Tor Accuses CloudFlare Of Blocking Its Network

Content provider CloudFlare is no stranger to the spotlight, with being accused of protecting pro-ISIS by Anonymous causing it some issues. Now it would seem that they are instead on the throwing end of a claim, saying that requests they get from the Tor network (a network designed around allowing anonymous browsing on the web) are malicious 94 percent of the time. Tor accuses CloudFlare of mischaracterizing their users and blocking its network, with it going so far as to impact normal traffic.

Tor claims that its users are often getting stuck in CAPTCHA loops or outright failures, stopping them from accessing content in even the simplest of ways. In external research, Tor states that CloudFlare was found to block at least 80 percent of IP addresses from its service, with the number increasing over time. The CAPTCHA loop is caused by a measure CloudFlare has introduced that requires users of the Tor network to fill out CAPTCHA’s, but only users of the Tor network will see these.

Tor isn’t happy about this accusation and wants to see evidence regarding their 94 percent figure. Many are wondering how they reached this figure, or even how they deem if a connection is trustworthy. With so many people now using networks and systems like Tor, blocking or making the experience worse for users can’t be seen as a positive step when it comes to providing content.

BBC Among Sites That Ran Malicious Adverts

When you go to a website, you are often met by an onslaught of advertisements. For everything from custom-built PC’s to the latest diet trend, advertisements are everywhere. Sadly they may not be the only thing appearing on your computer with the use of malicious adverts appearing more and more often. In the recent onslaught though even the BBC was caught running malicious adverts on their site.

Major websites were hit by the “malvertising” attack which sees malicious adverts uploaded to third party advertising companies which then give these adverts out to other sites. The harmful “malverts” included your everyday malware and even file-encrypting ransomware, a type of software that is making and appearance more and more these days.

Trend Micro first reported on the malverts on Monday, only to have a similar post held off till Tuesday from MalwareBytes Labs while they contacted several advertising networks in the hope of getting the malicious adverts removed.

With large groups like the BBC, Newsweek, MSN and the New York Times all being exposed to the malicious adverts it may be a good time to check that your anti-virus software is up t o date and do a thorough scan of your system.

Chinese Devices Mount Massive DDoS Web Attack

Cyber attacks are an increasing and dangerous threat which is perpetrated by groups and countries alike, these attacks are a substantial threat to free speech, livelihoods of website operators and also the whole infrastructure of the Internet. It’s no surprise to learn that a huge DDoS attack against a target website resulted in 650,000 devices being unwittingly enrolled into a giant cyber attack which overwhelmed its target.

And where did this attack originate from? That’s right, our friends over at the democracy-suppressing Truman Show style country that is China. The attack transmitted a staggering 4.5 billion separate requests for data in one day to the target destination. Below is an image which analyses the log timeframe of HTTP requests per hour, as you can see, requests for data ramped up dramatically within only a relatively small period of time before dissipating.

Since the attack had been levelled at a client of US Company CloudFlare, they were able to “write a dedicated script and were able to further analyze 17M log lines, about 0.4% of the total requests” They found that 99.8% of the flood was originating from China while 0.2% was labelled as “Other” They were also able to determine that 80% of the requests came from mobile devices .

So, how is it possible to booby trap an amazingly high number of devices? CloudFlare security analyst Marek Majkowski speculated that an ad network might have been the root cause which was compromised and used as a distribution vector for the attack. “It seems probable that users were served advertisements containing malicious JavaScript. These ads were likely shown in iframes within mobile apps, or mobile browsers to people while they were casually browsing the internet”

Think of this speculated but plausible scenario like this, while a user was browsing the Internet or through an app, he or she was served an iframe which contained an advertisement. This ad had been requested from an ad network who then forwarded the request to a third-party that won the ad auction. This meant that either the third-party was the “attack page” or it forwarded the user to an attack page, by doing this the user was served a page containing malicious Java Script which then launched a flood of XHR requests against CloudFlare servers.

CloudFlare have declined to name the company which had their server attacked but are warning against future cyber attacks with the same level of intensity. It’s a worrying trend which has many outlets including the Darth Vader weapon of choice “The Great Cannon.” This is also not serving the long-established technique of serving ads to consumers via the Internet, if advertisements are increasingly being injected with malicious code, consumers are going to use extensions to block them.

The Internet connects the world and is seen as a necessity and therefore a human right by powerful individuals, what countries want you to see on the net, well, that’s a whole different ball game.

Thank you blog.cloudflare for providing us with this information.

Image courtesy of cloudpro

Credentials May Become Compromised via Old Windows Vulnerability from the ’90s

Nobody wants their private information shared on the internet, but we live in an era where everything that’s connected to the internet may eventually become public. This is the case of an old Windows vulnerability from the ’90s, which still poses a security threat according to security specialists.

Brian Wallace, a security researcher from Cylance, has been reported to have found a new way to exploit a vulnerability that was previously found in 1997. He stated that the flaw can be used on any Windows OS-powered device, may it be a tablet, PC, server or laptop, and can be used to potentially exploit and compromise around 31 programs.

The vulnerability that goes by the name of Redirect to SMB is said to be exploited by intercepting communication with a Web server using the man-in-the-middle approach. This in turn redirects all traffic to the malicious SMB server, which supposedly collects sensitive information such as usernames, passwords, credit card information or other things users type in.

There are some limitations to the technique though, as Wallace pointed out. The attacker needs to be on the same network as his victims and the attack can easily be prevented by blocking outbound traffic to the 139 and 445 TCP ports. But let’s be honest, who is going to do that? I mean most people don’t even change their default router credentials, let alone go into its settings and block traffic to specific ports.

Microsoft is said to have not made an official statement regarding the matter, but Wallace’s findings have been revealed at the Computer Emergency Readiness Team at Carnegie Melon University. With all this snooping around that’s been going on lately, how secure do you feel? Or is that even a matter of concern at this point?

Thank you PCWorld for providing us with this information

Image courtesy of High Performance Laptops

Lenovo Caught Installing Dangerous Adware on New PCs

Lenovo has been caught installing adware on new PCs. The software is called Superfish and on the face of it, the software appears to be your standard annoying adware with third-party ads plastered on various websites. It also has those terrible popup ads. However, some have suggested that this software may well be more dangerous than annoying.

Superfish essentially throws out ads on pages like Google that appear to match your search results. It seemingly does such a thing in Chome and Internet Explorer. It also provides annoying popups – something very common with adware. The thing is, Superfish is currently being disabled on new Lenovo machines after many users complained of such annoying popups. Now you’d think that’s a good thing, and that this story is now pointless as a result; well that certainly isn’t the case.

Lenovo community administrator, Mark Hopkins, said that the company would be temporarily removing the software on new systems due to these complaints. Shockingly, he said that the popups were “issues” that needed a “fix”, defending the software as useful in that it “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

It doesn’t stop there. There are now reports that Superfish is dangerous as well as annoying. It appears that the software is implementing a man-in-the middle attack by using a self-signed certificate authority, which allows it to decrypt secure connections, such as those to your bank account or when you’re making a purchase.

If all of this is true, it’s terrible for Lenovo, a trusted PC manufacturer, to be doing this to users’ computer new out of the box. Let’s hope Lenovo has something to say about it.

Source: The Next Web

UK and US Said to be Behind ‘Regin’ Malware

Yesterday we reported on Regin, a new piece of malware, said to be one of “the most sophisticated” pieces of malicious software ever seen. Well today, experts have come out to suggest that the software may have been used by British and American spy agencies – GCHQ and the NSA, respectively.

Security industry sources told The Interept that Regin is “behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company.” 

They say that the software was discovered on Belgacom’s networks – a major telecoms network in Belgium, suggesting that the software was used to spy on the personnel at the offices of the European Union.

It was Edward Snowden who revealed earlier spying on Belgacom by the UK and on EU computers by the NSA. It certainly seems that this software may well have been part of those efforts.

Source: Gizmodo

Up to 4.5 million Americans Hit by Android Malware

The New York Times has an interesting article concerning the spread of Android malware. They say that mobile security company, Lookout, has reported that Android malware has “hit between four million and 4.5 million Americans since January of 2013”.

“Lookout first encountered the mobile malware, called NotCompatible, two years ago and has since seen increasingly sophisticated versions. Lookout said it believes, based on attempted infections of its user base of 50 million, that the total number of people who have encountered the malware in the United States exceeds four million.”

They say that this sort of malware is in most cases delivered by a “drive-by download”, where the user visits a legitimate website that is carrying malicious code. The effects of the malware can reportedly range from sending spam email from a device’s email account to hacking WordPress accounts.

Source: The New York Times

“Rustle World Order” Attacks Anonymous Via Twitter

In today’s news we hear about a hacker group called Rustle World Order, the group was able to gain access to Anonymous’s twitter feed, and trolling their followers with a mass of postings. Though their postings do not seem to have caused much harm to the group, if any. There is no way to really tell that the group did in fact hack the twitter feed. Someone can claim that they have done something, or with the hacking someone could hack and say that they are another group. In all seriousness, I feel that these hacker groups need to focus more on helping keep our internet safe. Going after those who try to take our rights away, etc.

A few years ago I didn’t hear much about hacking, I don’t know about you. You would hear about it primarily in films, maybe a blog or two, maybe even from 2600. Now with more and more people having access to the internet I feel that we hear more about it.

What is a hacker? Personally I have always thought of a hacker as someone who is able to modify something to perform differently than originally intended, generally for the better. As time has gone on, I think of a hacker more as someone who maliciously attacks a person or organization with the intent to digitally harm. I will give you a couple of popular definitions.

Wikipedia defines a hacker as “Currently, “hacker” is used in two main conflicting ways as someone who is able to subvert computer security; if doing so for malicious purposes, the person can also be called a cracker. A member of the Unix or the free and open source software programming subcultures, or one who uses such a style of software or hardware development”

Oxford Dictionaries tell us that a hacker is a noun, “A person who uses computers to gain unauthorized access to data. Informal, an enthusiastic and skillful computer programmer or user.”

What are your thoughts on hackers, and what they are doing with their time?

 

Source