Wednesday, September 30, 2015

Snowden opens a Twitter account

There’s no cybersecurity fan today who hasn’t dedicated a mention to the big new: yesterday, at 6 pm, Snowden opened a Twitter account which was quickly confirmed as real by his friends of “The Intercept”. The commotion is interesting and we'll talk about it in our daily summary, as well as a case which questions the propaganda about “cyber insurance”, a virus writer sentenced to prison and a bad survey about mobile banking.

The first tweet by Snowden was: "Can you hear me, now?" Twitter has made a graphic-GIF where we can see its users reactions when the people knew it and is really impressive the interest attracted. When writing this text, Snowden had 958.000 followers and rising. By the way, Snowden only follows the NSA account. He is @snowden.

Snowden abre cuenta en Twitter

*If you're looking for this post in Spanish version please follow this link*

Tuesday, September 29, 2015

Blackmail against Ashley Madison's customers starts

They ask him for 10 bitcoins, 2.100€, in exchange of not sending to his friends and family his personal data, including fantasies and sexual conversations, stolen from Ashley Madison. This is the first case we know after the publication in the network of millions of Ashley Madison's customers data. We'll talk about it, as well as other terrible testimony: the one by the ramsomware victims. We'll finish with a dangerous bank trojan and the awful use of Twitter by the Spanish political parties. 

The blog El Lado del Mal tells us about this blackmail to an Asley Madison user, the first that we know, although, given the nature of the information, isn´t a surprise. In the e-mail appears all the information that the criminals say they have of the blackmailed person, like the numbers of his credit card, how many he spent on Ashley Madison, his IP address… El Lado del Mal gives some useful recommendations to the victims: don't pay and don’t answer, change all your information in the social networks and remove your credit cards and e-mail address used in the “affair”.

Monday, September 28, 2015

Do you imagine entering a cash dispenser which starts to spit out money?

According to the legend, back in the 90s, a Spanish hacker used to connect to a cash dispenser in Alicante to jump to internet from there. But he touched something and the machine started to change the bank balances of the passbooks introduced by the costumers. The cash dispenser gave 2 millions to a sailor who just landed, and he ran to spend all the money in parties. 20 years later the cash dispensers are still a toy for hackers and cybercriminals. Today we'll also talk about a new DDoS attack and the adventures of the secret agencies which spy us.

We also heard that some cybernetic bank thiefs used to take the money of their thefts from there: they programmed the cash dispenser to spit out the money in a determinate day and hour, and notify someone of the group to be there. Today the “game” is with malware: we know at least four virus in the last years, inoculated in the ATMs to steal them. The infected ATM becomes”out of service” until someone who knows the password go for the money.

Sunday, September 27, 2015

"We'll see drones over our heads before Google cars"

Víctor and David Mayoral Vilches. CTO and CSO from Erle Robotics, respectively.

David and Víctor holding Erle-Plane, one of the first fixed wing drones based in
   Linux and low cost.

David and Víctor are brothers, from Vitoria, 23 and 26, at the forefront of the robotics revolution from their company Erle Robotics. Like Wozniak, Jobs and the rest of hardware hackers from 70's, committed to create small and cheap computers to bring computing to the people; Víctor and David, "makers", work with the same philosophy but with free code drones. 

Victor's resume, the CTO, impresses: with a scolarship in Norway, South Korea, United States he made part of the doctorate in the Microbiorobotics center of the Italian government, after he went to the Open Source Robotics Foundation, to work in the second version of the new Robot Operating System (ROS) funded by NASA. Now, with a 2 year experience in his enterprise with all sort of built drones, they started a crowdfunding to put on the market a six-leg spider, the first in the world with an Ubuntu heart. Talking about insects, "erle" means "bee" in Basque.

Friday, September 25, 2015

Walking along the underworld of the Network

Most experts of computer security love their work. But they also love to infiltrate in the forums of the bad guys or dismantle their botnets. Today we have two examples of these interesting adventures, not new but always interesting. We'll also talk about a huge failure in the use of cookies in the browsers and we'll return over the famous Volkswagen case.

Israeli experts in cybersecurity infiltrated in a forum called Enigma, where computer mercenaries offer their services to their costumers in order to execute aimed attacks. They could read, live, how was developed the negotiation for data thief and not authorized accesses to HSBC UK, Citibank and Bank of America among other huge companies. When the forum administrators suspected the present of spies, they shut down the forum. This is not the first time that happened, but is always to see what happened in the forums.

Thursday, September 24, 2015

I don't care if they spy me. After all, I'm not important...

It's the first time that you hear this sentence? Maybe coming from any relative, just after reading or seeing news about leaks information in the network.

It's part of that extensive group of myths about the digital world. Myths which come with shameless abuses making the most, in fact, of this informative value disregard of our data.

From installing default spyware in devices sold all around the world, through taking advantage of tastes and preferences of the unwary users, till being excused on the lack of interest brought by our personal data. But I'm going to tell you a secret: "Our digital fingerprint has a lot of value, much more than you think". And as a sample, today's informative pill: 

Lenovo, caught again "stealing" data from costumers

Not once, not two times. This is the third time someone alerts that some devices of the brand have default spyware. Michael Horowitz is the researcher who, analyzing the behaviour of the devices with the default installation, realized about a process whose description says:

          This task sends customers' use data to Lenovo

The company declared itself ensuring that none of their devices comes with that malware nonsense called Superfish in the industry, but the doubts are in the air again.

The perfect claim: the minions

Or at least it must be what have thought in some cyber criminals groups, launching a phishing campaing which attempts to convince the user to install the new emoticons of the popular franchise Minions. It's clear that, by the way, the user subscribes to a premium SMS service so these new emojis will be very, very expensive :).

Good practices in Internet

They are two more examples of the daily abuses we have to face in the network. The security company Kaspersky has collected in one of its last studies many myths and realities which whip the users imaginary, and try to lay the foundations to shed more light over the real operation of this data cybercrime which violate our devices, our accounts and, definitely, our privacy.   

With some classics, like the use of weak passwords or maintaining the operating system and its elements not updated, and another ones highly recommended, such as being always aware (the fact of not feeling risk in an action doesn't mean that it won't be harmful for your interests) and abuse as much as you can of the critical sense, our best shield weapon.    

I don't care, I'm not important

Among all of them, this is the most classic. Why would a company want to have my data if i'm nothing more than an irrelevant user? Marta Peirano, from TEDxMadrid, surprises us with a very interesting (and funny) lecture which dismantle this idea. Seriously, it lasts 10 minutes and, for sure, there will be the best invested 10 minutes of today.

Enjoy it!

Wednesday, September 23, 2015

The NSA adapts its systems to the quantum cryptography

There's no quantum computer, at least known, nowadays. It's only theory, but maybe the NSA knows something more, because today we've discovered that it has changed the protection recommendations of its systems to adapt them to quantum algorithms. On the other hand, we keep talking about the security in iPhone and Android phones and today we'll finish with the Internet of Things.  

We start with something not exciting presently but very interesting in the future. We have been informed through the IEEE Computer Society bulletin that the North American National Security Agency has checked the recommendations about protection of the National Security Systems, not checked since 2009, to adapt them to the transition to quantum algorithms. Quantum public algorithms, with passwords which require much more bits than the present ones.  

Tuesday, September 22, 2015

The nightmare continues: the virus had been for six months in the App Store

Forensics go on after the XcodeGhost scandal in Apple. Today we've known that the virus would have been launched in March 2015, so it wouldn't be a surprise that there were a lot of affected apps. We'll explain it, as well as the blackout in Skype yesterday, today not totally solved yet; a notorious case of  disloyal employees in AT&T and a beautiful hack which pretends to spy from the stratosphere the communications by satellites, drones and other "birds".

According to Palo Alto Networks, who yesterday stated to have discovered 39 infected apps, today would be many more: Qihoo has discovered 344 and Pangu Team, 3.418. Pangu Team has created an app to detect the virus. We recommend our readers, iPhone users, to download it and, if they have an infected app, delete or update it, in case there's a new available version. It's also recommended to change every password because the virus would have monitored them.

Monday, September 21, 2015

How to detect if your iPhone is infected with XcodeGhost

There are dozens or hundreds of iOS apps infected with XcodeGhost? Which apps are affected? How can we know if our phone has the virus? How we delete it? Absolute misinformation. Apple is not answering during the iPhone's most serious crisis, only a few words to Reuters to calm down, ensuring that the apps affected have been deleted. Today we'll talk, almost exclusively, about the growing insecurity of mobile telephony, leaving a few time for an audit which is even more frightening: the one made to the company Target, after they robbed them million data from costumers in 2013.  

Last Friday, we explained the severity of the incident: someone had infected a platform used by the apps developers of iPhone in China, so their creations were infected, they passed the controls of the App Store and entered the iPhones of hundreds of millions of people. Apple is offering information little by little and it was the security community which found the solution to the main questions: what the virus does and how to detect if a phone is infected.

Sunday, September 20, 2015

Joxean Koret: "The antivirus companies cursed me"

Joxean Koret. Author of "The Antivirus Hacker's Handbook".

Joxean Koret belongs, as PancakeHugo Teso or Reversemode to the collective 48bits, a group of excellent hackers, lovers of the reverse engineering, internationally actives and in their full 30s. Joxean, born in Portugalete, arrived to the IT security, as he says, studying by himself: "I was in a boilers and welding course and I simulated to be injured because I don't wanted to be in the workshop, with the risk of an accident, so they moved me to the computer room to design metal structures. When I finished, I started to work as a welder and to pay a programming course" 

"In six months I was working in a consulting as a Visual Basic 6 programmer (we all have a dark past), with a half-day contract, working 12 hours a day and earning less than the 40% of what I was earning as a welder. But I was happy because I had access to a computer. During 4 years I jumped from an "IT services company" to another one, always sub-sub-contracted and /or with ilegal contracts. In 2004 I saw a vulnerability warn from a Scottish, David Litchfield, affecting Oracle Database. I saw that they were easy to find and I started to look for more, developing my own tools for it"

Friday, September 18, 2015

Oh my God! Red Hat, the App Store and thousand of WordPress sites, hacked

Today is one of these days when we can understand, live, the status of great chaos and insecurity that we suffer in cyber space. Maybe because we're very close to the Big Bang of the new connected world and the particles crash in disorder... Be that as it may, the insecurity is more present in days like today, when we read news like the thousand of WordPress sites which are being assaulted to infect their visitors, hacks against the App Store and Red Hat and a notable hole in Bugzilla.

Netanel Rubin discovered the bug in Bugzilla
Today is difficult to discern the most serious news, so we start with the one that can concern more common cybernauts: they warn us about an active campaign which assault WordPress sites to introduce malware which will infect visitors. The campaign started 15 days ago and the number of victims is growing exponentially: if last Thursday in a day 1.000 sites were compromised, this Tuesday were 6.000. Be careful visiting sites with WordPress, do it with an updated browser.

Thursday, September 17, 2015

The new super safe, super free and super private laptop is here

It's called Librem 13 and just overcame the barrier of $ 250,000 requested by the company Purism in its crowdfunding campaign to produce it. It is advertised as "a laptop, chip to chip built to respect and protect your privacy, security and freedom." It sounds interesting, right? We will discuss as well as a series vulnerability in iPhone, a banking agreement to promote bitcoin in high finance and what seems to be the end of the tunnel of the debate concerning encryption in the United States. We start.

It is without doubt the new gadget being watched closely by the security experts from around the world: Librem laptops carry their own free operating system preinstalled, PureOS, configured to be as secure as possible, as well as hardware, among other interesting functionality it allows to disconnect not only the camera but also the microphone. These are details that really make these laptops super interesting. We will keep an eye on its evolution.

Wednesday, September 16, 2015

Face recognition in the mall

Imagine that, as you walk through a mall, cameras would not only record but will "know your face" that is, implementing a facial recognition program to know who you are, information, which will be added to other data and in which stores you have bought, how long have you been in the center, etc. ¿Scary? To young people, no, according to a study, which will also be discuss, as well as a vulnerability in large Internet routers, the first Let's Encrypt certificate and an interesting analysis about Hacking Team and the NSA.

ComputerWeekly exclusively presents a study from CSC, which assures that 30% of stores in the United States use easy recognition technology to monitor its customers. Stores share this information with others relating to behavior, such as how long the person was on the establishment. The owners assure that they do not know yet what to do with the data, but they keep it “hoping that they will find it useful in the future”. Let’s hope that the Big Brother has mercy on us.

Tuesday, September 15, 2015

Caught when they were about to send millions of infected emails

Banks, government, corporations and other enterprises in Britain were on a list of email addresses, about to send them phishing messages with the famous banker Trojan, Dridex hidden inside. We will talk about this discovery, as well as a new frightening app for smartwatches, a chip that destroys itself and an interesting map of the Tor network.

Fujitsu was the one who discovered the list, totaling a whopping 385 million email addresses. First he thought it would be a typical list of spam victims, until he realized they were not going to send Viagra ads but the fearsome banking Trojan Dridex. Then he saw that all recipients were British companies, which has alerted the British secret service. Take this example for companies around the world to redouble efforts to train their employees about the dangers of phishing.

Monday, September 14, 2015

The Big Brother could be closer than you think

"Every Breath You Take... Every Move You Make...". Not many songs as this one from Police, could describe in such detail the Big Brother who sees everything. But if some thought that our telephone and surveillance activity came only from internautical sewers states were wrong: anyone can be watching. An Australian journalist just learned it. We will also talk today about a study of ENISA on large security incidents, the Tor network and a story of cyberwar.

Natalie O'Brien
Natalie O'Brien reported in 2011, in an article for the "Sun-Herald" serious vulnerabilities in the Vodafone systems, telephony provider, she casually consumes. According to a Vodafone internal investigation revealed just now, an employee accessed to the text messages and call logs from the journalist in order to discover who had passed information. So be careful because the Big Brother may be just around the corner.

Sunday, September 13, 2015

I don’t sleep, I am fading

Lorenzo Martínez. Securízame CEO.

Behind Lorenzo´s Martinez, best known as Lawwait, smile, there is a great personality hiding. Born as hardware hacker, cofounder of the common known blog, Security by Default, he is the archetype of enterprising hacker, for his own merit he is part of what we could call the “business sector” of the Spanish hacker community.

36 years, from La Rioja, studied Computer Engineering at Deusto and by the time he finished he had a job. In fact, he meet who is writing, in 0ctober 2001, at Benalmadena, when he gave the presentation of his thesis at the I National Symposium of E-Commerce. We met again in 2012, in the Navaja Negra convention, when he had just launched by his own Securízame, his enterprise, with 3 employees and 10 coworkers. ¿Will it bring him luck? :)

Friday, September 11, 2015

A bad friday to relax

Who wants an Ashley Madison being able to reach the critical US infrastructures? A hack to a dating website can give you credit, but putting in check a whole system gives you power. This is how days like this arrive, in which we noticed a security leak of 10 million records of a North American medical insurance (Excellus BlueCross), from an investigation that affirms that the energy department has been hacked at least 159 times in the past 4 years, and a new cybernetic attack to the Pentagon. Bad Friday to relax thinking about the weekend.

According to NBC News, Pentagon officials have informed about a Russian “sophisticated” cyberattack, that might have endanger data from 4.000 soldiers and civilians from the Joint Chief Command. The Self- Defense Department spokesman, Lt. Col. Tom Crosson, has confirmed the incident, from which they would have recorded fraudulent payments with credit or debit cards affecting the soldiers and civilians. 

Thursday, September 10, 2015

If you are an Androir user, careful, the wolves have been set free

Do you remember a leak in Android revealed this summer, which allowed remote control over our phone by just receiving a harmful MMS? Remember that tens of ways were discovered after that, such as the browser, to do it? Well, it has been revealed the code that allows it. We will be comenting on it, and also on an APT, which uses satellites, extortionist who earn bitcoins and an Iowa police software that allocated devices with WiFi. 

Joshua Drake, from Zimperium Security, discovered one of the most dangerous holes in Android, baptized StageFright, to which Google reacted with an unusual unskillfulness: they took long in launching a patch, and that patch was wrong and later it was discovered that the patch didn’t cover some ways of attack. The last straw, are that updates for Android mobile phones are a chaos that do not confirm to all users that they have received the patch. Drake has revealed the exploit, possibly so that enterprises catch up on terms of protecting themselves, but leaving a door open to criminals addapting it to their needs. Android means today every man for himself.

Wednesday, September 9, 2015

Careful with vCards from WhatsApp: they can be a cheat

It is as easy as clicking on a vCard while we are on the WhatsApp web extension and an attacker can take control over our computer. It is the computer security new of the day together with some others, from which we have chosen; the phishing cost, a study about mobile security and an advise from the United State Security Service concerning how not trustful are payments when using our phone as a credit card.

Kasif Dekel, Check Point investigator, advised Whatsapp of their vulnerability the 21st of August, and the Enterprise has acted in a very assiduous way, offering a solution today for all their web clients. Anyway, this solution depends on an update of our mobile devices and, considering the chaos with the software update of mobile devices issue, we think that it may not arrive. Tens of millions WhatsApp users are in danger of receiving harmful vCards, so be really careful.

Tuesday, September 8, 2015

"Give me your money if you want to see my 0days"

One of the most important and cool security enterprises at the moment, FireEye, is fighting against a real breed 0days hunter. It is a proper dispute being observed by the computer security community. Which philosophy will win? Today we will stare at the PayPal security problems and the Seagate hard drives and an interesting study concerning the most dangerous corners of the net.

Kristian Erik Hermansen
The 0days hunters name is Kritian Erik Hermansen, who announced last Monday having discover an unknown leak in the security platform of the well-known enterprise, FireEye. He also added, in a tinkling way, that he had 3 0days more, which went out for sale at that moment. FireEye answered thanking him the advice and asking his to cooperate in order to solve the issue, as it is normally done when a hacker advises of a vulnerability, but Hermansen replied that if FireEye needed help they should pay for it. We will see where all of this ends, but, in any case, it is an interesting fight between philosophies, which result might be unforgettable.

Monday, September 7, 2015

More, or less locks

If all of us together asked something to someone, he will mental block. Is the start of service denegation attacks (DDoS), and about locks we talk today. About how people can mental block, or blocks, that were not where they should, and created a huge security hole that makes your hair stand on ends. In between the missing and the spare blocks, cybercriminals have enough to make their own party. Let’s start.

Is it possible to carry out a DDoS attack on self-sufficient car? Yes, it is possible, as the security expert Jonathan Petit has recently prove. You just need to make it believe that there are obstacles where there aren’t, and that some of those obstacles are moving. For the self-sufficient car the information is clear: too much risk of collision, so the best thing is to stay still. To achieve the misunderstanding there is no need of computer complex algorithms: you just need a laser pointer and a low power laser, and creates illusions from 20 to 350 metres away. Your car has been DoSed.

Sunday, September 6, 2015

Infosec experts and charming quotes

22 interviews on one of the 'top' disciplines that will drive us to the XXII century, undoubtedly: information security. On our we have talked with some of the most relevant Spanish experts (and some foreign) in this field, and there has been room for all subjects: pentesting, forums and conferences, our annual summer course and even authors of books like 'Cybercrime'. And many more in the future.

As soon as september-new-course is beginning, it's time to review what our respondents have answered to a question that has been done to almost all: tell us a header quote, and please not used for a password (ironic). We have compiled their answers, and in the case of the experts who were not asked just this question, we have allowed ourselves the license to rescue some words from his interviews. We serve them now all together, in chronological order, since that almost distant May 3rd when we started this interviews. Please click "Read More" ;-)

Friday, September 4, 2015

Termite in group, human on its own

Termites are extraordinary animals. They work as a group, as one organism, supported by collective intelligence that makes them a real threat to our constructions. It does not appear strange that Karpersky has chosen to call “Blue Termite” one of the first exclusive attacks known to Japanese systems. The news comes in hand with others such as the check-list that police has revealed hours ago to make easier the securing of our children computer environment, usual problems that any organization faces, and all of them that will arrive with the development of IoT.

Blue Termite

The leak suffered from the enterprise Hacking Team weeks ago is back on the news. Thank to it, we have discovered that, at least, during the past two years, some Japanese companies have been aimed by an APT called Blue Termite, which benefits from a 0-day in Adobe Flash Player, and whose authorship is kept unknown (despite the thought of China as part of it).

Protecting youngsters while back to school 

Termites help each other, fulfilling an individual weakness in the members of the group and strengthening the group. Police has offered hours ago commandments to help parents secure their children’s devices, in an easy way, and to focus the effort in raising them conveniently regarding the future presence of technologies in class.

Some suitable tips are how to check the user’s profiles, pictures and videos taken with a pone and saying no to unknown people.

Not old-fashioned cyberthreats.

The Australian Cyber Security Centre published this week a document about the situation in matter of enterprises computer security with HQs in their country, with few tips concerning responses to attacks in order to minimize consequences.

In it, they include classics such as crime as a service, highly modular, that works basically in any place of the world, or the peak of spear phishing as the most efficient method to enter enterprises server. It also proves to be lies some of the most common myths of the sector, such as the one that confirms that our information is not important enough to suffer an attack.

IoT at the industry’s bulls eye

Internet of Things is now a reality. If something is clear at the IFA, which is currently taking place in Germany, is the increasing presence of this new series of technological devices, devices that as John Mcaffee, ex-director and creator of the antivirus firm which includes his surname, warns, will show a truly technological revolution, which we are not prepared for.

Antivirus are not functional anymore (according to his words), due to the environment in which we move, what should concern us less are the viruses which appear in the systems, excluding that the attacks during following years wont aim computers.

They are all consequences of the fierce technological race that our society is suffering. A society, that different from termites, is incapable of rowing in the same direction, and overcoming obstacles with muscle when needed.

We are many, but we are still fragile due to the fact that as a last resort we work individually.

Thursday, September 3, 2015

The digital identification challenges

How though is it to indentify somebody digitally! Even the 3.0 ID requires certain specific steps in order to be useful. Digital identity is a wealthy good, for cyber attackers, who develop more and more elaborated strategies in order to confuse their identity, and for users, who are forced to decide between usability and security in all of their devices. Do you have any idea to solve (or at least democratize) this situation? If so, keep reading that this will probably be of interest to you.

Is it possible to remotely identify someone through the NFC chip installed in his 3.0 ID?
In theory it is possible, but for it to be done we need to know the CAN (the six digit number associated with his ID) or to use brute strength ,what requires to be close enough, and having enough time for the process to finish.

It seems useless up to a generic level, but what about closed places such as airplanes or trains?

Wednesday, September 2, 2015

Social Engineering and Malware: The perfect combination.

The objective of most cybercriminals is to get something from an attack to our digital services.
To achieve it they use many rare techniques, from the classical social engineering or the installation of trojans and malware to the abuse of 0days in the system.

The gold nugget of anyone interested in others business is allocated in Banks. It is better to say the accounts that we have in Banks. They are the main objective for cybercriminals and they do not hesitate in spending much money and guile on reaching them. The top 5 strategies for the attackers are social engineering, the installation of harmful programs, trojans, traffic interference and the vulnerability of operating systems.

Tuesday, September 1, 2015

Apple struggles

The world of security breaches is on the daily agenda. As soon it affects a small shop in a hood, or a giant like Apple, which is in the news these days because of two malwares able to scare us to the bone. A "new technique" used for phishing campaigns is added to the equation, and an opinion article about the consequences of a scenario in which security breaches are published on highly media events.

How many times have we warned about having a jailbroken device? A new iOS exploit for jailbroken devices allowed the attackers to steal 220.000 iTunes users account credentials, which are supposedly available for the installation of different malwares using cydia, the non official market for this platform.