Monthly Archives: May 2016

Nulled Hacking Forum Faces Serious Data Breach

The email addresses and private messages of over 470,000 members of the popular hacking website Nulled have been leaked following a data breach. Nulled is a forum where hackers exchange stolen credit card details, malware-creation kits and even cracks to common software platforms. A unnamed hackers have breached into the site’s database and published a 9.45GB SQL file named db.sql showing the emails, location data, and activities of those who logged on.

Currently the forum has been taken offline after the data breach and is apparently in the process of receiving “routine maintenance.” According to researchers working at Risk Based Security, the database of the entire forum was leaked which includes 12,600 invoices, usernames, IP addresses and even the PayPal addresses of its members.

It isn’t found how the breached had occured till now , there have been more than 4,500 vulnerabilities in these plugins with IP.Board possessing 185 vulnerabilities in total. Moreover, the leaked data also includes 2.2 million posts and miscellaneous content related to the forum, which hints that private content, URLs and another information present on the VIP forum is now open to public access. This is going to severely affect the business model of the forum.

nulled-io-the-forum-shielding-hackers-has-been-hacked-3-768x340

Risk Based Security did an analysis revealing which domains and email platforms users had linked with this service:

nulled-io-the-forum-shielding-hackers-has-been-hacked

Landmark computer hacking archive deposited at TNMOC

Prince Philip Prestel hack preserved for posterity

Prince philip Thames barrier old control room photo Environment Agency

An archive that tells the story of how the 1980s hack of Prince Philip’s mailbox led to UK anti-hacking legislation has been deposited at The National Museum of Computing (TNMOC).

Robert Schifreen, the “white hat” at the centre of the 1980s controversy, compiled the archive, which details Schifreen’s two-year-long legal travails following his open hack of Prestel, BT’s pre-web online service. Schifreen and the late Steve Gold managed to hack into BT’s Prestel Viewdata service, famously accessing the personal message box of Prince Philip in the process.

The Prince Philip incident only happened following a number of attempts to shock BT into action after the telco showed no interest in bolstering the security of its system. Involving the Royals prompted BT into calling in the police, setting off a chain of events that led to the the arrest of Schifreen and Gold in March 1985 and the subsequent prosecution of the two tech enthusiast journalists.

With no anti-hacking law in existence at the time, the archive gives details of the passage of what turned out to be in effect a test case through three courts ending in the acquittal of Schifreen and Gold in the House of Lords (at that time the highest UK court) in 1987.

The archive includes Schifreen’s ’80s-era hacking password book, transcripts of his interviews with police, legal correspondence, the jury bundle and a substantial number of press cuttings.

Evening white hats

In presenting the archive, Robert Schifreen explained the context of 1980s hacking to an audience at TNMOC. In 1985, the internet did not exist, home computing was beginning to take off, Prestel had recently become the first online service available to the UK public but there was no real awareness of the need for computing security and no law explicitly against computer hacking.

Schifreen, aged 22 at the time, collected user names and passwords and investigated computer databases not supposedly open to the public but accessible all the same.

In a statement, Schifreen explained: “Hackers in those days never started until 6pm because it was so expensive to go online with a dial-up connection before that. But 6pm was a significant start-time because the Prestel security staff had gone home and weren’t there to deal with automated messages telling them that there had been three unsuccessful attempts at a log-on to Prestel.

“I could read the messages, delete them to cover my tracks before security arrived for work next morning. In effect I was a Prestel System Manager. I even managed to hack Prince Philip’s Prestel Mailbox and was quite open about it,” he added.

Schifreen was surprised at how Prestel handled his reports of issues with its systems, which these days would have earned him a bug bounty payout. Thirty years ago he was treated to arrest and trial.

“I made no secret of what I was doing,” Schifreen explained. “It was 1985. The Computer Misuse Act came into existence in 1990. I was doing nothing illegal!

“I phoned Prestel and told them what I could do. I thought they might give me a job. They didn’t. They called Scotland Yard,” he added.

Initially charged and convicted of forgery at Southwark Crown Court, that decision was overturned on appeal by the Lord Chief Justice. After a further appeal by the prosecution, the Lord Chief Justice’s decision to acquit was upheld by the House of Lords.

Relic of an age when security wasn’t treated seriously

Schifreen, who has gone on to enjoy a successful career as a security journalist and later consultant, currently at SecuritySmart, an IT security awareness training company, concluded: “I think the police were quite happy that I was acquitted as it demonstrated the need for a computer hacking act of some sort. The Computer Misuse Act of 1990 resulted.”

Receiving the archive, TNMOC trustee Margaret Sale commented: “We are extremely grateful to Robert Schifreen for donating his fascinating archive to TNMOC and giving us an insight into what now seems a very strange world in which computer security was not treated very seriously.”

These days firms such as TalkTalk, in some ways a modern-day successor to Prestel, go to great lengths to tell everyone that they take security seriously. Well, they do after they’ve been breached, anyway.

But we digress.

The archive at TNMOC, which is located at located on Bletchley Park, is available to bona fideresearchers. It is growing rapidly and already contains the entire 45-year print history (1966-2011) ofComputer Weekly, the world’s first weekly computer publication, 26 years of Personal Computer World, and many other magazines, the complete ICL manufacturing archive, the entire Digital Equipment Corporation microfiche and more.

Prestel started in the late ’70s but was not commercially successful. Live systems were used for home banking, among other applications.

Security Vendor Trustwave Bought By Singtel For $810M

The big news today is an acquisition, “Trustwave bought by Singtel” is rocking all the headlines. The fairly well known security vendor Trustwave has been bought for a rather large amount (almost $1 Billion – but not quite).

We have mentioned Trustwave before, and not in a good light – they were sued as the security vendor for the Target hacks.

Security Vendor Trustwave Bought By Singtel For $810M

It seems not to have hurt them as the case was dropped a few days after being filed, and they weren’t listed so their value isn’t public knowledge (until now at least) – they are valued at $850 million.

Singapore Telecommunications Ltd. (Singtel) is acquiring privately held security vendor Trustwave in a deal valued at $810 million.

Under the agreement, Singtel will acquire a 98 percent share of Trustwave, which has an enterprise value of $850 million. Trustwave Chairman, President and CEO Robert J. McCullen will retain the remaining 2 percent share.

Singtel expects the transaction to close in the next three to six months pending regulatory approvals. After the deal closes, Trustwave will operate as a stand-alone business unit of Singtel. The current Trustwave management team is expected to stay in place, and Trustwave’s headquarters will remain in Chicago.

Singtel is a leading communications group that provides multiple services, including both fixed and wireless voice and data. The group extends into 25 countries across Asia, Australia, Africa, Europe and the United States. According to Singtel, it has more than 500 million mobile customers globally today.

“Singtel is the perfect partner for us as we continue to help businesses fight cyber-crime, protect data and reduce security risk, and the Trustwave team is thrilled to become a part of such a prestigious and innovative organization,” McCullen said in a statement.

 

Trustwave is a large company in the security space with more than 2.7 million business customers globally across 96 countries. Definitely one of the leaders in the managed security services market.

This will take Singtel (who already has a strong hold on the services market) to a whole new level in the infosec space.

The deal will help Singtel establishing itself as a global security player.

“Our extensive customer reach and strong suite of ICT [information and communication technology] services, together with Trustwave’s deep cyber-security capabilities, will create a powerful combination and allow Singtel to capture global opportunities in the cyber-security space,” Chua Sock Koong, Singtel Group CEO, said in a statement.

Trustwave is active in multiple areas of cyber-security and has more than 1,200 employees based in 26 countries and currently operates global security operations centers (SOCs) in Chicago, Denver, Minneapolis, Manila and Warsaw.

Trustwave has managed security offerings as well as stand-alone products. In 2010, Trustwave acquired Breach Security, the primary commercial sponsor behind the widely deployed mod_security Web application firewall (WAF).

Also part of Trustwave is the SpiderLabs ethical hacking and threat research team, which has helped discover a number of important security threats in recent years. In August 2014, the U.S. Secret Service credited Trustwave with helping discover the backoff point-of-sale (POS) malware. Initially, the U.S Secret Service warned that 600 U.S. retailers had been impacted by backoff and later upped that number to more than 1,000 retailers.

Trustwave has also acquired a whole slew of smaller companies which took them to the size they are and also contributed greatly to their software service offerings such as Finjan and MailMarshal which were bought by the acquisition of M86.

It’s good to see the little rock down South of Malaysia making such a bold move.

OpenSSL Patches Two High-Severity Vulnerabilities

OpenSSL said in its advisory that this issue was part of a fix for the Lucky 13 padding attacks of 2013. Lucky 13 is a side-channel crypto attack against TLS, specifically the message authentication code stage of TLS implementations. “The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes,” OpenSSL said in its advisory. “But it no longer checked that there was enough data to have both the MAC and padding bytes.” The second high-severity issue is a memory corruption vulnerability in the ASN.1 encoder used in OpenSSL. Only versions prior to April 2015 are affected, OpenSSL said; the flaw was patched April 18, 2015 and released last June. “The other [high severity] bug was fixed a year ago, but nobody saw the security impact,” Salz said. “If vendors just picked up our fixes, we’d be all set.” In its advisory, OpenSSL explained that the vulnerability by itself does not pose a security issue, but if combined with a second and unrelated bug in the ASN.1 parser, could result in a buffer overflow. From the advisory: “A second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures. Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.” OpenSSL said OpenSSL 1.0.2c and 1.0.1o address this vulnerability. OpenSSL today also patched two overflow vulnerabilities in the EVP_EncodeUpdate () function. An attacker could input a large amount of data causing a heap corruption in both cases. There are limitations in both cases that minimize the security impact of successful exploits of both situations, OpenSSL said. The remaining low-severity vulnerabilities are in the ASN.1 BIO and in the X509_NAME_oneline() function in EBCDIC systems, resulting memory exhaustion and arbitrary stack data returned in the buffer, respectively. OpenSSL also reminds users that security support for version 1.0.1 ends on Dec. 31; support for 0.9.8 and 1.0.0 ended last December.