cns-logo-hut3cns-logo-hut3

Information Assurance

Blog

CNS InfoSec News

by Shannon Simpson | Feb 08, 2013

Schmidt Slams China

 

Google executive chairman Eric Schmidt has strongly criticised China, claiming the country is the world’s most prolific hacker of foreign firms and predicting that its actions will increasingly drive Western tech vendors closer to their governments.

 

http://www.theregister.co.uk/2013/02/04/google_schmidt_slams_china/

 

 

UK Duo Crack HTTPS in "Lucky 13 Attack"

 

Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed

today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.

 

Professor Kenny Paterson from the Information Security Group at Royal Holloway, University of London and PhD student Nadhem Alfardan claim they can crack TLS-encrypted

traffic in a man-in-the-middle attack.

 

http://www.theregister.co.uk/2013/02/04/unlucku_13_crypto_attack

 

Think Your Trojan's Look Legit? This one Has A Digital Certificate..

Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.

The Brazilian banking password-sniffer was signed with a valid digital certificate issued by DigiCert, MalwareBytes reports. DigiCert responded promptly to inquiries by El Reg to confirm it had a had pulled the offending certificate, which it said had been issued to a legally registered business.

The firm said the crooks behind the banking Trojan used a certificate that had been issued to a real software company called "Buster Paper Comercial Ltda". DigiCert said that Buster Paper was properly registered and it was only following general industry practice in issuing a digital certificate, as a statement by the firm explains.

http://www.theregister.co.uk/2013/02/05/digitally_signed_banking_trojan/

IE at risk as MS addresses 57 flaws

 

Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products.

 

Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems.

 

In all, the soon-to-be-patched vulnerabilities exist in the Windows operating system, Internet Explorer web browser, Microsoft Server Software, Microsoft Office and the .NET framework.

 

http://www.theregister.co.uk/2013/02/08/ms_feb_patch_tuesday_pre_alert/