Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Man gets one year in jail for hacking into Sony's servers

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 19, 2013

Cody Kretsinger, a twenty-five year old man from Decatur, Illinois, and a former LulzSec hacker has been placed in federal prison for a year for hacking into Sony Pictures' servers.

Kretsinger was better known to his fellow LulzSec buddies as "Recursion" and was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison.

He was sentenced by a Los Angeles court yesterday. Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of servers in a plea-bargaining agreement.

Kretsinger admitted breaking into the Sony Pictures website and extracting information which he passed on to other members of LulzSec, who leaked the data in order to embarrass Sony, a hated enemy of the hacktivist group.

Sony claimed that the hack left it $600,000 out of pocket. Kretsinger was ordered to somehow repay this amount in restitution to Sony, the LA Times adds.

Earlier this month, a 26-year-old British man also pleaded guilty to computer hacking as part of LulzSec, a splinter group of mischief-makers from the larger Anonymous collective.

Ryan Ackroyd, from South Yorkshire, admitted taking part in attacks against numerous high-profile targets including Nintendo, News International, 20th Century Fox, Sony Group and the NHS. Ackroyd adopted the online persona of a 16-year-old girl named Kayla during much of his malfeasance.

Ackroyd and other convicted LulzSec suspects like Jake Davis, 20, from the Shetland Islands, Scotland, 18-year-old Mustafa Al-Bassam from Peckham, south London and Ryan Cleary, 21, from Wickford, Essex are all due to be sentenced on May 14.

Erstwhile LulzSec leader Hector Monsegur, was revealed in March 2012 as an FBI informer who had been grassing on his former cohorts for ten months after his arrest in June 2011. Sabu's sentencing was delayed by six months in February due to his "ongoing cooperation with the government".

In other internet security news

Internet security researchers say they have discovered a whole list of new malware that targets the QUIK stocktrading application used by some banks and financial institutions.

The malware has been used in a series of attacks since November 2012, according to Russian security firm Group-IB. Cyber criminals have traditionally targeted private and corporate banking accounts, using malware such as variants of the ZeuS cybercrime toolkit to log key-strokes and extract account information from investors and traders.

This isn't new-- online stock trading and brokerage systems have been hacked a lot in the past, but attacks have been successful through fake profiles and social engineering scams.

Recently however, trading fraudsters have diversified tactics and begun to use malware, in an effort to defraud the public and steal money.

Particularly, professional black hat coders have designed a new strain of malware targeting specialized trading software called QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS I-Vonline from New York-based EGAR Technology.

Such software is used by many banks in the Russian Federation including Sberbank, Alfa-Bank and Promsvyazbank.

Both of the applications are used for trading on MICEX, a leading Russian stock exchange. MICEX offers services including placing and trading stocks, listing securities, and even the facility to set up initial public offerings (IPOs) or company flotations.

Exchange clients trade in stocks and shares issued by the likes of Gazprom, VTB Bank, RusHydro, Mobile TeleSystems, and a few others.

Andrey Komarov of Group-IB says that the online trading malware was a variation of the Ranbyus spyware normally used to infect Windows computers and target online banking customers.

"It has quite similar functions to Zeus, as it uses a VNC spawning module which helps the hacker to be connected to the infected computer absolutely remotely and to do his fraud in silence, that's why it won't be detected by anti-fraud filters, as the theft will happen from the same IP address," Komarov explained.

Worse, another Trojan virus identified as Broker-J, also targets QUIK but uses other techniques instead, effectively stealing encryption keys from the QUIK storage and transferring them to cybercriminals, still using the same IP to avoid detection.

"The end customer should use standard methods of antivirus defense if he or she runs financial software on a personal computer which is connected to public networks," said Vladimir Kurlyandchik, head of business development at ARQA Technologies.

"People should use efficient internet security appliances and antivirus software, and also make use of firewalls. It is our standard recommendation," he added.

"In case of any suspicions of unauthorized access to an account the end user should immediately initiate the procedure of changing access keys, along with new user IDs and secure passwords," he added.

Kurlyandchik also stated that the QUIK platform incorporates several new technologies to also help prevent unauthorized access, including two factor authentications using either RSA Secure-ID tokens or SMS messages sent to a pre-registered phone, as well as other similar security devices.

"The securities broker now has a few and improved tools to monitor suspicious activity and to block access to the system from suspicious IP-addresses, hosts etc," he said.

In other internet security news

Since last week, many hosting providers are reporting a huge increase in attempts to hack into blogs and content management systems, with WordPress implementations again being hit the most with hackers' offensive. It's not the first time that Wordpress blogs have been the subject of hacking attempts and it probably won't be the last.

Thousands of Wordpress installations across the globe were hit by a brute force botnet attack, featuring several attempts to hack into blogs using a combination of popular usernames (eg, "admin", "myblog" and "user") and an array of unsafe passwords such as "god", "sex", "love" and "1 2 3 4 5".

Attacks of this type are commonplace-- it's the sharp rise in volume late last week to around three to four times the normal volume rather than anything technically devious that has set many alarm bells ringing all over the web.

Around 90,000 compromised servers have been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.

To help mitigate such attacks, the senior system administration team at Sun Hosting, a large Canadian hosting provider, has rolled out wide security policies to help contain and limit such attacks. For the time being, the company has removed any public information detailing the new way they're blocking the attacks, as the hackers seem to be actively monitoring for changes, and altering their tactics.

Sun Hosting says: "If your site or blog has been targeted in similar attacks, the security precautions we've implemented may limit the access to your WordPress admin dashboard. We have chosen to proactively protect our customers from such attacks in order to avoid a potentially larger security issue on your account. Your admin password should consist of a minimum of 12 characters, with upper case and lower case letters, numbers as well as ponctuation marks."

The primary target appears to be WordPress installations but Joomla users also reportedly took some hammering as well. Early suggestions are that hackers are looking to harvest "low-hanging fruit" as quickly as possible in order to gain access to a bank of compromised sites for follow-up malfeasance, which could be anything from hosting malware to publishing phishing pages or running some sort of denial of service attack.

"It's 'doorknob rattling' but on an industrial and international scale," notes Paul Ducklin, Sophos's head of technology for Asia Pacific.

WordPress founder Matt Mullenweg said that the attack illustrates the need to use a distinct username and a hard-to-guess password, common-sense advice that applies to using web services in general, not just for blog administration.

If you still use "admin" as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you're up-to-date on the latest version of WordPress. Do this and you'll be ahead of 95 percent of sites out there and probably never have an issue."

Most other advice isn't great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn't going to be great. They could try from a different IP a second for 24 hours, as an example.

Olli Niemi, internet security and vulnerability expert at Stonesoft outlined the range of possible motives behind the attack. “A concern of this attack is that by compromising WordPress blogs attackers may be able to upload malicious content and embed this into the blog," Niemi said.

"When readers visit the blogs in question they would then be subject to attack, come under compromise and develop into botnets. The attacks against the Wordpress blogs seem to be distributed, with automated attacks coming from multiple sources,” he added.

Matt Middleton, U.K. and Ireland regional director of corporate security firm Cyber-Ark, said that hacking attempts on corporate blogs might be used as an access point to hack into other much more sensitive enterprise systems. Weak passwords need to be changed ASAP, he argues.

“Common usernames and weak passwords are extremely risky online, however, and the dangers are compounded if users re-use the same login credentials for other sites as well. Once hackers have cracked a username and password, it’s extremely common that they’ll attempt to use the same combination for additional sites in the attempt to fraudulently use accounts, or access information such as credit card details or corporate data," added Middleton.

Many denial of service (DoS) attacks against large U.S. banks in January were powered from compromised WordPress sites and blogs rather than malware-infected zombie PCs.

The upsurge in attempts to hack into WordPress sites last week could be a prelude to something similar that could happen soon, or a suggestion of things to come.

In other internet security news

Internet security researchers have published a more complete report of a recently patched SQL injection hole discovered on PayPal's popular payment platform.

The Vulnerability Laboratory Research Team received a $3,000 reward after discovering a remote SQL injection vulnerability in the official PayPal GP+ Web Application Service.

The critical security flaw, which could have been easily and remotely exploitable, allowed hackers to inject commands through the vulnerable internet application and into the backend databases, potentially tricking them into coughing up sensitive data in the process, and potentially causing financial losses.

Based in Poland, the security researchers reported the security vulnerability to PayPal in early January. Vulnerability Laboratory produced a full-fledged, proof-of-concept demonstration to illustrate its many concerns when it reported the security flaw to PayPal.

The payment-processing company was successful in patching the flaw in late January, but wasn't reported in the media until doday.

There's no evidence that the security flaw was ever abused, which is just as well since its potential impact was very critical, as an advisory by Vulnerability Laboratory explains: "The vulnerability is located in the analysis all review module with the bound vulnerable page ID parameter listing. When a PayPal customer is processing to request the link to, for example on page 7, the server will include the integer value not encoded or parsed in the URL path. Attackers can exchange the integer page with their own SQL statements to compromise the application DBMS and all PayPal accounts."

The second issue is that the server is bound to the main site authorization which allows after a SQL and DBMS compromise via injection to exploit the bound PayPal services.

Attackers can access all database tables and columns to compromise the GP+ database content and disclose personal and financial information, deface the website, phish the account or extract database password or username data.

The security vulnerability can be easily exploited without user interaction but with a lower privileged user account to visit the restricted webpage. Successful exploitation of the vulnerability results in web application context manipulation via DBMS injection, website defacement, hijack of database accounts via DBMS extract, information disclosure of database content, data lost or a full blown DBMS compromise.

Benjamin Kunz Mejri of Vulnerability Laboratory led the research into the security flaw. An advisory by the Polish researchers suggests that the vulnerability could be patched by a "secure parse of the page parameter request when processing to list via the GET method" combined with changes to prevent the display of errors.

It's still unclear if PayPal followed this approach or identified a different way to fix the flaw, however. PayPal issued a brief statement confirming that the flaw was "not impacting our website" at the time the vulnerability became public today.

In other internet security news

Check Point said this morning that it will soon integrate cyber-espionage defense to its enterprise firewall line and gateway security products with the addition of sandbox-style technology.

To be sure, "threat emulation" software blades for Check Point firewalls will be available sometime in May or June and will add to other threat prevention layers, such as anti-virus and anti-bot technology launched last year.

All of these technologies were developed by Check Point itself. The latest strains of malware are designed to switch off if they detect that they are running in a virtual machine, as a means to thwart security analysis. Tom Teller, a security strategist at Check Point said that the emulator technology it's developing is a lot more difficult to detect than a virtual machine.

The threat emulation software carries out both static and dynamic analysis to figure out if a file is changing registry settings, altering other files or attempting to connect with blacklisted servers, among other things, before deciding if it ought to be blocked and quarantined.

Prior to putting the technology into its security appliances, Check Point has set up a microsite where files can be uploaded for emulating and checking.

The latest generation of cyber-attacks feature custom malware and spear-phishing which is something that Check Point wants to put a serious dent in. Teller is optimistic that IT vendors such as Check Point are coming up with technology capable of detecting and mitigating advanced malware attacks.

Even if the initial infection occurs, it might be possible to isolate compromised systems, prevent an attacker accessing corporate resources or extracting sensitive information.

"If you can break one of the layers of an attack then the whole attack fails," Teller said. Check Point also owns the Zone Labs line of personal firewall and security suite products.

However, Gabi Reish, head of product sales, said the only safe assumption in corporate security was to assume that an end-point might be compromised and to design corporate defenses appropriately. The anti-bot blade incorporated in Check Point's gateways is designed to block malware-infected zombies from phoning home.

The forthcoming emulation and existing anti-bot and anti-virus blades fit in with the "razor-and-blade" model introduced by Check Point more than four years ago.

The Israeli firm's security appliances and gateways are the "razors", while the "blades" are the software that customers buy and use to deliver different types of network protection.

For example, the App Control Blade manages social media apps, while the Mobile Access Blade secures employees' smartphones and tablets.

Check Point is pushing this technology to SMEs with the launch of its new 1100 appliances. The equipment, designed for branch and remote offices with up to 100 users, offers 1.5 Gbps of maximum firewall throughput and 220 Mbps of max VPN throughput.

Check Point is also offering the Software Blade Architecture on low-end hardware for the first time. 1100 Appliances, launched at Check Point's user conference in Barcelona earlier this week, starts at $599.

Multi-layered protection options include: Firewall, VPN, IPS (intrusion prevention system), application control, mobile access, Data Loss Prevention, anti-bot, identity awareness, URL filtering, anti-spam and anti-virus.

All but standard components cost extra but customers benefit from flexibility while Check Point resellers gain a better opportunity to sell extra add-ons.

In other internet security news

Independent security firm AV-Test has released a report for Windows 8 for the first time, and it once again found Microsoft's own software products were among the weaker performers when it comes to internet security.

The German security company tested its usual batch of 25 antivirus software for consumers, plus eight aimed at corporate users, during January and February of this year. It published its results on April 6.

Microsoft Windows Defender –the rebranded version of Microsoft Security Essentials that comes bundled with Windows 8– scored just 2 out of 6 in AV-Test's Protection rankings. Worse, Microsoft's enterprise-oriented System Center Endpoint Protection scored a paltry 1.5.

According to AV-Test, Windows Defender managed to spot just 82 percent of zero-day malware attacks during January, and 81 percent during February, based on 125 various samples. The industry average was 95 percent.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: The BBC.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

















Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Click here to order your new fully dedicated Plesk server with the Linux operating system.


Get your Linux or Windows dedicated server today.





Click here to order your new fully dedicated Plesk server with the Linux operating system.





Click here to order your new fully dedicated Plesk server with the Linux operating system.