Daily Archives: September 23, 2017

Closed source corporate DRM for money grabbers is forced onto open source web with flimsiest of excuses

Posted on by
Reply

The trouble with DRM is that it’s sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn’t work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it’s like replacing one library with many stores that each only carry books for one publisher. “It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient,” Berners-Lee wrote, “and one which makes it a part of the interconnected discourse of humanity.” Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. “It doesn’t strike the correct balance between protecting individual people and protecting digital content,” it said in a blog post. “The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point.”

Source: Corporations Just Quietly Changed How the Web Works – Slashdot

And of course it just turns out that the EU knows that piracy doesn’t hurt sales, but decided to ignore that when designing policy.

It is a big dissappointment in Tim Berners-Lee, who has caved in to the money grabbers and has now set a precedence showing that the WWW Consortium is corruptible to anyone with enough money in their pockets.

Fortunately it won’t be long before this is hacked. And another new standard has to be introduced. Given the glacial speed at which the W3C works, this might give us a few years of freedom from DRM.

SVR Tracking leaks info for hundreds of thousands of vehicles. Turns out they have been tracking you even when your car wasn’t stolen.

Posted on by
Reply

Researchers discovered a misconfigured Amazon AWS S3 bucket that was left publically available. The breach has exposed information about their customers and re-seller network and also the physical device that is attached to the cars.

The repository contained over a half of a million records with logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships. Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden.

The “SVR” stands for ‘stolen vehicle records”.
[…]
The software monitors everywhere the car has been back as far as 120 days, including a terrifying feature that pinpoints on the map all of the places a driver has visited. There is even an option that will show anyone with login credentials the top stops or locations where the vehicle has been. There is a “recovery mode” that can pinpoint every 2 min or create zone notifications. They claim to have a 99% success rate on recovery but what about when the customer logins and passwords for thousands of unsuspecting drivers are leaked online?
MacKeeper Security: Auto Tracking Company Leaks Hundreds of Thousands of Records Online

Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

Posted on by
Reply

When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set up a website for worried customers to check if they had been affected – equifaxsecurity2017.com – rather than setting it up on the equifax.com domain.

As a bit of fun security researcher Nick Sweeting set up securityequifax2017.com with a familiar look and feel, just like phishers do every day. To make that point the headline on the website was “Cybersecurity Incident & Important Consumer Information which is Totally Fake, why did Equifax use a domain that’s so easily impersonated by phishing sites?”

Turns out he had a point, since the site fooled Equifax itself. Shortly after setting up the site, Equifax’s official Twitter feed started to link to Sweeting’s fake page and in a series of posts dating from September 9 Tim on Equifax’s social media team began tweeting out the wrong URL to customers concerned about their data.
equifax

Seriously, Tim?

The tweets (now removed by red-faced Equifax staff) continued until Sept 18 before they were spotted by stanleyspadowski on imgur and @aaronkkruse on Twitter. It’s not known how many people were directed to the site, and it has since been blocked by Google.

Source: Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

Ccleaner infection: what happened? Turns out it was targeting companies & had been running for longer than thought

Posted on by
Reply

Ccleaner v5.33, software that allows you to clean up the cruft that comes with use and with newly installed machines, was infected with Floxif malware which installed itself on peoples machines together with the ccleaner. Floxif is a malware downloader that gathers information about infected systems and sends it back to its Command & Control server.
[…]
The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Bleeping Computer: CCleaner Compromised to Distribute Malware for Almost a Month

In analyzing the delivery code from the C2 server, what immediately stands out is a list of organizations, including Cisco, that were specifically targeted through delivery of a second-stage loader. Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads. Below is a list of domains the attackers were attempting to target.

Talos Intelligence: CCleaner Command and Control Causes Concern – with more technical details on the source and methodology of the malware

According to Avast, the database where the CCleaner hackers were collecting data from infected hosts ran out of space and was deleted on September 12, meaning information on previous victims is now lost to investigators and the number of computers infected with the second-stage backdoor payloads may be larger than initially believed.

This means there could still be — and there certainly are — more large technology firms that currently have a backdoor on their network.
[…]
The server would store this information into a MariaDB (MySQL fork), and would run a series of filters on each infected host to determine if to send a second-stage payload, a very stealthy backdoor trojan.

Based on analysis from Cisco Talos published yesterday, the C&C server looked for computers on the networks of large tech corporations.

Based on a list recovered by researchers, targeted companies included Google, Microsoft, HTC, Samsung, Intel, Sony, VMWare, O2, Vodafone, Linksys, Epson, MSI, Akamai, DLink, Oracle (Dyn), Gauselmann, and Singtel.

The attacker’s database recorded information on all computers infected with the first and second-stage malware. There were 700,000 entries for computers infected with the first-stage malware, and only 20 for the second-stage malware.
[…]
The new information was extracted from the server’s logs and shows that the server was set up just days before attackers embedded their malware to the CCleaner binaries.

Despite the server being up for more than a month, Cisco noted that the database contained information on infections that were active between September 12 and September 16, and nothing more.

Avast says that after a deeper analysis of the logs, they find evidence that the server’s disk storage had been filled, and attackers had to delete the collected data they recorded up to that point (they most likely downloaded it before deleting it).
[…]
What this means is that data for 28 days of infections is now lost. Investigators are now unable to determine if other tech companies have now backdoors on their networks.

This means that any company that has ever deployed CCleaner on its network must now wipe systems clear, just to be sure the second-stage malware is not hidden somewhere on its network.

Bleeping computer: Info on CCleaner Infections Lost Due To Malware Server Running Out of Disk Space