SaferPC.info

Virus Information News

     
 Title   Date   Author   Host 

Study: no evidence of Heartbleed attacks before bug was exposed
tech.mit.edu
by Nicole Perlroth
April 18, 2014

Ever since the Heartbleed bug was exposed last week, the question everyone has been asking is: Did anyone exploit it before a Google researcher first discovered it?

The worry is that in the two years since the bug was accidentally incorporated into OpenSSL - a crucial piece of free security software used by governments and companies like the FBI and Google - attackers could have exploited Heartbleed to take sensitive information like passwords and the virtual keys used to decipher any scrambled information stored on a web server. What's more, they could have done so without leaving evidence detectable by the normal methods used to track who has gained access to a server.

Heartbleed First Attacks Identified
tomsguide.com
by Jill Scharr
April 15, 2014

The Canadian tax agency and a U.K. parenting website are the first confirmed instances of Heartbleed exploits, experts say.

It's Heartbleed's first blood: two cyber-break-ins have been identified. One attack was at the Canadian tax agency and the other at a U.K. parenting website, which were allegedly accomplished using the Heartbleed bug, a flaw in a type of online encryption. The two cases appear to be unrelated, but in both instances snoops seemingly used the now-infamous flaw in OpenSSL, an online encryption software, to access the sites' databases. In at least one of the breaches the hackers stole hundreds of users' personal information.

Heartbleed bug exploited to steal taxpayer data
arstechnica.com
by Dan Goodin
April 14, 2014

Over six hours, tax IDs plucked from servers run by the Canada Revenue agency.

Underscoring the severity of the Heartbleed bug affecting huge swaths of the Internet, hackers exploited the vulnerability to steal taxpayer data for at least 900 Canadian citizens and an unknown number of businesses, officials in that country warned Monday morning. Canada Revenue Agency (CRA) officials said they removed public access to online tax services last Tuesday, a day after the catastrophic defect in the widely used OpenSSL cryptography library surfaced. But by then it was too late. Hackers casing online CRA services were nonetheless able to exploit the OpenSSL flaw, which makes it possible to pluck private encryption keys, passwords, and other sundry sensitive data out of the private computer memory of servers running vulnerable versions of the open-source library.

NSA Knew About Heartbleed, Did Nothing, Sources Say
tomsguide.com
by Jill Scharr
April 11, 2014

Did the NSA know about the Heartbleed bug for the past two years? Two anonymous sources told Bloomberg News the agency did.

Did the National Security Agency (NSA) know about the Heartbleed Internet security flaw for the past two years? That's what two anonymous sources told Bloomberg News reporter Michael Riley. The NSA not only said nothing about the serious bug that compromised the OpenSSL encryption library used by millions of websites, but it also used the bug to gather intelligence, Riley's sources told him. If the NSA did know about Heartbleed, it could have used the bug to get data from any Internet-facing server using a vulnerable version of OpenSSL since the flaw was accidentally implemented in January 2012. Such data would include usernames, passwords, encryption keys, search history, private messages and more.

5-year-old Ocean Beach exposes Microsoft Xbox vulnerability
10news.com
by Michael Chen
April 3, 2014

An Ocean Beach boy is in the spotlight after he discovered a back door in to one of the most popular gaming systems in the world.

When 5-year-old Kristoffer Von Hassel is playing his Xbox, his feet don't touch the ground. But something he did has made the smartest guys at Microsoft pay attention. "I was like yea!" said Kristoffer. Just after Christmas, Kristoffer's parents noticed he was logging into his father's Xbox Live account and playing games he wasn't supposed to be.

Internet Activist Recovers Deleted Video of Police Assault, This is How We Win!
thefreethoughtproject.com
March 3, 2014

The power of the internet knows no bounds. It is our most powerful weapon against corruption and has helped to shed light on the ones that wish to remain in the darkness.

The story below is another wonderful example of how the internet is helping to exonerate the innocent whilst bringing justice to the corrupt. A man was assaulted by police and his video of the incident confiscated. He was then jailed for 10 days after false charges were brought against him. A year later he received his phone back only to find that the files had been corrupted and the video unplayable. He reached out to the internet, and the internet answered. One of the files was repaired by a reddit user, which shows the assault on video. He explains what happens in the story below.

Microsoft, Facebook, Google and Yahoo release US surveillance requests
theguardian.com
by Spencer Ackerman and Dominic Rushe
February 3, 2014

Limited disclosure, part of transparency deal made last month, shows tech giants turn over data from tens of thousands of accounts

Tens of thousands of accounts associated with customers of Microsoft, Google, Facebook and Yahoo have their data turned over to US government authorities every six months as the result of secret court orders, the tech giants disclosed for the first time on Monday. As part of a transparency deal reached last week with the Justice Department, four of the tech firms that participate in the National Security Agency's Prism effort, which collects largely overseas internet communications, released more information about the volume of data the US demands they provide than they have ever previously been permitted to disclose. But the terms of the deal prevent the companies from itemising the collection, beyond bands of thousands of data requests served on them by a secret surveillance court. The companies must also delay by six months disclosing information on the most recent requests - terms the Justice Department negotiated to end a transparency lawsuit before the so-called Fisa court that was brought by the companies.

If You Used This Secure Webmail Site, the FBI Has Your Inbox
Wired.com
by Kevin Poulsen
January 27, 2014

While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail.

Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau's data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "platplus@tormail.net." Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki.

DNS poisoning slams web traffic from millions in China into the wrong hole
theregister.co.uk
by John Leyden
January 21, 2014

ISP blames unspecified attack for morning outage

A widespread DNS outage hit China on Tuesday‪, leaving millions of surfers adrift.‬ DNS issues in China between 7am and 9am GMT left millions of domains inaccessible. Two-thirds of China's DNS (Domain Name System) infrastructure was blighted by the incident, which stemmed from a cache poisoning attack. Chinese netizens were left unable to visit websites or use social media and instant messaging services as a result of the screw-up, the Hong Kong-based South China Morning Post reports.

Selling a Google Chrome Extension is Easy but Monetizing is Tricky
labnol.org
January 18, 2014

When Google decided the pull the plug on Google Reader, I quickly made the switch to Feedly since it was (and still is) the best alternative to Google's RSS Reader.

The one important piece that Feedly did not offer was a Chrome extension that would let users subscribe to RSS feeds on any web page with a click. Since the extension was something that I needed for my own workflow, I wrote one (writing a Chrome extension is easy) and also published it to Google Chrome store. The last time I checked my Chrome developer dashboard, the extension had gained 30000+ users on Chrome.

     

Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Shawn K. Hall © 2003-2021 Powered by 12 Point Design
Professional Web Hosting and Design Services: 12 Point DesignAt Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling painReliable Answers - developer information, current news, human interest and legislative newsLocal Homeschool provides the most up-to-date support group listings in a geographical and searchable indexTwain Harte, CA - The closest you can get to Heaven on EarthSaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security
Google

AddThis Social Bookmark Button