Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet Explorer still suffers from many security flaws

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 20, 2013

Upstart security consultancy firm LastPass says it has patched a security hole that meant several Windows versions of its password-management software were capable of leaking login credentials that had been auto-filled into fields by its password manager.

The security hole which affected Internet Explorer users on Windows only meant that an attacker who managed to obtain a memory dump of Internet Explorer would be able to extract unencrypted password strings as well.

"This is the same type of attack that we have written about frequently in the context of banking malware," writes security researcher Paul Ducklin on the Sophos security blog.

Pulling off the attack would normally require either physical access to a targeted machine or an attack involving the planting of malware on a mark's PC, a level of compromise that makes most security protections redundant.

LastPass resolved the issue with a security update that also comes with a variety of performance enhancements and other tweaks. The relevant portion of the advisory explains-- "Resolved - The security issue with IE exclusively while logged in to LastPass only-- Prevent IE from adding passwords to in memory decryption cache".

The security repair is one of eighteen items in LastPass v2.5.0/1/2, which also offers improved synchronisation and support for upcoming versions of Windows 8 and Internet Explorer 11.

In other internet security news

Yesterday, Syrian online hacktivists once again claimed that they are responsible for defacing the websites of CNN, Time Magazine and The Washington Post. This isn't the first time it happens, and will most likely happen again.

However, these latest attempts by the Syrian Electronic Army (SEA) are somewhat misleading, according to computer security experts who say that the hacking crew actually ransacked Outbrain, a marketing firm used by The, and many others to provide links to related articles.

It's generally understood that the miscreants, who back Syria's President Bashar al-Assad, compromised Outbrain's online systems and hijacked those embedded links to point to the SEA's website.

Outbrain confirmed its security was breached, which it said was pulled off using phishing emails posing as messages to various staff from its CEO.

Marc Gaffan, co-founder of web security firm Incapsula explains-- "The cause of the breach was actually performed by sending phishing emails to all Outbrain employees which caused them to surrender their email passwords. With access to employee email accounts, the hackers were able to obtain or reset passwords to the admin areas of the content marketing platform, leading to the visible part of the breach."

"If Outbrain's admin areas had two-factor authentication enabled on them, this could have been prevented," he suggested.

In a statement, The Washington Post added that one of its staffers did have his Twitter profile compromised by the SEA earlier this week, but explained that the main aspect of Thursday's hack relied on breaking into Outbrain's systems.

Earlier this week the Twitter account of one of our journalists was compromised as part of a larger attack aimed at social media management group SocialFlow, and Thursday an attack on content recommendation service Outbrain caused some some content to redirect to the the SEA homepage.

Outbrain responded to the hack by temporarily suspending its services. The SEA, meanwhile, congratulated itself on drilling into Outbrain's control panels on its official Twitter account.

"@TIME, @CNN, @Washingtonpost websites hacked in one strike by hacking @outbrain #SEA #SyrianElectronicArmy #Syria— SyrianElectronicArmy (@Official_SEA16) August 15, 2013," read the Twitter post.

Outbrain's content-recommendation app embedded into web pages is supposed to help internet publishers boost their online traffic. Users are offered links to articles and other items to read or watch.

SEA foot soldiers alleged they obtained access to Outbrain's email spools, but as of this morning, this still remains unconfirmed.

The Syrian Electronic Army is a loose-knit hacker group loyal to President al-Assad. Its campaign of online disruption began in mid-2011, and has involved distributed denial-of-service attacks against servers, phishing emails to access passwords, pro-Assad graffiti on websites, and spamming against governments, online services and media outlets that are perceived hostile to the government of civil-war-torn Syria.

Its 'expertise' is firing off spear-phishing emails to hijack Twitter accounts and other social-networking profiles run by media organizations and then to use the compromised logins to push links to pro-Assad propaganda.

Over recent months, victims include Al Jazeera, the Associated Press, the BBC, the Daily Telegraph, the Financial Times, the Guardian, Human Rights Watch, America's National Public Radio, Thompson Reuters and a few more.

Over recent weeks, the group also diversified into attacking into the backend systems of VoIP apps, namely Viber and Tango. We will keep you posted on these and other security-related stories.

In other internet security news

According to an internal agency audit obtained by The Washington Post, the NSA (National Security Agency) exceeded its legal authority and broke agency rules thousands of times since it was granted broader powers five years ago.

And it appears that the situation is getting worse going forward. Most violations involved unauthorized surveillance of Americans or foreign intelligence targets in the United States, according to the documents which were supplied to the newspaper by NSA whistleblower Edward Snowden.

The documents show infractions ranging from serious legal violations to typographical errors that resulted in unintended data collection, The Post reported.

That's on top of all the internet monitoring and sniffing that the NSA does on a daily basis. The agency was not always forthcoming with the details of its transgressions, the Post found. A quality assurance report not shared with an oversight committee found that a "large number" of calls were placed to Egypt in 2008 when the U.S. area code 202 was mistakenly entered as 20.

In another case, the Foreign Intelligence Surveillance Court, which reviews NSA warrant requests, wasn't made aware of a new collection method until it had been in place for several months. The court ultimately ruled it unconstitutional, the Post reported.

The audit, dated May 2012, uncovered no less than 2,776 separate incidents in the preceding twelve months of unauthorized collection, storage, access to or distribution of legally protected communications, the Post reported.

One of those cases involved the unauthorized use of data on 3,000 Americans and green-card holders. "We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line," the senior NSA official said, speaking with White House permission.

"You can look at it as a percentage of our total activity that occurs each day. You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different," he added.

The Obama administration, which has defended the NSA activities, has never publicly addressed the agency's compliance record, the Post noted. But the NSA Director of Compliance John DeLong defended the agency's procedures, saying it had in recent years quadrupled the number of personnel working in its privacy compliance program.

"We want people to report if they have made a mistake or even if they believe that an NSA activity isn't consistent with the rules. NSA, like other regulated organizations, also has a hotline for people to report -- and no adverse action or reprisal can be taken for the simple act of reporting. We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well, all as a part of NSA's internal oversight and compliance efforts," he added.

"What's more, we keep our overseers informed through both immediate reporting and periodic reporting. Our internal privacy compliance program has more than 300 personnel assigned to it-- a fourfold increase since 2009. They manage NSA's rules, train personnel, develop and implement technical safeguards, and set up systems to continually monitor and guide NSA's activities. We take this work very seriously," DeLong said.

The NSA later offered this as a substitute statement-- "NSA's foreign intelligence collection activities are continually audited and overseen internally and externally. When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers, and aggressively gets to the bottom of it," the agency said.

In other NSA news

The NSA has issued a document in the U.S. titled 'The National Security Agency: Missions, Authorities, Oversight and Partnerships' that briefly explains some of its operations, and it includes a claim that it touches about 1.6 percent of all daily Internet traffic.

The report also adds that only about 0.025 percent of that 1.6 percent is actually selected for review in the first place. If you're skeptical when reading this, you're not alone...

Released quietly over the weekend - albeit amid fresh claims that the NSA is scrutinizing every email in and out of the US - the document's prologue explains that the NSA lacked tools to track one of the 9/11 hijackers.

As a result “several programs were developed to address the U.S. Government's needs to connect the dots of information available to the intelligence community and to strengthen the combined coordination between foreign intelligence agents and domestic law enforcement agencies”.

The report then goes on to detail the many legal underpinnings of the agency's work and identify the following methodology for its operations.

The NSA identifies foreign entities, persons and organizations that have information responsive to an identified foreign intelligence requirement.

For instance, the agency works closely to identify individuals who may belong to a terrorist network. The NSA develops "the network" with which that person or organization's information is shared or the command and control structure through which it flows.

In other words, if the agency is tracking a specific terrorist, it will endeavor to determine who that person is in contact with, and who he is taking his orders from.

The NSA identifies how the foreign entities communicate (radio, e-mail, telephony, etc.) The agency then identifies the telecommunications infrastructure used to transmit those communications.

The agency then identifies security vulnerabilities in the methods of communication used to transmit them. The NSA then matches its collection of data to those vulnerabilities, or it develops new capabilities to acquire communications of interest if needed.

The budgetary details comes in a section titled “Scope and Scale of NSA Collection” that reads as follows-- "According to various numbers published by a major technology provider, the Internet carries about 1,826 Petabytes of information per day."

"In its foreign intelligence mission, the NSA touches about 1.6 percent of that data. But of that 1.6 percent, only 0.025 percent is actually selected for review," the report states.

"In the end, the net effect is that NSA analysts look at about 0.00004 percent of the world's traffic in conducting its mission. That's less than one part in a million,” according to the report.

It also means that the NSA is analyzing a couple of terabytes a day as well. And let's also ponder just what “selected for review” means. Is it reading by humans? Processing by servers?

Perhaps the security probe launched by President Barack Obama into his spooks' activities will reveal all. We shall see in time, hopefully.

The NSA would have us believe that whatever is going on right now, “NSA personnel are obliged to report when they believe the NSA is not, or may not be, acting consistently with law, policy, or procedure”.

“This self-reporting is part of the culture and fabric of the NSA,” the document continues. “If the NSA is not acting in accordance with law, policy, or procedure, the agency will report through its internal and external intelligence oversight channels, conduct specific reviews to understand the root cause, and make appropriate adjustments to constantly improve itself.”

But for now, we can only imagine leakers 'a la Assange' working for government contractors that were not on the NSA's list of “external intelligence oversight channels”.

Whistleblower Edward Snowden thrusting himself into that role is most likely the real reason this document was published in the first place. We will keep you posted, as always.

In other internet security news

Network anonymisation firm TOR has posted a strange piece of commentary on reports that some of the anonymous servers it routes to have completely disappeared from its network in the last two days.

“Around midnight on August 4th, we were notified by a few people that a large number of hidden service addresses have completely disappeared from the Tor Network,” the post read.

“There are a variety of rumors about a hosting company for hidden services, that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site”.

As it explores the rumors, the post goes on to name an entity called Freedom Hosting, and to vigorously dissociate TOR from the organization.

Distancing TOR from Freedom seems a fine idea given numerous reports, such as this from The Irish Examiner, suggesting that its founder Eric Marques has been arrested because the FBI believes he facilitated the distribution of child porn using TOR. The FBI now wants to extradite Marques to the U.S.

For now, TOR still isn't quite sure if the arrest and the disappearance of some nodes is linked, but is saying “someone has exploited the software behind Freedom Hosting in a way that it injects some sort of javascript exploit in the web pages delivered to users.”

That payload results in malware reaching users' PCs, possibly thanks to “potential bugs in Firefox 17 ESR, on which our TOR Browser is based,” the past warned.

TOR is “investigating these bugs and will fix them if we can,” it said. Various forums online, however, report that the malware has spread beyond sites hosted by Freedom. Some suggest TORmail, TOR's secure email service, may also have been compromised, or that the attack means TOR is no longer able to mask users' IP addresses.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: LastPass Security Consultancy.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.

Click here to order our special clearance dedicated servers.