Information Security News
by Peter Bright
Windows' network activity continues to be scrutinized amid privacy concerns. Windows 10 was first put under the microscope with both new and old features causing concern. With its Cortana digital personal assistant, Windows 10 represents a new breed of operating system that incorporates extensive online services as an integral part of the platform. But its older predecessors haven't escaped attention, and questions are now being asked of Windows 7 and 8's online connectivity.
Windows 8 included many of the same online features as are now raising hackles around the Internet. While it had no Cortana, it nonetheless integrated Web and local search, supported logging in and syncing settings with Microsoft Account, included online storage of encryption keys, and so on and so forth. While a few privacy advocates expressed concern at these features when the operating system was first released, the response was far more muted than the one we see today about Windows 10. But a new addition has led to accusations that Windows 8 now mimics one of Windows 10's more problematic features: it reports information to Microsoft even when told not to.
Back in April, Microsoft released a non-security update for both Windows 7 and 8. This update, 3022345, created a new Windows service called the Diagnostics Tracking service. Microsoft describes this service as doing two things. First, it increase the amount of diagnostic data that the Customer Experience Improvement Program (CEIP) can collect in order to better diagnose problems. Second, it collects data for third party applications that use the Application Insights service. Application Insights is a preview that allows app developers to track performance issues, crashes, and other problems of their applications. The Diagnostics Tracking service collects this data and sends it to Microsoft.
On August 28, the United Kingdom’s National Crime Agency announced the arrest of six teenagers, ranging in age from 15 to 18, for launching distributed denial of service attacks against multiple websites. The attacks were carried out using an attack tool created by Lizard Squad, the group behind denial of service attacks on gaming networks and the 8Chan imageboard site last winter. Called Lizard Stresser, the tool exploited compromised home routers, using them as a robot army against targeted sites and services.
The six arrested “are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” an NCA spokesperson wrote in an official statement on the case. “Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers.” Those sites, according to a source that spoke with Bloomberg Business, included Microsoft’s Xbox Live, Sony’s Playstation network, and Amazon.com.
The timing of the attacks wasn’t mentioned by NCA. However, the user database of Lizard Stresser was leaked in January of this year. The NCA has been investigating individuals listed in the database and has identified a substantial number of them living in the UK. “Officers are also visiting approximately 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks,” the NCA spokesperson noted. “A third of the individuals identified are under the age of 20, and the activity forms part of the NCA’s wider work to address younger people at risk of entering into serious forms of cyber crime.”
Over in the SANS ISC discussion forum, a couple of readers have started a good discussion https://isc.sans.edu/forums/Encryption+at+rest+what+am+I+missing/959 about which threats we actually aim to mitigate if we follow the HIPAA/HITECH (and other) recommendations to encrypt data at rest that is stored on a server in a data center. Yes, it helps against outright theft of the physical server, but - like many recent prominent data breaches suggest - it doesnt help all that much if the attacker comes in over the network and has acquired admin privileges, or if the attack exploits a SQL injection vulnerability in a web application.
There are types of encryption (mainly field or file level) that also can help against these eventualities, but they are usually more complicated and expensive, and not often applied. If you are interested in data at rest encryption for servers, please join the mentioned discussion in the Forum.
Always nice when the spammers are so forthcoming to send their latest crud directly to our SANS ISC honeypot account. The current incarnation
Subject: Re: Your complimentary 3-night stay giftcard (Expires 09
From: Marriott Gift Card [email protected]
Received: from summerallstar.review (18.104.22.168-static.reverse.softlayer.com [22.214.171.124])
which kinda figures, Softlayer is among the cloud computing providers whose get a virtual server FREE for one month is an offering that scammers cant resist. The Marriott email said:
Marriott Special Gift Card:
ALERT: Your Marriott-Gift Card will expire 09/15/15.
Please claim your gift-card at the link below:
This gift-card is only good for one-person to claim
at once with participation required. Please respect the
rules of the special-giftpromo.
.review ? How lovely! Lets use the opportunity to again *thank* ICANN for their moronic money grab, and all the shiny new useless top level domains that honest users and corporations now have to avoid and block. The lesson learned a couple years ago, when .biz and .info came online, should have been enough to know that the new cyber real estate would primarily get occupied by crooks. But here we are. I guess ICANN and most domain name pimps don" />
It doesn" />
Somewhere along the way, it seems like the connection to Marriott got lost. Which is maybe all the better...(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
How can banana peels help the infosec community?
Graham Cluley Security News
Many in the security community are concerned that this is another example of government over-reach. However, when viewed another way, this particular ruling can have a broader positive impact for the information security profession. Wyndham stated on ...