Hacking SD Card to execute malicious code

A SD Card is not just a memory storage device, it also has a built-in micro controllers. That sounds good, isn't it? But researchers say it is not. Two hardware hackers Bunnie and Xobs gave a talk on hacking the MicroSD cards at Chaos Computer Congress (30C3). The researchers say SD cards are vulnerable to arbitrary code execution. In a blog post, Bunnie said SD cards have built-in micro controller typically a heavily modified 8051 or ARM CPU. The reason why there is micro controller inside SD Cards is because it is cheaper than thoroughly testing to make sure it's a flawless. These micro controllers can be used for both good and bad purposes. On the dark side, attackers can run malicious code to perform a perfect Man in the Middle (MITM) attack that could be difficult to detect. "There is no standard protocol or method to inspect and attest to the contents of the code running on the memory card’s micro controller." Researcher said in his blog. On the good side, these SD cards can be used as Micro controllers for simple projects as it is very cheap and powerful.

RSA denied accusations of inserting secret backdoor for the NSA

RSA has denied accusation of inserting secret backdoors for the NSA According to media reports in September, documents released by whistleblower Edward Snowden have confirmed the existence of backdoor in some technologies RSA. Last Friday, The Reuters News Agency accused the Security firm RSA for taking a $10 million ‘bribe’ from the National Security Agency (NSA) in order promote a flawed encryption by including it in its BSAFE product to facilitate NSA spying.

Today In a blog post, RSA has categorically denied accusation about any secret partnership with the National Security Agency to insert backdoor. "Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation." "We have never entered into any contract or engaged in any project with the intention of weakening RSA’s products" the company said. The company gave the following reasons for choosing and promoting the flawed Dual EC DRBG: "We made the decision to use Dual EC DRBG as the default in the BSAFE tool-kit in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption." However, a backdoor was discovered in the algorithm in 2007 detailed by security expert Bruce Schneier, which weakened the strength of any encryption that relied on it. "The Dual EC DRBG was one of several different random number generators available and the customers was free to choose whichever one best suited their needs" RSA said. Finally, in 2013 on National Institute of Standards and Technology (NIST) recommendations, RSA warned its customers not to use the algorithm at all. Although the RSA's argument appears solid, but an important point to be noted that, the RSA does not offer any comment on whether it accepted any money from the NSA for not for promoting their encryption, neither they have mentioned that, why RSA continued to use the flawed algorithm till 2013 as a default algorithm in BSAFE, rather than removing it completely.

Today In a blog post, RSA has categorically denied accusation about any secret partnership with the National Security Agency to insert backdoor. "Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation." "We have never entered into any contract or engaged in any project with the intention of weakening RSA’s products" the company said. The company gave the following reasons for choosing and promoting the flawed Dual EC DRBG: "We made the decision to use Dual EC DRBG as the default in the BSAFE tool-kit in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption." However, a backdoor was discovered in the algorithm in 2007 detailed by security expert Bruce Schneier, which weakened the strength of any encryption that relied on it. "The Dual EC DRBG was one of several different random number generators available and the customers was free to choose whichever one best suited their needs" RSA said. Finally, in 2013 on National Institute of Standards and Technology (NIST) recommendations, RSA warned its customers not to use the algorithm at all. Although the RSA's argument appears solid, but an important point to be noted that, the RSA does not offer any comment on whether it accepted any money from the NSA for not for promoting their encryption, neither they have mentioned that, why RSA continued to use the flawed algorithm till 2013 as a default algorithm in BSAFE, rather than removing it completely.

Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html

LEM Microsite (2) RSA denied accusations of inserting secret backdoor for the NSA Mohit Kumar, The Hacker News - Monday, December 23, 2013 68 109 7 Reddit4 StumbleUpon3 RSA has denied accusation of inserting secret backdoors for the NSA According to media reports in September, documents released by whistleblower Edward Snowden have confirmed the existence of backdoor in some technologies RSA. Last Friday, The Reuters News Agency accused the Security firm RSA for taking a $10 million ‘bribe’ from the National Security Agency (NSA) in order promote a flawed encryption by including it in its BSAFE product to facilitate NSA spying.

Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html

NSA paid $10 Million bribe to RSA Security for Keeping Encryption Weak

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products. 

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily. Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company. The new revelation is important, cryptographer and Security expert Bruce Schneier said, because it confirms more suspected tactics that the NSA employs. "You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said. RSA, now owned by computer storage firm EMC Corp, and has maintained its stand of not colluding with NSA to compromise the security of its products, "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," Both the NSA and RSA haven't directly acknowledged the deal. But after Snowden revelations, What is the RSA's credibility or of other American software and networking companies?

Read more: http://thehackernews.com/2013/12/nsa-paid-10-million-bribe-to-rsa.html

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily. Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company. The new revelation is important, cryptographer and Security expert Bruce Schneier said, because it confirms more suspected tactics that the NSA employs. "You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said. RSA, now owned by computer storage firm EMC Corp, and has maintained its stand of not colluding with NSA to compromise the security of its products, "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," Both the NSA and RSA haven't directly acknowledged the deal. But after Snowden revelations, What is the RSA's credibility or of other American software and networking companies?

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products.

Read more: http://thehackernews.com/2013/12/nsa-paid-10-million-bribe-to-rsa.html

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products.

Read more: http://thehackernews.com/2013/12/nsa-paid-10-million-bribe-to-rsa.html

Spam mail promising Adobe License key delivers Trojan -

 Adobe has issued a warning about a new spam email campaign which is purporting to deliver License key for a variety of Adobe products.  

Security researchers at MX Lab, have come across the spam emails with the subjects such as "Download your License Key", "Than you for your order" that distributes a new Trojan.

The attacker managed to spoof the email address so that it will appear to be from Adobe Inc.  The email thank the recipient for buying a various Adobe products and informs them "License Key" is attached with the email.

Those whose eagerly searching for a new License key definitely open the attachment.  The attached file "License_Key_OR8957.zip" is nothing but a malware.

At the time of writing, 27/49 Antivirus engines detect it at VirusTotal.  It appears the cyber criminal use the same technique from 2011. - See more at: http://www.ehackingnews.com/2013/12/spam-mail-promising-adobe-license-key.html#sthash.jRINRrcM.dpuf

Those whose eagerly searching for a new License key definitely open the attachment.  The attached file "License_Key_OR8957.zip" is nothing but a malware.   At the time of writing, 27/49 Antivirus engines detect it at VirusTotal.  It appears the cyber criminal use the same technique from 2011.

Those whose eagerly searching for a new License key definitely open the attachment.  The attached file "License_Key_OR8957.zip" is nothing but a malware.

At the time of writing, 27/49 Antivirus engines detect it at VirusTotal.  It appears the cyber criminal use the same technique from 2011. - See more at: http://www.ehackingnews.com/2013/12/spam-mail-promising-adobe-license-key.html#sthash.jRINRrcM.dpuf

Those whose eagerly searching for a new License key definitely open the attachment.  The attached file "License_Key_OR8957.zip" is nothing but a malware.

At the time of writing, 27/49 Antivirus engines detect it at VirusTotal.  It appears the cyber criminal use the same technique from 2011. - See more at: http://www.ehackingnews.com/2013/12/spam-mail-promising-adobe-license-key.html#sthash.jRINRrcM.dpuf

"Advanced Power" botnet attempts to hack website using victim's machine

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines.   The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.  Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems.The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.  Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.  Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.  Update: In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware." -

The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.

Update:
In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware." - See more at: http://www.ehackingnews.com/2013/12/advanced-power-botnet-sql-injection.html#sthash.vMBAiI12.dpuf

 

 

curity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems.

Advanced Power test SQL Injection vulnerability

The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.

Update:
In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware." - See more at: http://www.ehackingnews.com/2013/12/advanced-power-botnet-sql-injection.html#sthash.XLL9IgAr.dpuf

curity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems.

Advanced Power test SQL Injection vulnerability

The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.

Update:
In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware." - See more at: http://www.ehackingnews.com/2013/12/advanced-power-botnet-sql-injection.html#sthash.XLL9IgAr.dpuf

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems. - See more at: http://www.ehackingnews.com/2013/12/advanced-power-botnet-sql-injection.html#sthash.XLL9IgAr.dpuf

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems. - See more at: http://www.ehackingnews.com/2013/12/advanced-power-botnet-sql-injection.html#sthash.XLL9IgAr.dpuf

Jeff Reeves's Strength in Numbers Archives | Email alerts

Dec. 11, 2013, 6:15 a.m. EST

10 reasons to buy Apple stock now

Opinion: The company has changed — so have expectations

Getty Images

Apple CEO Tim Cook speaks during an Apple product announcement in September.

At long last, Apple Inc. is finally in the green year-to-date in 2013. And while the stock has still woefully underperformed the S&P 500, it’s undeniable that the tech giant finally has some swagger back after some recent strength.

But what’s next? Is Apple AAPL +0.51%  stock ready to push even higher, or just giving investors another head fake?

Click to Play

Apple rolls out '12 Days of Gifts' app

It doesn’t matter how bad you’ve been, Apple will be giving away 12 days of free gifts via its "12 Days of Gifts" app.

I’m convinced it’s the former — and that Apple stock is a buy for long-term investors.

No, Apple is not on its way back to the valuations of late 2012 when it topped $700 a share. The company has changed a lot since then, and so have expectations.

And yes, there’s the risk of buying a top. Shares are up over 40% in less than six months, and tech broadly is starting to feel a bit frothy to many market watchers after a big run in 2013.

But Apple’s run since July has been built on a number of very real improvements in the business that bode well in the long term for shares even if we may see volatility in the short-term.

Investors who think this is just a short-lived uptrend amid a choppy “new normal” for AAPL stock are not giving the company credit where credit is due.

Hackers steal 2 Million Facebook, Gmail, twitter accounts with Pony Botnet

Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.

Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines.

According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen.

Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected.

The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively.

Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.

Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.

Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines.

According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen.

Sponsored Links

Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected.

The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively.

Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.

- See more at: http://www.ehackingnews.com/2013/12/hackers-steal-2-million-facebook-gmail.html#sthash.grd3qNZz.dpuf

Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.

Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines.

According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen.

Sponsored Links

Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected.

The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively.

Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.

- See more at: http://www.ehackingnews.com/2013/12/hackers-steal-2-million-facebook-gmail.html#sthash.grd3qNZz.dpuf

Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.

Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines.

According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen.

Sponsored Links

Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected.

The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively.

Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.

- See more at: http://www.ehackingnews.com/2013/12/hackers-steal-2-million-facebook-gmail.html#sthash.grd3qNZz.dpuf