LaCie admits to year-long credit card breach

April 15, 2014 – 6:14 PM

LaCie is the latest major retailer and tech company finding itself to be the target of a major security breach by unknown assailants.

The French hardware company confirmed in a statement on Tuesday that malware successfully made its way through to access sensitive customer information stemming from transactions on its website.

Here’s where things get really bad: Virtually everyone who shopped on LaCie’s website in the last year is at risk.

LaCie, which is set to merge with American hard drive maker Seagate, said it was informed about the breach on March 19, 2014 by the FBI.

But the hardware company speculated that all transactions between March 27, 2013 and March 10, 2014 were possibly affected.

Brian Krebs, the former Washington Post reporter who first broke the Target security breach story last winter, reiterated on his security blog on Tuesday that he previously published evidence about the LaCie attack last month.

Krebs said that had the digital storefront had “been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusion software.”


The Heartbleed Bug

April 7, 2014 – 8:23 PM

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.


(Patch OpenSSL now!)

Zeus malware found with valid digital certificate

April 4, 2014 – 5:46 AM

A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.

Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component.

“Malware with a valid digital signature is an extremely dangerous situation,” the company said in a blog post.

Zeus is typically distributed through a compromised Web page or through a phishing attack in which cybercriminals send email that appear to come from a major bank.

A sample of the latest Zeus variant tried to trick the recipient into executing it by posing as an Internet Explorer document that included an icon similar to the Windows browser.

Because the file is digitally signed with a valid certificate, it appears trustworthy at first glance, Comodo said. The certificate is issued to “isonet ag.”


More than 24M home routers enabling DNS amplification DDoS attacks

April 3, 2014 – 4:58 PM

Tens of millions of the home routers we rely on everyday for internet access are enabling Domain Name System (DNS) based distributed denial-of-service (DDoS) attacks, and owners may never even know it, according to research by DNS software provider Nominum.

Working collaboratively with the Open Resolver Project, Nominum learned that open DNS proxies in more than 24 million home routers are allowing for DNS-based DDoS attacks, according to a Wednesday post, which adds that 5.3 million of the routers were used to generate attack traffic in February.

The DDoS attack in question is known as a DNS amplification attack, which essentially involves an attacker spoofing an IP address, sending small DNS queries to the internet service provider (ISP) that return large answers, and then sending those amplified answers to the target.

“It’s a really low bar in terms of sophistication and the capabilities that attackers need,” Bruce Van Nice, Nominum director of product marketing who headed up the research, told on Wednesday. “They just need to send DNS queries. They need to sit somewhere on the internet where they can spoof an IP address. It’s pretty easy to do.”

The issue with this particularly sneaky and effective attack is that most home routers are not provided by the ISPs, meaning the internet provider cannot access the device for preventive upgrades, Van Nice said, adding that the set it and forget it mentality of the consumer, and the lack of owner awareness of even an ongoing attack, compounds the problem.


Hack of exposes password data, messages for 158,000 users

April 1, 2014 – 6:38 PM

Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of, the Web-based television service that was acquired by Samsung last year, researchers said.

The breach occurred no later than last week, when a full copy of the purloined forum data became widely available, Scott A. McIntyre, a security researcher in Australia, told Ars. On Tuesday, officials from password management service LastPass began warning customers with e-mail addresses included in an 800 megabyte file that’s still circulating online. The file contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically scrambled passwords that corresponded to those Boxee accounts, LastPass said. The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak.

As Ars has explained before, even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account. The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, a practice that’s extremely common.

“Please update the password for your account immediately,” an e-mail LastPass sent to customers said. “The LastPass Security Challenge, located in the Tools menu of the LastPass addon, will help find any other accounts using the same password as the leaked account.”