man in the middle
Latest
The NSA tried to use app stores to send malware to targets
It shouldn't come as a surprise to hear that the NSA worked on iOS and Android malware meant to capture information from a target's phone, but actually getting the software onto phones? That's tricky. To help solve that problem, the NSA (and the rest of the Five Eyes intelligence community) attempted to hijack data being sent to and from app stores like those run by Samsung and Google. According to a document leaked by Edward Snowden, obtained by The Intercept and published by the CBC, it was mostly in search of a way to implant secret surveillance payloads into those data connections in hopes of identifying an Arab Spring in action in other countries.
Meerkat is silently fixing a flaw that lets anyone hijack livestreams
Livestreaming apps aren't new, but few have enjoyed as much notoriety in such a short time as Meerkat. Twitter users have adopted it in droves and the social network even went as far as limiting the app's access to its social graph last week for violating its policies. But as Meerkat continues to enjoy its time in the spotlight, a pretty serious flaw has emerged. One that lets users hijack any stream while it's in progress. Update: About 24 hours later, Meerkat says it's fixed! Thanks for reading, and hey, drop us a line sometime.
Tim Cook meets with Chinese authorities over iCloud attacks
What do you do when you're the CEO of Apple and hackers are targeting Chinese users of your iCloud service? You set up a meeting with the vice premier of the country, Ma Kai, to discuss what can be done to protect the data of users and how to strengthen communication between your company and the Chinese government. Reuters (via AppleInsider) reported today that Tim Cook met with the vice premier in Zhongnanhai (the government complex in Beijing) to discuss the attacks that began last weekend. Those attacks were initially reported by activist group GreatFire.org, which has been accusing the Chinese government of being involved in the man-in-the middle hack. iCloud user data is being gathered by spoofing the iCloud.com site, forcing Apple to take some measures to help out users. Those measures included publishing a guide on how users can verify how they're on the official iCloud.com site while using Safari, Chrome and Firefox web browsers, and GreatFire.org reports that Apple appears to be rerouting user data to fend off future attacks. It's good to see Cook getting hands-on with regard to issues that could jeopardize the company's standing with users in what may soon become the company's biggest market.
MIT research team improves wireless security, is starting with the man in the middle
Now that they've finished building a robot capable of making cakes, MIT's researchers can get on with the serious business of improving our wireless security. In a new study it reveals a technique dubbed tamper-evident pairing that stops so-called man-in-the-middle attacks. Put simply, a hacker intercepts your wireless communications, reads it and passes it onto the recipient, pretending to be you. Because the hacker controls the flow of information between the two parties, it's difficult to detect. MIT's process randomizes and encrypts the data with silence patterns and strings of additional information, which a hacker won't be able to replicate. The best part is that the added security measures only add 23 milliseconds of time onto each transmission. As fixing our wireless security problems is now out the door, the team are probably off to solve some more giant Rubik's cubes.
Update: Keylogger source identified
Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users. For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go. What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes. Thanks Kody!
Man in the middle attacks circumventing authenticators
It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one. This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users. Kropaclus After looking into this, it has been escalated, but it is a Man in the Middle attack. http://en.wikipedia.org/wiki/Man-in-the-middle_attack This is still perpetrated by key loggers, and no method is always 100% secure. source To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.
