security Archive

‘TINBA’ is a Tiny Banker that can Cause Huge Disruption!

by Shaleen S
Researchers have discovered a new Trojan Malware  that possesses the ability to circumvent the banking security. This Trojan is called ‘Tinba’. The file size of Tinba is only 20kb and it can do the equivalent of much larger and sophisticated malwares. This means it is more scary for the banks. The main purpose of Tinba is to steal in banking login information when users login, but it has also been used for other purposes. The way this Trojan works is that it injects itself into the windows svchost.exe process and explorer.exe which are required for windows to run normally. Explorer.exe is the process that provides with start menu and desktop features including others, and svchost.exe manages and runs .dll extensions. svchost.exe cannot be stopped or restarted manually. Windows needs it to run the operating system period. An easy example would be printing services, or fax services. By doing this Tinba gains access to the users windows and it also injects itself into the browsers. It has been able to do so successfully in Mozilla Firefox and Internet Explorer. This provides it admission to all the incoming and outgoing traffic through those browsers. read more...

IBM takes action to secure its data

by Ricardo C
New technologies such as cloud services and Apple’s dictator software Siri might help employees to be more productive but IBM is concern about the company’s security. According to the article, employees are not aware of the risk that these services constitute to the company’s data. Many voice-recognition services like Siri actually transmit the words spoken to them to a database so developers can improve the service, however, this seems to be benign to businesses. Before, companies would manage mobile communications within the company deciding what to get in and out of the company, however, nowadays employees use their own devices to work with company’s data. Because companies do not have access to a person’s individual devices, IBM requires to set up personal devices before accessing IBM’s network to be able to remotely erase its memory if it is lost or stolen. As far as cloud computing services, IBM is aware that employees depend on this services to be productive that is why IBM created their own cloud service called MyMobileHub. IBM also established some guidelines with banned services. read more...

Facebook Launches Antivirus Marketplace With Free Downloads

by Jonathan N
Facebook has decided to team up with Antivirus giants like Norton, McAfee, Microsoft, Sophos and Trend Micro to launch a Antivirus Marketplace which users will allow to download a 6 month free trial of the companies software. Facebook is adamant in keeping its users safe no matter if they are searching the web or not.  Facebook hosts 901 million users. These users can downlaod free copies of MCAfee Internet Security, Norton, Microsoft Security Essentials, Sophos- for mac users, and trend Micro Security. The Antivirus giants will also contribute posts to Facebook’s security blogs with great tips and information on how to stay sage on the social network. Facebook claims that they have less than 4% of spam on their site compared to emails which consist of 90% spam. read more...

Cloud Security Problems

by Renee L
In his article “Addressing Cloud Computing Security Issues,” Dimitrios Zissis explains some of the risks when dealing with cloud computing. Despite all of the great features that cloud computing offers, your data may not be safe. Some of the issues involve privacy, especially when numerous parties, devices, and applications are all accessed to the cloud. For example, instead of your data being stored on a server that you know, it could be stored on a service provider’s server, in which it could be stored anywhere from all over the world. Another threat would be the cloud’s infrastructure. The cloud’s architectural design brings many risks because of its security, redundancy, and high availability. In addition, since data is traveled through a network, network traffic may occur, which could lead to data modification and data interruption. read more...

Security Implementation in Visual Studio

by Jorge R
The topic of my article this week talks about the security implementation in Visual Studio has in place to counter security threats. The author explains that the most common attack on website is the buffer overflow. Which is done by overwriting the buffer storing return address with the substring of source code. This attack changes the control flow by the attack which is then given full control over the software. In a attempt to stop these attacks researchers have designs new defensive techniques to stop hacker. These techniques include boundary checking, source backup, memory access control, address randomization, modification detecting, and instruction scrambling. The GS tool in Visual studio for C/C++ compiler is a useful tool for developers to write secure software. The problem upon using GS is the fact that it only defeats half the problem with buffer overflows. It cannot prevent a called function from manipulating the callers frame pointer. With these issues at hand Microsoft has taken the step to address these issues and help developers writer secure programs. With Visual Studios new updates, it has the ability to, “protect the caller’s frame pointer from callee’s  tampering at no additional cost”. It also has the ability to generate higher security strength while alleviating the denial of service attack by analyzing the indirect function call by the prologue pattern. read more...

Security Company Gets Hacked

by Edwin T
The article i chose for this week is titled “Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in”. Barracuda took down their firewall for maintenance for no more than a few hours before an attacker was able to infiltrate it. According to barracuda, the attacker discovered an SQL injection flaw in a PHP script used to display customer case studies. The attacker was able to get employee passwords that were encrypted using MD5 hashing algorithm, which is considered outdated by today’s standards. Jason Reed, director of security and compliance at SystemExperts states “Security companies don’t always practice what they preach, leaving themselves vulnerable to attacks like this.”. According to the article, the attacker used a blind SQL injection attack which means “the errors and results from the malicious SQL queries are not displayed directly to the attacker. Instead, the attacker has to write complicated code to expose little bits of the data at a time and then recreate the information.”. Barracuda apologized for the incident in the blog post and said it was notifying affected individuals. read more...

Security Testing of Voting Systems

by Edwin T
The peer reviewed article i choose for this week was about security testing voting systems. The authors discussed a few vulnerabilities for the DRE or direct-recording electronic voting machine and how they can affect election day. The authors found buffer overflows in the DRE system and by exploiting them it was very easy to completely take it over. Also, the DRE systems do not have the necessary means to detect any malicious software or a change in firmware. If malicious firmware is installed in the DRE system, it can activate on election day and modify a subset of ballots so they seem as if they were for the preffered candidate. There’s the “careful voter” scenario, where the voter will submit his ballot and a review screen will appear with the name of the preferred candidate and not the one the voter voted for. If the voter catches the mistake, the firmware will allow the voter to edit the submition. At this point, the firmware will consider itself found and will not change the ballots for a period of time or voters before it starts again. Another of the many scenarios in the article was the “After the Fact Vote”. For this scenario the voter places his vote normally, then the firmware will print a voided ballot and will re-print the ballot with a vote for the preferred candidate. read more...

Hackers get smarter with Javascript

by Ermie C
This article is about security researchers from ESET are detecting new ways on how new Malware is being inserted into websites. This was discovered in a Russian web space and was really found unexpectedly through the use of mouse cursor movement. However, they reveal that this isn’t a regular attack anymore to just make a program that redirects and installs a program automatically unto a user’s computer, this is actually a rogue js code that installs itself in the head tag in an html page. This makes it so that it’s harder to find. Now that because more and more developers are using JS for their websites, it’s becoming a more common thing to learn and manipulate. A hacker’s use of the mouse movement program to is evade the purpose of web crawlers that companies use for security to detect malware. The researchers in ESET seem impressed because programmers are getting more “proactive” in changing up their game plan to infect user computers. read more...

SQL Injection Attacks

by Abel R
SQL injection is a technique to attack a database through a website. SQL injection attacks are when an attacker attempts to or succeeds in inserting their own code into a pre-existing query (e.g. a product search). The aim is to get the application to perform an action that is unexpected and usually of benefit to the attacker(Morgan 2006). read more...

Possible AJAX Malware Threats

by Alexander H
Security has always been a major issue for many. Unfortunately, with recent software advancements, it has become even more difficult to maintain and secure potential threats to computers. According to M86 Security, a Web filtering vendor, recent exploitation attacks have been found using AJAX (Asynchronous JavaScript and XML). “These Web exploitation attacks use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevent systems” (Constantin). The attack initially begins on the page that contains the harmful piece of JavaScript code that resembles those found on legitimate AJAX-using sites. The piece of code retrieves the payload in multiple chunks and assembles it back together on the client before executing. This technique makes it difficult for security programs to detect the attack due to the exploited vulnerability. Malware authors tend to use AJAX due to its ability to write generic attack pages, which often look like normal pages. It is recommended that users stay away from sites or web resources they are not familiar with to avoid any potential threat. read more...