Feeds

Darren Pauli

Contact Mail Follow Twitter RSS feed

Adobe Reader sandbox popped says Google researcher

The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. The NTFS junction attack is a "race condition" in the handling of the MoveFileEx call hook Forshaw said. While unpatched, subsequent September updates made the …
Darren Pauli, 27 Nov 2014

Hacker dodges FOUR HUNDRED YEARS in cooler for SCANNING sites

A US hacker has dodged 440 years in prison for computer crime offences that amount to scanning sites with automatic tools and filling in web forms with junk data. The charges, since reduced to a misdemeanor, could have seen Fidel Salinas, 28, spending his remaining days working off a 440-year sentence. Salinas was alleged to …
Darren Pauli, 27 Nov 2014

Zero-day hacking group resorts to UNICORN SMUT-SLINGING

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier …
Darren Pauli, 26 Nov 2014

Privacy bods Detekt FinFisher dressed as bookmark manager

The Detekt privacy tool has discovered the FinFisher law enforcement spyware masquerading as a benign bookmark manager. Detekt was launched last week and offers users of Windows systems to inspect their machines for traces of known government spyware. FinFisher developed by Gamma Group International was sold to authorities …
Darren Pauli, 26 Nov 2014

Security seals clobbered ahead of Black Friday bonanza

This Black Friday, beware the shop with the security seal: researchers have shown that issuers of common good webkeeping seals of approval sometimes miss basic flaws, happily certify phishing sites and inadvertently function as a hackers' black book of vulnerable sites. The research examined the effectiveness of the top 10 …
Darren Pauli, 26 Nov 2014
Rickmote

Who's been writing in my apps? Googlilocks builds new apps-tracker

Google has bolstered the security of its Apps platform with new reports providing insight into the number of devices accessing the account over the past month. The Devices and Activity dashboard displayed all devices active on an account in the last 28 days and those still signed in. Google Apps security. Google Apps security …
Darren Pauli, 25 Nov 2014

Craigslist pushes punters to YouTube, hacker site

Craigslist is asking users to flush their DNS after one or more pranksters twice changed the DNS records of the popular flesh and furniture classifieds site so it redirects users to a website and video. The attack, launched on 23 November, saw some users to some pages redirected to a site previously used in 2008 to sell stolen …
Darren Pauli, 25 Nov 2014
Hacked sarcasm

Sony Pictures in IT lock-down after alleged hacker hosing

Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem. The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from …
Darren Pauli, 25 Nov 2014

Abbott scholarship leaker escapes conviction

Sydney whistleblower Freya Newman has been served a two-year good behaviour bond with no conviction after pleading guilty to illegally accessing and leaking documents about a scholarship awarded to the daughter of Australian Prime Minister Tony Abbott. Newman, 21, in May disclosed documents to journalists alleging Ms Abbott, …
Darren Pauli, 25 Nov 2014

Sony quietly POODLE-proofs Playstations

Sony has patched the POODLE SSL vulnerability in its Playstation 3 and 4 gaming consoles. The rolling patch, introduced over the last fortnight, brings Transport Layer Security into Playstation's browsers and apps. SSL 3.0 is dispelled, off the Padding Oracle on Downgrade Legacy Encryption attack. The patch is a 200MB mandatory …
Darren Pauli, 24 Nov 2014

'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described

A highly advanced malware instance said to be as sophisticated as the famous Stuxnet and Duqu has has been detected. "Regin" has security researchers opining it may be nastier than both. "Regin" malware is thought to have been developed by a nation-state because of the financial clout needed to produce code of this complexity. …
Darren Pauli, 24 Nov 2014
WordPress

DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS

An estimated 86 per cent of WordPress websites harbour a dangerous cross-site scripting (XSS) hole in the popular comment system plugin, in what researcher Jouko Pynnonen calls the most serious flaw in five years. The bug could provide a pathway for attacking visitors' machines. The WP-Statistics plugin lets attackers inject …
Darren Pauli, 24 Nov 2014
heart.germany

Get a job in Germany – where most activities are precursors to drinking

In Germany, employers are keen on certifications, the money's good and if you want to, you can spend weekends rolling wheels down country lanes. So says this week's expat superstar, Brit-turned-German-resident William Durkin, who adds that almost everything in Germany eventually leads to a drink. Or five. Over to you, William …
Darren Pauli, 23 Nov 2014
Paypal vulnerability

PayPal takes 18 months to patch critical remote code execution hole

Paypal has closed a remote code execution vulnerability some 18 months after it was reported. The flaws reported earlier this month rated critical by Vulnerability Lab affected a core Paypal profile application. "A system specific arbitrary code execution vulnerability has been discovered in the official in the official PayPal …
Darren Pauli, 21 Nov 2014

GCHQ and Cable and Wireless teamed as Masters of the Internet™

Cable and Wireless provided UK intelligence agency GCHQ with access to the internet connections of millions of global users, going as far as to tap India's second largest telco, Snowden documents reveal. The telco, since acquired by Vodafone, operated under the GCHQ pseudonym "Gerontic" when it opened and managed a secret fibre …
Darren Pauli, 21 Nov 2014
Kill Captchas

CAPTCHA rapture as 'thousands' affected by seven year-old bug

A reflected cross site scripting flaw patched overnight may affect millions of websites due to a seven-year-old flaw in a jQuery validation plugin demo script used for CAPTCHA, Dutch penetration tester Sijmen Ruwhof says. The "severe" vulnerability appeared to have existed in CAPTCHA since 2007 and could lead to session …
Darren Pauli, 20 Nov 2014

Azure TITSUP caused by INFINITE LOOP

The post via Tor (right) and what Aussies saw. The post via Tor (right) and what Aussies saw. © The Register A global balls-up of Redmond's Azure's caused by an infinite loop bug might have crept by those dwelling in the antipodes thanks to a seemingly fat-fingered admin who geo-blocked the region from reading the news. The …
Darren Pauli, 20 Nov 2014

GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches

Google's "encryption everywhere" claim has been undermined by Mountain View stripping secure search functions for BT WiFi subscribers piggy-backing off wireless connections, sysadmin Alex Forbes has found. The move described as 'privacy seppuku' by Forbes (@al4) meant that BT customer searches were broadcast in clear text and …
Darren Pauli, 20 Nov 2014
DDoS image

Asian mobiles the DDOS threat of 2015, security mob says

Vietnam, India and Indonesia will be the distributed denial of service volcanoes of next year due to the profieration of pwned mobiles, according to DDoS security bod Shawn Marck. Vietnam clocked in fifth place in the firm's latest threat report, in which India and Indonesia did not feature, outpaced by China, the US, Russia and …
Darren Pauli, 19 Nov 2014
spark fun electronics rotary dial mobile phone

Lame phone dodgers fleece finance's foolish and fat fingered

Scammers are attempting to fleece a hundred top US financial companies by registering phone numbers close to those in use by the firms, engineer Scott Strong says. Of some 600 top financial institutions across the US, 103 or about 20 percent had scammers register their numbers with only the last few digits altered in a bid to …
Darren Pauli, 19 Nov 2014
Micro SIM Card

SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems

A Russian research team has found vulnerabilities in millions of the world's SIM cards, and separate flaws in common 4G modem platforms. Together, the bugs could allow attackers to send crafted SMS text messages to gain access to critical systems and install malware on connected computers. In one dramatic and hypothetical …
Darren Pauli, 19 Nov 2014
Dougevault image

Gee THANKS: Cryptoscum offer a free decrypt in latest ransomware racket

Dougevault image Ransomware thieves are taking a leaf from the greasy salesperson's handbook and offering customers victims a free decryption of a file of their choosing, malware researcher Tyler Moffitt says. Scammers would foist the CoinVault ransomware on victims through a variety of attack vectors and encrypt their files …
Darren Pauli, 18 Nov 2014
Bittorrent logo detail

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found. The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using …
Darren Pauli, 18 Nov 2014
The standard USB 3 connector

USB coding anarchy: Consider all sticks licked

Thumb drives are so inconsistently manufactured it is all but impossible to know if any unit could be reprogrammed to own computers, researcher Karsten Nohl says. The conditions that determined if a unit could be hacked varied not only between vendors but also within product unit lines due to manufacturers buying different …
Darren Pauli, 18 Nov 2014
Tor

Attack reveals 81 percent of Tor users but admins call for calm

The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively …
Darren Pauli, 17 Nov 2014

LSI driver bug is breaking VSANs, endangering data

VMware says its VSAN virtual storage array is selling well, earning hardware-makers' attention and making plain the wisdom of the software-defined data centre. It may well be, but VSAN is also having some teething problems. Back in July, VMware was forced to change its recommended VSAN system configurationsbecause VSANs were …
Darren Pauli, 17 Nov 2014

VXers Shellshocking embedded BusyBox boxen

Malware writers have crafted new wares to attack embedded devices running BusyBox and not yet patched against the ShellShock vulnerability, researcher Rhena Inocencio says. Miscreants' tool of choice for such attacks is malware called "Bashlite" that, once executed on a victim machine, probes for devices such as routers and …
Darren Pauli, 17 Nov 2014

You really need to do some tech support for Aunty Agnes

Users who don't update their anti-virus may as well uninstall it according to infection rate statistics published by Microsoft. Redmond said in the seventeenth installment of its Security Intelligence Report that machines with outdated, deactivated or expired anti-virus platforms were just as prone to infection as those without …
Darren Pauli, 17 Nov 2014

Poll trolls' GCHQ script sock puppets manipulate muppets

A group of security professionals/online miscreants have found and themselves created thousands of online accounts to manipulate forum posts, popular news articles and mailing lists using techniques pioneered by the UK's GCHQ spy agency. Researchers Azhar Desa, Harron Meer and Marco Slaviero of Thinkst found posts created around …
Darren Pauli, 14 Nov 2014

Dormant IP addresses RIPE for hijacking

Spammers are using loop holes in the internet routing registry to commandeer address space and pump out junk mail, and potentially launch denial of service attacks and steal traffic. As explained by cyber crime reporter Brian Krebs and Cisco researcher Jaeson Schultz, IP addresses can be snatched by scammers who establish bogus …
Darren Pauli, 14 Nov 2014

US carder gets nine years in cooler, must pay back $50 MEELLION

Georgia carder Cameron Harrison has been sentenced to nine years jail and ordered to pay US$50.8 million in restitution for purchasing stolen credit cards from scuttled website carder.su. Harrison, 28, who used the handle Kilobit pleaded guilty to three charges and was sentenced overnight by Nevada District Judge Andrew Gordon …
Darren Pauli, 14 Nov 2014

Pay-by-bonk chip lets hackers pop all your favourite phones

Blood is flowing on the floor of the Pwn2Own challenge slaughterhouse, after whitehats hacked their way through an Apple iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire, most often by using Near Field Communications. The annual contest backed by HP, BlackBerry and Google, and run by HP's Zero Day Initiative …
Darren Pauli, 13 Nov 2014

'Chinese hackers' pop US weather bureau, flatten forecast feeds

Chinese hackers have breached the USA's weather forecasting systems, disrupting emergency and disaster planning in a hack one US congressman described as a cover-up, the Washington Post reports. The September hack was not discussed internally by the National Oceanic and Atmospheric Administration (NOAA) until 20 October and even …
Darren Pauli, 13 Nov 2014

DAY ZERO, and COUNTING: EVIL 'UNICORN' all-Windows vuln - are YOU patched?

Security researcher Robert Freeman has discovered an 18-year-old, critical, remotely-exploitable vulnerability di tutti vulnerabiliti which affects just about ALL versions of Windows - all the way back to Windows 95. The vulnerability (CVE-2014-6332) rated a critical score of 9.3 in all versions of Windows and was described as a …
Darren Pauli, 12 Nov 2014

Iranian contractor named as Stuxnet 'patient zero'

Malware researchers have named five Iranian companies infected with Stuxnet , identifying one as 'patient zero' from which the worm leaked to the world after causing havoc in the Natanz uranium plant. Joint research by Kaspersky Lab and Symantec found the organisations, contractors to Natanz, were targeted between June 2009 and …
Darren Pauli, 12 Nov 2014

EMET 5.0 crashes Patch Tuesday party

Microsoft has issued a new version of its Enhanced Mitigation Toolkit (EMET) to address a variety of compatibility issues in the system-hardening environment. Version 5.1 fixed compatibility and Export Address Table Filtering Plus (EAF+) issues with security updates for 64-bit Internet Explorer version 11, Adobe Reader, Adobe …
Darren Pauli, 11 Nov 2014

Hacker Hammond's laptop protected by pet password

Former LulzSec member Jeremy Hammond - once the FBI's most wanted and charged with hacking security firm Stratfor - seems to have failed to prevent police accessing his laptop due to a poor password. During a police raid in March 2012 he raced through a friend's Chicago home to shut and lock his laptop. But the effort appeared …
Darren Pauli, 11 Nov 2014

Mozilla makeover to boost Tor torque, capacity

Mozilla will tweak its flagship Firefox browser and host relays to speed up and boost the capacity of Tor under the Polaris project launched today. The browser baron joined the Tor Project and the Centre for Democracy and Technology, under the Polaris initiative, to create warmer, fuzzier relationships between the organisations …
Darren Pauli, 11 Nov 2014
Tommy lee image

Aussie feds consider job offer to 'LulzSec leader' who wasn't

Shackled hacker and supposed "leader of Lulzsec" Matthew Flannery is welcome to apply for a job with the Australian Federal Police (AFP_, the force says. Flannery was arrested last April as one of two crackers behind the defacement of the then-unpatched Narrabri shire council. He's since been sentenced to, and is serving, 15 …
Darren Pauli, 10 Nov 2014

Emoticons blast three security holes in Pidgin :-(

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but …
Darren Pauli, 10 Nov 2014

Russian internet traffic detours through China's Frankfurt outpost

Russian domestic internet traffic has in the past year sailed through Shanghai due to routing errors by China Telecom, network boffin Doug Madory says. The apparent networking gaffe appeared to stem from a BGP peering deal between the telco and top Russian mobile provider Vimpelcom to save money on transit operators. Dyn …
Darren Pauli, 10 Nov 2014
NHS Files on a desk

TORpedo'd dev dumps Doxbin files after police raids

An administrator of Tor hidden service site Doxbin taken down by the FBI last week has released log files in a bid to crowd-source an analysis of how the sites were captured. Former Doxbin admin NaChash (@loldoxbin) released the website files in hopes users would discover how it was discovered and shut down. His site was …
Darren Pauli, 09 Nov 2014
Routers

Belkin flings out patch after Metasploit module turns guests to admins

Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool. The flaw reported overnight targeted the Belkin N750 dual-band router – which was launched in 2011 and is still sold by the company and other commerce sites. IntegrityPT consultant Marco …
Darren Pauli, 07 Nov 2014

By the way, Home Depot hackers also grabbed 53 million email addresses

Hackers made off with a whopping 53 million email addresses as part of the high profile April breach of Home Depot in which 56 million credit cards were compromised, the company says. The haul bagged enough email addresses to contact everyone in England, but it was unknown if the information had been implicated in further …
Darren Pauli, 07 Nov 2014

Aussie spooks warn of state-sponsored online attacks during G20

Australia's top spy agency has warned of 'real and persistent' threats to organisations, agencies and individuals linked to the G20 leaders conference in to be held down under next week. The advice issued by the Australian Signals Directorate (ASD) warns that large diplomatic and defence conferences attract attacks such as …
Darren Pauli, 07 Nov 2014

Hide your Macs, iPhones and iPads: WireLurker nasty 'heralds new era'

The largest-scale attack of its kind on Apple Macs, phones and tablets – and believed the first to maliciously target non-jailbroken iPhones – has been detected. And it's hit thousands and thousands of devices in the wild. WireLurker infects OS X computers, and lies in wait for USB connections to Apple iPads and iPhones. It then …
Darren Pauli, 06 Nov 2014

NSA director: We share most of the [crap] bugs we find!

The National Security Agency (NSA) is only holding back a teeny, tiny number of code secrets, with director Admiral Mike Rogers promising the world the spook collective shares 'most' of the vulnerabilities it finds. The agency head made the remarks on his second visit to Silicon Valley since his appointment in April this year. …
Darren Pauli, 06 Nov 2014
Malware

158 new malware created EVERY MINUTE

Malware monitors PandaLabs says 227,747 new malware samples are released every day. The findings from its recent survey found 20 million samples were created in the third quarter of 2014. Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms. The number of trojans rose 13 percent over …
Darren Pauli, 06 Nov 2014

Huffy BlackEnergy vxers cry: 'f*ck U Kaspersky', thank Cisco for 0-days

Developers of the maturing malware weapon BlackEnergy have written a personal message for Kaspersky reverse engineers and Cisco developers in new code that targets Linux and router kit. Pesky malware researchers have kept an eye on BlackEnergy since it evolved from a denial-of-service attack tool to version two kit used by …
Darren Pauli, 05 Nov 2014

Google puts down POODLE, now wants to eradicate breed

A trio of Googlers have released a tool to help sysadmins identify applications and services open to nasty transport layer security vulnerabilities such as POODLE, Heartbleed and Apple's gotofail. The dryly named nogotofail tool, written by Android engineers Chad Brubaker, Alex Klyubin and Geremy Condra, allows devs to set up a …
Darren Pauli, 05 Nov 2014