Posts Tagged ‘Germany’
Wednesday, October 23, 2013 @ 02:10 PM gHale
Anyone can interpret numbers however they want, and when it comes to sending out spam there are volume leaders and then there are per capita leaders.
Needless to say, the United States continues to be the top spam-relaying country in the by volume category, according to the Sophos spam report for the third quarter.
The U.S. (14.6 percent) leads the pack, followed by Belarus (5.1 percent), India (4.7 percent), Italy (4.7 percent), and China (4.6 percent). Rest assured Taiwan, Argentina, Spain, Iran, Peru, Germany and Russia are also on the list.
However, the chart is a bit different for the “per capita” category. Here, the spam contribution of each country ends up calculated based on its population.
In this class , Belarus tops the chart. The country sends 11.1 times more spam than the U.S., Uruguay sends 4.7 times more spam than the U.S., and Taiwan sends 3.8 times more.
The countries included in this category are Luxembourg, Macedonia, Peru, Kuwait, Bahamas, Kazakhstan, Bulgaria, Argentina and Israel. Countries with a population below 300,000 were not a part of the survey.
Wednesday, October 9, 2013 @ 06:10 PM gHale
Graphene has extreme conductivity and is completely transparent while being inexpensive and nontoxic, which makes it perfect for transparent contact layers for use in solar cells to conduct electricity without reducing the amount of incoming light.
That is theory, but the real world remains questionable because there is no such thing as “ideal” grapheme, which is a free floating, flat honeycomb structure consisting of a single layer of carbon atoms: Interactions with adjacent layers can change graphene’s properties dramatically.
“We examined how graphene’s conductive properties change if it is incorporated into a stack of layers similar to a silicon based thin film solar cell and were surprised to find that these properties actually change very little,” said Dr. Marc Gluba of the HZB Institute for Silicon Photovoltaics in Berlin, Germany.
To this end, researchers grew graphene on a thin copper sheet, next transferred it to a glass substrate, and finally coated it with a thin film of silicon.
They examined two different versions commonly used in conventional silicon thin-film technologies: One sample contained an amorphous silicon layer, in which the silicon atoms are in a disordered state similar to a hardened molten glass; the other sample contained poly-crystalline silicon to help them observe the effects of a standard crystallization process on graphene’s properties.
Even though the morphology of the top layer changed completely as a result of heating it to a temperature of several hundred degrees centigrade, the graphene is still detectable.
“That’s something we didn’t expect to find, but our results demonstrate that graphene remains graphene even if it is coated with silicon,” said Prof. Dr. Norbert Nickel of the HZB Institute for Silicon Photovoltaics.
Their measurements of carrier mobility using the Hall-effect showed the mobility of charge carriers within the embedded graphene layer is roughly 30 times greater than that of conventional zinc oxide based contact layers.
“Admittedly, it’s been a real challenge connecting this thin contact layer, which is but one atomic layer thick, to external contacts,” Gluba said. “We’re still having to work on that.”
“Our thin film technology colleagues are already pricking up their ears and wanting to incorporate it,” Nickel said. The researchers obtained their measurements on one square centimeter samples, although in practice it is feasible to coat much larger areas than that with graphene.
Friday, June 21, 2013 @ 03:06 PM gHale
Anyone that uses their iPhone as a mobile hotspot should do so with a weary eye because there could be cyber problems.
There is a weakness in the way iOS generates default passwords for connections that can leave a user’s device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user’s Internet connection, said researchers at the University of Erlangen-Nuremberg in Germany.
Andreas Kurtz, Felix Freiling and Daniel Metz published a paper that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot.
Attackers could find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system’s complex programming layers, the researchers said.
During the PSK setup, users have to establish a password to protect the session. In previous versions, users were able to choose their own passwords, but in iOS 6, the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number.
The mechanism relies on words vulnerable to dictionary or brute-force attacks, and builds primarily from a list of 10 common words such as “suave,” “head,” “coal,” and “coach.” Using additional hardware to guess the four-digit number, the researchers were able to crack the tethering passwords in less than a minute.
“The process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds,” the paper said. “Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios.”
WPA2 supports two authentication methods: A RADIUS server or a shared key. For mobile hotspots, the paper said session authentication and encryption relies on a password used to derive a PSK which sees use with in a four-way handshake to create temporary keys used to encrypt sessions and do integrity checks. An attacker would need to capture one of the four-way handshakes between the Wi-Fi device and hotspot and conduct a brute-force attack to crack the password.
“It should be noted that all generated keys are only valid for the lifetime of a single session and that generation of those keys only relies on the PSK,” the paper said. “This implies that the security level of the whole mobile hotspot depends on the quality of the passphrase.”
Mobile devices already have a significant attack surface exacerbated by the multiple ways end up enabled to connect to the Internet, via everything from Wi-Fi to Bluetooth, NFC, RFID, and over cellular radio standards such as GSM and CDMA. Once the hotspot feature ends up enabled, a software-based access point churns up allowing other wireless devices to connect using PSK. This can lead to a number of additional risks, elevated by weak passwords.
The researchers said they were able to find not only the password scheme but the relatively short list of words used by iOS to develop default passwords by reverse engineering iOS mobile hotspots. Initial attempts against a pre-determined list of more than 52,000 words took close to an hour to crack, which is not a realistic attack against a business traveler. Deeper digging eventually extracted the exact word list from the official Preferences system app which generates the default passwords, the paper said.
“We found out, that every time a new hotspot password is generated an English-language dictionary file is accessed from the file system,” the paper said. “Consequently, we monitored all accesses to the file system by intercepting all open() system calls to the iOS kernel and analyzed the corresponding backtrace of the method calls that caused this file access.”
In order to pull off an attack, someone would have to monitor Wi-Fi traffic and wait for a wireless client to connect to a mobile hotspot, de-authenticate a client, forcing the user to reconnect, which increases the possibility of capturing the four-way handshake necessary to snare the PSK. An attacker, the researchers said, could use freely available tools to pull off each step of the attack, including identifying iOS targets, de-authenticating wireless clients, capturing the WPA handshake and cracking the passwords.
The researchers said they built an app called Hotspot Cracker which automates the generation of the word list used for default passwords.
“The app also gives explanations and hints on how to crack a captured WPA handshake using well-known password crackers,” the paper said. “Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like CloudCracker, to crack hotspot passwords on-the-fly.”
Click here to download the paper.
Thursday, May 16, 2013 @ 07:05 PM gHale
A data fuzzing library of open source software called Fuzzino is now up and running.
This library allows existing test tools to prepare for fuzzing and looks to eliminate the need to reinvent the wheel and make developing new fuzzing tools unnecessary, said researchers from FOKUS (Fraunhofer Institute for Open Communication Systems in Germany). Fuzzing is the process of testing a system for hidden weaknesses by presenting the system with random and sometimes erroneous input data.
Fuzzino uses models of protocols or interfaces to generate test cases and then uses “Smart Fuzzing” heuristics to generate Data fuzzing and Behavioral fuzzing.
This reduces the number of test cases needed over purely random fuzzing, researchers said. An example given is work done by FOKUS and system experts on a risk assessment for a money-processing machine.
The experts examined the system’s protocols, developed functional test cases and then used those test cases to fuzz the system. The results of that fuzzing generated more test cases from which specific security tests could generate. This process offered a far higher coverage of risk than a user could normally manage in the same time.
Eclipse is the underlying technology behind Fuzzino and users will need Eclipse EMF 2.7 and JUnit 4 to compile it and integrate it with their testing tools.
FOKUS developers said users should keep in mind Fuzzino is not a full featured fuzzing tool. They describe it as “a test data generator for enabling your testing tool to perform fuzzing.” Users can receive fuzz data from the tool as XML documents or directly within Java to avoid the processor intensive serialization and deserialization process. Users can also directly instantiate fuzzing heuristics from Fuzzino in their testing tool.
More information on how to use the tool is available in the documentation folder of the source code. Fuzzino has a license under version 2.0 of the Apache License.
As mentioned, fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program then undergoes monitoring for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing commonly sees use to test for security problems in software or computer systems.
Thursday, April 18, 2013 @ 03:04 PM gHale
A new “magic” malware is active, persistent and had remained undetected on targeted machines in the UK for the past 11 months.
Attackers targeted several thousands of different entities, most in the UK at 78 percent, while six percent were in Italy and four percent each in Germany and the United States, according to a report from Seculert’s Aviv Raff.
The sample Seculert flagged had an unusual behavior when it communicated with its command and control (C&C) server as it used a custom-made protocol, and always used “a magic code” at the beginning of the conversation, Raff said.
Raff said he did not know why the UK was the main target, but he did say this is a persistent attack that went under the radar for almost a year.
“Furthermore, this malware is still under development,” he said. “We have seen several indications of features that are not yet implemented, and functions that are not yet used by the malware.
“For instance, in case the attacker would like to open a browser on the victim’s machine, the malware will pop up on the RDP session for the attacker via a box with the message ‘TODO:Start browser!’ ”
Raff said the real intention of the attackers behind this “magic” malware is unknown.
“As the malware is capable of setting up a backdoor, stealing information and injecting HTML into the browser, we believe that the current phase of the attack is to monitor the activities of their targeted entities,” he said.
“But, because this malware is also capable of downloading and executing additional malicious files, this might be only the first phase of a much broader attack.”
Asked what he felt made this different from other advanced persistent threats (APTs), which also included a backdoor and data stealing capabilities, Raff said, “We suspect that this is only the first phase of the attack, and like previous ones, the next phase will include a wiper module to cover the attacker’s tracks.”
Friday, April 5, 2013 @ 07:04 PM gHale
Darkleech malware injected invisible iFrames that link to malicious web pages into thousands of web sites, researchers said.
The malware uses an Apache web server module to add the iFrames, although no researchers have found a credible attack vector for the route of the malicious module installation. Darkleech is also very careful when selecting victims to have the iFrames injected into, running a blacklist of users it won’t send dangerous content to. Infected servers are in 48 countries, but are mostly concentrated on sites in the U.S., the UK and Germany.
Networking giant Cisco investigated Darkleech for six weeks in February and March 2013 and found 2,000 infected servers during this period.
Darkleech uses an Apache module to inject invisible iFrames into web pages; the iFrames link to malicious sites where visitors can potentially have their systems compromised using the Blackhole exploit kit, Cisco said. The Blackhole kit uses a number of exploits and targets security holes in Oracle’s Java, Adobe Flash and Reader, and other popular plugins. There are plenty of holes and users often run without up-to-date plugins. One study by WebSense found only one in twenty browsers with Java installed has a current version.
Darkleech uses a subtle approach to hijacking its victims, the researchers said. The iFrames end up dynamically generated by an Apache module when the victim visits an infected site. Web administrators find this difficult to detect because the web site’s own source code remains untouched. Certain IP addresses won’t end up injected with iFrames though, and will go on a blacklist instead – visitors from security and hosting firms end up ignored, as are recently attacked users, various browsers and bots, and those accessing via search from a number of search engines or sites.
Mary Landesman and Gregg Conklin, from Cisco Web Security, sampled 1,239 infected sites as part of their investigation and determined the attackers concentrated their efforts on sites running versions of Apache 2.2.22 or later and typically installed on Linux systems, but how the attackers managed to inject Darkleech remains unclear.
The Darkleech software appears to backdoor the system by replacing the SSH daemon with a specially crafted one. This daemon implements a backdoor which transmits the access credentials of anyone logging in to a third-party site. Given this depth of infection, administrators should revert to a backup copy of the site after reinstalling the system, and ensure all user name and password combinations end up changed.
During the period of the Cisco engineer observation, Darkleech spread on web sites like the Los Angeles Times and a blog belonging to Seagate. The malicious iFrames remained undetected for around a month.