Wednesday, 23 April 2014

Google to refund buyers of 'fake' anti-virus app

Google has decided that a smallish (for The Chocolate Factory) wad of cash is a trivial price to pay for maintaining its reputation, and has begun refunding punters who fell for the fake “virus shield” scam.
Uncovered by Android Police earlier this month, the fake virus scanner was nothing more than an icon that changed shape when a user tapped it.
The app hit the number-one spot on Google Play before decompilation revealed its true nature and it was pulled – but that still meant that at least 10,000 users had paid $US3.99 for the app.
Now, Android Police has learned that Google is issuing refunds to purchasers, and giving them a $US5 Google Play Store credit.
According to Appbrain, downloads hit 30,000. At that scale, Google would only have to fork out $US120,000 in refunds.
The developer of the app, Jesse Carter, defended himself to The Guardian by saying the app upload was a mistake. At the time, he'd promised to refund buyers, but El Reg notes that Google seems to have decided not to wait for Carter to issue refunds

Ben-Gurion University Gets $8.5 Million for Cyber Research Center

Ben-Gurion University of the Negev (BGU) announced that it has signed a $8.5 million agreement with the Israel National Cyber Bureau to develop CyberSpark, which includes a National Cyber Research Center adjacent to BGU’s campus.
CyberSpark was conceived as an innovative research and development ecosystem of major multinational corporations, business incubators, BGU researchers, Israel Defense Force units, and government agencies all operating out of the new Advanced Technologies Park in Beer-Sheva, Israel.
"Under the three-year agreement, CyberSpark will advance long-term theoretical research and will become a foundational pillar of technological development in Israel in the field of cyber security," says Prof. Dan Blumberg, deputy vice president of research and development and head of BGU’s Homeland Security Institute.
Earlier this year, Lockheed Martin and IBM both announced they would invest in CyberSpark R&D facilities, joining other cybersecurity leaders Deutsche Telekom, EMC, RSA and many startups at CyberSpark located in the new Advanced Technology Park at BGU.
BGU has been involved in cyber security research for more than a decade through the partnership with Deutsche Telekom Innovation Laboratories, a subsidiary of the German telecommunications company, located on the BGU campus.
BGU Prof. Yuval Elovici, director of DT Laboratories and a lecturer in the Department of Information Systems Engineering, will also oversee CyberSpark and its collaboration with the University’s Homeland Security Institute.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

The holidays are a good time to dig up backdoors – at least for Eloi Vanderbeken.
At the end of December 2013, the France-based researcher discovered that networking equipment manufacturer Sercomm is the link tying together wireless routers that contain backdoors, some of which are vulnerable to remote attacks.
Around Easter time, he learned that the backdoors, said to be patched, were actually only covered up – and likely deliberately, too.
In another illustrated slideshow, posted on Friday, Vanderbeken chronicles his discoveries and explains how he arrived at the conclusion that the backdoors can be reactivated again, so long as users are on the local area network (LAN), or if they are an internet provider.
Vanderbeken's slideshow is highly technical, so in a Tuesday email correspondence, Craig Young, a researcher with Tripwire that has a detailed knowledge of routers and router security, helped SCMagazine.com more easily understand these new discoveries.
“[Vanderbeken] reviewed firmware updates from some affected devices and found that the vendor had addressed the issue by invoking the vulnerable ‘scfgmgr' program with a different flag,” Young said. “Analysis of this binary revealed that the new flag instructs the system to only listen for internal connections – Unix domain sockets – while another flag still exists for loading the backdoor.”
Additionally, Vanderbeken found that the router is programmed to listen for a “magic” frame, which, when received, triggers the backdoor to open again, Young said.
In his initial research, Vanderbeken tinkered around with his Linksys WAG200G wireless router and, in the end, learned that he could execute commands against the device, including resetting the router's password and accessing its administration panel.
Vanderbeken later learned that other routers are vulnerable – including several from Cisco, Linksys, Netgear, Diamond and LevelOne – and was able to draw the conclusion that all those devices were connected to Sercomm.
So why was the backdoor left in there deliberately?
The vendor may have intentionally done it as a mechanism for accessing and testing devices in the factory, Young said, explaining that a factory producing routers for several different companies would be able to configure the devices without having to take into account any differences.
Stephen Bono, founder of Independent Security Evaluators, a security company that has previously published studies on routers, told SCMagazine.com in a Tuesday email correspondence that the backdoor is certainly not a coding error, and that this only underscores other bad security designs in routers.
“The steps [Vanderbeken] points out that are possible to reactivate the backdoor are not unlike other very bad security designs for other routers we've looked at,” Bono said. “For instance, requiring knowledge of a router's MAC address is a prerequisite for several attacks against routers, which have been pointed out before. Yet this prerequisite is trivial to achieve. A router's MAC address is not a secret value and is even broadcast by the device.”

Defensive Cyberspace Operations and Intelligence

On April 8-9, 2014, the Cyber Security Forum Initiative (CSFI) co-sponsored the most recent Defensive Cyberspace Operations & Intelligence (DCOI) conference with Tel Aviv University’s Institute for National Security Studies (INSS), at INSS’s conference center.
The objective of the DCOI, which is now an annual, high-level US-Israel cyber conference, is to contribute to an informed public discussion on cybersecurity and to promote international collaboration in the technological, legal, and policy-making domains – and the conference achieved those objectives.
picThe main “take-aways” from the conference were (1) that Israel has so much to offer the U.S. cyber community, including both the USG and the private sector; and (2) that there are numerous Israeli cyber start-ups that have innovative technical solutions that are ripe for the USG and civilian markets and offer attractive opportunities for potential U.S. teammates and investors.
pic
Paul de Souza, Founder/President of CSFI and Col. (ret.) Robert Morris, CSFI Advisory Director
Four CSFI directors (Hayes, Morris, Jamison, and de Souza) all turned out to participate in and support the DCOI event in Tel Aviv with tremendous success.
CSFI not only sponsored and helped organize the conference (over 400 attendees), but participated as speakers, moderators, and panelists on a variety of subjects, all combining to create a superb event.
The Conference, which was hosted by the Institute for National Security Studies at the University of Tel Aviv, included participants from Europe, Asia, North and South America, and the Middle East, with total of 16 countries being represented at the event.
As an added bonus, attendees available on Monday participated in INSS sponsored tours and briefings from the Israeli Defense Force Cyber Operations Staff and Be’er Sheba Cyber Center of Excellence and Innovation. Special thanks to Jerusalem Venture Partners (JVP), one of Israel’s leading venture capital funds in supporting DCOI along with many other sponsors.
pic
Adm. (ret) Norman Hayes, VP at SBG Technology Solutions, CSFI Advisory Director
Our  DCOI attendees had the opportunity to tour new cyber centers being developed in Israeli universities. It appears Israeli cyber faculty will expand as new academic cyber research projects are being prepped in Tel Aviv University (TAU) and Ben Gurion University (BGU).
The TAU cyber initiative, with a budget of 10 million shekels ($2.9M), will be headed by Professor Yitzhak Ben Yisrael and will focus on cyber defense by combining exact sciences research, such as computer science and computer engineering, with research in the cyber field through social studies.
BGU will develop the national center for defending cyber space with the cooperation of the National Cyber Bureau. The center will advance a long term theoretical research in the cyber domain with the investment of 30 million shekels ($8.7M), which will be run by Professor Yuval Elovich.
Conference speakers provided thoughts and insights on how cyber professionals could develop and implement strategies, improve communications, work human capital, and improve cyber education systems to mutually support cyber security worldwide.
pic
Major General Uzi Moscovici, Head of the IDF J6/C4i Directorate, IDF
The CSFI/INSS team built a video to initiate discussion for the Strategic Operations Simulation Panel with Norm Hayes, Bob Morris, and Marc Jamison as presenters.
The Cyber Simulations Panel emphasized and demonstrated that cyber security and cyber warfare is a whole of nations approach requiring governments, academia, and industry to work toward common objectives. Cyber is but one lever nations can use to support strategy and policy.
The Israeli speakers included the following:
  • Dr. Yuval Steinitz, Israel’s Minister of Intelligence
  • MG (ret.) Amos Yadlin, former Chief of Military Intelligence and now Director of INSS
  • Dr. Eviatar Matania, Head of Israel’s National Cyber Bureau
  • Dr. Avi Hasson, Chief Scientist of the Israeli Ministry of Economy
  • Dr. Erel Marglit, Chair of the Knesset Task Force for Cybersecurity and founder of Jerusalem Venture Partners (JVP)
  • Dr. Gabi Siboni, Director of the Cyber Warfare Program at INSS
Other Israeli speakers included thought leaders from prominent cybersecurity providers, such as the following:
  • BG (res.) Yair Cohen, former Head of Unit 8200 and now Head of Intelligence & Cyber Solutions at Elbit Systems, Ltd.
  • Michal Blumenstyk-Braverman, GM of Azure Cybersecurity, a MicroSoft entity
  • Ron Davidson, CISO for CheckPoint
CSFI’s delegation was led by Paul de Souza, Founder/President of CSFI, and included the following members and international speakers:
  • Adm. (ret) Norman Hayes, VP at SBG Technology Solutions, CSFI Advisory Director
  • Col. (ret.) Marc Jamison, President & CEO of Cyber Checkmate Consultants, CSFI Advisory Director
  • Col. (ret.) Robert Morris, CSFI Advisory Director
  • David Miles, Sr. Director of R&D Cyber at Accuvant Labs, and Ira Hoffman, a Member of the CyberMaryland Advisory Board and Principal at Offit Kurman, P.A.
  • Paul Steinberg, Sr. VP, Motorola Solutions
  • Tony Cole, VP & Global Gov’t CTO for FireEye
Other international speakers included the following:
  • BG Carlos G.L. de Medina, Chief of ESP Joint Cyber Command, Spain
  • Monica Lacerda, Risk Manager for the 2014 World Cup Organizing Committee
  • Andrei Avadnei, President, Cyber Security Research Center (CCSIR), Romania
  • Prof. Salih Bi├žacki, Kadir Has University, Istanbul
  • Albert Gabas of Astabis IRM of Spain
pic
DCOI Panel Session
DCOI represents a unique community of Cyberspace Operations and Intelligence professionals with the goal of raising awareness and knowledge of such specialized domains.
As nations become more entangled based on common objectives, the global economy and shared vision of the future, key partners must be developed and cultivated.
Hats off to Gabi Saboni and Paul de Souza and their teams for putting on a benchmark event.
Images courtesy of Chen Galili
pic
About CSFI:  CSFI, founded in 2009, is a nonprofit organization. Its mission is to provide cyberdefense awareness, guidance and security solutions through collaboration, education, volunteer work and advanced training.
CSFI supports the U.S. government and military as well as private commercial interests and their international partners. CSFI is comprised of a large community with more than 30,000 cybersecurity and cyberwarfare professionals from all divisions of the government, military, private sector and academia. Tripwire is proud to be a Gold Sponsor of CSFI.

AOL confirms Mail service has been hacked

Photo Credit: AOL Mail
AOL Mail has been hacked once again. On Tuesday morning, AOL released a statement confirming that their service has been compromised. Users are reporting that accounts are being used to send spam to others.
“AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints,” AOL said in a statement. “We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.
“If you do find email in your Sent folder that you did not send, your account has been compromised (hacked). “If you do not find any strange email in your Sent folder, your account has most likely been spoofed.”
There is no word on how many accounts have been affected by the hacking.
If you receive an email from an unrecognizable sender, do not open up any links that could contain malware, viruses or phishing attacks.
In order to protect your account, AOL recommends that you change your password.

Coulson denies hearing hacked Daniel Craig message

Former News of the World editor Andy Coulson on Tuesday denied a claim that he listened to a hacked voicemail left by actress Sienna Miller for James Bond star Daniel Craig.
Coulson and six others are on trial on charges stemming from the revelation in 2011 that the News of the World regularly eavesdropped on the voicemails of people in the public eye. The scandal led Rupert Murdoch to shut the newspaper and pay millions in compensation to hacking victims.
Ex-reporter Daniel Evans, who has pleaded guilty to phone hacking, testified earlier this year that he played Coulson the message from Miller in 2005.
Prosecutors have suggested illegal hacking was the source of a story about an affair between Miller — then dating actor Jude Law — and Craig. Defense lawyers say the information may instead have come from a relative of Law.
Coulson said the meeting Evans described had not taken place. He added that he was "absolutely not" aware of phone hacking by private investigator Glenn Mulcaire, who was employed by the newspaper.
All seven defendants deny wrongdoing. Coulson, who served as Prime Minister David Cameron's communications chief after leaving the News of the World in 2007, denies conspiring to hack phones and conspiring to pay a police officer for a royal phone directory.
Coulson said Tuesday that he "rubber-stamped" a request for a 1,000 pound cash payment for the directory, but did not believe they money was for an illegal purpose.
Jurors were shown a 2003 email to Coulson from royal editor Clive Goodman, warning that getting caught making the payment meant the police officer "could end up on criminal charges, as could we."
Coulson said that at the time "I didn't believe Clive was paying policemen. I still don't believe it."
Goodman was briefly jailed in 2007, along with Mulcaire, for eavesdropping on the voicemails of royal aides.

Read more here: http://www.sacbee.com/2014/04/22/6343690/coulson-denies-hearing-hacked.html#storylink=cpy