Category: News

Apple 1sold

Apple’s first computer called Apple 1, sold at Sotheby’s auction for $374,500. The Apple 1 was made in 1976 by Steve Wozniak. Sold for $666.66 with fully assembled circuit board.

484506_669241929756350_1489316174_n

Hijacking airplanes with an Android phone

An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today.

hitb-plane-1

Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot for a year longer than that, has combined his two interests in order to bring to light the sorry state of security of aviation computer systems and communication protocols.

By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft by making virtual planes “dance to his tune.”

One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircraft equipped with the technology to receive flight, traffic and weather information about other aircraft currently in the air in their vicinity.

The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircraft and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter. Read More

Huge attack on WordPress sites could spawn never-before-seen super botnet

wp_bruteforce-640x455

 

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

“These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog postdescribing the attacks. Read More

The DDoS That Almost Broke the Internet

massive_attack.jpg.scaled500

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we’ve seen.

Growth Spurt

On Monday, March 18, 2013 Spamhaus contacted CloudFlare regarding an attack they were seeing against their website spamhaus.org. They signed up for CloudFlare and we quickly mitigated the attack. The attack, initially, was approximately 10Gbps generated largely from open DNS recursors. On March 19, the attack increased in size, peaking at approximately 90Gbps. The attack fluctuated between 90Gbps and 30Gbps until 01:15 UTC on on March 21.

The attackers were quiet for a day. Then, on March 22 at 18:00 UTC, the attack resumed, peaking at 120Gbps of traffic hitting our network. As we discussed in the previous blog post, CloudFlare uses Anycast technology which spreads the load of a distributed attack across all our data centers. This allowed us to mitigate the attack without it affecting Spamhaus or any of our other customers. The attackers ceased their attack against the Spamhaus website four hours after it started.

Other than the scale, which was already among the largest DDoS attacks we’ve seen, there was nothing particularly unusual about the attack to this point. Then the attackers changed their tactics. Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth. More on that in a second, first a bit about how the Internet works.

Peering on the Internet

The “inter” in Internet refers to the fact that it is a collection of independent networks connected together. CloudFlare runs a network, Google runs a network, and bandwidth providers like Level3, AT&T, and Cogent run networks. These networks then interconnect through what are known as peering relationships.

When you surf the web, your browser sends and receives packets of information. These packets are sent from one network to another. You can see this by running a traceroute. Here’s one from Stanford University’s network to the New York Times’ website (nytimes.com):

Read More

Underwater cable damaged: Internet speed plummets by 60% nationwide

internetbancensorshipfirewall

 

KARACHI:
Internet speed across Pakistan plummeted by nearly 60% on Wednesday when an underwater fiber optic cable was damaged in the Arabian Sea near Karachi.
South East Asia-Middle East-Western Europe (SEA-ME-WE) 4, one of the four submarine cables that connects the country globally via the internet, was damaged around noon on Wednesday – only a couple of weeks following the breakdown of India-Middle East-Western Europe (I-ME-WE) fiber optic cable that has yet to be repaired.
As a result, internet services in the country will likely remain disrupted for an indefinite period. Internet service providers were unable to provide a timeframe on when the problem will be resolved.
Shortly after the disruption, internet users across Pakistan faced a host of problems ranging from intermittent to slow internet connectivity. Many complained that their browsing speed had decreased significantly.
“This is a result of a fault in the undersea cable line to Pakistan through Alexandria, Egypt. The fiber optic undersea cable SEA-ME-WE-4 was affected beyond Egypt for currently unknown reasons,” Wateen Telecom said in a statement. Read More

RIP Aaron Swartz, A legendary Internet Activist

RIP Aaron Swartz

Aaron Swartz has committed suicide on January 11, 2013 in New York City.

I have long been fought if you write something about this extraordinary boy, but not dedicate a tribute would be a shame. Aaron Swartz has decided to leave a huge void in the IT scenario.

For me, as the entire world he is a legend, a guy that has profoundly changed our daily work.

Aaron Swartz is an eclectic persona; he is an hacker and active activist, co-founder of social news website Reddit and founder of the group Demand Progress. The EFF in a blog post states: “Aaron did more than almost anyone to make the Internet a thriving ecosystem for open knowledge, and to keep it that way. His contributions were numerous, and some of them were indispensable. When we asked him in late 2010 for help in stopping COICA, the predecessor to the SOPA and PIPA Internet blacklist bills, he founded an organization called Demand Progress, which mobilized over a million online activists and proved to be an invaluable ally in winning that campaign.” Read More

New Linux Rootkit Attacks Internet Users

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits.
About Rootkit : Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy. Based on research, the rootkit may have been created by a Russia-based attacker.
New Linux Rootkit Attacks Internet Users

Samsung printer having secret admin account Backdoor

US CERT warn about Some Samsung printers, including models the Korean company made for Dell, have a backdoor administrator account coded into their firmware.

This hard coded admin account in firmware could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.
Even if SNMP is disabled, this “backdoor administrator account” is still active and could be used by an attacker to access the printer. SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices. Read More

New Android Exploit Could Force Factory Reset remotely

 

Clicking one wrong link can cause malicious code to execute, which could do anything from infecting your computer with malware to, apparently, wiping your phone data completely. At the Ekoparty security conference, researcher Ravi Borganokar demonstrated at the Ekoparty security conference in Argentina last week, that how a single line of HTML code could be used to run a factory reset or even clear the SIM card on certain Samsung phones.
Malicious hackers can hide a code in a web page that will trigger a full factory reset of Samsung’s best-selling Galaxy S3 smartphone, deleting contacts, photographs, music, apps and other valuable data. Read More

Billions of Windows Users Affects with Java Vulnerability

Researchers at Security Explorations disclosed a new vulnerability in Java that could provide an attacker with control of a victim’s computer. The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operating systems are susceptible to the attack.
This Flaw allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421. Read More