Archive for May 29, 2016

Cyber attack knocked down hundreds of school networks offline in Japan

The Cyber attack knocked down hundreds of school networks offline in Japan was allegedly instigated by a student.

A 16-year-old high school student hacked the Osaka Board of Education server that took 444 elementary, junior high and high school networks offline afetr he was frustrated with his teachers.

According to the investigators the student used his cellphone to monitor the attack, and he wanted to join hacktivist group Anonymous.

Radware security researcher Daniel Smith said that student-launched attacks are becoming more common.

"We have been getting approached by education institutions or regional IT firms who say they are starting to see some increased attack activity," said Smith.

This attack was result of the aggression toward a school or staff member, others reasons include delaying tests, changing grades and manipulating the registration process to gain an advantage over other students.

"He wanted to show the vulnerabilities inside the college network," said Smith. "It was very simple for him to topple the network, and it caused a lot of issues for students and staff members."

Most of the attackers aims at student portals, admission processing sites, mail servers and sensitive databases holding personal information. 

Tech-giant Microsoft steps in to combat terrorism

(pc-google images)

Tech-giant Microsoft has now braced itself to tackle the never-ending global issue of terrorism. With the internet proving to be a major conduit for terrorist groups to spread violence, Microsoft has reacted to this matter of concern.

In a blog post, Microsoft explained that its services are meant to empower people and not contribute to terrible acts. The company stressed on promoting values such as privacy, freedom of expression and the right to access information.

"Terrorism is one of the truly urgent issues of our time," said Microsoft. "We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes."

“We are amending our terms of use – which already prohibit hate speech and advocacy of violence against others – to specifically prohibit the posting of terrorist content on our hosted consumer services,” the company said.

“There is no silver bullet that will stop terrorist use of the Internet,” Microsoft's vice president Steven Crown told a special Security Council debate on counter-terrorism.

Microsoft will continue using its notice and takedown process for removing prohibited content. Microsoft said it would remove links to terrorist-related content from Bing search results when the takedown would be required of search providers under local law.

"We will remove links to terrorist-related content from Bing only when that takedown is required of search providers under local law," said Microsoft.

The company also has plans to work with non-governmental organisations to offer alternative narratives in its search results.

Microsoft is one of the last major tech companies to issue anti terrorism policies .Twitter, Facebook and others in recent months have taken steps to crack down on the use of their sites for terrorist activity, hateful speech or content promoting violence.

Now, Microsoft says goodbye to common passwords

(pc-google images)

After the LinkedIn debacle, Microsoft says it will stop users from choosing easily guessable passwords in a bid to prevent a repeat of the former’s recently resurfaced fiasco. 

Microsoft’s Alex Simons said that his firm will try to avoid the same thing happening to it by preventing users from making lazy choices in passwords. 

(pc-google images)
Following last week's leak of 117 Million LinkedIn customer email credentials, Microsoft has detailed how it's using the leaked list and others like it to prevent Microsoft Account users from picking passwords that appear frequently in stolen data.

Microsoft will soon launch a new Azure Active Directory (AD) feature that will let admins stop users from picking easily-guessed passwords. Microsoft will roll out the feature to over 10 million Azure AD tenants in coming months. 

IT admins will have the ability to lock down corporate email accounts automatically if the username and password for those accounts match credentials in a newly-leaked list.

Microsoft runs the list of compromised credentials through a system that compares hashes of the passwords with those stored with live accounts. If it identifies an at-risk account, Microsoft locks it and prompts the user to verify their identity and reset their password. This capability will be available with Azure AD users.

Andrew Tang, service director of security at MTI said that there is very little risk with the initiative.
“We are trusting Microsoft to store and secure that password, as it will need to be check every time it's used.  Like all other systems, it's just an algorithm to check how the password is structured.”

1.4 billion yen stolen in japan atm heist

In Japan an international credit card fraud has come to light in which about 1.44 billion yen or more than $13 million was illegally withdrawn with forged credit cards from 1,400 automated teller machines in convenience stores around the country.

The cash was withdrawn within a space of 5 am to 8 am by more than 100 burglars on May 15. The time chosen avoided immediate detection of criminals.

The thieves apparently went to ATMs like those found in 7-11s across Japan and swiped 1,600 counterfeit South African credit cards, created using information from cards issued by South Africa's Standard Bank. Since the money machines would only let them take about $900 at a time, the hackers made thousands of withdrawal.

Suspecting the involvement of international criminal organization, the police are planning to cooperate with overseas investigative organizations.

According to Reuters Africa, Standard Bank is estimating its total losses at 300 million rand ($19 million). The bank said none of its customers will suffer the losses from the international fraud scheme.

The ATMs are in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka and other prefectures.

Police intend to identify the suspects by analyzing the images recorded by security cameras. They also plan to examine how the credit card data was leaked, in cooperation with the South African authorities via Interpol.

The fraud came to light following a report from a bank that installed some of the ATMs.

The heist comes as credit card networks like Visa and MasterCard are trying to move world markets toward uniform acceptance of chip-based cards, which are considered less vulnerable to fraud than magnetic stripe cards.

TeslaCrypt releases master key as it shuts down

TeslaCrypt has shut down and the security researchers of ransomware have created a tool that can decrypt files affected by recent versions of the malicious program.
Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware. 
When the ESET researcher used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site with an apology for their acts.
“Project closed, master key for decrypt XXX…XXX, we are sorry.”
It is hard to believe that the crooks really were sorry, but it seems that the master was genuine. The decision appears to kill off the net menace.
TeslaCrypt, which first appeared in early 2015 often targeted gamers, landed on systems through malicious downloads; web domains which load exploit kits and phishing campaigns. As ransomware, TeslaCrypt infected systems and encrypted user files, sticking up a landing page and removing access to the PC until a ransom is paid, usually in virtual currency Bitcoin.
What made TeslaCrypt a particularly severe case is that the developers behind the malware were very active, and researchers found it difficult to crack the software before new, even more sophisticated versions were released into the wild.
The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.
The number of TeslaCrypt attacks spiked in December and starting with version 3.0.1 of the program, which appeared in March, all encryption flaws were fixed and the existing decryption tools were rendered ineffective. That lasted until Wednesday.
A TeslaCrypt expert has been able to use the master key to update the TeslaDecoder decryption software to unlock all versions of the ransomware which are encrypting files with the .xxx, .ttt, .micro, .mp3 or extensionless files without giving into the malware's demands for payment.
With the release of the master decryption key for TeslaCrypt, victims can now download TeslaDecoder to decrypt files encrypted by TeslaCrypt.
Each computer, or more commonly each file, uses a unique, randomly chosen key that is never saved on disk, so it can’t be recovered directly.
Instead, the file encyption key is then itself encrypted using a public key for which only the crooks have the corresponding private key.
It is all-but-unheard-of for ransomware authors to release a master key capable of decrypting all infected files.