Posted by Kevin on October 3, 2014.
The ITsecurity daily security briefing: Friday, October 3, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
NEWS ONLY TODAY
Government to use a Bill of Rights to remove human rights in the UK
The UK government will today publish a document euphemistically titled Protecting Human Rights in the UK. Its purpose is to do the opposite — to dismantle the European guarantee of rights in the UK. While the US constitution is used to guarantee the minimum rights of the people, the UK will use legal means to limit the maximum rights of the people. If it succeeds, it could lead to the demise of the entire European Convention on Human Rights. The document concerned can be read here.
“The plan to make European Court of Human Rights judgments “advisory” is a full frontal attack on an international treaty which we signed up to and haven’t withdrawn from. For the UK to be under an international legal obligation to “abide by” judgments of the ECtHR and for Parliament simultaneously to legislate that those judgments are only advisory is incoherent at best and anarchic at worst. It demonstrates to the whole world that the UK Parliament has no truck for international obligations.
“The fact that the Ministerial Code will be amended to make clear to ministers they are not bound by international law. Is that what the public wants? That the UK is no longer bound by international law?
“It is also cowardly. If the intention is to withdraw from the ECHR, then that should be the policy. We should probably have a referendum about it. But these proposals are an attempt to pick a fight with the European Court/Council of Europe under the banner of ‘protecting’ human rights. If the Council refuses to accept change, then the UK will withdraw, or will be expelled. In reality, the UK would be setting terms which the ECtHR cannot possibly accept – if it were to sanction what the UK is proposing then it would be losing the only genuine power it has, to enforce judgments.”
UK Human Rights Blog:
Parallel Construction in the Silk Road case
Brian Krebs has published details suggesting that the prosecution is telling porkies over how it discovered the location of the Silk Road website. The implication is that it is using the concept of ‘parallel construction’; that is a false evidentiary construct deisgned to hide the true source. In other words, the FBI is pretending one thing in order to protect the real work of the NSA.
Robert Graham of Errata Security puts it more bluntly:
“A month ago, the FBI released a statement from the lead investigator, Christopher Tarbell, describing how he discovered the hidden server (“the Tarbell declaration”). This document had four noticeable defects.
“The first is that the details are vague. It is impossible for anybody with technical skill (such as myself) to figure out what he did.
“The second problem is that some of the details are impossible, such as seeing the IP address in the ‘packet headers’.
“Thirdly, his saved none of the forensics data. You’d have thought that had this been real, he would have at least captured packet logs or even screenshots of what he did. I’m a technical blogger. I document this sort of thing all the time. It’s not hard for me, it shouldn’t be hard for the FBI when it’s the cornerstone of the entire case.
“Lastly, Tarbell doesn’t even deny it was parallel construction. A scenario of an NSA agent showing up at the FBI offices and opening a browser to the IP address fits within his description of events.
“I am a foremost Internet expert on this sort of thing. I think Christopher Tarbell is lying.”
It isn’t clear whether parallel construction is legal or illegal. However, it is possible that the judge could throw out the government’s case since Tarbell’s version of events denies the defense access to the true evidence against Ross W. Ulbricht.
Facebook plots first steps into healthcare
“Facebook Inc (FB.O) already knows who your friends are and the kind of things that grab your attention. Soon, it could also know the state of your health.
“On the heels of fellow Silicon Valley technology companies Apple Inc (AAPL.O) and Google Inc (GOOGL.O), Facebook is plotting its first steps into the fertile field of healthcare, said three people familiar with the matter. The people requested anonymity as the plans are still in development.
“The company is exploring creating online ‘support communities’ that would connect Facebook users suffering from various ailments. A small team is also considering new ‘preventative care’ applications that would help people improve their lifestyles.”
Vandal Trojan for Android wipes memory cards and blocks communication
Dr Web has found a new and worrying Android trojan:
“The new Android Trojan, registered in the Dr.Web virus database under the name Android.Elite.1.origin, belongs to a rare class of malicious programs, namely, vandal programs. Virus makers usually craft such applications not for profit but rather to demonstrate their programming skills, express their opinion about certain events, or for fun or mischief. Programs of this kind often display various messages, corrupt files and interfere with a compromised system’s normal operation. That’s exactly what the new Android Trojan, which is disguised as popular applications, does…
“In addition to wiping SD cards and blocking messengers, Android.Elite.1.origin sends short messages to all the contacts found in the device’s address book in five-second intervals. The message text is as follows:
HEY!!! [contact_name] Elite has hacked you.
Obey or be hacked.A similar text is sent as a reply to all incoming SMS from valid mobile phone numbers:
Elite has hacked you.
Obey or be hacked.”
The Unpatchable Malware That Infects USBs Is Now on the Loose
“It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer.
“In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they’ve reverse engineered the same USB firmware as Nohl’s SR Labs, reproducing some of Nohl’s BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable.”
JP Morgan’s SEC filing says 83 million accounts affected in breach
“On October 2, 2014, JPMorgan Chase & Co. (“JPMorgan Chase” or the “Firm”) updated information for its customers, on its Chase.com and JPMorganOnline websites and on the Chase and J.P. Morgan mobile applications, about the previously disclosed cyberattack against the Firm. The Firm disclosed that:
Adblock says Adblock Plus will defy Facebook’s targeted advertising
“On Monday, the industry rumors came true and Facebook relaunched Atlas. Atlas is an ad platform that Facebook purchased from Microsoft last year, and it allows advertisers to track ad effectiveness across devices for users around the globe. After that they can buy ads on sites and apps outside Facebook based on Facebook’s targeting info…
“ABP now protects its users by blocking the ads the new Atlas tracking would serve across the web. Our approach is simple: Facebook can’t track you if you’re using Adblock Plus on the device in question. And even if you somehow get tracked once on a single device you’ll be able to block the ads that Atlas would serve you on your next device with Adblock Plus. In short, you can break the ad circle that Facebook-Atlas is trying to connect around you.”
Lacoon Discovers Xsser mRAT, the First Advanced Chinese iOS Trojan
“The Lacoon Mobile Security research team has discovered a new mRAT it calls “Xsser mRAT.” The Xsser mRAT specifically targets iOS devices, and is related to Android spyware already distributed broadly in Hong Kong.
“A link to the Android spyware, disguised as an app to help coordinate Occupy Central protests in Hong Kong, was sent as an anonymous message to Whatsapp users there on Thursday. In its investigation of that spyware, Lacoon uncovered the Xsser mRAT hosted on the same Command and Control (CnC) domain with the project being named Xsser…
“The Xsser mRAT is itself significant because while there have been other iOS trojans found previously, this is the first and most advanced, fully operational Chinese iOS trojan found to date. Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone’s guess. It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.”
Submitted in: News |