"Devil Robber" Trojan Infects Mac OS-X & Stealing Personal Information

"DevilRobber" Trojan Infects Mac OS-X & Stealing Personal Information (Credit Cards, User-name, Passwords & so on).

 

Now another piece of malware has struck unsuspecting Mac owners.  The new multiplatform trojan is much more sophisticated than most of the past malware to hit the Mac platform. The malicious program installs as part of infected torrent downloads from sites such as The Pirate Bay.  Thus far the malware has been primarily found to be piggybacking on pirated copies of the image editing app GraphicConverter version 7.4 (whose authors are not involved in the screen and do not approve of the pirating in the first place).  The onboard malware is officially known in security circles as OSX/Miner-D, and is nicknamed the "DevilRobber".

Once installed on the victim's machine, the malware opens a back-door to the OS X system, allow remote command-and-control.  It also monitors your computer, attempting to steal personal information like credit cards.

To do this it takes screenshots.  It also periodically dumps confidential information from various applications -- such as truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history -- into the creatively named file dump.txt.  It also records yourusername and passwords via monitoring using a proxy server (on port 34522 in the most common variant, but likely to change).

-News Source (NS, Intego, Dailytech)

London is Hosting Major International Cyber-Security Conference

Add caption

London is hosting a major international conference on the threat from cybersecurity attacks. Representatives of 60 nations are gathering to discuss how to tackle the rising levels of cybercrime.Foreign Secretary William Hague convened the London Conference on Cyberspace, and urged a "global co-ordinated response" on policy.

However, Wikipedia founder, Jimmy Wales, warned that ill-advised interventions posed their own risks. The event comes a day after intelligence agency GCHQ warned that cyberattacks on the UK were at"disturbing" levels.
Experts attending the two-day conference include EU digital supremo Neelie Kroes, Cisco's vice-president Brad Boston and Joanna Shields, a senior executive at Facebook. US Secretary of State Hillary Clinton had been due to attend, but cancelled the trip on Monday night after her 92-year-old mother fell ill. Mr Hague led the opening session. "We want to widen the pool of nations and cyberusers that agree with us about the need for norms of behaviour, and who want to seek a future cyberspace based on opportunity, freedom, innovation, human rights and partnership, between government, civil society and the private sector," he said. However Mr Wales, who also took part in the first event, urged caution. "The biggest threat to the internet is not cybercriminals, but misguided or overreaching government policy," he said.
Prime Minister David Cameron appeared to agree that politicians should resist the temptation to be heavy-handed. "Governments must not use cyber security as an excuse for censorship," he said.

For details information Click Here

The Entire Internet Service Provider's (ISP) Network Shut Down In Palestinian by HAckers

Add caption

                                                                      

Internet service is completely cut off in Gaza Tuesday and partially shut down in the West Bank after an attack on the main Internet provider to the Palestinian territories, according to a minister with the Palestinian Authority.
"This is a very serious and vicious attack," Dr. Mashour Abu-Daqqa, the minister of Communications and Information Technology, told Media. The attack, which affected most of the Palestinian Internet communication network, also targeted domain addresses, said Abu-Daqqa. The minister said hackers are using international IP servers originating in Germany, China, and Slovenia to send millions of attacks in the form of viruses to penetrate and disrupt the Internet communications. There is no word on who, exactly, is behind the attacks.
"It does not mean the attackers are from there, it is only the origin of these virus attacks using these international servers and other international country servers," Abu-Daqqa said. Officials have not ruled out the possibility that the attack could be related to Monday's decision by the United Nations education and science agency, UNESCO, to accept a Palestinian bid for full membership in the organization. The move prompted the United States to withhold funding from UNESCO.
Abu-Daqqa said the hacking "is not the act of an individual or group" but possibly a "state-sponsored attack" intended to paralyze Internet communications in the Palestinian territories. Efforts to restore Internet service continue, the minister said.

GateOne Beta - Terminal emulator for HTML5 web browsers

                                                                      
The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also supports HTTP over SSL (https) secure connections from the browser to the server and authentication technologies such as Kerberos. It has its own internal plug-in system (plug-ins can be written in Python, JavaScript and CSS); currently available plug-ins for Gate One include SSH client connections, session recording and playback, and a bookmark manager for storing terminal sessions.
Top features:
* No browser plugins required!
* Supports multiple simultaneous terminal sessions. As many as your hardware can handle.
* Users can re-connect to their running terminals whenever they like from anywhere.
* Can be embedded into other applications. Add a terminal--running whatever application(s) you want--to your web app! Would be vastly superior to say, a Java-based serial console applet (hint hint).
* Includes powerful plugin system that supports plugins written in Python, JavaScript, and even CSS (yes, you can write a CSS-only plugin).
* The Gate One server can be stopped & started without users losing their running terminal applications (even SSH sessions stay connected!). In essence, worry-free upgrades!
* The SSH plugin allows users to duplicate sessions without having to re-enter their username and password (it re-uses the existing SSH tunnel).
* Provides users with the ability to play back and save/share their terminal sessions via a self-contained HTML playback file.
* Similarly, supports server-side logging, recording, and video-like playback of user sessions. It can even log to syslog to support whatever centralized logging system you want.
* Keberos-based Single Sign-on support is included. It even works with Active Directory. Other  authentication options are available as well.   Demo:



Download GateOne Here

                                                                                                    Source: THN

Facebook "Trusted friends" Security Feature Easily Exploitable

Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 "Trusted friends". Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked.

In Facebook's case, the keys are codes, and the user can choose from three to five "Trusted friends" who are then provided with a code. If you ever get locked out of your account (and you can't access your email to follow the link after resetting your Facebook password), you gather all the codes and use them to gain access to it again. Yet This method is used by hackers to hack most of the Facebook account using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how this works...

How its Exploitable:
This Exploit is 90% Successful on the victims who add friends without knowing them or just for increasing the number of Friends. This method to hack a Facebook Account only works if 3 trusted friends agree to give you the security code ! Another Idea, Why not Create 3 fake accounts and send Friend Request to Victim. Once your 3 Fake Accounts become friends with your victims facebook account, you can select those 3 Accounts to get the Security Code and Reset the password of Victim. Here a Complete Demonstration of Hacking Method on HackersOnlineClub.

Other Serious Facebook Vulnerability in Last Week
Last Week Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . Not even Account Security, Also there are lots of Privacy Issues in Facebook,like Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .  Facebook should takes these privacy issues & security holes very seriously.
                                             
                                                                                                                                         Source: THN
                                     

Apple's Siri Speaks Also on iPhone 4, iPod Touch 4G

The end of Siri's exclusivity on the iPhone 4S may be near. No, I'm not talking about Siri running on the purported Apple television set, but Siri on jailbroken iPhone 4 and -- possibly -- 3GS handsets.

Ireland-based hacker Steve Troughton-Smith and his San Francisco-based comrade Grant Paul (no relation to the author) over the weekend claimed they got Apple's voice-enabled digital assistant functioning properly on an iPhone 4 and a fourth generation iPod Touch. 

The pair solved the problem using Troughton-Smith's code for the Siri port developed earlier this month, as well as software authentication tokens from a jailbroken iPhone 4S. Screenshots of the hack were posted to Twitter as well as two YouTube videos demonstrating the Siri port, one of which was given exclusively to 9-to5 Mac.  

"I've tested pretty much every type of interaction you can make with [Siri on the iPhone 4]," Troughton-Smith told PCWorld in an interview via instant messenger. "It works just as well as the iPhone 4S, and I've seen it work even faster than it at times." The only feature that doesn't work, according to Troughton-Smith, is the iPhone 4S's so-called "raise to speak" feature that allows you to activate Siri's voice-command interface by raising the phone to your ear. The problem with raise to speak on Siri, Troughton-Smith says, is that it requires the new gyroscope in the 4S; it's not clear whether this could be solved. Google offers a similar raise to speak feature in its search application for iOS devices, including the iPhone 4 and 3GS.  

Apple's Server Conundrum

   

Hackers have been trying to get Siri to work on iOS devices other than the iPhone 4S for several weeks now. But until the recent breakthrough, they had only the interface functioning while Siri voice commands on the iPhone 4 went unheeded. Siri relies on Apple's servers to do all the heavy duty processing of voice commands, and hackers hadn't yet figure out how to trick Apple into believing an iPhone 4 was actually an iPhone 4S. This problem, it appears, has now been solved.