TweakTown
Tech content trusted by users in North America and around the world
5,917 Reviews & Articles | 38,119 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 75

US military chip made in China has security backdoor, massive national security concerns

A new discovery has been made by a Cambridge University researcher that a chip used by the US military features a security backdoor which could have massive implications on on national security. The chip, which was built in China, cannot simply be reprogrammed as the security backdoor is physically present on the silicon.

 

TweakTown image news/2/4/24383_1_us_military_chip_made_in_china_has_security_backdoor_massive_national_security_concerns.jpg

 

Sergei Skorobogatov of Quo Vadis Labs at Cambridge University said:

 

Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.

 

Now, let's be fair: it isn't a sure thing that the backdoor was introduced by the Chinese. It's more probable that the backdoor was present in the original design as a debugging tool for the designer. This is a common practice and these backdoors are often present and not malicious.

Continue reading 'US military chip made in China has security backdoor, massive national security concerns' (full post)

Exploit allows administrator command prompt to launch at login screen

Microsoft has left an unpatched exploit in Windows 8 Consumer Preview. The exploit works on Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview and has been documented and known for a while. The details of the exploit are pretty simple and can be done in under a minute if one is a fast typist.

 

TweakTown image news/2/4/24364_1_exploit_allows_administrator_command_prompt_to_launch_at_login_screen.png

 

The general idea behind the exploit is to be able to run an elevated command prompt without even being logged in. It works by making a simple change in the registry so that when sticky keys is activated it launches the command prompt instead. The hack is virtually undetectable as all it is is a simple change in registry value.

 

To do the exploit one only needs to open command prompt once on the target PC and enter the code below. Once done, the hacker can return to the workstation at any point later in time and launch an administrator level command prompt just by pressing shift 5 times in a row. This could be of a serious nature for many different people, especially a business.

 

REG ADD "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssethc.exe" /v Debugger /t REG_SZ /d "C:windowssystem32cmd.exe"

 

Microsoft, at the time of writing, has yet to issue a statement regarding the exploit.

Anonymous release 1.7GB belonging to the US Department of Justice

Anonymous have dumped 1.7GB of data belonging to the US Department of Justice, and on the flip side, the DoJ have downplayed the sensitivity of the data siphoned from their website. Anonymous says that the information they have includes "internal e-mails", and "the entire database dump" from the website.

 

TweakTown image news/2/4/24225_04_anonymous_release_1_7gb_belonging_to_the_us_department_of_justice.jpg

 

Anonymous' leak was announced alongside a torrent with the 1.7GB of data inside, as well as a statement:

 

Today we are releaseing [sic] 1.7GB of data that used to belong to the United States Bureau of Justice, until now. Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened.

Continue reading 'Anonymous release 1.7GB belonging to the US Department of Justice' (full post)

Microsoft can remove bloatware from your PC, for $99 at any Microsoft Store

Hate pre-installed versions of completely useless software on your PC? Well, take your PC into a Microsoft Store, pay them $99 and they'll install a clean copy of Windows onto your PC for you. Handy. The new program is a branch from Microsoft's "Signature" PC initiative, which sells bloatware-free versions of PCs from Microsoft's partners in Microsoft Stores.

 

TweakTown image news/2/4/24175_05_microsoft_can_remove_bloatware_from_your_pc_for_99_at_any_microsoft_store.jpg

 

The Redmond-based company is willing to change any computer into a Signature PC, if the customers wish to do so, and bring their PC into a Microsoft Store and pay the $99 fee. Signature PCs sport Microsoft Windows Live Essentials program, the ad-supported Word and Excel-only Microsoft Office Starter Edition, the Microsoft Security Essentials anti-virus package, and Zune media player software.

 

TweakTown image news/2/4/24175_06_microsoft_can_remove_bloatware_from_your_pc_for_99_at_any_microsoft_store.jpg

 

Users can opt-out of having these programs installed, and can also specify which other third-party browsers or programs get installed. Included is 90 days of free phone support. The only issue I have with this, is Microsoft created this problem (allowing bloatware to be used and installed by OEMs) and are now cashing in on it. But, at least they're trying to dig out of the hole, and not make it deeper, I suppose.

Flashback Trojan maker missed out on $10,000 per day in fraudulent ad clicks

The Mac-based Flashback Trojan caused a world of hurt for some, and really tarnished Apple's invincible mantra to viruses, and such. But, the maker of the Flashback Trojan enjoyed his wares being spread out to more than 600,000 Macs across the world.

 

TweakTown image news/2/4/24166_03_flashback_trojan_maker_missed_out_on_10_000_per_day_in_fraudulent_ad_clicks.jpg

 

It's been estimated that the maker of the trojan could've been generating more than $10,000 per day in fraudulent ad clicks. More analysis from Symantec points toward the author of the trojan probably never monetizing the trojan whatsoever.

 

Even though the trojan made its way into 600,000 machines, the ad-click component of Flashback only crawled into roughly 10,000 machines, less than 2-percent of all infected. Symantec says that around 10 million fraudulent ads were displayed on the machines that were compromised, but users only clicked them around 400,000 times. Over three weeks, those 400,000 clicks resulted in around $14,000 for the trojan maker.

The Netherlands becomes the first country to pass net neutrality law

Well, the government of the Netherlands have become the first European country to pass a net neutrality law. What this does is prevents internet service providers (ISPs) from traffic management except in the cases of congestion and network security, it also includes restrictions on ISPs performing deep packet inspection and other similar wiretapping techniques.

 

TweakTown image news/2/4/24022_05_the_netherlands_becomes_the_first_country_to_pass_net_neutrality_law.jpg

 

June 2011 was when the law was formed, where the Netherland's parliament passed a motion to stop mobile operators from blocking VoiP calls over their networks, with the bill only re cently passing the Dutch senate. The provisions in the law extend to anyone providing Internet access services, forbidding the use of traffic-shaping based on application usage, unless they hinder access for other users by causing congestion.

 

This means that equal types of traffic will be treated equally, with an example like video streaming services owned by a provider cannot have unrestricted access, where Hulu may be restricted. If a user chews up too much bandwidth, before the ISP can take any action, the user must be alerted so that they have the time to remedy the situation.

New type of malware, "ransomware," locks up computers unless ransom is paid

Once again, I get to be the bearer of bad news in order to keep you, our reader, safe. This time I bring news of a new malware that is going around dubbed "ransomware" due to the fact it locks up your computer until you pay the ransom amount demanded. This isn't a completely new idea, but this is a new strain and variation.

 

TweakTown image news/2/3/23957_137_new_type_of_malware_ransomware_locks_up_computers_unless_ransom_is_paid.png

 

This latest campaign is mainly targeting the UK and a few other European countries and claims that illegally downloaded music has been found on the computer. Due to this illegal material, the malware claims that "to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds."

 

The malware was spotted by security watch blog abuse.ch. According to them, the malware is delivered through an exploit known as "Blackhole." The ransomware also carries a payload of Aldi Bot which steals banking information. The message to take away here is to keep all your browsers and their add-ons up to date, as this is how Blackhole functions. Anti-virus isn't a bad idea either.

Another Mac security issue exposes Lion login passwords in plaintext

This year, so far, has not exactly been a stunning display for Macs. Between the Flashback malware and now this, it really shows just how weak the security of Mac OSX is. The latest blunder by Apple and its security team is that they turned on a debug log file which stores the user's password outside of the encrypted area.

 

TweakTown image news/2/3/23953_135_another_mac_security_issue_exposes_lion_login_passwords_in_plaintext.png

 

If you were using FileVault prior to upgrading to Lion, it may be time to think about changing your passwords as this would affect you. FileValut 2 users (whole drive encryption) are not affected by this accident. Additionally, if you have Time Machine backups, the plaintext log file has stored your password for the long term.

 

Security researcher David Emery explains:

 

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

Continue reading 'Another Mac security issue exposes Lion login passwords in plaintext' (full post)

Kaspersky says Apple is 10 years behind Microsoft in terms of security

I'm sure there will be plenty of people who get up in arms over this, but I tend to agree. Apple is years behind Microsoft in terms of security because they have never had to worry about it since no one ever bothered to write malware or viruses for Macs due to their small market share. As it has increased, Macs has become a more attractive target.

 

TweakTown image news/2/3/23761_20_kaspersky_says_apple_is_10_years_behind_microsoft_in_terms_of_security.jpg

 

Eugene Kaspersky, CEO of the influential Kaspersky security firm said:

 

For many years I've been saying that from a security point of view there is no big difference between Mac and Windows. It's always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.

 

Several security breaches have brought Mac security to the attention of the public and Apple will have a bit of a public relations crisis on their hands if they continue. One in five Mac computers carry Windows malware but only 2.7% have Mac OS X malware. Kaspersky says "cyber criminals have now recognised that Mac is an interesting area. Now we have more, it's not just Flashback or Flashfake. Welcome to Microsoft's world, Mac. It's full of malware."

Continue reading 'Kaspersky says Apple is 10 years behind Microsoft in terms of security' (full post)

20% of Macs house Windows malware

Most people think Macs are safe, and it's definitely a decision that sways some people when purchasing their latest kit. But, according to Sophos, one in five Macs actually harbors some kind of Windows-orientated malware.

 

TweakTown image news/2/3/23743_05_20_of_macs_house_windows_malware.jpg

 

The company looked at results over seven days from 100,000 Apple machines using its free anti-virus program, with 20-percent having one or more instances of Windows-based malware. Sophos have warned of this before, where last year they tested 50 USB drives lost in public. To their surprise, as well as mine, two thirds of these were infected. That's 33-percent! Seven of these owners of lost USB flash drives owned a Mac.

 

In their latest study, Sophos found that just 2.7-percent of the infected Macs actually contained harmful malware, with 75-percent of it being Flashback variants. Of the 20-percent harboring Windows malware, 12.2-percent carried Bredo, a three-year-old Trojan. Sophos does note that some machines contain malware samples that go back to 2007. Sophos have said the following:

Continue reading '20% of Macs house Windows malware' (full post)

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases