The IRS

Posted on May 26, 2015 by Carmelo

Multiple sources, such as Krebs and Ars Technica, report that a lot of fraudulent activity has focused around the Get Transcript app on the IRS website.

To obtain a transcript online, all that was needed to start the process was a Social Security number and an active e-mail address. Once the e-mail address was confirmed as legitimate, the system would then ask a number of questions about personal, financial, and tax information—including date of birth, tax filing status, and address—before providing the transcript for download. The questions are knowledge based and are types of questions that the answers don’t change, which are highly vulnerable to fraud. This is the same type of information harvested from breaches such as the Anthem breach.

Bad guys used this feature to pull sensitive data on more than 100,000 taxpayers this year. The Government Accountability Office (GAO) estimates that thieves steal nearly $6 billion a year from state and federal coffers each year via tax refund fraud. Due to new tactics this year,  a huge spike in attempted fraudulent refund requests will occur.

Posted in Security Blog | Tagged , , , , , , | Comments Off on The IRS

Malachite

Posted on May 22, 2015 by Carmelo

Malachite

Posted in Security Blog | Tagged , , | Comments Off on Malachite

Adult Friend Finder Data Breach: Sexploitation?

Posted on May 22, 2015 by Carmelo

The hook up site, Adult Friend Finder, suffered a data breach. Close to four million users had their data taken. Data included personal details, including email addresses, user-names, dates of birth, postal codes and IP addresses.

Many members did not use details that were good enough to truly hide their identities and are easily found on social networks. Leaving them very susceptible to blackmail attacks. Many Adult Friend Finder members are just looking for a quick hook-up, sometimes married men, looking for a casual gay gang bang without their wife finding out, are perfect targets for blackmail/extortion.

The data from the breach was placed on a forum in the deep web.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Adult Friend Finder Data Breach: Sexploitation?

LogJam, FREAK’s Ugly Cousin

Posted on May 22, 2015 by Carmelo

A new encryption attack, called LogJam, has emerged that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services.

A man-in-the-middle (MitM) attack can be used to downgrade encrypted connections between a user and a Web/Email server to use extremely weaker 512-bit keys which can be easily decrypted. Just like the old FREAK attack that I wrote in March of this year.

  • The flaw allows an attacker to trick a web browser into believing that it is using a regular key, not the export key version.
  • Many PCs reuse the same large numbers to generate the keys, which makes them easier for attackers to crack.
  • The flaw has been present for more than 20 years affecting HTTPS, SSH, IPsec, SMTPS, and other protocols that rely on TLS.

The flaw impacts any server supporting DHE_EXPORT ciphers and all modern browsers. An estimated 8.4 percent of the top one Million sites and a significant percentage of mail servers are vulnerable to the new vulnerability because they support those export keys.

Hardcore technical details are here. To check to see if your browser is susceptible to LogJam, click here.

Posted in Security Blog | Tagged , , , , , | Comments Off on LogJam, FREAK’s Ugly Cousin

Damien Done with High School

Posted on May 22, 2015 by Carmelo

Part I

Pictured above, Jaime and Damien (and I taking the picture of course) with a celebratory meal at Damien’s favorite restaurant, Red Robin!
Damien just finished his last day of High School.

Next week is his graduation ceremony. Pictures to come.

Part II

Below are pictures from Damien’s graduation ceremony!

Posted in life | Comments Off on Damien Done with High School

Chris Roberts. Plane Hacker

Posted on May 18, 2015 by Carmelo

Chris Roberts tweeted what appeared to be a joke about “playing” with a United Airlines plane’s in-flight entertainment and crew-alerting system on April 15. Once he landed, he was questioned by the FBI for several hours. Some of his computer equipment was seized, and he was prevented from boarding another United flight.

After a search warrant was obtained, the FBI alleges Roberts told them he had taken control of the aircraft. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights, He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.

Chris Roberts is enjoying his fame, subject to a few memes on the Internet.
Screenshot from 2015-05-18 13:03:25

Apparently, this cartoon below is from several years ago… Very prophetic!

As for United Airlines, they say they will offer air miles as part of its new bug bounty program, but there are restrictions. Problems that affect onboard Wi-Fi, entertainment systems and avionics are off-limits.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Chris Roberts. Plane Hacker

18,000 Passwords from Pennsylvania State University’s College of Engineering

Posted on May 18, 2015 by Carmelo

A breach at Penn State launched an investigation that usernames and passwords from more than 18,000 people may have been accessed.

The FBI first alerted the university of the cyberattack in November 2014. The school then hired security firm FireEye and its cybersecurity forensic unit Mandiant to investigate the breach. It was through this investigation that Penn State discovered at least one of the two attacks was based in China.

Posted in Security Blog | Tagged , , , , , , | Comments Off on 18,000 Passwords from Pennsylvania State University’s College of Engineering

Starbucks Customers Targeted

Posted on May 13, 2015 by Carmelo

Starbucks customers have been targeted and money is being syphoned from the credit or debit card they have tied to their Starbucks accounts… Why would you even do this? No idea. But when you go for convenience, you usually sacrifice your security.

In order to perform this attack, the only thing the badguys need is the victims’ username and password for their Starbucks account, and they can get it either via phishing, or by testing leaked compromised username/password combinations for other online services, because let’s face it, most people have the same username and password for every online service they subscribe to.

Once the badguys have control of the account, they can transfer the money currently loaded on the gift card on the victims’ Starbucks app to another gift card they have control of, and which they can resell later and they can also buy gift cards and send them to accounts they control.

If the customervictim has enabled the auto-load feature on the account, additional amounts are automatically loaded into the Starbucks card and can be stolen in the same way. In one instance, a victim witnessed the scammers triple the auto reload amount she set and make off with that money as well.

If the victim is not aware of the attack, and ignores all the warning signs, these steps can be repeated until all the money on the associated payment card is drained.

Read more about it here.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Starbucks Customers Targeted

Virtual Environment Neglected Operations Manipulation: VENOM

Posted on May 13, 2015 by Carmelo

“Virtual Environment Neglected Operations Manipulation” or Venom, is a new vulnerability that could allow a hacker to infiltrate potentially every machine on a data center’s network, leaving millions of virtual machines vulnerable to attack, if they run QEMU…

Venom can allow attackers to overload one of the data structures used for communication by the faulty driver for the floppy disk controller driver emulator known as a hypervisor with too much data. This potentially allows attackers to crash the QEMU hypervisor, gain control of the physical computer and all virtual machines running on it, and possibly even access the network to which the physical computer is connected.

Here is a link to the CVE.

Other popular hypervisors are not impacted, like VMWare, Microsoft, etc.

Posted in Security Blog | Tagged , , , | Comments Off on Virtual Environment Neglected Operations Manipulation: VENOM

Microsoft Patching

Posted on May 7, 2015 by Carmelo

Historically, updates to fix security are called patches because back in the day when we used punch cards to program stuff, if we did something wrong, we would affix paper patches over the holes in the punch cards. True story!

Microsoft announced this week at its Ignite event that with the new Windows 10 operating system, individual security updates would be released as soon as they were available, instead of the monthly patch Tuesday.

Patch Tuesday has been a standard part of IT’s agenda for the past 12 years.

Posted in Security Blog | Tagged , , | Comments Off on Microsoft Patching