What you need to know about BERserk and Mozilla

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations.

The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products.  Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS.  Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites.


What users can do immediately

Individual Firefox browser users can take immediate action by updating their browsers with the latest patches from Mozilla.

Google has also released updates for Google Chrome and ChromeOS, as these products also utilize the vulnerable library.

Ensuring that privacy and integrity be maintained is core to what we do at Intel Security.  As this issue unfolds we will continue to provide updates on effective countermeasures and proper mitigation strategies.

Read the whole story at McAfee Blog

Iranian Hackers targeting US oil, gas, and electric companies

Iranian-Hackers-targeting-US-oil-gas-and-electric-companiesThe Hacker News reported: For all the talk about China and the Syrian Electronic Army, it seems there’s another threat to U.S. cyber interests i.e. Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran.

Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify.

The officials stated that the goal of the Iranian attacks is sabotage rather than espionage. Whereas, the cyber-attacks from China however, are more aimed at stealing information from the U.S. government that is confidential, as well as from private business. Mandiant announced that the Chinese government was backing the attacks. However, officials from the government in Beijing vehemently denied any connection to the attacks.

The new attacks, officials said, were devised to destroy data and manipulate the machinery that operates critical control systems, like oil pipelines. Iran has denied being the source of any attacks, adding that it had been a victim of American sabotage.

Tom Cross, director of security research at Lancope, told that industrial control systems such as those used to control oil and gas pipelines are more interconnected with public networks like the Internet than most people realize. “It is also difficult to fix security flaws with these systems because they aren’t designed to be patched and restarted frequently. In the era of state-sponsored computer attack activity, it is not surprising to hear reports of these systems being targeted,” he said.

Government officials also claimed that Iran was the source of a separate continuing campaign of attacks on American financial institutions that began last September and has since taken dozens of American banks intermittently offline, costing millions of dollars. But that attack was a less sophisticated denial of service effort.

LulzSec Hacker Gets A Year For Sony Hack

lulzA former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment’s computer systems.

Cody Kretsinger, 25, from Decatur, Illinois – better known to his fellow LulzSec cohorts as “Recursion” – was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison.

He was sentenced by a Los Angeles court on Thursday, Reuters reports.

Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of a protected computer (i.e. computer hacking) in a plea-bargaining agreement. Kretsinger admitting breaking into the Sony Pictures website and extracting information which he passed on to other members of LulzSec, who leaked the data in order to embarrass Sony, a hated enemy of the hacktivist group.

Sony claimed the hack left it $600,000 out of pocket. Kretsinger was ordered to somehow repay this amount in restitution to Sony, the LA Times adds.

Earlier this month a 26-year-old British man also pleaded guilty to computer hacking as part of LulzSec, a splinter group of mischief-makers from the larger Anonymous collective. Ryan Ackroyd, from South Yorkshire, admitted taking part in attacks against numerous high-profile targets including Nintendo, News International, 20th Century Fox, Sony Group and the NHS. Ackroyd adopted the online persona of a 16-year-old girl named Kayla during much of his malfeasance.

Ackroyd and other convicted LulzSec suspects – Jake Davis, 20, (“Topiary”) from the Shetland Islands, Scotland, 18-year-old Mustafa Al-Bassam (“Tflow”), from Peckham, south London and Ryan Cleary, 21, from Wickford, Essex – are all due to be sentenced on 14 May.

Erstwhile LulzSec leader Hector Xavier “Sabu” Monsegur, was revealed in March 2012 as an FBI informer who had been grassing on his former cohorts for 10 months after his arrest in June 2011. Sabu’s sentencing was delayed by 6 months in February due to his “ongoing cooperation with the government”.

Cross-posted from TheRegister.

Anonymous-linked groups hack Israeli websites, release personal data

anonyAn anti-Israel hacking collective affiliated with Anonymous says it has initiated a widespread cyber attack against the Jewish state, penetrating websites affiliated with the Mossad security service and a slew of related entities.

The hackers claimed late Friday that they have obtained and released personal information relating to 35,000 Israeli government officials, including politicians, military leaders, and police officers, according to a Twitter feed associated with the hackers.

A comprehensive spreadsheet purporting to include the information of all 35,000 Israeli officials was published by the website Cryptome, though it did not independently verify the information.

The coalition of hackers appears to have ties to the Iranian government, Pakistan, Syria, Egypt, and the terror group Hezbollah, according to a report published by Cryptome.

The hackers have united under the banner of online movement called “OpIsrael.”

Their stated goal is to “remove the Israel from WWW (World Wide Web),” according to The Hackers Post, which has been following the group’s activities targeting Israel.

“It looks like hacker target [sic] different Israeli servers and hacked the websites,” Hackers Post reported.

The anti-Israel hackers say they perpetrated their attacks to protest treatment of the Palestinians.

“The reason for hacking Israeli websites was to raise voice of Palestine’s [sic] who are under hell created by Israel and left a deface page [on the hacked websites] displaying images of Palestinians affected by Israeli shelling,” the Hackers Post wrote.

Hackers left vitriolic and offensive messages on the websites they accessed, according to the Hackers Post.

“We Not Forgive [sic] What You Have Done To Our Family !!! Long Live Palestine!!” stated one hacker’s message.

A Turkish group may be responsible for publicly releasing the data associated with thousands of Israeli officials, according to the Kremlin-funded Russian propaganda outlet RT.

“The data was released by a hacker team going by the name of ‘The Red Hack,’ a Turkish group, while the direct denial-of-service attack targeted at Mossad was attributed to another group operating under the moniker ‘Sektor 404,’ RT reported.

It is believed that the loosely tied together hackers are gearing up to launch a major cyber strike against Israel on April 7.

Internet users that claim to be affiliated with Anonymous have carried out attacks against Israel in the past. A similar hack occurred in November of last year.

“The hacking teams have decided to unite against Israel as one entity and that Israel should be getting prepared to be ‘erased’ from the Internet,” an Anonymous member told the Hackers Post earlier this month.

Cryptome’s analysis of the hacking collective found that they have loosely united based on their distaste for Israel.

“Our analysis to the moment shows not much of coordination [sic] between these groups contrary to the popular belief and the sum of human resources all together to the best of our current analysis is not more than 50 individuals,” Crytome’s report stated.

“The collectives with Arab leanings are not much advanced,” the report said. “The teams with Pakistani, Syrians and Lebanese members are more advanced and reported to have ties with governments. Iranian teams are just using the situation to harm Israel and U.S interests and reported to be directly funded by IRGC and MOIS, the Iranian Intelligence.”

Cross-posted from the Washington Free Beacon.

Emma Stone’s twitter hacked

aafndjka2[6]3/22/2013: Emma Stone revealed that she was not behind the ambiguous tweets concerning boyfriend Andrew Garfield and co-star Shailene Woodley that sparked cheating rumors.

Speculation surrounded Stone’s mysterious “tweet and delete” spree over the past few months.

Emma addressed the rumors on an On Air with Ryan Seacrest radio interview.

One tweet in particular on her Twitter appeared to be an anagram that solved to read, “Andrew and Shailene sitting in a tree.”

Other posts included, “Andrew doesn’t smash, btw. Silly boy” and “Love you guys,” reports Perez Hilton.

Fans were left wondering whether there was trouble in paradise for the Amazing Spiderman couple off-screen.

Emma admitted that this was not the case, saying, “I have never tweeted my friend. I’ve tweeted one time to Seth MacFarlane, I said, ‘Me too, oh boy.’”

In fact, Stone has been hacked and locked out of her account every other time a message has surfaced from her timeline.

The person changed her email and password, but since the incident, she and her team have been able to permanently delete the Twitter to prevent any further mischief.

Cross-posted from thecelebritycafe.com

Evernote is suspect of a hack, change your password

Cross-posted from Evernote blog:

evernoteEvernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.

After signing in, you will be prompted to enter your new password. Once you have reset your password on Evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:

  • Avoid using simple passwords based on dictionary words
  • Never use the same password on multiple sites or services
  • Never click on ‘reset password’ requests in emails — instead go directly to the service

Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.

The Evernote team

Facebook Got Hacked Last Month and Is Just Telling You Now

Cross-posted from Gizmodo:

facebook_logoFacebook just announced that it was hacked last month in a short statement on its website. Apparently, an unknown number employees visited a compromised developer site and were infected with malware. Facebook’s being very cagey about all this, but we’ve been able to scrounge up some details.

According to the statement, the company reacted swiftly with an investigation and remediation following the “sophisticated attack.” The company won’t say which law enforcement agencies it’s working with. It claims no user data was compromised.

What a surprise, Facebook waited until the end of the day on a Friday to tell us about an oopsies.

Here’s the full statement from the company.

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack

We’ve reached out to the company for additional comment regarding the nature of the hack and other details. We’ll update when we hear back. [Facebook]

Facebook responded to our request for comment with the following. The company says it isn’t commenting further at this time.

We were able to investigate user data compromise [sic] by forensic analysis on the affected devices and infrastructure.

1 million Apple Device IDs leaked, claim hackers

appleAccording to the AntiSec hacker group, they claim to hold more than 12 million Apple iOS Unique Device IDs, in addition to other personal information from device owners. As a move to back up such a claim, the AntiSec hacker group is said to have released slightly more than a million Apple Device IDs to the masses. This particular expose was unveiled on Pastebin, which is said to hold a detailed description of the method that the hacking group were said to have obtained the IDs from the FBI.

AntiSec claims, “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.”

Just a little bit of background information here, Apple Unique Device Identifiers (UDID) are actually sequences which comprise of 40 letters and numbers that are unique to each Apple device. Alone, they do not tell much, but in obtaining them, hackers can also gain access to majority of the information which most iOS app developers are able to obtain. Do you think this alleged Device ID leak is true?


AMD Blog Hacked, Database leaked on Internet

ver1_600wTheHackerNews: A team of Hackers called, “r00tBeer Security Team” today hack into official blog of Advanced Micro Devices (AMD) which is a American multinational semiconductor company. AMD is the second-largest global supplier of microprocessors based on the x86 architecture and also one of the largest suppliers of graphics processing units.

Hacker deface the blog page (http://blogs.amd.com/wp-content/r00tbeer.html) [Dead Link – Screenshot blow] and also leak the complete user database of blog on his twitter account. Leaked database SQL file uploaded on Mediafire by Hackers which include 200 AMD user’s Emails, WordPress Blog Usernames and Passwords.


Not only AMD, these hackers also hack another High Profile website called “TBN – The Botting Network“, A Popular forum to learn How to make Money with 96000 members was got hacked and Complete database was also leaked via Hackers Twitter Account.

Bogus anti-hacking tool targets Syrian activists

At one point, the AntiHacker malware even had its own Facebook group - now offlineh-online: Syrian activists, journalists and opposition group members are reportedly under attack by malware claiming to be a security tool that will help protect them against hackers. The fake “AntiHacker” tool is being spread through targeted phishing emails and via sites such as Facebook, and claims to provide “Auto-Protect & Auto-Detect & Security & Quick scan and analyzing” functionality.

However, according to the Electronic Frontier Foundation (EFF), the fraudulent tool actually installs a program called DarkComet RAT (remote access tool). The US digital rights advocacy organization says that the new malware is being spread and controlled by pro-government hackers. With DarkComet, these hackers can remotely access users’ systems to steal private data, record keystrokes, disable certain antivirus programs’ notification systems and even obtain images from a computer’s built-in webcam.

Users who believe their systems are infected with the remote access program can download the DarkComet RAT removal tool by developer Jean-Pierre Lesueur, who originally wrote DarkComet. Lesueur stopped development and sales of DarkComet after he learned that it was being used by Syrian government forces against political opponents.