Monday, January 28, 2008

Trend With Web Site Attacks

Web site attacks are going the same route as malware. In early days computer viruses mostly did something fun or just destructed some or all of your data (mostly without any obvious reason). Now they are used to earn money - spam, cyber extortions etc. Most of modern malware is staying stealth to not interfere with normal computer operation and avoid detection.

Same is true for latest web site breaches - attackers just slightly modify legitimate web sites to spread malware to their audience.

SecurityFocus: Attackers favor compromise over creation
SecurityFocus: Legitimate sites serving up stealthy attacks
PCWorld: 10,000 Web Sites Rigged with Advanced Hack Attack

Wednesday, January 16, 2008

New Banking Trojan

This is really awesome. Latest piece of technology from trojan makers. Please note the ability to defeat best practice of "authenticate transactions, not just sessions". This once again underlines importance of endpoint security - you cannot be safe if your computer is compromised.

http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html

The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker's account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead. Since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan's code it can be seen that this feature is available to the attackers.

Tuesday, January 15, 2008

SANS: Top Ten Cyber Security Menaces for 2008

SANS has posted Top Ten Cyber Security Menaces for 2008.
To my mind this can be a good argument against low attention to securing employee Internet access and mobile devices.

New Boeing Vulnerable To Computer Attacks?

I wonder who makes such rubbish decisions? Isn't this in the school programme? :)

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.
Wired: "FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack"