Meaner POODLE bug that bypasses TLS crypto bites 10 percent of websites

Some of the world's leading websites—including those owned or operated by Bank of America, VMware, the US Department of Veteran's Affairs, and business consultancy Accenture—are vulnerable to simple attacks that bypass the transport layer security encryption designed to thwart eavesdroppers and spoofers.

The attacks are a variation on the so-called POODLE exploits disclosed two months ago against secure sockets layer (SSL), an encryption protocol similar to transport layer security (TLS). Short for "Padding Oracle On Downgraded Legacy Encryption," POODLE allowed attackers monitoring Wi-Fi hotspots and other unsecured Internet connections to decrypt HTTPS traffic encrypted by the ancient SSL version 3. Browser makers quickly responded by limiting or eliminating use of SSLv3, a move that appears to have averted widespread exploitation of the bug.

On Monday, word emerged that there's a variation on the POODLE attack that works against widely used implementations of TLS. At the time this post was being prepared, SSL Server Test, a free service provided by security firm Qualys, showed that some of the Internet's top websites—again, a list including Bank of America, VMware, the US Department of Veteran's Affairs, and Accenture—are susceptible. The vulnerability was serious enough to earn all sites found to be affected a failing grade by the Qualys service.

Read 5 remaining paragraphs | Comments

Sony Pictures attackers demand: “Stop the terrorist film!”

A new statement from the Sony Pictures cyber-attackers “Guardians of Peace” was posted on GitHub today, claiming that the GOP was not involved in threats to Sony employees over the weekend. Ars learned of the message through an e-mail sent from an account previously associated with the GOP, and the post included a message to Sony as well as a collection of links to download the private data of two Sony executives.

“We know nothing about the threatening e-mail received by Sony staffers, but you should wisely judge by yourself why such things are happening and who is responsible for it,” the message read.

While GOP claims to be “working all over the world,” the tone of the message from the group tilted toward implying at least some alignment with North Korea. The new message made demands regarding the distribution of the controversial comedy film The Interview—which has been the target of the North Korean regime’s ire since it was first announced earlier this year. A spokesperson for North Korea’s National Defense Commission said that The Interview was “a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK by taking advantage of the hostile policy of the US administration towards the DPRK.”

Read 5 remaining paragraphs | Comments

Powerful, highly stealthy Linux trojan may have infected victims for years

Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to "Turla," a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.

Now researchers from Moscow-based Kaspersky Lab have detected Linux-based malware used in the same campaign. Turla was already ranked as one of the top-tier APTs, in the same league as the recently disclosed Regin for instance. The discovery of the Linux component suggests it is bigger than previously thought and may presage the discovery of still more infected systems.

Read 8 remaining paragraphs | Comments

InsomniaShell – ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell. ASP.NET is an open source server-side Web application framework designed for [...] The post...

Read the full post at darknet.org.uk