Report

The H-Online: Tor developers Arturo Filasto and Jacob Appelbaum have been working on a new tool they call the OONI-probe. OONI stands for Open Observatory of Network Interference and is designed to help map internet censorship across the global network. The open source tool gives users the ability to check their internet connection for censorship, selective bandwidth throttling, surveillance and other interferences. This data can then be shared freely with other users, creating a global overview of the state of censorship of the network. ...

The H-Online: According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer. ...

The H-Online: The whitec0de.com blog reports that, for $20, a member of a hacker forum offered to crack any Hotmail account within a minute – and that he kept his word. Apparently, the hacker found out about a critical vulnerability in Microsoft’s email service on a security forum, and the hole allowed him to change the passwords of arbitrary Hotmail users. ...

The H-Online: Online forums have, for some time, apparently been the target of hackers who inject additional code. However, the attackers aren’t interested in publishing cool slogans or political messages, they’re looking for money. They steal Google traffic from the forums and exploit this traffic via ads. Their main targets appear to be forums that are based on the vBulletin software. ...

The H-Security: The head of Google’s Webspam team, Matt Cutts, announced on Twitter that Google has sent out a message to the webmasters of 20,000 sites informing them that their sites may have been hacked. In the email message, the company warns operators that the affected sites appear to be being used to redirect visitors to a malicious site. Google asks the site administrators to check the files in their web space for an eval(function(p,a,c,k,e,r) JavaScript code segment. The eval() function can be used to execute JavaScript character strings that may have previously been decrypted using an unpack feature. Google also warns of specially crafted .htaccess files. These may cause a file to be redirected only in certain circumstances, for example, when a visitor accesses the page via Google. Consequently, regular visitors to a site, such as the webmaster, will be unaware of the infection. ...

As I said in the other post, Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare’, a former bank-system specialist in Iran who recently left the country. Zare’ claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran’s banking system. ...

SophosLabs: More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack. And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac. The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet. ...

An Iranian hacker published the information about some 3 million debit cards of 10 Iranian banks, including codes and passwords. The information has been published by someone named “Khosrow Zare Farid” who was the manager of a company which operates SHETAB payment network in Iran and produces and installs POS devices. “Around one year ago I found a critical bug in the system. Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me. Now I decided to publish the information. Governments tried to catch me by Iran Cyber Army but they failed,” he said, according to Kabir News website ...

Anti-virus experts at Trend Micro have discovered ransomware which blocks systems from booting. In contrast to the localised trojans, which are widely spread around Europe, it does so by inserting itself into the master boot record (MBR). It then restarts the system and instructs the user to pay a ransom of 920 Ukrainian hryvnia (equivalent to about 90 euros) to the criminals via payment service QIWI. ...

SophosLabs: Brian Krebs is reporting that MasterCard and Visa are warning member-banks of a payment processor breach that may impact more than 10,000,000 credit cards. It is important to note that MasterCard and Visa’s own networks were not involved in the attack, it appears to be related to payment processor Global Payments. Reuters is reporting that Global Payments stock was suspended for trading after falling more than 9% on the Nasdaq stock exchange. ...