Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Will President Obama curtail the NSA's abusive power?

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 19, 2014

Click here to order the best dedicated server and at a great price.

In a closely scrutinized public speech on national television about the NSA and its covert spy programs, President Obama said this week that the work has already begun on hammering out some detailed reforms.

The President also announced some initial measures, including several steps to prevent the outright abuse of the widely criticized bulk phone-records program and to initiate greater privacy protections for citizens of other nations.

But critics were mostly highly skeptical and unimpressed of the President's speech, some saying it's 'too little, too late'. The speech was a direct response to comments and recommendations made by the president's handpicked NSA Review Group in a report released in late December.

In a larger sense, it was a reaction to the global debate over civil liberties and national security brought on by the leaking of top-secret NSA documents by former agency contractor Edward Snowden-- a debate that's revealed the alarming surveillance capabilities made possible by the digital age.

Echoing remarks in the Review Group's report, the President addressed the need for laws and values to keep pace with technology. "What's at stake in this debate goes far beyond a few months of headlines, or passing tensions in our foreign policy. When you cut through the noise, what's really at stake here is how we remain true to who we are in a world that is remaking itself at dizzying a speed," Obama said.

And the president signaled that he's aware of the concern raised by surveillance critics such as Snowden, Web co-inventor Tim Berners-Lee, journalist and Snowden confidant Glenn Greenwald, and others that say the Internet is at risk of being warped from a free and open, creative space into a Big Brother spy tool that would eliminate privacy once and for all.

"As the nation that developed the Internet in the first place, the world expects us to ensure that the digital revolution works as a tool for individual empowerment rather than government control," Obama said.

As for the practical realities behind such a guarantee, the president specifically tackled some of the Review Group's proposals and said that other proposals would be explored further before any decisions were made. Greenwald expressed skepticism about the real reforms behind Obama's "pretty words."

One of the most talked about items on the agenda was the program whereby the NSA vacuums up, without a warrant, the metadata -- information on calls placed and received -- that's associated with every telephone call made within, to, and from the U.S. every day.

In its report, the Review Group said, as have many people concerned about such surveillance, that metadata "can reveal an enormous amount about that individual's private life." It also said its review suggested that "the information contributed to terrorist investigations" by the NSA's bulk collection of telephony metadata "was not essential to preventing attacks and could readily have been obtained in a timely manner" using conventional legal means.

But one of the group's members -- former CIA Deputy Director Michael Morrell -- said in a later editorial that the program "would likely have prevented 9/11" had it been in place prior to the 2001 terror attacks though the Review Group report also noted, as others have, that the intelligence community had info that could have helped stop the plot but failed to share it among the appropriate agencies, namely the CIA and the FBI.

And Obama cited 9/11 when discussing the program in his speech and said the metadata effort was an important counterterrorism tool. "The telephone metadata program was designed to map the communications of terrorists, so we can see who they may be in contact with as quickly as possible," he said, adding later that "the Review Group turned up no indication that this database has been intentionally abused. And I believe it is important that the capability that this program is designed to meet is preserved."

But the President added that he recognized the danger of abuse of such a program-- ''I believe critics are right to point out that without proper safeguards, this type of program could be used to yield more information about our private lives, and open the door to more intrusive, bulk collection programs. They also rightly point out that although the telephone bulk collection program was subject to oversight by the Foreign Intelligence Surveillance Court and has been reauthorized repeatedly by Congress, it has never been subject to vigorous public debate.''

The President moved toward adopting the Review Group's recommendations on the metadata program. The group said the government should no longer collect and store phone-call metadat. Instead the information should be held by the phone companies (as it is already, as business records) or by some other third party, and that the NSA should need a court order, on a case-by-case basis, to access it.

The president said a transition would take place and that details would need to be worked out because of potential difficulties. "Relying solely on the records of multiple phone-service providers could require companies to alter their procedures in ways that raise new privacy concerns," the President said.

"On the other hand, any third party maintaining a single, consolidated database would be carrying out what is essentially a government function with more expense, more legal ambiguity, and a doubtful impact on public confidence that their privacy is being protected," he added.

The president said he's ordered the attorney general and intelligence officials to come up with a workable option "that can match the capabilities and fill the gaps that the Section 215 [metadata] program was designed to address without the government holding this metadata."

Their report is due March 28, the day the program comes up for reauthorization in Congress. Obama said he'd also speak with the appropriate congressional committees about a possible solution.

In other internet security news

Target is now saying that information taken in December's security breach includes names, phone numbers, postal and e-mail addresses and could affect upwards of 110 million U.S. citizens.

The nationwide retailer today just announced that personal information on as many as 70 million additional customers was stolen as part of the company's payment card data breach. That's on top of the 40 million users that were initially reporteded on December 19. Target has been a lot in the news lately.

The information stolen includes names, mailing addresses, zip codes, phone numbers and e-mail addresses, Target said.

While company spokesperson Molly Snyder said that there could be some overlap with the approximately 40 million people first said to be affected by the breach in December, the new total of people impacted by the breach could be as high as 110 million, if not a bit more.

"I know that it's frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, chairman, president and chief executive officer at Target.

"I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team," he then added.

Today's news is the latest blow to Target. The company said back in December that it believed the data stolen came from transactions made between November 27 and December 15.

Not surprisingly, hackers moved quickly to take advantage of the stolen information and put the information on the black market. According to several reports, following the Target breach there was a "ten-to-twentyfold increase" in stolen cards available on underground markets.

Target, which has nearly 1,800 stores in the United States, said Friday that affected customers will suffer no liability for any fraudulent charges.

The company will also offer one free year of credit monitoring and identity theft protection (!) One other note from Target-- the company was forced to lower its fourth-quarter sales forecast, saying that it experienced "meaningfully weaker-than-expected sales" following the data-breach announcement.

In other internet security news

According to Light Cyber, an internet security company, several malicious ads served to Yahoo surfers were designed to convert personal computers and laptops into a powerful Bitcoin mining operation.

The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a very large Bitcoin network that could have yielded several million dollars in the virtual currency.

Researchers at Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the complex calculations necessary to run a Bitcoin network.

Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of security vulnerabilities in Java to install itself on computers that visited the site.

Light Cyber founder Giora Engel says that his company detected the attack in its customers' networks four days before it was publicly known and reported by Fox IT.

Engel explained how the firm learned of the malware-- "Many of our customers share threat intelligence with our Magna Cloud, so our research lab noticed this unknown malware and attack campaign coming from our customers' networks and investigated the specific case. As part of the investigation, we found a few tools that were downloaded by the malware. This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares."

The attackers made sure they exploited each of the millions of infected machines to its full extent by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and various generic remote access tools.

Engel added that Light Cyber detected a portion of the infected computers talking to Bitcoin mining pools on the Web, a sign that they were actually being used for mining.

He also explained how Bitcoin mining works-- "Bitcoin mining is a complex, computationally intensive process that gets harder and harder in time. Bitcoin is mined in several blocks, and since it takes a lot of computing power to mine a block, the miners join forces and form mining pools or bitcoin mining networks in which each one participates with his computing power and gets in return his share of the revenue. In our case, the malware author would be the sole beneficiary of the mining efforts."

To be sure, Bitcoin mining on just a few PCs is not usually worth the effort, Engel added, because the electrical cost of operating the computer is higher than the revenue garnered from the mining itself.

But the malware author stole the computing resources of the affected machines and did it in such large numbers as to turn a profit from the operation.

The malware attack reportedly lasted from December 31 through January 3, when Yahoo took down the malicious ads. On Saturday, Yahoo acknowledged the issue through the following statement-- "At Yahoo, we take the security and privacy of our users very seriously. On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptly removed those advertisements. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected."

So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do. But security firm Surfright shed a bit more light on the situation.

Not every ad on the Yahoo advertisement network contained the malicious iFrame, but if you have an outdated version of Java Runtime and you used Yahoo Mail in the last 6 days, then your computer is most likely infected.

In other internet security news

Yahoo site visitors over the last few days have been served with malware via the Yahoo ad network.

According to an internet security company based in the Netherlands, users clicking on some of the ads were redirected to sites armed with malware code that exploits security vulnerabilities in Java and then installs a variety of different malware.

In a blog post, Fox IT estimated that, based on sample traffic, the number of visits to the site carrying the malicious code was visited around 300,000 times per hour.

"Given a typical infection rate of about 9 percent, this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit malware are Romania, Britain and France.

At this time, it's still unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo," Fox IT said on its blog.

The security firm found evidence that the redirects go to domains hosted in the Netherlands, but was unable to identity the perpetrators. Traffic has slowed to the exploit, Fox IT noted, suggesting that Yahoo is addressing the security vulnerability.

Yahoo confirmed the presence of malware on its servers and said it had taken steps to combat the issue.

"We recently identified an ad designed to spread malware to some of our users," Yahoo said in a statement.

"We immediately removed it and will continue to monitor and block any ads being used for this activity," Yahoo added.

In other internet security news

A security blog post from Trend Micro warns that hackers in the wild have brewed up a variant of the now infamous CryptoLocker ransomware that uses worm-like features to spread itself even faster across removable drives.

The recently discovered Crilock-A variant can spread more easily than previous forms of CryptoLocker, and faster as well, making it something that system admins need to look at seriously.

This latest find is also notable because it comes under previously unseen disguises, such as a fake Adobe Photoshop and Microsoft Office software activators that have been seeded on P2P sites.

Analysis of the malware, detected as Worm_Crilock.A, shows that this virus can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants.

The addition of software propagation routines means that the malware can easily spread, unlike other known CRILOCK variants. Aside from its unique propagation techniques, the new malware bears numerous differences from known CryptoLocker variants.

Rather than relying on a downloader malware to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites.

Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create and send spammed messages.

CryptoLocker, the Bitcoin demanding ransomware menace, has infected as many as a quarter of a million computers since it first surfaced in September 2013, according to research from Dell SecureWorks’ Counter Threat Unit.

Earlier versions of the CryptoLocker typically arrived in email as an executable file disguised as a PDF, packed into a .zip attachment.

A spam run targeting millions of U.K. consumers prompted a warning from the British National Crime Agency back in November. Only Windows computers can be infected by the malware.

If it successfully executes itself, CryptoLocker encrypts the contents of a hard drive and any connected LAN drives before demanding payment of up to 2 Bitcoins (payable within 72 hours) for a private key needed to decrypt the data.

The malware uses a well-designed combination of 256-bit AES and 2048-bit RSA encryption technology which means that without backups, victims have little choice but to pay up if they ever want to see their data again.

For now, it's still unclear whether the latest worm-like variant is a copycat or the work of the regional CryptoLocker crew. The latest variant uses hardcoded command and control nodes and omits the utilization of domain generation algorithm (DGA) routines to create multiple potential command points, a more sophisticated feature common in earlier variants.

"Hardcoding the URLs makes it easier to detect and block the related malicious URLs," explain Trend Micro researchers Mark Manahan and Jimelle Monteser.

"DGA, on the other hand, may allow cybercriminals to evade detection as it uses a large number of potential domains. This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability."

Trend Micro's blog entry, Defending Against CryptoLocker, outlines various ways of protecting a computer and a network against CryptoLocker malware.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: The White House.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.