May 25, 2013

You are here: Home / Archives for Security Report

Theoretical Weaknesses in AES Discovered

August 19, 2011 by

(LiveHacking.Com) - The Advanced Encryption Standard (AES) encryption algorithm used by the U.S. government has been the subject of much research since it was adopted in 2001. The latest research by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger has discovered a way to reduce the number of keys needed to perform a brute force attack by more than a factor of 3.

The research has shown that by using a method of attack known as Biclique Cryptanalysis the effective key lengths of 128, 192 and 256 bits are reduced to 126, 190 and 254 bits. According to the authors, as this attack is of high computational complexity, it does not threaten the practical use of AES in any way.

To break a cipher by brute force requires that every key combination is tested to see if it successfully unlocks the encrypted data. For a 128 bit key this means that there are 2128 possible keys. If a computer could test 1,000,000,000 keys per second it would take 10,000,000 quadrillion years to break the code.

The new attack against AES reduces a 128 bit key to effectively a 126 bit key. This means the same data could now be decrypted in just 2,690,000 quadrillion years!

Even if the key could be reduced to just 264 key possibilities it would still take about 500 years to decipher the data.

However, in 2002 a distributed network of some 300,000 computers all over the world, known as distributed.net, was able to find a 64-bit RC5 key using brute force attack in just under 5 years.

It was estimated that this network of computers had a throughput of over 30 teraFLOPS (30,000,000,000,000). This was in the age of single core 1.3Ghz Pentium 4 CPUs and limited access to GPUs for deciphering.

A modern super-computer can compute at 2 petaFLOPS. Although this is a measure of its raw computing power, for illustration we can imagine that it can test keys at 2 petaFLOPS (which it can’t). That means it could break a 128 bit key in 5 quadrillion years. Or a 126 key in only one quadrillion years. However, such a computer can break a 64 bit key in just 2.5 hours.

To quote the U.S. National Security Agency, “Attacks always get better; they never get worse.”

What this new research means is that it is possible to reduce the effectiveness of AES. Further research will most likely yield other weaknesses. If the keys can be reduced even further then the time needed to break them will also reduce.

Filed Under: Cryptography, Security, Security Report Tagged With: , ,

Adobe Flash Player Responsible for 7 of Top 10 Vulnerabilities

August 16, 2011 by

(LiveHacking.Com) - Kaspersky Lab has published its malware report for the second quarter of 2011 and it has found that seven of the current top ten vulnerabilities are in Adobe Flash Player and the other three in Java. This means that for the first time Microsoft products have disappeared from this list. Kaspersky put this down to “improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.”

According to the report, navigating the web remains the riskiest activity on the Internet, with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects online.

In terms of geography, every second computer in India was at risk of local infection at least once in the past three months.

“Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated,” explains Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab. “Botnet controllers see India as a place with millions of unprotected and un-patched computers which can remain active on zombie networks for extended periods of time.”

Whereas the five safest countries in terms of the level of local infections are: Japan, Germany, Denmark, Luxembourg and Switzerland.

The report also warns users about fake antivirus programs. During the second quarter of 2011, the number of fake antivirus programs detected globally by Kaspersky Lab began to increase: the number of users whose computers blocked attempts to install counterfeit software increased 300 per cent in just three months.

Filed Under: Antivirus, Malware, Security Report Tagged With:

Windows XP is Petri Dish For Rootkit Infections

July 29, 2011 by

(LiveHacking.Com) – A six month study, by the AVAST Virus Lab, has found that 74% of rootkit infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines.

Window XP is the most common PC operating system with around 49% of avast! antivirus users running it compared to the 38% with Windows 7 and the 13% with Vista.

And the problem seems to be that there are a large number of pirate copies of XP which don’t run automatic updates as they can’t be validated by the Windows Genuine Advantage validation process. This leaves the out-of-date and upatched OS open to all kinds of attack, even old ones long patch by Microsoft.

“Because of the way they attack – and stay concealed – deep in the operation system, rootkits are a perfect weapon for stealing private data” said Przemyslaw Gmerek, the AVAST expert on rootkits and lead researcher.

Cybercriminals are continuing to fine-tune their attack strategy with the Master Boot Record (MBR) remaining their favorite target for even the newest TDL4 rootkit variants.
The study found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections. Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

Experts from AVAST Software will be attending the upcoming Blackhat events in Las Vegas on August 3-7, 2011.

Filed Under: Antivirus, Security Report Tagged With: , , , , , , ,

US Government Warns (Again) that Stuxnet Variants Could Target Critical US Systems

July 28, 2011 by

(LiveHacking.Com) – It was this time last year that the world first heard about Stuxnet, the computer worm that launched the first successful cyberattack on infrastructure facilities – namely Iran’s nuclear programme. In a US House of Representatives committee hearing, Roberta Stempfley and Sean P. McGurk from the DHS’s Office of Cyber Security and Communications revealed that the US Government is concerned that cyber-terrorists could use variants of Stuxnet to attack other installations that use programmable control systems.

Their comments echo testimony given in March of this year to a Homeland Security House Subcommittee by Deputy Under Secretary Philip Reitinger.

According to both testimonies (which are word for word the same) “copies of the Stuxnet code, in various different iterations, have been publicly available for some time now.” As a result “the Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems.”

ICS-CERT and the NCCIC remain vigilant and continue analysis and mitigation efforts of any derivative malware.

Filed Under: Security, Security Report Tagged With: ,

Top 10 Passcodes to Avoid Using on Your iPhone

June 14, 2011 by

Daniel Amitay, the developer of Big Brother Camera Security, added some code his app to anonymously record common user passcodes and the results are quite interesting. The app collected 204,508 passcodes and Daniel discovered that 10 common passcodes were used in over 15% of the cases. This means that you have a greater than 1 in 10 chance of breaking into someones cell phone by just trying the ten most common passcodes listed below.

  1. 1234 – 8,884 uses or 4.34%
  2. 0000 – 5, 246 or 2.5%
  3. 2580 – 4,753
  4. 1111 – 3,262
  5. 5555 – 1,774
  6. 5683 – 1,425
  7. 0852 – 1,221
  8. 2222 – 1,139
  9. 1212 – 944
  10. 1998 – 822

As expected, 1234 is the most common passcode and the other passcodes follow typical formulas, such as four identical digits (0000,1111,5555,2222) or moving in a line up or down the pad (2580 & 0852). 5683 isn’t instantly clear, but if you look carefully at the letters on the numbers you will see it spells “love”.

In 2010 Imperva released a study analyzing 32 million passwords and found that the 10 most commonly used passwords for computers and Internet accounts were:

  • 123456
  • 12345
  • 123456789
  • Password
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • 12345678
  • abc123
Filed Under: Security, Security Report, Smartphone Tagged With: , , , ,

Useful Resource: CERT Société Générale Incident Response Methodologies

May 27, 2011 by

CERT Société Générale handles the information security incidents and cybercrime issues relating to the French financial services company Société Générale Group. As part of its work it produces short cheat sheets summarizing the best practices for incident handling. They are a valuable resource for any IT professional doing any work or study related to information security.

The latest publication is about malicious network behavior. It is a set of guidelines on handling suspicious network behaviour and covers:

  1. Preparation
  2. Identification
  3. Containment
  4. Remediation
  5. Recovery
  6. Aftermath

For those interested in what to do during an attack, CERT Société Générale recommends that you:

  1. Disconnect the compromised area from the network.
  2. Isolate the source of the attack. Disconnect the  affected computer(s) in order to perform further investigation.
  3. Terminate unwanted connections or processes on  affected machines.
  4. Use firewall/IPS rules to block the attack.  
  5. Use IDS rules to match with this malicious behaviour  and inform technical staff on new events.

Here is the full list of IRM documents:

Filed Under: Security, Security Report Tagged With: ,

Nearly 700% More Botnet Victims in 2010 Compared to 2009

February 18, 2011 by

Security company Damballa has released a botnet threat report for 2010 and it isn’t pleasant reading. According to the report there has been a dramatic increase in Internet crime and targeted botnet attacks during 2010. At its peak the total number of unique botnet victims grew by nearly 700%, with an average incremental growth of 8% per week.

Damballa credit the increase in the number of botnets to the increased popularity of do-it-yourself (DIY) botnet construction kits and exploit packs (as 60% of the 2010 botnets didn’t exist in 2009), coupled with the effectiveness of the TDL master-boot-record (MBR) rootkit technology.

According to Damballa the top ten botnets for 2010 were:

  1. TDLBotnetA (RudeWarlockMob)
  2. RogueAVBotnet (FreakySpiderCartel)
  3. ZeusBotnetB (FourLakeRiders)
  4. Monkif
  5. Koobface.A
  6. Conficker.C
  7. Hamweq (GraySunGirls)
  8. AdwareTrojanBotnet (WickedRockMonsters)
  9. Sality
  10. SpyEyeBotnetA (OneStreetTroop)

Damballa’s report is on par with a report issued recently by the EU’s statistics office which revealed that nearly a third of PCs in Europe were infected with a virus in 2010.

Filed Under: Malware, Security Report Tagged With:

One-third of Internet Users in Europe Were Infected by Malware in 2010

February 8, 2011 by

Today is Safer Internet Day and as part of the campaign to raise awareness of the many dangers of the Internet Eurostat, the European Union’s statistical office, has released some malware (including viruses, worms and Trojans) infection statistics for the EU.

In some countries in the EU over 50% of Internet users had malware problems in 2010. But even in the best countries the infection rates are alarming. 22% of German Internet users reported infections and 31% in the UK.

These malware infections resulted in 3% of the EU Internet savvy population suffering financial loss and 4% reported privacy and information loss or abuse.

According to the survey 84% of the participants use security software and tools (including anti-virus, anti-spam, firewall, etc).

Analysis: Malware threats are real and your safety online is paramount. Ensure you are using good anti-virus/anti-malware software, that you have a firewall in place and that your OS and browser are up to dat.

Filed Under: Malware, Security Report Tagged With: , , ,

61% of all Web-based Malware Created With DIY Kits

January 20, 2011 by

Symantec has released a new report on attack toolkits and their increasing use for creating DIY malware. Since attack toolkits can be used by novices and experts alike the new report has found that these DIY malware kits are now being used by more traditional criminals to create new waves of organized cybercrime.

As an example, the Symantec point to the case of the ZeuS attack kit which steals bank account credentials. In September 2010 police broke a ring of cybercriminals who, it is alleged, used a ZeuS botnet in the theft of more than $70 million from online banking and trading accounts over an 18-month period.

Other popular packs include MPack, Neosploit, ZeuS, Nukesploit P4ck, and Phoenix. The increased popularity of these attack kits has spawned an underground economy in the buying and selling of these suites. For example in 2006, WebAttacker, a popular attack toolkit, sold for $15 on the underground economy. In 2010, ZeuS 2.0 has been advertised for up to $8,000.

“In the past, hackers had to create their own threats from scratch. This complex process limited the number of attackers to a small pool of highly skilled cybercriminals,” said Stephen Trilling, senior vice president, Symantec Security Technology and Response. “Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”

The prediction for 2011 is that as more and more traditional criminals enter the foray the number of attacks will increase.

Filed Under: Malware, Security Report Tagged With: , , , ,

Online Banking SMS Authentication Messages Open To Attack

January 18, 2011 by

RSA LogoRSA are publishing a report warning of increasing attempts by cyber criminals to intercept online banking SMS messages which are used to authenticate users for online services.

Authentication tokens (normally a randomized six digit number or similar code) sent by SMS are becoming more and more popular. For example, The Commonwealth Bank of Australia claims that 80% of its online customers use their NetCode SMS service for authentication and have recently announced that the service will now be mandatory for “higher risk” transactions. The knock-on effect will be that hackers will increase their efforts to intercept these SMS messages to gain access to online accounts.

This warning comes at a time when it is now possible to eavesdrop GSM phones with cheap off-the-shelf equipment. Of course, a two step authentication process (username/password and then authentication token) is much better than just simple login authentication. However a better and more secure approach is the use of a hand held card reader which in combination with your bank card and PIN generate a unique, one-time code for use during login.

You can read more about this on ZDNet Australia.

Filed Under: Security, Security Report, Smartphone Tagged With: , , ,
«Older Posts
Newer Posts»