del.icio.us
blinklist
digg
Facebook
Furl
ma.gnolia
Newsvine
Pownce
reddit
StumbleUpon
Technorati
Twitter
Facebook and Apple are compromised by the same Java exploit, and the details are quite interesting, Punkbuster service goes offline, taking down online game servers for 100s of users.
And a thorough look at report claiming the Chinese military is responsible for hundreds of system compromises.
Plus a big batch of your questions and more!
Thanks to:
Use our code tech295 to get a .COM for $2.95.
Something else in mind? Use go28off2 to save 28% on your entire order!
Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains
Direct Download:HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds:HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed |
Support the Show:
|
Show Notes:
Get TechSNAP on your Android:
Browser Affiliate Extension:
- Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox
- As discussed previously, Oracle accelerated Java 7u13 from its planned release date of Feb 19th to Feb 1st due to the flaws it fixed being exploited in the wild
- According to Oracle, this caused a number of fixes to not make the cut and so they have released Java 7u15 on the originally scheduled date to address those flaws
- The patch includes fixes for 5 vulnerabilities, 3 rated with a CVSS score of 10/10
- Patch Notes
- A watering hole attack was successfully executed against Facebook, Apple and other mobile developers
- Malware was found on the iPhoneDevSDK web forum. The site was apparently compromised by the attackers and the java applet was injected into the HTML to infect members of the site
- The zero-day exploit that was used is one of the ones patched in Java 7u13, and may have been the biggest reason behind Oracle accelerating the release of that patch
- The exploit used separate payloads to compromise machines running either Windows or MacOS
- This is one of the most widespread and successful attacks against Mac OS, and underscores the fact that with the growing popularity, OS X has become a real target for malware authors
- This may provide insight into the reasoning behind Twitter’s comments about disabling java in their announcement when 250,000 twitter users’ accounts were compromised
- It was also likely the reasoning behind Apple’s disabling of outdated java on all versions of OS X that upset some users
- The most worrying part of this attack is that it might have gone undetected if it were not for the Facebook Security Team finding suspicious activity on their internal network, including DNS queries to almost legit looking domains (Apple spelled wrong, a fake cloud storage service, etc)
- 100s or 1000s of other mobile app developers’ machines may have been compromised, and through them, the source code for their applications, meaning that there may be apps in your favourite app store containing code not but there by the author, but by an attacker
- It is recommended that anyone who visited the forum check their computers, and also check the revision history of their source code repositories and look for any unauthorized changes
- Facebook Announcement
- Additional Coverage
- Additional Coverage
- Punkbuster is an online anti-cheating/hacking service, that can take screenshots of gaming sessions and provide md5 hashes of files in the game directory to prove that files have been altered or that cheats are being used. Punkbuster also runs a blacklisting service which bans your hardware hash from all games that use the service
- The service is used by many online games, especially from publishers such as EA, Ubisoft and Activision
- On Wednesday February 13th, the Punkbuster service went down, making it impossible for gamers to connect to any server with the service enabled (all official and ranked servers are required to run Punkbuster)
- This again highlights the problems with replying on a 3rd party provider for critical services
- At the same time, if each studio or publisher had to maintain their own system, the service level may be worse, as the studios are unlikely to maintain dedicated teams to run the service
- Through a series of key presses, anyone with physical access to your iOS device can bypass the lock screen and gain access to your contacts
- Unauthorized users could make calls from your phone, access your voicemail, view and edit your contacts, or by attempting to add/change the photo for a contact, they can browse all photos stored on your phone
- an Apple spokesperson said: “Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.”
- No word on when we can expect an update from Apple
- An Ontario court ruled today that Police officers only need a warrant to search your phone if you have a password on it
- Mandiant has written a 76 page report detailing who they believe to be behind the attack on the New York Times and over 140 other organizations, the attackers have been dubbed ‘APT1’
- “APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.”
- APT1 is believed to have taken hundreds of terabytes of designs, drawings, intellectual property, intelligence, and other data from victims in english speaking countries
- 97% of the 1900+ attacks attributed APT1 originated from a set of IP addresses registered in Shanghai and from computers with the Simplified Chinese character set
- They have also identified 3 unique personas that play various roles in APT1
- The appendices of the report include a list of domain names that have been used by APT1, as well as MD5 hashes of known malware samples and SSL certificates
- The data is also available as definition files for Mandiant’s free tool Redline, for detecting APT1 threats
- Video evidence of an APT1 actor
- View the report and Appendicies
- A recruitment notice for PLA Unit 61398 from 2004 found on the website of Zhejiang University Translated
- Symantec has detected one or more attackers attempting to use the Mandiant report as bait, the .PDF attached to the emails actually drops Trojan.Pidief using CVE–2013–0641, an Adobe Acrobat remote code execution exploit
- Routing between LANs
- What volume configuration is going to give the best performance in FreeNas?
- Do PFSense Users Worry about uPnP?
- Securing his home Desktop?
- SSL to Identify the clients?
- Angry Birds on a hacked ATM – YouTube
- Educause (manages the .edu TLD) gets hacked, announcement email looks like phishing scam – Official Announcement
- Netcraft detects spike in ‘Proxy Auto Config’ attacks, routing only your traffic to specific webmail and banking sites via a proxy to steal your passwords
- How long do SSDs last? Assuming you write to them at the full 6Gb/sec, here are the numbers
- Opera moving to WebKit, jQuery developers hope this means more fixes to the buggy webkit
- US F–22s cannot communicate with allied planes – F–22s can receive but not transmit Link16 data (communications, datalink and radar sharing) – Speculation that this is why they were never used in Libya
- Ruby documentation engine (RDoc) vulnerable to XSS exploit
- SSH bruteforce attacks start going after other ports (1022, 2222, 10022, 22222 etc)
- Google reports hijacked gmail accounts down by 99.7% since 2011
- Blackberry .tiff file vulnerability could allow attackers to compromise Blackberry Enterprise Servers, and island hop to the rest of the network
TechSNAP 100 Limited Edition Shirt:
Limited time left on our limited run TechSNAP 100 T-shirt!