“The National Security Agency paid millions of dollars to cover the costs of major internet companies involved in the Prism surveillance program after a court ruled that some of the agency’s activities were unconstitutional, according to top-secret material passed to the Guardian.”
“If your Facebook profile isn’t public, others aren’t supposed to be able to post content on your wall. Khalil Shreateh, a self-professed IT expert from Palestine, claims to have discovered a vulnerability that lets anyone post a link to other Facebook walls.”
“”The days where it was possible for two people to have a truly private conversation over email, if they ever existed, are long over,” writes the technical operations manager at Silent Circle, formerly the provider of a secure email service.”
Facebook Inc said on Friday hackers had infiltrated some of its employees’ laptops in recent weeks, making the world’s No.1 social network the latest victim of a wave of cyber attacks, many of which have been traced to China.
It said none of its users’ data was compromised in the attack, which occurred after a handful of employees visited a website last month that infected their machines with so-called malware, according to a post on Facebook’s official blog released just before the three-day U.S. President’s Day weekend.
“As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” Facebook said.
It was not immediately clear why Facebook waited until now to announce the incident. Facebook declined to comment on the reason or the origin of the attack.
A security expert at another company with knowledge of the matter said he was told the Facebook attack appeared to have originated in China.
The attack on Facebook, which says it has more than 1 billion members, underscores the growing threat of cyber attacks aimed at a broad variety of targets.
Twitter, the micro blogging social network, said earlier this month it had been hacked and that about 250,000 user accounts were potentially compromised, with attackers gaining access to information, including user names and email addresses.
Newspaper websites, including those of The New York Times, The Washington Post and The Wall Street Journal, have also been infiltrated. Those attacks were attributed by the news organizations to Chinese hackers targeting coverage of China.
Earlier this week, U.S. President Barack Obama issued an executive order seeking better protection of the country’s critical infrastructure from cyber attacks.
“INFILTRATED”
Facebook noted in its blog post that it was not alone in the attack, and that “others were attacked and infiltrated recently as well,” although it did not specify who.
The Federal Bureau of Investigation declined to comment, while the U.S. Department of Homeland Security did not immediately return a call seeking comment.
In its blog post, Facebook described the attack as a “zero-day” attack, considered to be among the most sophisticated and dangerous types of computer hacks. Zero-day attacks, which are rarely discovered or disclosed by their targets, are costly to launch and often suggest government involvement.
While Facebook said no user data was compromised, the incident could raise consumer concerns about privacy and the vulnerability of personal information stored within the social network.
Facebook has made several privacy missteps in the past because of the way it handled user data. It settled a privacy investigation with federal regulators in 2011.
According to one person familiar with the situation, the type of information on the employee laptops that were compromised included “snippets” of Facebook source code and employee emails.
Facebook said it spotted a suspicious file and traced it back to an employee’s laptop. After conducting a forensic examination of the laptop, Facebook said it identified a malicious file, then searched company-wide and identified “several other compromised employee laptops”.
Another person briefed on the matter said the first Facebook employee had been infected via a website where coding strategies were discussed.
The company also said it identified a previously unseen attempt to bypass its built-in cyber defenses and that new protections were added on February 1.
Because the attack used a third-party website, it might have been an early-stage attempt to penetrate as many companies as possible.
If they followed established patterns, the attackers would learn about the people and computer networks at all the infected companies. They could then use that data in more targeted attacks to steal source code and other intellectual property.
Another fear for such a popular website is that hackers could use central controls to infect wide swathes of its user base at once.
In January 2010, Google reported it had been penetrated via a “zero-day” flaw in an older version of the Internet Explorer Web browser. The attackers were seeking source code and were also interested in Chinese dissidents. Google reduced its operations in China as a result.
Instagram Asking For Your Government Issued Photo IDs Now, Too — Over the past week, a number of users of the popular photo sharing app Instagram and parent company Facebook have been locked out of their accounts and prompted by both services to upload images of their government issued photo IDs …
Platform(s): Solaris SPARC, Solaris x86, Red Hat Linux, SUSE Linux, Oracle Enterprise Linux, Windows 8, Windows 7, Vista, Windows 2008 Server, Macintosh OS X
Browser(s): Internet Explorer, Firefox, Chrome, Safari
Java version(s): 7.0, 7u10+
Starting with Java Version 7 Update 10, a new security feature has been added to Java. Some web pages may include content or apps that use the Java plug-in, and these can now be disabled using a single option in the Java Control Panel.
Disabling Java through the Java Control Panel will disable Java in all browsers.
Find the Java Control Panel
Windows XP
Click on the Start button and then click on the Control Panel option.
Double click on the Java icon to open the Java Control Panel.
Windows 7, Vista
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
Windows 8
Use search to find the Control Panel
Press Windows logo key + W to open the Search charm to search settings
OR
Drag the Mouse pointer to the bottom-right corner of the screen, then click on the Searchicon.
In the search box enter Java Control Panel
Click on Java icon to open the Java Control Panel.
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
RELATED INFORMATION
Disable the Java content in the particular browser
Internet Explorer
The only way to completely disable Java in Internet Explorer (IE) is to disable Java through the Java Control Panel as noted above.
Chrome
Click on the Chrome menu, and then select Settings.
At the bottom of Settings window, click Show advanced settings
Scroll down to the Privacy section and click on Content Settings.
In the Content Settings panel, scroll down to the Plug-ins section.
Under the Plug-ins section, click Disable individual plug-ins.
In the Plugins panel, scroll to the Java section. Click Disable to disable the Java Plug-in.
Close and restart the browser to enable the changes.
Note: Alternatively, you can access the Plug-ins settings by typing about:plugins in the browser address bar.
Firefox
Click on the Firefox tab and then select Add-ons
In the Add-ons Manager window, select Plugins
Click Java (TM) Platform plugin to select it
Click Disable (if the button displays Enable then Java is already disabled)
A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.
The US Computer Emergency Readiness Team (US-CERT), which falls under the National Cyber Security Division of the Department of Homeland Security, has issued the following vulnerability note:
Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”
More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit. BitDefenderconfirmed the alleged addition of the exploit into Cool while security expert Brian Krebsconfirmed the BlackHole part, as well as noted its addition into Nuclear Pack:
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP:
We recommend that regardless of what browser and operating system you’re using, you should uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and make sure to disable Java in your default browser.
We have contacted Oracle about this issue. We will update you if we hear back.
A Mac infected by a virus used to be something of a rarity, and it was the best argument you could bring to a Mac versus PC debate. But with Mac adoption surging in recent years, it was inevitable that Apple’s operating system would become a target for hackers.
Variations of one Flashback trojan, which first surfaced back in 2007, are now affecting more than 600,000 Macs around the world. Here’s how to find out whether your machine’s affected and kill the malware.
The Russian antivirus company Dr. Web announced yesterday that the Flashback trojan is now installed on over 550,000 Macs. Hours later, Dr. Web malware analyst Sorokin Ivan announced on Twitter that figure had risen to 600,000 Macs, 274 of which were infected in Apple’s hometown of Cupertino, California.
The most recent variant of the Flashback trojan targets Macs that have an older version of Java Runtime installed. Thankfully, Apple issues an update earlier this week patching the vulnerability, but for some machines it was just too late.
Ars Technica explains how the hack works:
Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them. Now that the fix for the Java vulnerability is out, however, there’s no excuse not to update—the malware installs itself after you visit a compromised or malicious webpage, so if you’re on the Internet, you’re potentially at risk.
You can find out whether your machine is affected by opening up the Terminal application and typing:
If you get the message ”The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”, then your Mac is safe. Basically, the “does not exist” message means you’re clean.
If you see anything other than those messages, you can check out F-Secure’s guide to removing the Flashback trojan.
2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone – as well as your username and password – when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can’t sign in to your account because they don’t have your phone.
Disabling Java through the Java Control Panel will disable Java in all browsers.
