Google stops malicious advertising campaign that could have reached millions

Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.

In an attack that ended early Friday morning, visitors to Last.fm, The Times of Israel, and The Jerusalem Post ran the risk of their computers becoming infected as Zedo redirected visitors' systems to malicious servers. Because the advertisements hosted on Zedo's servers were distributed through Google's Doubleclick, the attack reached millions of potential victims, Jerome Segura, senior security researcher at Malwarebytes Labs, told Ars.

Distributing malware through legitimate advertising networks, a technique known as "malvertising," has become an increasingly popular way to compromise the systems of consumers and workers alike.

Read 9 remaining paragraphs | Comments

Home Depot’s former security architect had history of techno-sabotage

"We sell hammers" was the justification Home Depot managers gave for cheaping out on security to IT employees.

When Home Depot suffered a breach of transaction data that exposed as many as 52 million credit card transactions earlier this year, the company reportedly suffered from lax computer and network security measures for years. Apparently, the company wasn’t helped much by its selection of a security architect either. Ricky Joe Mitchell was hired by Home Depot in 2012, and in March of 2013, he was promoted to the position of Senior Architect for IT Security at Home Depot, in charge of the entire company’s security architecture. In May of 2014, Mitchell was convicted of sabotaging the network of his former employer.

When Mitchell learned he was going to be fired in June of 2012 from the oil and gas company EnerVest Operating, he “remotely accessed EnerVest’s computer systems and reset the company’s network servers to factory settings, essentially eliminating access to all the company’s data and applications for its eastern United States operations,” a Department of Justice spokesperson wrote in a release on his conviction. “Before his access to EnerVest’s offices could be terminated, Mitchell entered the office after business hours, disconnected critical pieces of…network equipment, and disabled the equipment’s cooling system.” As a result of his actions, the company permanently lost some of its data and spent hundreds of thousands of dollars repairing equipment and recovering historical data. It took a month to bring the company’s office back online, costing the company as much as $1 million in lost business.

And that wasn’t the first time he used technology for revenge. Mitchell’s previous legal troubles resulting from malicious use of his technical skills dates back to when he was a high school junior. In 1996, at the age of 17, Mitchell—who then went by the handle “RickDogg” in online forums—planted viruses in his high school’s computer system. He was suspended for three days from Capital High School for planting 108 computer viruses “to disk space… assigned to another student on the Capital High School computer system,” according to a school district memo obtained by the Charleston Gazette. He then posted threats to students whom he blamed for reporting him. Mitchell was expelled from the school and sued to be re-instated. The case eventually went to the West Virginia Supreme Court.

Read 2 remaining paragraphs | Comments

CloudFlare Introduces SSL Without Private Key

Handing over your private key to a cloud provider so they can terminate your SSL connections and you can work at scale has always been a fairly contentious issue, a necessary evil you may say. As if your private key gets compromised, it’s a big deal and without it (previously) there’s no way a cloud [...] The post CloudFlare...

Read the full post at darknet.org.uk