Issue 9

Krebs On Security: Who is Anna-Senpai, the Mirai Worm Author?

The Mirai worm was responsible for hijacking millions of IoT devices and using them to cause some of the biggest DDoS attacks so far, blowing 620 Gbps of data towards Brian Krebs' site last September, and 1.2 Tbps to Dyn last October. In this blogpost, Brian explains at length how he believes he discovered the real-life identity of its author, known as Anna-Senpai, to be Paras Jha. It's a long read, and sometimes hard to follow due to numerous names and aliases being used, but I found it well worth the time.

krebsonsecurity.com

 

Massive Twitter botnet discovered lying dormant since 2013

Two researchers have discovered a Twitter botnet of as much as 350.000 accounts. It was created in 2013 and has since been doing, well, not much. They suggest however that if its controller wakes them up, it could do some serious harm. The botnet is dubbed the 'Star Wars botnet', because the accounts randomly tweet passages from Star Wars novels.

threatpost.com

 

Coalition of cryptographers urge Guardian to retract WhatsApp story

After the uproar caused by the Guardian article on a vulnerability in WhatsApp, a group of well-known cryptographers are asking the Guarding to no longer use the term 'backdoor' for this issue, which they feel is misplaced and has done harm to an otherwise extremely secure messaging option for the masses.

threatpost.com

 

Google to block .js attachments in Gmail

Malware authors are currently often relying on Javascript attachments in e-mail. To counter this, Google will block .js attachments starting February 13th, as it is already doing for other extensions like .exe and .jar. If you have a valid reason for sending .js files, Google suggests sharing the files using cloud storage.

threatpost.com

 

Facebook security now supports U2F authentication

Facebook enabled support for physical two-factor devices such as the Yubikey.

wired.co.uk

 

Heartbleed is not dead. And isn't likely to be any time soon

Heartbleed, an OpenSSL vulnerability that allows an attacker to snoop on encrypted web traffic, caused a major media blitz about three years ago. Unfortunately, to this day, there are still 200.000 machines out in the open that can be comprised this way.
For a refresher on what exactly Heartbleed was, see the official website here.

grahamcluley.com

 

oogle becomes its own Root Certificate Authority

Google has announced that they have started their own Root Certificate Authority, instead of relying on a third party. They published their own root keys, but having other browsers and services integrate those takes time, so they also bought two existing root certificates from GlobalSign. Hackernews discussion can be found here.

googleblog.com

 

Open source framework for securely updating cars

Most of us realise that, as cars become more dependant on software, security is a huge concern. Many car manufacturers like Ford and Tesla already have the ability to do over-the-air (OTA) updates to their cars. Several universities have now come together to publish Uptane, a protocol on how to securely perform car OTA updates.

csmonitor.com

 

Android pattern lock ‘can be cracked in five attempts’

Researchers showed an attack where they record video from someone unlocking their phone (but not filming the screen), after which they extrapolate up to five possible patterns based on the person's finger movements from afar. Ironically, complex unlock patterns were easier to break, since they gave the researchers more data to work with.

sophos.com

 

Critical vulnerability found in Cisco WebEx extension

Cisco WebEx, a video conferencing application used by over 20 million people, has a vulnerability that allows for remote code execution. Previous patches proved insufficient, and so far only Chrome has a patch in the extension's 1.0.7 version. If you use Firefox or IE on Windows and you have this extension, you might want to disable it for now. Microsoft Edge on Windows and all browsers on Mac are deemed safe.

sophos.com

 

Firefox 51 begins warning users of insecure HTTP connections

If your website asks for personal information or passwords, and isn't using HTTPS, Firefox will show a warning icon. They aim to eventually do this for any and all HTTP pages.

threatpost.com

 

I am Mikko Hypponen. I hunt hackers. AMA.

Mikko Hypponen, a very well-known security researcher, is doing an AMA (Ask Me Anything) on Reddit as I write this. He also did a AMA-like session on Quora last month, which is also an interesting read.

reddit.com