StopTheHacker: A Website Security Company That Doesn’t Care About Security

They are many companies providing hack/malware cleanup services for websites that are based around providing detection that a website has been compromised. This isn’t really necessary as a properly secured website is very unlikely to be compromised. Unfortunately, from what we have seen of these services, when they do a cleanup they don’t actually determine how the website was hacked in the first place, fix that issue, and make sure the website is otherwise secured (including updating any software running on the website). Doing those things are fundamental components of a proper cleanup and they website will remain vulnerable if they are not done.

Too often we have clients that come to us after having hired one of these services and had their website continue to be hacked. The client ends up paying to have the website cleaned up twice (or more) and suffering additional costs related to the continued issue with their website instead having it fixed the first time.

Our experience has also been that these services are not good at actually detecting hacks, so your website is not only left vulnerable to being hacked again, but you may not even get alerted that it has been hacked again. Detecting that website has been hacked quickly instead of preventing it from being hacked is also of little use in some instances. For example, if your website is hacked and your customer’s information is compromised no matter how fast afterwards that it gets detected, the damage has already been done and the information is in the hands of the hacker.

This brings us to StopTheHacker, which based on their name you would assume would be focused on actually protecting websites from hackers. Unfortunately for their customers that isn’t the case. If you look at the features of their service they are mainly focused on detecting that a website has already been hacked instead of making it secure in the first place. That would be bad on its own, but if you are using our Meta Generator Version Check extension, which is available for Chrome and Firefox, and you visit their website you will find something even more surprising:

StopTheHacker is Running WordPress 3.4.2

That’s right a website security company is failing to take the basic security measure of keeping software running their website up to date, which in the case of WordPress is very easy to do. Not only has StopTheHacker failed to update WordPress for over six months, but they failed to update when a security release was put out back in January.

If StopTheHacker actually did the “Vulnerability Assessments” they claim to do as part of their service, they would be aware that their own website is insecure. Or maybe they don’t use their own service? That would say a lot about what they think of it, wouldn’t it?

A company shouldn’t have anything to do with website security if they don’t care about the security of their own website like the StopTheHacker clearly does not, so we strongly recommend you avoid StopTheHacker and focus on doing the things that will actually protect your website instead of using services like theirs that will leave your website insecure.

Mac malware signed with Apple ID infects activist’s laptop

F-Secure

Stealthy Mac OS X spyware that was digitally signed with a valid Apple Developer ID has been detected on the laptop of an Angolan activist attending a human rights conference, researchers said.

The backdoor, which is programmed to take screenshots and send them to remote servers under the control of the attackers, was spread using a spear phishing e-mail, according to privacy activist Jacob Appelbaum. Spear phishing is a term for highly targeted e-mails that address the receiver by name and usually appear to come from someone the receiver knows. The e-mails typically discuss topics the two people have talked about before. According to AV provider F-Secure, the malware was discovered during a workshop showing freedom of speech activists how to secure their devices against government monitoring.

The malware was signed with a valid Apple Developer ID allowing it to more easily bypass the Gatekeeper feature Apple introduced in the Mountain Lion version of OS X. If it's not the first time Mac malware has carried such a digital assurance, it's certainly among the first. Both F-Secure and Appelbaum said the backdoor, identified as OSX/KitM.A, is new and previously unknown. For its part, AV provider Intego said the malware is a variant of a previously seen trojan known as OSX/FileSteal. Intego continued:

Read 3 remaining paragraphs | Comments

Hacker serving 5-year sentence invents ATM add-on to prevent theft

Prototype of a system for preventing ATM theft.

A criminal serving a five-year sentence "for supplying gadgets to an organized crime gang used to conceal ATM skimmers" has invented a device that prevents ATMs from being susceptible to such thefts, Reuters reported today.

Valentin Boanta, who is six months into his sentence in a Romanian prison, developed what he calls the SRS (Secure Revolving System) which changes the way ATM machines read bank cards to prevent the operation of skimming devices that criminals hide inside ATMs.

Boanta's arrest in 2009 spurred him to develop the anti-theft device to make amends. "When I got caught I became happy. This liberation opened the way to working for the good side," Boanta told Reuters. "Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction. So that the other part, in which I started to develop security solutions, started to emerge."

Read 5 remaining paragraphs | Comments

“SpecialisRevelio!” Macs use Harry Potter spell to unlock secret “backdoor”

Aurich Lawson / Warner Bros. Entertainment

The Mac on your desk or on the cafe table next to you has a chip with secret functions that can be unlocked only by inputting a spell from the Harry Potter series. The SMC, or system management controller, is a chip used to regulate a Mac's current and voltage, manage its light sensor, and temporarily store FileVault keys. Turns out that the SMC contains undocumented code that is invoked by entering the word "SpecialisRevelio," the same magic words used to reveal hidden charms, hexes, or properties used by wizards in the Harry Potter series written by author J. K. Rowling.

That fun fact was presented Wednesday at the NoSuchCon security conference by veteran reverse engineer Alex Ionescu. While most details are far too technical for this article, the gist of the research is that the SMC is a chip that very few people can read but just about anyone with rudimentary technical skills can "flash" update. Besides displaying the Apple engineers' affinity for Harry Potter, Ionescu's tinkerings also open the door to new types of hacks. But don't worry because they're mostly the fodder for a hacking scene in a James Bond or Mission Impossible screenplay.

"The attacks discussed in my presentation are attacks that likely only a nation-state adversary would have the sufficient technical knowledge to implement, and they require precise knowledge of the machine that is being targeted," Ionescu, who is chief architect at security firm CrowdStrike, wrote in an e-mail to Ars. "They are perfect, for example, at a border crossing where a rogue country may need to 'take a quick look at your laptop' to 'help prevent terrorism.' I don't suspect most Mac users (and certainly not those that read Ars or other similar publications) would be at a high-profile enough level to warrant such level of interest from another state."

Read 8 remaining paragraphs | Comments