Friday 29 November 2013

Blackhole exploit kit use plummets after creator's arrest

blackhole1
Use of the notorious Blackhole exploit kit has radically dropped since the arrest of its alleged creator "Paunch", according to an independent malware researcher.
The researcher, known as Kafeine, wrote in a blog post that the use of the Blackhole hack tool has almost completely ceased, reporting he has not seen a new variant or system update for the exploit kit in weeks. The news comes less than six weeks after Russian police arrested a man believed to be the author of the exploit kit.
In its heyday Blackhole was the most commonly used exploit kit in the world. Security firm F-Secure estimated that Blackhole accounted for 27 percent of the exploit kit market in March. Exploit kits are publicly traded hack tools that let criminals automatically mount a variety of cyber scams and attacks.
In the past the Blackhole exploit kit has been linked to numerous phishing scams that sent malware-laden messages claiming to come from legitimate companies, such as the BBC and CNN. Before Paunch's arrest the Blackhole kit received a constant stream of updates designed to let it target newly discovered vulnerabilities.
FireEye malware research engineer Josh Gomez told V3 the rapid decrease in Blackhole usage is likely due to the lack of new vulnerability updates. "Blackhole's curator (Paunch) is no longer actively maintaining the exploit kit since his arrest. We see the drop in activity and it correlates to the timeframe of his arrest," he said.
"The Blackhole and Cool exploit kits were typically rented and leased, allowing the author to keep tighter control over the framework and offer an enhanced level of service or customisation to customers. With his removal from the exploit kit marketplace, Blackhole customers will find themselves needing to switch to other exploit kits as current Blackhole services expire or are dismantled."
Gomez said it is likely that a new criminal group will fill the gap and release a new exploit kit. "While we don't know of any specific groups picking up where Blackhole left off, it has left a void that is sure to be filled by other exploit kits or copycat authors who want to capitalise on the opportunity to bring new crimeware tools to the marketplace," he said.
Global technical consultant at Damballa and ex-Scotland Yard cybercrime unit detective Adrian Culley mirrored Gomez's sentiment, arguing that it will only be a matter of time before a new kit appears.

"Fighting the source of malware is much like trying to slay the mythical Hydra, for each head you cut off, two more will grow in its place. Given the difficulties in indexing the web, and seeing what exactly lies behind html pages, it is highly unlikely that this is the last we have seen of this malware. The dark web is like dark matter, we know it's there, but it's very hard to say exactly where, and what the dark data consists of," he said.
These comments mirror past criminal behaviour patterns following an exploit kit author's arrest. A similar pattern occurred earlier this year when a man believed to have created the Phoenix exploit kit was arrested.

YouTube breaks silence over Google+ spam fiasco

YouTube is the world's largest video-sharing website
YouTube has responded to user backlash over the implementation of the new, Google+ based video commenting system it introduced three weeks ago, which become overloaded with spam, virus links and lewd drawings.
In a post on its Creators blog, the YouTube comments team insisted the commenting system, which requires users to have a Google+ account in order to post, had solved many problems relating to spam. However, YouTube did admit that it "introduced new opportunities for abuse and shortly after the launch we saw some users taking advantage of them."
The comments team said it had made a number of changes to comments, including "better recognition of bad links", an exploit which allowed users to post shortened links to viruses, spam and "screamer" pages, intended to shock unsuspecting users. It has also made it harder for users to impersonate other YouTube members, and has taken steps to improve the detection of ASCII art (below).
YouTube's latest comments changes have allowed ASCII art
Finally, long comments have also been modified to change how they display. Previously, users were able to post extremely lengthy comments; some had even taken to posting the scripts of entire Shakespeare plays.
"We're moving forward with more improvements to help you manage comments on your videos better," YouTube said, promising new tools for bulk moderation of comments, which it admitted was a "long-standing creator request".
However, the firm has not responded to users calling for the old system to be reinstated. A petition calling for YouTube to remove the Google+ account requirement has reached more than 214,000 signatures. However, as Google looks to consolidate its services into a coherent set of products with Google+ integration, it is unlikely any change will be seen. 
Launched on 6 November, YouTube's new commenting system was designed to spark better and more constructive conversations on the site, which had previously developed a reputation of being full of offensive comments and spam.
However, the new system angered not only the site's everyday viewers, but also caused grave concern for YouTube's biggest stars and creators, many of whom earn a living from advertising revenue generated from their videos. Businesses using the Google-owned YouTube service to promote their company also faced issues such as not being able to properly moderate comments, which has the potential to damage their brand or send viewers to inappropriate pages.
Many YouTube stars disabled comments on their videos until the system was fixed, including Felix "PewDiePie" Kjellberg, who has more subscribers than any other channel on the site.

European Parliament switches off public WiFi after man-in-the-middle attack

European Parliament
The European Parliament (EP) was hit by a man-in-the-middle attack that sought to gather data on communications between smartphones and public WiFi used in the organisation, it has been revealed.
A notice posted online showed an email to staff confirming that some of them had been affected by the incident and that the public WiFi service would be turned off as a precautionary measure for the time being.
“The Parliament has been subject for a man-in-the-middle attack, where a hacker has captured the communication between private smartphones and the public WiFi of the Parliament (EP-EXT Network),” the note read.
“Some individual mailboxes have been compromised. All concerned users have already been contacted and asked to change their password.
“As a precaution, the Parliament has therefore decided to switch off the public WiFi network until further notice, and we invite you to contact the ITEC Service Desk [IT Desk] in order to install an EP software certificate on all the devices that you use to access the EP IT systems (email, etc).”
Staff were also advised to change their passwords and to avoid using unknown public WiFi in other destinations such as train stations or airports.
"On the medium term the Parliament will take additional measures to further secure the communication to the Parliament,” it added.
The EP confirmed to V3 that the public WiFi network was still down at present: "Because of this incident, Parliament has decided to close the public WiFi network until further notice," a spokesperson said.
The incident underlines the growing issues affecting public WiFi services and the security risks they pose. Many high street stores are starting to offer free WiFi services in order to meet customers' needs and try to allow them to access more content about products on their devices.

Government warns against lax cyber security at FTSE 350 firms

Digital security padlock red image
Some of the UK’s top businesses are failing to take adequate cyber security measures according to a new report by the Department for Business, Innovation and Skills (BIS).

The report into the top FTSE 350 firms found that only 14 percent are regularly considering cyber security threats, a figure that science minister David Willetts said needed to be higher as the threats from cyber attackers on big business have the potential to impact the whole nation.

“Without effective cyber security, we place our ability to do business and to protect valuable assets such as our intellectual property at unacceptable risk,” he said.

However, other elements of the findings by BIS painted a more positive picture, with 62 percent of companies saying they think board members take cyber risks “very seriously”, while 60 percent know which key information and data assets must be protected.

The report also noted that the bring-your-own-device (BYOD) trend is currently a big issue for many respondents, but this is also causing security concerns.

“A lack of clear direction of ‘best practice’ leaves many organisations unsure of the right approach to take to minimise the associated risk,” the report noted.

Willetts used the threat of cyber incidents to tout the ongoing work by the government to try and improve cyber security across the industry through information-sharing partnerships.

“A vital pre-requisite for driving forward our collective maturity and confidence in this area is the timely availability of relevant and appropriate cyber security standards with which organisations can develop and demonstrate their cyber security abilities and credentials,” he said.
Such moves by the government to improve security include the Cyber Security Information Sharing Partnership (CISP), which was unveiled in March. Some have criticised this approach for failing to provide helps for SMEs as well as big businesses.

Firms urged to ditch Windows XP after zero-day attack discovered in the wild

Microsoft Windows XP screen
A zero-day vulnerability in Microsoft's Windows XP and Server 2003 has been discovered and is being actively targeted by hackers, leading to fresh calls for businesses to move to newer Windows versions sooner rather than later.
FireEye researchers Xiaobo Chen and Dan Caselden reported uncovering the vulnerability in a blog post, confirming that it only affects Windows XP systems.
"FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP," read the post.
The researchers confirmed evidence that the vulnerability is being actively targeted by hackers. "This local privilege escalation vulnerability is used in the wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability," read the post.
"The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it."
Microsoft Trustworthy Computing (TwC) group manager for incident response communications Dustin Childs confirmed the company is aware of the issue and is working on a fix. In the interim he recommended that XP users employ a temporary workaround fix. "While we are actively working to develop a security update to address this issue, we encourage customers running Windows XP and Server 2003 to deploy the following workarounds," he said.
"Delete NDProxy.sys and reroute to Null.sys. For environments with non-default, limited user privileges, Microsoft has verified that the following workaround effectively blocks the attacks that have been observed in the wild."
The zero-day vulnerability's discovery has led to fresh calls within the security community for XP users to update their systems to run newer Windows versions. The SANS Internet Storm Center (ISC) issued a public advisory, warning XP users the new vulnerability is only the tip of the iceberg.
"The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero-day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014," read the ISC post.
"If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The 'never do what you can put off until tomorrow' project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities."
Microsoft is set to officially cut support for its decade-old Windows XP operating system in April 2014. Despite the looming cut-off, widespread reports suggest many companies have still not begun migrating their systems to run newer versions of Windows although some firms are now on this path.

EC tells US to regain trust on data protection after PRISM scandal

light-split-into-spectrum-by-prism
The European Commission (EC) has called upon the US to undertake several steps in order to restore trust following the revelations of wholesale data snooping sparked by PRISM whistleblower Edward Snowden.
The EC says the rules of "safe harbour" – the regulations which place US companies handling EU citizen data under the same data protection rules as European firms – are not working as intended, and therefore need to be made more stringent. It discussed scrapping safe harbour altogether if US businesses failed to comply, although this would be a last resort.
Safe harbour is a form of regulation that invariably affects cloud computing providers as data is often hosted outside the country in which the customer is based. The EC has found that there are too many weaknesses in the rules, coming to the conclusion that US businesses not conforming to safe harbour are gaining an unfair advantage above the EU businesses that are.
Elsewhere, the EC called upon EU-US co-operation on data transfers for law enforcement operations, requesting a speedy conclusion to ongoing talks on an "umbrella agreement".
It also asked the US to take into account EU citizens when it reforms its own national security practices. This follows the National Security Agency's (NSA) widespread tapping of European internet traffic, which seemingly disregarded any borders and laws.
EU justice commissioner Viviane Reding said the EC had a responsibility to continue to pressure the US into taking action. "Citizens on both sides of the Atlantic need to be reassured that their data is protected and companies need to know existing agreements are respected and enforced," she said. "Today, the European Commission is setting out actions that would help to restore trust and strengthen data protection in transatlantic relations.
"There is now a window of opportunity to rebuild trust, which we expect our American partners to use, notably by working with determination towards a swift conclusion of the negotiations on an EU-US. data protection umbrella agreement."
EU trust in the US has been severely shaken in the months following the PRISM scandal, with Germany accusing US spies of tapping vice chancellor Angela Merkel's phone. EC staff and buildings were also under the watchful eye of US spies, according to the leak

UK banks hit by cyber attacks, Bank of England reveals

online-banking
Several UK banks have been hit by cyber attacks that have led to financial losses over the past six months. The Bank of England revealed the startling insight in its latest Financial Stability Report.
The document – which outlines the various issues facing the financial sector in the UK – cites cyber security as a growing area of concern and revealed that several institutions have been affected.
“Cyber attack has continued to threaten to disrupt the financial system. In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services,” it said.
“While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions.”
The report went on to warn that the financial market is particularly open to a widespread incident, given its interrelated nature.
“The financial system has a number of potential vulnerabilities to cyber attack, reflecting its high degree of interconnectedness, its reliance on centralised 
market infrastructure, and its sometimes complex legacy IT systems,” it said.
In order to try and combat this threat the Treasury, government agencies and financial authorities are working together to draw up an action plan to “assess, test, and improve cyber resilience across core parts of the financial sector."
This work includes the recent operation, dubbed Waking Shark II, which was designed to test how the market would react to a major cyber incident. A report into the outcome of the drill will be published in early 2014, the Bank of England said in its report.
V3 contacted the Bank of England for more information on the attacks but was told no more information would be made public.
The revelations underline the extent of the cyber threat to the UK as crooks and state actors continue to use digital attacks to steal data and financial information and try to disrupt business.
Chris McIntosh, the chief executive of security firm ViaSat UK, said it was not surprising that cyber incidents were on the up, and banks need to react to the trend immediately.
“The financial sector is a lucrative target for state-sponsored and organised crime, and this goes well above and beyond individual branches,” he said.
“Rather than waiting for the next data breach to occur, the UK’s banks need to realise that they have likely already been compromised and need to work back on this basis.”
The revelations come during the same week that the government issued a report saying some of the UK’s top businesses need to improve their cyber security policies as the threat from cyber attacks rises all the time.

Migrating from Kaspersky Anti-Virus to Kaspersky Internet Security

You have always had Kaspersky Anti-Virus installed on your computer and have been satisfied with the basic protection you’ve received against common threats. You have started to use Internet banking and are shopping online extensively, or maybe your children are older and now spend a great deal of time on the Internet, clicking random links without regard. Basic security is not enough anymore, is it? The solution is to migrate to Kaspersky Internet Security. It can provide strong security against all sorts of Internet threats, protecting your children and your money.
27
You can update to Kaspersky Internet Security 2014 without removing Kaspersky Anti-Virus 2014:
  1. Open Kaspersky Anti-Virus 2014 and click the Up Arrow button in the right part of the window.
  2. Click the Upgrade button.
1
  1. In the Upgrade window, you can:
    • Click the Purchase activation code link: the e-store page will open and you will be prompted to purchase the commercial activation code for Kaspersky Internet Security 2013.
    • Click the Enter activation code link: if you already have the commercial activation code for Kaspersky Internet Security 2014. In the activation window, enter the 20-character code that appears like this: ХХХХХ-ХХХХХ-ХХХХХ-ХХХХХ, and click Activate.
    • Note that the activation code from Kaspersky Anti-Virus 2014 will not work!
    • Click the Trial version button: you will be able to use Kaspersky Internet Security 2014 for 30 days.
  1. During the activation of both commercial and trial versions, wait until the activation code is verified. Read the message in the migration wizard’s window and click Continue.
2
  1. Wait until all of the required parameters have been verified. To restart the application, click Finish. If you see Kaspersky Internet Security 2014, your migration has been successful.
Note: When you migrate, the remaining Kaspersky Anti-Virus 2014 license validity period is not added to the Kaspersky Internet Security 2014 license validity period. The remaining Kaspersky Anti-Virus 2014 license validity time can be used for protection of another computer.

Smart shopping tips for Black Friday and Cyber Monday

For many Americans, November invokes images of turkey, pie and time spent with family, but for a great deal of others this time of year also brings up something very different, shopping deals. It seems like with each passing year the deals get bigger and the crowds line up earlier than imaginable to cash in on large price drops and once in a lifetime specials. But if you’re gearing up for Black Friday this year, or it’s newer sister holiday, Cyber Monday, you need to be sure you’re keeping security in mind.
shopping
Some of the hottest commodities for shoppers on Black Friday are electronics. The prices on phones, tablets and computers are incomparably affordable and could allow you to check off these big-ticket items from your holiday shopping lists. You might now be asking now, where does security come into play with my shopping?
If you’re going to gift a gadget you’re buying on Black Friday, it’s a good idea to be sure you’re gifting a secure one. Just like you wouldn’t purchase a car for someone without its brakes, you shouldn’t give a digital device without its own form of protection. There are a few steps you can take to make sure you’re keeping your loved ones safe:
  1. Research The Product: Before you purchase anything, make sure you’ve done your research and are sure you’re getting a quality product. Only shop with trusted brands in stores that can guarantee the quality of their goods and offer a warranty in case you end up with a faulty or infected device. Furthermore, if you decide to go with a gift card this year instead of an actual device, be sure to check the back of the card to make sure it has not been scratched, exposing the gift card ID number. Attackers have been known to steal this information before the card has been given as a gift, and use the money on the card before the recipient has had a chance to.
  2. Use a Credit Card: When you are ready to make your purchase, be sure to use a credit card instead of a debit card. If you end up purchasing a fraudulent gift, you have a better chance of getting your money refunded if you’ve used a credit card.
  3. Raise Security Awareness: Giving your recipient some basic knowledge about the importance of securing his/her device is extremely important a well. Raising a general-awareness of the different types of attacks and malware that are out there is a great place to start. The more you know, the better protected you are, so make sure you’re sharing the knowledge wealth.
    The more you know, the better protected you are, so make sure you’re sharing the knowledge wealth.
  4. Gift An AV: If you want your loved ones to have the ultimate form of security, you should of course also give them a trusted antivirus with their new gadget as the ultimate form of backup.
Maybe you’re thinking it’s better to avoid the lines this year though, and instead are choosing to join the millions who are shopping Cyber Monday deals online. As you already know, Internet browsing brings its own risks, so keep these tips in mind when taking to the web:
  1. Update Your OS:  Any time a software update is offered to you on any of your devices, you should download it. Updates are released to fix any vulnerabilities that exist, so opting out of them could leave you in harms way.
  2. Ignore Links: As you already know, you should never click on any pop up ads or “context”  links that appear on the websites you’re visiting. These could be malicious and if clicked on, could infect your device. This time of the year, spammy emails and website ads offer amazing deals, however, you have to use your common sense to distinguish between good deals and impossibly sweet offers, with the latter probably being scams.
  3. Double Check Sites: While we’re on the subject of malicious links, you should also be sure to stay on the lookout for fake websites. Even though fraudulent sites are often great imposters of their real deal counterparts, you can often spot warning signs on them upon closer inspection, like spelling errors.
  4. Use A Secure Connection: You shouldn’t ever use public, non-password protected WiFi when going online. You should instead be shopping on your own, secure network to guarantee no attackers steal your personal data. You should also never use public computers when accessing sites that require you to enter personal information.
  5. Use Strong Passwords: Another great way to avoid having your personal information stolen is to use strong passwords when logging into sites. If you’re unsure about what makes a strong password, you can take a look at some examples of the worst choices out there.
  6. Protect Your Financial Data: When it comes time to make your purchase, be sure your financial data is secure. If you’re already using Kaspersky Internet Security, you can use features like Secure Keyboard and Safe Money to keep your transactions guarded against any attacks. To avoid exposing your credit card data to untrusted online shops, you might consider using intermediary services like PayPal to protect yourself as well.
Starting with these basic security precautions when setting out on your shopping ventures should keep you and your loved ones safe, leaving you free to peacefully enjoy the holidays!

New crimekit Atrax exploits Tor, mines Bitcoin and much more

Atrax, yet another commercial crimekit on the black market, a malware able to exploit Tor and that implements numerous features including Bitcoin mining.

Atrax is the name of the last crimekit that is sold in the underground market, its particularity is the capability to exploit Tor networks to communicate with Command & Control infrastructure. Jonas Mønsted of the Danish security firm CSIS, published  a blog post that describes in depth the crimekit. The malware isn’t the first agent that adopted as communication channel the Tor network, we found in the past other botnets exploiting the same trick to high malicious traffic, recently Mevade was responsible for the spike in the Tor traffic, while going further back in time we can mention Skynet The Atrax crime kit is cheap, it is available for runs about $250, and appears very attractive due a series of features like Bitcoin mining, Litecoin mining, browser data extraction and a component to launch DDoS attacks. The DDoS module offer complete support for both Full IPv6 and IPv4 and implements principal attack techniques including UDP Flood,TCP Flood,TCP Connect Flood, HTTP Slowloris and many other methods. The recent explosion in Bitcoin value is attracting cybercrime, for this reason authors of Atrax included in the crimekit dedicated features including the capability to steal information from users’ Bitcoin wallets (such as Armory, Bitcoin-Qt, Electrum and Multibit).
atrax
As many other crimekit, Atrax was designed with a modular structure, a series of add-ons implements the above functionalities and follow an efficient model of sale, a plugin stealer is sold for $110, the form grabber for $300 and an experimental add-on for coin mining at $140, surprising the fact that Atrax comes with free updates, bug fixes and support. Below a list of standard features present in the Atrax crimekit:
  • Kill
  • Update
  • Download (over Tor), Execute (Commandline-Parameter allowed)
  • Download (over Tor), Execute (Commandline-Parameter allowed) in memory
  • Install Plugin
  • Installation List (A list with all installed applications
“Apparently the author admits that the main component, which has a fairly big size of ~1,2 MB is due to TOR integration and x64/x86 code. However a first stage free assembler web downloader ~2KB is also available making the infection process slighly lightweight.” has written Mønsted.
The plug-in stealer according the author is very efficient and implements a wealth of functionality:
  • Steals all current browser versions.
  • Steals: CHROME, FIREFOX, SAFARI, INTERNET EXPLORER, OPERA, FILEZILLA, PIDGIN, JDOWNLOADER v1 + v2, GIGATRIBE, THUNDERBIRD, WINDOWSKEY, FLASHFXP, ICQ, MSN, WINDOWS LIVE, OUTLOOK, PALTALK, STEAM Username Only, TRILLIAN, MINECRAFT, DYNDNS, SMARTFTP, WSFTP, Bitcoin Wallet (Armory, Bitcoin-Qt, Electrum, Multibit)
  • If you need something more -> ask me.
  • Special: JDownloader v1/v2, Bitcoin Wallet Stealer (whole wallet.dat will be uploaded), IE10 + IE11 support!
  • Bitcoin / Litecoin Miner
It it so able to operate with principal browsers available on the market. No doubt, Atrax crimekit has all the characteristics to succeed in the underground criminal.

Ruby on Rails CookieStore flaw exposes thousand of websites

A security issue inside cookie-based storage mechanism of Ruby on Rails could expose thousand websites to cyber attacks.

Ruby on Rails,  “hit an open source web application framework to compromise a wide audience”, this is the thought of attackers that desire who want to hack the highest number of web sites.
A security issue inside cookie-based storage mechanism of Ruby on Rails could expose at least 2000 websites, this is the number of sites based on an old version of the framework that relies on the framework’s default cookie storage mechanism known as CookieStore.
Ruby on Rails CookieStore mechanisms saves user’s session hash in the cookie on the client side, a hacker via cross site scripting or session sidejacking could steal user’s log-in information and use them to successive log in impersonating the victims.
Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , ha analyzed nearly 90,000 sites running specialized scripts and ha has discovered 1,897 sites based on old versions of Ruby on Rails (version 2.0 to version 4.0) that stores users’ cookie data in plain text. Another concerning issues related to the site analyzed is the lack, or wrong use, for SSL that allows communication eavesdropping.
Surprising the fact that within the vulnerable websites McNamara found also large companies such as crowdsourcing site Kickstarter.com, a site that belongs to the motion picture studio Warner Brothers (WarnerBros.com) and restaurant review site Urbanspoon.com, in particular Kickstarter is an example of improper use of SSL.  Kickstarter is one of the websites that intentionally doesn’t use SSL during the the entire time a user is logged in.

Ruby on Rails implemented cookies encryption by default from version 4.0, but the cookie management still exposes users at risk of attacks, for example of victim’s personation.
“Version 4.0 and beyond still have this problem,” “The attacker could save the encrypted cookie and send it to the server to log in as the victim without having to read the contents of the cookie.”
“The encryption does not protect against reusing the cookie after logout,” wrote McNamara.
This means that despite cookies are encrypted hacker could steal them to log-in to target vulnerable website that permit an attacker to reuse old session credentials or session IDs for the authorization process. The flaw is known as “Insufficient Session Expiration” and it is a serious issue for website management.
“Many of the websites and tools we use store the session hash on the client side, including the applications Redmine, Zendesk, and Spiceworks.”
How to discover is a website is using an older version of Ruby on Rails using CookieStore cookie-based storage mechanism?
According McNamara it is quite simple, an attacker simply has to search for the string “Bah7” at the beginning of the value of the cookies, A SHODAN search for this code will reveal tens of thousands of these vulnerable websites: www.shodanhq.com/search?q=BAh7*.
SHODAN vulnerable Ruby on Rails websites
NcNamara has proposed in the post a list of vulnerable websites based on Ruby  on Rails, he also already requested to Rails developers to switch to a different cookie storage mechanism to fix the vulnerability, storing for example session information on the server side.

Racism backfires as internal mail gets send to the declined "N*gger" candidate

It just went from crazy to out of control as a Dutch IT company declined a job candidate as he would be a "colored person" -- in The Netherlands the discussion about "Sinterklaas" still lives on, it seems that the media in The Netherlands are going to pick up on racism reports.
The mail containing the racist context had been "accidently" send to the job candidate as the mail was only meant to stay inside the company network. This behavior makes me think that it is "normal" for that company to communicate in such matters. This only shows again how negative some people can be.

NATO Launches Largest-ever Cybersecurity Exercises

TALLINN - NATO on Tuesday launched its largest-ever cyber exercises to practice warding off massive, simultaneous attacks on member states and their partners.
Based at the alliance's cyber defence centre in EU member Estonia, the exercises will last three days and include participants in over 30 European states.
"Cyber attacks are a daily reality and they are growing in sophistication and complexity," Jamie Shea, a NATO official specialising in emerging security challenges, said in a statement.
"NATO has to keep pace with this evolving threat."
Around 400 legal and IT experts as well as government officials will take part in the operation code-named "Cyber Coalition 2013".