last four years,” according to a blog post published Wednesday by researchers from antivirus provider Trend Micro. The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194). They also have confirmed it works against people viewing content with Internet Explorer, and it’s presumed it will work against other browsers as well.

“Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer,” they wrote in a blog post published Tuesday. “Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.”

Full Story @ [arstechnica]

Thomas Drake, a former senior executive at the NSA turned whistleblower, sat down with the Real News to talk about the USA Freedom Act as ersatz reform and how the public can take matters into their own hands by encrypting their phones and computers.

Hacker-Isloate

On Sunday, while most of Twitter was watching the Women’s World Cup – an amazing game from start to finish – one of the world’s most notorious security firms was being hacked.

Specializing in surveillance technology, Hacking Team is learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

Source: [csoonline]

The very network nodes that relay anonymous Tor traffic for you, free of charge, may be sniffing or reading your data as it passes through. That’s the conclusion of an investigation by a security researcher known as Chloe.

The test involved setting up a dummy website with an admin sub-domain and a login page. Chloe then logged into the site through the Tor network many times – in fact, 137,319 times. Due to timeouts and other issues, only 99,271 attempts resulted in a successful connection to the dummy admin account.

Chloe was looking for instances where the unique password chosen for each login attempt was used a second time, which would indicate that the exit node, in that instance, had sniffed the credentials and someone had then decided to have a go at using the credentials to log into Chloe’s dummy site.

Chloe found 16 instances of multiple uses of a unique password. While it may appear a small number, this number should be zero. In addition, there were 650 unique page visits which points to additional sniffing activity.

Chloe estimates that the number of exit nodes tested was 1400, with each used around 95 times.

The conclusion: “We can see that there’s passive MITM [man in the middle spying] going on in the Tor network. This is done by setting up a fully functional and trustworthy exit node and start sniffing.”

Source: [scmagazineuk]

Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of spyware”. The letter includes a list of highly specific questions about the way the FBI uses remote exploitation capabilities and spyware tools. The letter is related to a current effort by the Department of Justice to get more leeway in the way that its agencies use spyware tools in criminal investigations.

Intelligence agencies and military branches are known to use exploits for zero days in their work, some of which are developed internally and others that are purchased from outside vendors. In 2013, a contract surfaced that showed the NSA had subscribed to a zero-day exploit service run by VUPEN, a French company that develops and sells vulnerability and exploit information. And last month the U.S. Navy published a solicitation for zero days in a variety of popular software.

In addition to the information on exploit usage, Grassley also is asking Comey for more details on the FBI’s phishing operations. Last year, it was reported that the FBI at one point ran an operation that involved setting up a site to impersonate the Associated Press in order to get a target to click on a link that would install a remote monitoring tool. AP officials were indignant at the revelation, saying it undermined the organization’s credibility. In his letter, Grassley asks how many other times the FBI has used this tactic and whether the bureau ever informs the companies it is impersonating.

Full Story @ [threatpost]

nsa-spy-centers

One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.

Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.

Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.

(more…)

SAN FRANCISCO — Google has apologized after its new Photos application identified black people as “gorillas.”

On Sunday Brooklyn programmer Jacky Alciné tweeted a screenshot of photos he had uploaded in which the app had labeled Alcine and a friend, both African American, “gorillas.”

Image recognition software is still a nascent technology but its use is spreading quickly. Google launched its Photos app at Google I/O in May, touting its machine-learning smarts to recognize people, places and events on its own.

Yontan Zunger, an engineer and the company’s chief architect of Google+, responded swiftly to Alciné on Twitter: “This is 100% Not OK.” And he promised that Google’s Photos team was working on a fix.

Full Story @ [USA Today]

DENVER – Internet providers suffered disruptions Tuesday in what a West Coast internet provider said appeared to be a coordinated physical attack on three high-capacity “backbone” lines in California.

“Three major fiber cables connecting the region have been physically severed in what appears to be a coordinated attack on multiple internet carriers beginning at 4:20 a.m. Tuesday morning.”

Wave Broadband spokesman Mark Peterson said the company’s subscribers in the suburban Sacramento area were suffering outages, and crews were working to restore the connections, which were severed at 4:20 a.m. local time. Peterson said Wave itself is a customer of the two backbone companies apparently targeted, Level 3 and Zayo. Both backbone companies are based in Colorado.

However the FBI says it was vandalism:

The Sacramento field office of the Federal Bureau of Investigation (FBI) seeks to clarify a statement made by an internet service provider regarding a service outage reported during the morning hours of today, June 30, 2015. Despite the impact to customers in a variety of service areas in Northern California, the vandalism which resulted in the reported outages was confined to a single geographic location in the San Francisco Bay Area.

No additional details regarding this incident are available at this time.

The FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California’s San Francisco Bay Area dating back a year, including the one early Tuesday morning.

Source: [9NEWS]

WORCESTER, Mass. — A Worcester man will face federal child pornography charges after his arrest by FBI agents Tuesday.

Scott Peeler was arrested at his home at 28 Trinity Ave. in Worcester on Tuesday, the FBI confirmed.

Peeler faces charges of attempted production of child pornography; attempted receipt of child pornography; attempted coercion and enticement of a minor; and attempted possession of child pornography, according to the U.S. Attorney’s office.

Peeler will be arraigned in Worcester Federal Court on Tuesday.

Witnesses said they saw investigators carrying computer drives, bags, totes and videotapes out of the home.

You either commit a crime or you don’t. My guess is that he was targeted because he stumbled upon a honeypot. Maybe he made a joke in an online chat. Or maybe an online company alerted the FEDs over keywords in a search. So when the FBI online agents couldn’t coerce him into crossing the line into actual child pornography, probably after a lengthy time of tactics, they threw their hands up and charged him with “attempting”. Is “attempt” the same as “thought”?

Looks like the local press was briefed before the arrest as well. This is the guilty until proven innocent tactic. What’s next? You’re arrested for attempting to buy an illegal knife because the knife you searched is illegal in your state? See the pattern here.

Meanwhile, Barney Frank, a U.S. congressman at the time, ran an underage homosexual brothel out of his Washington DC residence is still walking free and raping little boys.

Source: [WCVB5]