Doug Vitale Tech Blog

July-August 2014 News Archive

Vault: The Linux Foundation’s new storage-focused tradeshow

ZDnet, 29 Aug 2014 – Here’s a secret that most server administrrators know, but few outside the datacenter and server room know: Most big data stores, and the cloud’s petabytes of storage, are all based on Linux. Amazon Web Services S3 storage and the like may look simple but behind the interface there’s a complicated web of storage devices, services, and file systems based on Linux. In recognition of this, The Linux Foundation, has announced a new conference, Vault. [More]

Netcore, Netis routers have hardcoded password, Trend Micro says, 25 Aug 2014 – A line of routers from a China-based manufacturer has a serious flaw that could allow a hacker to monitor someone’s Internet traffic, according to research from Trend Micro. The routers are sold under the Netcore brand name in China and Netis outside of the country. [More]

US warns ‘significant number’ of major businesses hit by Backoff malware

Computerworld, 22 Aug 2014 – More than 1,000 major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff” and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday. [More]

New cybersecurity tool lets us predict website hacks before they happen

DailyDot, 21 Aug 2014 – Building on cutting edge machine-learning and data-mining techniques, a pair of Carnegie Mellon University researchers have built a new tool designed to accurately predict which Web servers will be hacked before any hacking actually takes place. [More]

UPS Reveals Data Breach

GovInfoSecurity, 21 Aug 2014 – UPS is warning that subsidiary UPS Stores suffered a point-of-sale malware attack that compromised numerous card transactions over a seven-month period. All told, 51 of its U.S. franchised center locations across 24 states were infected, which may have resulted in attackers compromising customers’ personal information and payment card details, including some Social Security and driver’s license numbers, thus placing them at risk of identity theft and fraud. [More]

Mathematical Obfuscation Against Hackers Is Focus of New Cybersecurity Center

IEEE Spectrum, 14 Aug 2014 – Turning computer code into a kind of math puzzle may hold the key to protecting software from hackers. A consortium of universities developing the idea, called mathematical obfuscation, recently received a $5 million grant from the U.S. government as part of a broader cybersecurity initiative. [More]

Internet outages expected to abate as routers are modified, rebooted

InfoWorld, 14 Aug 2014 – A flood of updates to databases inside Internet routers caused intermittent outages on Wednesday and connectivity issues for companies, but experts expect the long-forecasted hiccup to be resolved soon. [More]

Snowden: The NSA Caused Syrian Internet Blackout

National Journal, 13 Aug 2014 – The National Security Agency inadvertently brought Syria’s Internet to a screeching halt nationwide in 2012 after a failed attempt to hack into the war-torn country’s communications data, according to a new claim by Edward Snowden. [More]

Network-Attached Storage more vulnerable than routers, researcher finds

PCWorld, 7 Aug 2014 – A security review of network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code. [More]

Russian Hackers Amass Over a Billion Internet Passwords

New York Times, 5 Aug 2014 – A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say. [More]

Multifunction printer p0wnage just getting worse, researcher finds

The Register, 5 Aug 2014 – It is now easier than ever to hack corporate networks through multifunction printers, which can even offer up access to Active Directory accounts according to security consultant Deral Heiland. The tech veteran said his team now gains access to corporate Active Directory credentials through credentials stored in the latest printers in one in every two attempts. Four years ago they had only a 10 to 15 percent success rate. [More]

Malware Can Evade Antivirus Code-Emulation Feature

Softpedia, 5 Aug 2014 – A researcher has found that the code emulation environments in antivirus products have weaknesses that can be leveraged by malware to bypass protection. Researcher Kyle Adams created a piece of malware capable of evading detection by major antivirus products, but it could not escape the code-emulation feature available in the free version of AVG. [More]

USB Flash Drives Are More Dangerous Than You Think

IEEE Spectrum, 4 Aug 2014 – You would have had to be living on the moon not to know by now that USB flash drives are a serious security risk: They spread computer viruses the way reused needles spread real ones. If you didn’t realize that before, news that the Stuxnet computer worm (which hobbled Iran’s uranium-enrichment program) was distributed through infected flash drives should have clued you in. Now specialists at Security Research Labs in Berlin say that many other types of USB peripherals can also spread malware. [More]

Why your online identity can never really be erased

CSO Online, 4 Aug 2014 – One seemingly unshakeable truth about the online world since it began is this: The Internet never forgets. Once you post anything online, it is recoverable forever. Even promises of photos disappearing after a few seconds have been shown to be bogus. But that doesn’t mean people won’t try to erase the Internet’s memory. [More]

Facebook Data Privacy Class Action Joined By 11,000 And Counting

Tech Crunch, 4 Aug 2014 – The ‘Europe vs Facebook’ privacy campaign group has kicked off a new legal initiative targeting Facebook in the form of a class action lawsuit that’s inviting adult non-commercial Facebook users located anywhere outside the US and Canada to join in. [More]

DarkMatter: curing the Internet of digital threats

Tech Republic, 1 Aug 2014 – Every five seconds, 8 million Norse Corp.-controlled honeypots are polled for threat intelligence. Then the data is analyzed, manipulated, and presented to the Live Threat Map web application. [More]

US Judge rules against Microsoft in cloud privacy

Petri, 1 Aug 2014 – In a long running and public battle, a ruling from US district judge Loretta Preska has potentially driven a stake through the heart of American-owned cloud computing when she ruled that Microsoft must turn over emails stored in an Irish data center to the Federal Bureau of Investigation (FBI). [More]

Attack on Tor Has Likely Stripped Users of Anonymity

Gizmodo, 30 July 2014 – Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted. This is very bad news for Tor, which is heralded for its ability to conceal users from surveillance. [More]

Android’s factory data reset comes up short

Tech Republic, 29 July 2014 – Resetting an Android device using the factory data reset is supposed to remove the owner’s data. According to AVAST researchers it does not. Those having expertise in digital forensics and the right software tools are finding bits and pieces of personal information — important remnants people more than likely would rather not see publicized. [More]

Hackers seed Amazon cloud with potent denial-of-service bots

ArsTechnica, 28 July 2014 – Attackers have figured out a new way to get Amazon’s cloud service to wage potent denial-of-service attacks on third-party websites—by exploiting security vulnerabilities in an open source search and analytics application known as Elasticsearch. [More]

Security automation: Are humans still relevant?

GCN, 25 July 2014 – Cybersecurity is being pushed in two directions. On the one hand, the growing complexity of information systems and the onslaught of threats facing them are putting a premium on speed. Automation is the future of security, said Matt Dean, vice president of product strategy at FireMon. On the other hand, Randy Hayes, who leads Booz Allen’s global predictive intelligence business, said more humans are needed in the loop. [More]

Russia offers 4 million to crack Tor

Global Voices, 24 July 2014 – The Russian government is offering almost 4 million rubles (about USD $100,000) to anyone who can devise a reliable way to decrypt data sent over the Tor anonymity network. A mounting campaign by the Kremlin against the open Internet, not to mention revelations in the United States about government spying, have made Tor increasingly attractive to Russian Internet users seeking to circumvent state censorship. [More]

How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others

Wired, 24 July 2014 – At the Black Hat conference in Las Vegas next month Ragan and Salazar plan to reveal how they built a botnet using only free trials and freemium accounts on online application-hosting services—the kind coders use for development and testing to avoid having to buy their own servers and storage. The hacker duo used an automated process to generate unique email addresses and sign up for those free accounts en masse, assembling a cloud-based botnet of around a thousand computers. [More]

Hackers bypass online security at 34 banks

WSJ Market Watch, 23 July 2014 – Cybercriminals are sneaking past security protections to access online accounts across 34 banks in Switzerland, Sweden, Austria and Japan. The attack can get past two-factor authentication, which requires customers to type in a code sent to their cellphone or inbox to ensure the user is who he or she claims to be, by convincing customers to download a malicious smartphone app, according to a report released Tuesday by the security firm Trend Micro. [More]

‘Share’ button may share your browsing history, too

Science Daily, 22 July 2014 – One in 18 of the world’s top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in ‘share’ buttons. The researchers traced 95 percent of canvas fingerprinting scripts back to a single company. [More]

Forensic scientist identifies suspicious ‘back doors’ running on every iOS device

ZDNet, 21 July 2014 – During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like ‘lockdownd,’ ‘pcapd,’ ‘mobile.file_relay,’ and ‘house_arrest’) that run in the background on over 600 million iOS devices. [More]

New technique could boost Internet speeds 10x

GizMag, 21 July 2014 – Researchers at Aalborg University, MIT and Caltech have developed a new mathematically-based technique that can boost internet data speeds by up to 10 times, by making the nodes of a network much smarter and more adaptable. The advance also vastly improves the security of data transmissions, and could find its way into 5G mobile networks, satellite communications and the Internet of Things. [More]

Verizon FiOS getting faster upload speeds to match downloads

PC World, 21 July 2014 – In a rare show of generosity from an Internet service provider, Verizon plans to boost FiOS upload speeds to match customers’ download speeds at no extra charge. [More]

EFF invites hackers to crack Open Wireless Router

EFF, 20 July 2014 – EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks. We are offering this hacker alpha release to engage enthusiastic technical users who would like to help us test, develop, improve, and harden the Open Wireless Router. [More]

Leaked British Spy Catalog Reveals Tools to Manipulate Online Information

IEEE Spectrum, 17 July 2014 – No online communication is “for your eyes only” in the age of Internet surveillance by government spy agencies. But a leaked British spy catalog has revealed a wide array of online tools designed to also control online communication by doing everything from hacking online polls to artificially boosting online traffic to a particular website. [More]

Criminal Software, Government-Grade Protection

New York Times, 16 July 2014 – Researchers at a software security company say they have found a popular type of criminal software inside an extremely sophisticated “evasion code,” which they say was previously used by Russia to spy on one or more Eastern European governments. The researchers named the malware Gyges. [More]

The Changing Perception of Amazon Web Services (AWS) in the Hosting Industry

Web Host Industry Review, 15 July 2014 – Two years ago at HostingCon Boston, the majority of attendees dismissed AWS so I was excited to explore how opinions may have changed. Industry leader AWS accounted for 37 percent of the $9 billion infrastructure as a service (IaaS) market in 2013, according to analysts from equity research firm Evercore. The IaaS market is growing by 45 percent, but AWS has a growth rate of 60 percent. [More]

Critical flaw in Active Directory could allow for password change

CSO, 15 July 2014 – Aorato used public information to craft a proof-of-concept attack that shows how an attacker can change a person’s network password. The company’s research focuses on NTLM, an authentication protocol that Microsoft has been trying to phase out for years. [More]

Bell Labs Sets New Record for Internet Over Copper

IEEE Spectrum, 14 July 2014 – Traditional copper telephone lines can now run ultra-fast broadband service, at least in the lab. Bell Labs, the research arm of Alcatel-Lucent, has developed a prototype technology that can deliver upload and download speeds of up to 10Gbps simultaneously. The technology, XG-FAST, is an extension of a new broadband standard,, which will be commercially available next year. [More]

Pentagon: Missile defenses vulnerable to cyber attack

Flash Critic, 14 July 2014 – The director of the Pentagon’s Missile Defense Agency told Congress last week that U.S. missile defenses are vulnerable to cyber attacks that could disrupt its sophisticated networks of sensors and guidance systems use in targeting enemy missiles. [More]

Beware Keyloggers at Hotel Business Centers

Krebs On Security, 14 July 2014 – The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. [More]

‘Dragonfly’ Prompts Lockdown Of Windows-Based Industrial Control Systems

Water Online, 10 July 2014 – With the most recent cyber espionage campaign of the “Dragonfly” group publicly identified as having used various malware tools including Havex (Backdoor.Oldrea) and the Energetic Bear RAT (Remote Access Tool), now is the perfect opportunity to harden those Microsoft Windows-based industrial control systems (ICS). [More]

GameOver Zeus Mutates, Launches Attacks

Malcovery, 10 July 2014 – Today Malcovery’s analysts identified a new trojan based heavily on the GameOver Zeus binary. It was distributed as the attachment to three spam email templates, utilizing the simplest method of infection through which this trojan is deployed. [More]

Chinese Hackers Switched Targets to U.S. Experts on Iraq

CIO, 8 July 2014 – A sophisticated Chinese hacker group that had been stealing information from U.S. policy experts on nearby Southeast Asia suddenly changed targets last month to focus on the Middle East — Iraq, in particular — security researchers said. The group, called “Deep Panda,” switched from exploiting one area of expertise to another because of the march of the Islamic State of Iraq and the Levant (ISIS) towards Baghdad. [More]

How your local library can help you resist the surveillance state

Waging Nonviolence, 8 July 2014 – It’s often said that most people nowadays have given up on privacy and simply accept the loss of control over their data. But the fact is that 86 percent of adult Internet users in the United States have taken some sort of step to protect their identity or activity online. Libraries have also tended to take a strong stand on privacy. The third principle in the American Library Association’s Code of Ethics is, “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” [More]


Written by Doug Vitale

September 9, 2014 at 12:45 PM

%d bloggers like this: