Week in review: FinFisher’s spying capabilities, and NSA’s quest to subvert encryption

Here’s an overview of some of last week’s most interesting news and articles:

The TAO of NSA
It has been pointed out that NSA has its own hacking unit called Tailored Access Operations (TAO), and that its capabilities have been tapped for hunting down Osama bin Laden.

Leaked FinFisher presentation details toolkit’s spying capabilities
Sold by UK-based Gamma Group International, the toolkit was apparently created by Martin J. Muench, one of the founders of the BackTrack pentesting Linux distribution and at the time its main developer.

Training: The Art of Exploiting Injection Flaws
HITBSecConf 2013 Malaysia will host the widely acclaimed course The Art of exploiting Injection Flaws in Kuala Lumpur on 14 and 15 October 2013.

Persistent adversaries can identify Tor users
Using the Tor network will not you grant perfect anonymity – in fact, a group of researchers from the US Naval Research Laboratory and Georgetown University say that “Tor users are far more susceptible to compromise than indicated by prior work.”

AT&T’s massive call detail record database accessible to DEA agents
Since 2007, AT&T employees have been working side by side with US Drug Enforcement Administration and local law enforcement agents, helping them access electronic call detail records (CDRs) for suspect individuals – details contained in a vast database that contains data that goes back to 1987.

Hand of Thief Linux Trojan fails to work as promised
RSA researchers have recently spotted a banking Trojan targeting Linux systems being sold online by a cybercrime team based in Russia. The same researchers have now managed to get their hands on the HoT Trojan builder, allowing them to build, test and analyze HoT binaries – and the verdict is not good for the creator, sellers or the buyers.

Online backup for mobile devices: Key factors to consider
Most technology users keep personal information (contacts, calendars, documents, photos, etc.) on their mobile devices. That information isn’t protected if the mobile is lost/stolen.

Replacing passwords and PINs with your heartbeat
We’ve been hearing for a while now that passwords will soon become a thing of the past and, as it seems now, biometric authentication is likely to take their place.

GitHub adds two-factor authentication option
The option can be turned on it the user’s account settings, and works well with HTTPS Git, GitHub for Mac, GitHub for Windows, and the GitHub API.

New advanced banking Trojan in the wild
Hundreds of infections have been detected in Turkey, dozens in the Czech Republic, United Kingdom and Portugal. This very potent and sophisticated banking malware dubbed Hesperbot is spreading via phishing-like emails and also attempts to infect mobile devices running Android, Symbian and Blackberry.

Placing the Suspect Behind the Keyboard
There are many books addressing the subject of computer forensics out there, but this tome is one of the rare ones that approaches cybercrime investigations in a holistic manner, i.e. combines the investigative strategies of digital forensic examiners and those of the case investigators.

Obad Android Trojan distributed via mobile botnets
When first unearthed three months ago, the Obad Android Trojan has fascinated researchers with its sophistication. At the time, Kaspersky Lab researchers didn’t know how the malware was getting on the mobile devices, and were curious about the fact that despite its impressive capabilities the malware was not very widespread.

61% of IT pros don’t report security risks to executives
A new Ponemon Institute study examined the disconnect between an organization’s commitments to risk-based security management and its ability to develop the collaboration, communication styles and culture necessary to security programs effective across the organization.

New discovery will allow large-scale quantum cryptography networks
Researchers from Toshiba have discovered a method to build quantum cryptography communication networks with a far greater scale than ever before. It will allow quantum cryptography to be used beyond its current niche applications, for example as part of the Smart Community Networks that will manage and control energy generation and consumption in the future.

PayPal unblocks MailPile’s account
MailPile, the open-source web-mail client with user-friendly encryption that has proved to be a hit with the Indiegogo crowd, has had its PayPal account frozen by the e-payment giant.

Understanding and defending against Denial of Service attacks
Denial of Service (DoS) attacks continue to be on the rise, which is no surprise given our ever-growing dependency on Web-based services, coupled with the fact that these attacks are relatively cheap and easy to carry out. In this article, we’ll discuss what DoS attacks are, some various types of DoS attacks, tips to keep them at bay, and references to security tools to help you mitigate vulnerabilities.

Massive spike of Tor users caused by Mevade botnet
When Project Tor director Roger Dingledine recently drew the public’s attention to the unusual and considerable rise in the number of Tor users, he invited people to speculate and share plausible explanations about it because, by his own admission, they were unable to find it out by themselves.

Is mobile privacy a bigger concern than a phone’s brand?
A new Harris Interactive study provides a valuable barometer on current consumer perceptions and mobile privacy trends by examining issues, such as data collection, geo-location tracking, mobile advertising and privacy management responsibility.

NSA announces new schools for cyber initiative
Four new schools have been selected for the National Security Agency’s National Centers of Academic Excellence in Cyber Operations Program, which was designed to cultivate more U.S. cyber professionals.

NSA’s quest to subvert encryption, install backdoors
Backed by the documents shared by NSA whistleblower Edward Snowden, they state that the US National Security agency has actively and for years now concentrated on thwarting or subverting encryption efforts via a number of ways, and that their endeavors have largely been successful.

More about

Don't miss