Bundle Security blogs

A Dongle Joke That Spiraled Way Out Of Control

Security blogs - Vie, 03/22/2013 - 07:14

In an age of blogs, tweets, Hacker News, Reddit and Anonymous, an off-the-cuff joke can spin wildly out of control.

At least it appears that’s what happened with PyCon this week when a sexual joke led to some very public firings, a virulent debate about women in technology, another virulent debate about public shaming, and now, a DDOS attack.

Tags: Industry Newsl33tdawg
Categorías: Bundle Security blogs

Apple introducing two factor authentication for iCloud

Security blogs - Vie, 03/22/2013 - 07:01

Apple is introducing two-factor authentication for users of its iCloud and other services, adding an extra layer of protection against hackers trying to access peoples' accounts by requiring mobile phone verification for changes in personal details or online purchases.

Tags: AppleiCloudSecurityl33tdawg
Categorías: Bundle Security blogs

BBC Twitter accounts hacked by pro-Assad online group

Security blogs - Vie, 03/22/2013 - 06:58

The Twitter account belonging to the BBC's weather service was hacked on Thursday, the public broadcaster said.

The "Syrian Electronic Army", a group of pro-Assad hackers and online activists that has already disrupted the Facebook page of Barack Obama, claimed responsibility for
the breach.

Tags: TwitterHackersl33tdawg
Categorías: Bundle Security blogs

Apple credits Evad3rs for uncovering 4 out of 6 exploits in iOS

Security blogs - Vie, 03/22/2013 - 05:43

L33tdawg: All four members of Evad3rs will be at #HITB2013AMS next month where they're presenting a paper titled Swiping Through Modern Security Features.

Tags: AppleSecurityiOSevad3rsevasi0nHITB2013AMSl33tdawg
Categorías: Bundle Security blogs

Hackers use legit remote IT support tool in spy attack

Security blogs - Vie, 03/22/2013 - 05:39

Hackers have been discovered using a tampered-with version of a legitimate remote access tool to target activists, industrial, research and diplomatic targets.

Hungary-based security firm CrySys Lab discovered an attack on diplomatic targets in Hungary which installs legitimate software first, but then remotely alters the program to enable it spy on victims.

Tags: HackersSecurityl33tdawg
Categorías: Bundle Security blogs

Mobile Device Data Recoveries Up 161 Percent

Security blogs - Jue, 03/21/2013 - 15:29
Across all types of recovery scenarios, Kroll Ontrack found data loss incidents are platform-independent(author unknown)
Categorías: Bundle Security blogs

GFI WebMonitor 2013 Brings Web Filtering To Off-Network Laptop And Notebook Devices

Security blogs - Jue, 03/21/2013 - 15:22
Businesses can now extend Web browsing policies and filtering protection outside of the corporate network(author unknown)
Categorías: Bundle Security blogs

LaserLock Technologies Files New Provisional Patent For Enhanced Document Security

Security blogs - Jue, 03/21/2013 - 15:20
New embedded security features in paper can prevent theft and copying of sensitive documents(author unknown)
Categorías: Bundle Security blogs

Route1 Announces Release Of MobiLINK

Security blogs - Jue, 03/21/2013 - 14:50
Authentication and secure access technology enables users to securely access internal Web-enabled applications and Web resources(author unknown)
Categorías: Bundle Security blogs

SafeNet & SIIA Joint Survey Reveals That Software Publishers Are Leaving Revenue On The Table

Security blogs - Jue, 03/21/2013 - 14:48
Developers continue to struggle with how to secure their critical intellectual property (IP) without disrupting their business(author unknown)
Categorías: Bundle Security blogs

Oak Ridge National Lab - Biomedical Science and Engineering Conference

Security blogs - Jue, 03/21/2013 - 11:58
05/21/2013 - The Biomedical Science and Engineering Center at ORNL announces its annual conference on Collaborative Biomedical Innovations. The central theme of...(author unknown)
Categorías: Bundle Security blogs

Washington Navy Yard Technology Expo

Security blogs - Jue, 03/21/2013 - 11:39
05/21/2013 - The Washington Navy Yard Technology Expo will be held Tuesday, May 21st from 9:30am – 1:00pm. About Washington Navy Yard:The Washington Navy...(author unknown)
Categorías: Bundle Security blogs

Your hard drive will self-destruct at 2pm: Inside the South Korean cyber-attack

Security blogs - Jue, 03/21/2013 - 00:15

A cyber-attack in South Korea on Wednesday took the networks of several companies offline. While some recovered in a matter of hours, South Korea's public broadcasting organization, KBS, is still offline. But the identity of the person or group behind the attacks is still an open question—one muddied by the hackers who are taking credit for at least part of it. It's not clear at this point if the attack was state-sponsored, cyber-warfare by North Korea or simply an act of cyberterrorism by hackers looking to make a virtual name for themselves.

As we reported earlier, at about 2pm Seoul time, the networks of three broadcasters and three banks were affected by an attack that disrupted their networks, possibly caused by malware. But while malware was initially blamed for the outage, the malware that's been discovered thus far could not have taken networks down by itself. There was a lot more going on than just a malware attack; the convergence of multiple types of attacks suggests a coordinated effort by an organized attacker.

The latest update from South Korean officials is that the attack emanated from a Chinese IP address. But the identity of the attackers is still unclear.

Read 19 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Ciberespionaje móvil Los troyanos para robo de información a través del teléfono y el rastreo mediante GPS aumentaron en 2012

Security blogs - Mié, 03/20/2013 - 23:28
Los troyanos-espías y los backdoors pueden hacer un seguimiento de casi todas las actividades de los usuarios en el dispositivo infectado: seguir su paradero, hacer llamadas en secreto y enviar información a servidores remotos Madrid, 20 de marzo de 2013 – El ciberespionaje móvil está en auge. En 2012, Kaspersky Lab ya pronosticaba que esta tendencia – el robo de datos de los teléfonos noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

Technical Reading & Writing Speedreading Plus(TM) in Columbus

Security blogs - Mié, 03/20/2013 - 17:55
05/17/2013 - Improve your personal and professional productivity with this 12 hour class. In just one weekend you will increase your reading speed 3 to 5 times...(author unknown)
Categorías: Bundle Security blogs

Technical Reading & Writing Speedreading Plus(TM) in Columbus

Security blogs - Mié, 03/20/2013 - 17:52
04/12/2013 - Improve your personal and professional productivity with this 12 hour class. In just one weekend you will increase your reading speed 3 to 5 times...(author unknown)
Categorías: Bundle Security blogs

2nd Annual [acronym] Magazine Public Sector CAD Awards

Security blogs - Mié, 03/20/2013 - 17:32
03/20/2013 - [acronym] Magazine CAD Awards - Now Available On-Demand Join us as we announce the winners of the 2012 [acronym] Public Sector CAD Awards at an exc...(author unknown)
Categorías: Bundle Security blogs

Power Generation & Infrastructure Initiative: Business Models for Renewable Electricity in the 21st Century

Security blogs - Mié, 03/20/2013 - 16:44
04/17/2013 - Non-hydro renewable electricity generation has doubled in the last four years and nearly half of all the new electrical generating capacity install...(author unknown)
Categorías: Bundle Security blogs

RAND Behavioral Finance Forum

Security blogs - Mié, 03/20/2013 - 13:58
05/31/2013 - The Spring 2013 Behavioral Finance (BeFi) Forum Public Policy Roundtable brings together the brightest minds in behavioral finance to discuss resea...(author unknown)
Categorías: Bundle Security blogs

Digging Through an “Administrative Network Stressor” Provider’s Database

Security blogs - Mié, 03/20/2013 - 12:45

On March 15, 2013, Brian Krebs of Krebs on Security wrote “The World Has No Room For Cowards.” In it, he writes a fascinating story about a DDoS attack against his site and also a physical attack against his person. The part where Krebs’ notes that “… there are strong indications that a site named booter.tw may have been involved in the denial-of-service attack on my site yesterday. For some bone-headed reason, the entire customer database file for booter.tw appears to be available for download if you happen to the [sic] know the link to the archive” stood out to me. booter.tw advertises itself as “The Ultimate Administrative Network Stresser [sic] Tool.”

As a security researcher, getting access to a database dump associated with an incident is always interesting. An earlier version of the Krebs’ article linked to the database file, so the following are some quick bits and pieces I pulled out of it. Here is a geo IP location map of the ‘lastip’ field of the ‘users’ database table. The assumption here is that these are the last login IPs for the 312 users of the service. It is important to note that proxies, VPN services, the Tor network, and other IP anonymizing services come into play here and the IPs might not trace back to a user’s actual physical location.

 

The ‘attacks’ database table contains attacks from January 23, 2013 to March 15, 2013. There were 48,844 entries. Resolving hostnames and parsing out some junk IPs, close to 11,000 unique IPs were targeted. Here is a geo IP location map of the IPs.

 

The targeted IPs roughly map into the following organization types.

Assuming the ‘duration’ field is in seconds, the average attack duration was 34 minutes. Here is a breakdown of the different attack types:

This posting was a quick visualization of some of booter.tw’s database data as referenced by Krebs. I am glad that he and his family were unharmed during the associated “SWAT”ing attack and I look forward to reading his updates on this fascinating story.

Categorías: Bundle Security blogs