Did Home Depot get struck by the same malware that attacked Target? How the FBI found the Silkroad server, and Reddit just got a big cash infusion… But is it enough?
Plus a nostalgic look back at the WORM drive & much more!
Direct Download:
MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube
RSS Feeds:
MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed
Become a supporter on Patreon:
Show Notes:
Reddit Raising Big Funding Round With Help From Y Combinator Contacts
Reddit, the social news site with a big Web footprint, is raising a big funding round — with help from some of the people who helped launch the site nine years ago, including co-founder Alexis Ohanian and other people associated closely with startup incubator Y Combinator.
Sources said the site has reached a preliminary agreement to sell less than 10 percent of the company for more than $50 million. That could give the company a valuation of upwards of $500 million.
Home Depot Hit By Same Malware as Target — Krebs on Security
The apparent credit and debit card breach uncovered last week at Home Depot **was aided in part by a new variant of the same malicious software program that stole card account data from cash registers at **Target last December, according to sources close to the investigation.
A source close to the investigation told this author that an analysis revealed at least some of Home Depot’s store registers had been infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.
BlackPOS also was found on point-of-sale systems at Target last year. What’s more, cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator[dot]cc, the same underground cybercrime shop that sold millions of cards stolen in the Target attack.
—
Other clues in the new BlackPOS malware variant further suggest a link between the cybercrooks behind the apparent breach at Home Depot and the hackers who hit Target. The new BlackPOS variant includes several interesting text strings. Among those are five links to Web sites featuring content about America’s role in foreign conflicts, particularly in Libya and Ukraine.
One of the images linked to in the guts of the BlackPOS code.
Three of the links point to news, editorial articles and cartoons that accuse the United States of fomenting war and unrest in the name of Democracy in Ukraine, Syria, Egypt and Libya. One of the images shows four Molotov cocktails with the flags of those four nations on the bottles, next to a box of matches festooned with the American flag and match ready to strike. Another link leads to an image of the current armed conflict in Ukraine between Ukrainian forces and pro-Russian separatists.
Dread Pirate Sunk By Leaky CAPTCHA — Krebs on Security
“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”
“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”
Doubts cast over FBI ‘leaky CAPTCHA’ Silk Road rapture • The Register
“The idea that the CAPTCHA was being served from a live IP is unreasonable. Were this the case, it would have been noticed not only by me — but the many other people who were also scrutinizing the Silk Road website. Silk Road was one of the most scrutinized sites on the web, for white hats because it was an interesting challenge and for black hats since it hosted so many Bitcoin (with little legal implication if you managed to steal them).”
Moreover, an externally hosted image would still be routed over Tor and any packet sniffer would be unable to detect the Silk Road’s IP address.
Cubrilovic claimed it was more likely the FBI found and exploited a security vulnerability or discovered an information leak in the Silk Road login page and application.
CenturyLink Said to Seek to Acquire Rackspace Hosting – Bloomberg
CenturyLink has discussed the idea with San Antonio-based Rackspace, which last month said it is still conducting an internal review of its strategic options, according to the people, who asked not to be identified talking about private information. One person said a deal may not be reached for the company, which had a stock-market valuation of $5.33 billion at the end of last week.
Odds of the deal going through are less than 50 percent unless Rackspace is willing to take payment in stock or enter a joint venture, Jaegers said. CenturyLink wants to avoid a debt downgrade that may come with financing a large deal, she said.
What is WORM (write once, read many)?
In computer storage media, WORM (write once, read many) is a data storage technology that allows information to be written to a disc a single time and prevents the drive from erasing the data. The discs are intentionally not rewritable, because they are especially intended to store data that the user does not want to erase accidentally. Because of this feature, WORM devices have long been used for the archival purposes of organizations such as government agencies or large enterprises. A type of optical media, WORM devices were developed in the late 1970s and have been adapted to a number of different media. The discs have varied in size from 5.25 to 14 inches wide, in varying formats ranging from 140MB to more than 3 GB per side of the (usually) double-sided medium. Data is written to a WORM disc with a low-powered laser that makes permanent marks on the surface.