Entries with tag security researchers.

Security researchers say mixing honeywords—decoy passwords—along with a real hashed password could prevent hackers from accessing websites and online services. Ari Juels, chief scientist at security firm RSA, and cryptographer and MIT professor Ronald Rivest say that storing multiple possible passwords on a system could not only provide security but also determine when an intrusion is occurring. Passwords are now considered a weak security strategy in part because users make poor password choices. This approach uses a honeychecker system with information about which passwords are legitimate and which are honeywords. This system stores randomly selected integers that point to the location where the password is stored to check whether a user is entering the correct password. If attackers accessed the honeychecker, they could not find the password. Their presence could be detected when they attempt to use one of the honeywords to access the system. (ZDNet)(The Honeywords Project)(MIT CSAIL)
 

A recent series of attacks against WordPress blogs is creating a growing botnet, according to security researchers. The attacks—which focus on individuals whose WordPress username is “admin”—attempts to crack their password for signing into the blog using brute-force attacks. The botnet reportedly now consists of 90,000 or more computers. Security experts are concerned the botnet could continue growing and create a massive problem. The attacks reportedly started after WordPress began offering an optional two-step authentication login. Once a website is infected, it is equipped with a backdoor. This lets the hackers control the site remotely and make it part of the botnet. (BBC)(Matt Mullenweg)(Krebs on Security)
 

Security researchers have discovered that, of devices at more than 80 million unique IP addresses responding to Universal Plug and Play discovery requests, between 40 and 50 million of them are vulnerable to attack via UPnP. Although security problems with the protocol have been well known for at least a dozen years, the issues put networks at risk and the research served to quantify the extent of the issue. UPnP is a set of networking protocols that let routers, printers, network-attached storage, media players, smart TVs and other devices seamlessly communicate. The researchers from security-software vendor Rapid 7 said they discovered more serious problems than they expected when they began their study. For example, they found that the most commonly used software stack used by the Universal Plug and Play protocol to control the device is also the most vulnerable. (SlashDot)(ThreatPost)(Rapid7)

Researchers from security vendor Kaspersky Lab have announced the discovery of a virus that targets Venezuelans and steals their online credentials. Victims download the virus after clicking on a link— “listas-fraude-electoral.pdf.exe” (which means “electoral fraud lists”).—that purportedly connects to information about that nation’s recent presidential election. Dmitry Bestuzhev, Kaspersky’s head of Latin America research, said the malware spreads via e-mail and affected at least 75 of the company’s customers. The virus lets criminals steal victims’ banking information and their online credentials for Comisión de Administración de Divisas, the nation’s currency agency. “Being that this malware is quite simple and also targeting only Venezuelan banks and CADIVI, we can strongly assume that the cybercriminals who produced it are from Venezuela, too," Bestuzhev wrote.
(PhysOrg)(The Associated Press @ The Washington Post)(Kaspersky Lab SecureList)

Security researchers have provided new information about the innovative approaches the sophisticated Flame malware used in its attacks on computers in the Middle East earlier this year. Analysis by researchers from Kaspersky Lab, Symantec, CERT-Bund/BSI, and the International Telecommunication Union’s Impact Alliance showed that Flame’s creators disguised the malware’s command-and-control servers as content publishing platforms that ran a fake content-management application. This allowed it to run without attracting attention because it resembled an operation that a news operation or blogger might use. The researchers say the Flame campaign started as early as 2006 and included the creation of at least three other pieces of malware that have yet to be discovered. The attack was also more widespread than previously believed and infected perhaps as many as 10,000 machines. Forensics revealed the names or code names of four of Flame’s developers. In May Kaspersky Lab reported it had discovered the Flame virus—which it describes as part of an espionage toolkit—after the United Nations’ International Telecommunications Union requested help with computer infections targeting Iran’s oil ministry. Flame attacks carefully selected computers, steals data, and opens a backdoor to infected systems that the hacker can use to update the malware. Researchers say the malware is so complex, they might need a decade to analyze it. (Ars Technica)(Reuters)(Wired)(Kaspersky Lab Threatpost)(Computing Now NewsFeed – 29 May 2012)