Vintage Virus-Demos
Youtube Direktvirus, via Adafruit
YT-User danooct1 hat ‘nen superunterhaltsamen Channel voller Demos von Viren, Trojanern und Malware, mit denen er olle DOS- und Windows-Maschinen infiziert und zeigt, was passiert. Könnte ich den ganzen Tag lang drin rumklicken. Oben der Cascade DOS Virus, which is „forcing all of the letters on the screen to collapse to the bottom in a giant heap.“
This channel’s main purpose is to entertain users with the effects of (mainly older) pieces of malware, while educating them as to how they work. No, I will not send you any malware shown in any video, regardless of whether it is considered “harmless” or not. Malware is not a toy and additionally, it is against the YouTube terms of service to distribute it.
Ministerium schmeisst 170 neue, von Viren befallene Rechner weg:
Das Schweriner Bildungsministerium hat 170 neu gekaufte Rechner weggeschmissen, weil die mit dem Conficker-Wurm befallen waren. Software zur Reinigung gibts für lau, die Aktion hat rund 190.000 Euro gekostet. Ich dachte eigentlich, die „Was ist ein Browser“-Zeiten hätten wir hinter uns. Aber ich schätze mal: Die Entsorger hat’s gefreut, unter der Hand. Sie verstehen, Knickknack.
Planes hacked while in Autopilot
Auf der Hack in the Box Security-Konference in Amsterdam hat Security-Berater Hugo Teso gezeigt, wie er mit einem Android Phone Flugzeuge im Autopilot hacken und soweit kontrollieren kann, dass er die Dinger steuern und die Sauerstoffmasken im Passagierraum runterlassen kann. Er hat das „nur“ mit Flugsimulatoren gezeigt, meint aber, das würde auch bei echten Flugzeugen funktionieren. Heavy!
Teso used ACARS to exploit and break into the airplane’s onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.
Once he was into the airplane’s computer, he was able to manipulate the steering of a Boeing jet while the aircraft was in “autopilot” mode. The only countermeasure available to pilots, if they even realized they were being hacked, would be to turn off autopilot. Yet many planes no longer have old analog instruments for manual flying. Teso said he could take control of most all airplane systems; he could even cause the plane to crash by setting it on a collision course with another plane. He could also give the passengers a serious adrenaline rush by making the oxygen masks drop down.
Hacker uses an Android to remotely attack and hijack an airplane, hier das PDF: Aircraft Hacking Practical Aero Series
[update] heise.de: App hackt Flugzeug
Teso hat als Proof-of-Concept ein System aus Hard- und Software zusammengestellt, um die Kommunikation zwischen Flugzeugen und Bodenkontrollsystemen realistisch simulieren zu können. Die nötigen Komponenten echter Flugzeug-Hardware kaufte er unter anderem bei eBay und von Schrotthändlern. Über Schwachstellen konnte Teslo sein selbstentwickeltes Angriffsframework namens SIMON in das FMS einschleusen. Damit kann er nach eigenen Angaben jederzeit neue Steuerbefehle an den Bordcomputer schicken. Ausgeführt werden diese allerdings nur, solange der Autopilot aktiv ist.
Der Angriff funktioniert bislang nur unter Laborbedingungen, soll sich aber prinzipiell auch auf echte Flugzeuge übertragen lassen.
[update] The Atlantic Wire: No, That German Hacker Probably Can’t Hijack an Airplane with Software
The FAA, for one, says, “The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot.” The agency assures America that this hack “does not pose a flight safety concern because it does not work on certified flight hardware.”
Thoughts as Passwords
In Berkeley forschen sie grade an einem Passwort-Ersatz durch Brainwaves, die ultimative Biometrie – neurometrische Security, sozusagen.
The team conducted a series of experiments to determine whether the single EEG channel provided high enough signal quality for accurate authentication. For authentication, the computer needs to be able to accurately and consistently distinguish your brainwave patterns from someone else’s. By selecting customized tasks for each user and then customizing each user’s authentication thresholds, the team was able to reduce error rates to below 1%, comparable to the accuracy of more invasive multi-channel EEG signals.
Phys.org: Forget your password: The future is ‘passthoughts’ (via AnimalNY)
UC Berkeley School of Information: NEW RESEARCH: COMPUTERS THAT CAN IDENTIFY YOU BY YOUR THOUGHTS
Bitcoin-Mining Malware
Derzeit wird per Skype Malware verbreitet, der einen Bitcoin-Miner auf den befallenen Rechnern installiert. Easy Money.
Once the machine is infected it drops to the system many other pieces of malware. Downloads come from the Hotfile.com service. At the same time the malware connects to its C2 server located in Germany. The IP address of C2 is 213.165.68.138:9000.
So what does malware do? To be honest many things but one of the most interesting is it turns the infected machine to a slave of the bitcoin generator. The usage of CPU grows up significantly. The mentioned process runs with the command ?bitcoin-miner.exe -a 60 -l no -o http://suppp.cantvenlinea.biz:1942/ -u XXXXXX0000001@gmail.com -p XXXXXXXX (sensitive data was replaced by XXXXXX) It abuses the CPU of infected machine to mine Bitcoins for the criminal.
As I said the campaign is quite active. If you see your machine is working hard, using all available CPU resources, you may be infected.
DDoS slows global Net
Nur falls sich wer wundert, dass das Netz heute etwas langsamer ist, als sonst: „The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.“
Mr Linford said the attack’s power would be strong enough to take down government internet infrastructure. “If you aimed this at Downing Street they would be down instantly,” he said. “They would be completely off the internet.”
He added: “These attacks are peaking at 300 gb/s (gigabits per second). “Normally when there are attacks against major banks, we’re talking about 50 gb/s.”
Illegal Botnet-Map of the Web
Wissenschaftler haben mit einem Botnet eine „illegale“ Vermessung des Webs und eine Karte des Internets erstellt, inklusive animierten XKCD-inspirierten Karten auf Basis von Hilbert Kurven. Fun!
“Two years ago while spending some time with the Nmap Scripting Engine (NSE) someone mentioned that we should try the classic telnet login root:root on random IP addresses,” wrote the anonymous researcher behind the Carna botnet. “This was meant as a joke, but was given a try.” […]
Carna turned out to be an effective way of measuring a big chunk of the Internet, but there’s one major catch: It’s illegal and invasive, which no doubt explains why the researcher has remained anonymous. Carna was, as per the name, a botnet, a type of malware secretly loaded into any device it could penetrate. At its peak, the botnet controlled an estimated 420,000 devices.
Daily Dot: Rogue researcher uses illegal botnet to measure the Internet
Internet Census 2012: Port scanning /0 using insecure embedded devices , hier alle Karten und animierten GIFs in verschiedenen Auflösungen.
Language identifies Users of Online Underground Markets
Aylin Caliskan Islam und Sadia Afroz hielten auf dem 29c3 einen superspannenden Vortrag mit dem Titel Stylometry and Online Underground Markets, in dem es um die Identifikation anonymer User anhand ihres „Sprachabdrucks“ ging, wobei: „Leetspeak, an alternative alphabet popular in some forum circles, cannot be translated“. Mir war das als interessierter Linguistik-n00b allerdings insgesamt zu hoch, aber das Security Business Mag hat den Vortrag für Normalnerds runtergebrochen:
Up to 80 percent of certain anonymous underground forum users can be identified using linguistics, researchers say. The techniques compare user posts to track them across forums and could even unveil authors of thesis papers or blogs who had taken to underground networks. “If our dataset contains 100 users we can at least identify 80 of them,” researcher Sadia Afroz told an audience at the 29C3 Chaos Communication Congress in Germany.
“Function words are very specific to the writer. Even if you are writing a thesis, you’ll probably use the same function words in chat messages. “Even if your text is not clean, your writing style can give you away.” The analysis techniques could also reveal botnet owners, malware tool authors and provide insight into the size and scope of underground markets, making the research appealing to law enforcement.
Linguistics identifies anonymous users: Researchers reveal carders, hackers on underground forums (via /.)
29c3-Videos
Seit gestern Mittag werden die Vorträge vom 29. Chaos Computer Congress online gestellt, hier der FTP-Server, hier ein Mirror davon.
Auf Youtube gibt’s die Vorträge auch, hier der Channel für die englischen, dort der für die deutschsprachigen.
Ich habe mir, neben Jacob Applebaums Keynote, bislang Stefan Wehrmeyers (Fragdenstaat.de) Zur Lage der Information und den von der Digitalen Gesellschaft angesehen, grade läuft Die Wahrheit, was wirklich passierte und was in der Zeitung stand, den werde ich aber gleich pausieren und mir Open Source Schlüssel und Schlösser – Offene Quellen zum Bösen und Guten: von downloadbaren Handschellenschlüsseln zu sicheren elektronischen Schlössern ansehen.
Hier noch die Livestreams, hier die Schedule.
Terms of Service; Didn’t Read
Schöne Aktion, entstanden auf dem Chaos Communication Camp 2011 und live seit einem Monat: Terms of Service; Didn’t Read. Die Website bewertet Nutzungsbestimmungen, weil „’I have read and agree to the Terms’ is the biggest lie on the web.“ True – und toller Name, auch! Ich hab’ mir glaube ich im Leben noch keine einzige ToS durchgelesen.
“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that. We are a user rights initiative to rate and label website terms & privacy policies, from very good class A to very bad class E.
ToS;DR is a young project started in June 2012. The data is subject to important changes. This is your opportunity to help us fix the “biggest lie on the web”: join us if you have information to contribute related to specific terms or if you have a comment, check out our guide:
ToS;DR aims at creating a transparent and peer-reviewed process to rate and analyse Terms of Service and Privacy Policies in order to create a rating from Class A to Class E. We need more legal expertise, please also join the working-group. We also need people to contribute source code. Everything is JavaScript and JSON. The data is freely available (CC-BY-SA) and ready to be used for other tools, like browser extensions.
Irans Nuclear Things under Cyber-Attack by AC/DC-Fans
Angeblich sind Irans Nuklear-Anlagen grade wieder einem Cyber-Angriff ausgesetzt und infolge dessen plärrt aus den Boxen der Rechner dort nachts AC/DCs „Thunderstruck“. Der Song wird von der US-Armee als Soundtrack in offiziellen Werbevideos eingesetzt, erscheint mir daher gar nicht so unwahrscheinlich.
A purported Iran scientist working for the Atomic Energy Organization of Iran e-mailed an SOS to F-Secure Chief Research Officer Mikko Hypponen this weekend, saying the AEOI was under a cyber attack. […]
According to the e-mail, the malware shut down the AEOI “automation network” in its Natanz and Fordo facilities. The “scientist” specifically mentions Siemens hardware, which could be a reference to SCADA systems, or control systems that electronically monitor and power various pieces of industrial infrastructure. These systems were targeted by the Stuxnet virus that brought down part of Iran’s nuclear fuel systems in 2010. He also mentions that the malware turned on computer’s volumes to high and blasted what appeared to be ‘Thunderstruck’ by AC/DC. Cyber criminals have to have a little humor too.
Report suggests malware hits Iran atomic organization, blasts AC/DC at night (via Geekosystem)
Photos from unsecured russian Rocket Plant
Ein paar russische Blogger sind nachts einfach mal so in eine unbewachte Raketenproduktion gelatscht, deren Wachpersonal irgendwo anders war und Sicherheitskameras auch grade Pause machten, und haben dort tonnenweise Bilder geschossen. Die Bilder gibt’s auf Livejournal, die besorgten russischen Bürokraten gibt’s von Reuters:
Blogger Lana Sator said she and friends met not a soul, much less any security guards, as they roamed around state rocket-maker Energomash’s plant, snapping pictures, on five separate night-time excursions in recent months.
She posted almost 100 pictures of decrepit-looking hardware from inside a rusted engine-fuel testing tower, the plant’s control room and even its roof at lana-sator.livejournal.com
Russian media cited a senior space agency official, speaking anonymously, who described the breach as a shock of the same scale as German pilot Mathias Rust’s brazen Cessna flight under Soviet radar to land on Red Square in 1987.
ОАО “НПО Энергомаш”, Russian officials rattled by breach at rocket plant (via /.)
Biometric Ass-Recognition likes big butt and it can not lie
Natürlich aus Japan: Ein biometrisches Arsch-Erkennungssystem für’s Auto der Zukunft.
Cars of the future may use the driver’s rear end as identity protection, through a system developed at Japan’s Advanced Institute of Industrial Technology.
A report surfaced earlier this month that researchers there developed a system that can recognize a person by the backside when the person takes a seat. The system performs a precise measurement of the person’s posterior, its contours and the way the person applies pressure on the seat. The developers say that in lab tests, the system was able to recognize people with 98 percent accuracy.
Engineers unleash car-seat identifier that reads your rear end (via Fefe)
Facebook-Flaw exposes private Photos
Toller Bug bei Facebook: Bis gestern nacht konnte man dort die Fotos eines Users als „anstößig“ melden (wegen Pornografie oder Nacktbildern) und daraufhin die privat-geflaggten Bilder durchsuchen. Festgestellt haben das die Mitglieder eines Bodybuilder-Forums und die haben dann auch gleich mal Marc Zuckerbergs Fotos durchsucht und einige bei imgur hochgeladen. Facebook hat die Sicherheitslücke mittlerweile geschlossen. (Und ich wollte erst „Facebug-Pornflaw“ in die Headline schreiben, das war mir dann aber zu Linkbait.)
A flaw in Facebook’s image reporting tool allows users to view the private photos of other users, including those of Facebook founder Mark Zuckerberg — like the one at the top of this story.
The flaw was found by members of a bodybuilding forum, who discovered that if they reported a public Facebook photo for abuse – using the tool that Facebook offers to report nudity or pornography – they could access other nonpublic photos for the same user they’re reporting, according to ZDNET.
Facebook’s tool asks the reporting user to help Facebook “take action by selecting additional photos to include with your report” then displays a handful of other private photos belonging to the individual that’s being reported. The person reporting the abuse, can then rifle through the user’s other images.
Members of the bodybuilder forum used the flaw to peruse the images of women they found attractive. They then targeted Zuckerberg and began viewing his private photos, and posted some of them to an image site.
Anonymous hacken Hans-Peter Uhls Website
Nachdem sich der Uhl gestern im Bundestag mit ein paar Äußerungen zum Staatstrojaner nicht grade mit Ruhm bekleckert hat, haben Anonymous seine Website defaced (Screenshot 13:57). Gut so. (via Daniel)
[update] Golem: Anonymous hackt Webseite von Abgeordnetem Hans-Peter Uhl.
