Had to happen sooner or later: Trojan holds PC files for ransom
http://news.bbc.co.uk/2/low/technology/4580389.stm The BBC | Entertainment | Have Your Say | Week at a Glance Wednesday, 25 May, 2005, 17:13 GMT 18:13 UK Trojan holds PC files for ransom A unique new kind of malicious threat which locks up files on a PC then demands money in return for unlocking them has been identified. The program, Trojan.Pgpcoder, installs itself on a vulnerable computer after users visit certain websites. It exploits a known vulnerability in Microsoft's Internet Explorer (IE). Net security firm Symantec said the program had not spread quickly, but was another example of rising criminal extortion activity on the net. The malware - harmful software - was first identified by US net security firm Websense. Ransom note The program, once it installs itself unbeknown to a user, triggers the download of an encoder application which searches for common types of files on a computer and networked drives to encrypt. The threats on the net When a file is encrypted, usually for security and privacy purposes, it can only be decrypted with specific instructions. The trojan replaces a user's original files with locked up ones, so that they are inaccessible. It then leaves a ransom note in a text file. Instructions to release the files are only handed over when a ransom fee is paid, according to Websense. The electronic note left on the computer gives details of how to meet the demands via an online account. TROJAN.PGPCODER * Malicious website drops and runs a Trojan (downloader-aag) * Encoding program adds items to the Windows start-up registry * Creates a status file called autosav.ini with information on the files that have been encoded * Creates a file called tmp.bat in the directory where it was run to delete itself upon completion * Creates a file called Attention!!! with instructions on how to get your files decoded * Sends an HTTP status request to the server it was downloaded from This attack is yet another indicator of the growing trend of criminals using technology for financial gain, said Kevin Hogan, senior manager at web security firm Symantec. This Trojan horse is certainly an example of using cryptography for malicious purposes. It is the equivalent of someone coming into your home, locking your valuables in a safe and refusing to give you the combination. But because it is classed as a trojan, it does not send itself out to contacts that a user might have stored on a computer, like viruses. This limits its ability spread around to high levels, in the wild, said Symantec. Computer users are urged to ensure their anti-virus and security software is up-to-date. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How secure is the ATA encrypted disk?
On 4/8/05, James A. Donald [EMAIL PROTECTED] wrote: -- Every ATA disk contains encryption firmware, though not all bioses allow you to use it. Not all drives contain this encryption firmware, which isn't actually encryption firmware. It's more of a login feature. You have to send the drive the password before you can do any real I/O. $ sudo atactl wd0 Model: HMS360404D5CF00, Rev: DN4SCA2A, Serial #: N2L7G5HA Device type: ATA, fixed Cylinders: 7936, heads: 16, sec/track: 63, total sectors: 7999488 Device capabilities: IORDY operation IORDY disabling Device supports the following standards: ATA-1 ATA-2 ATA-3 ATA-4 Device supports the following command sets: NOP command READ BUFFER command WRITE BUFFER command Read look-ahead Write cache Power Management feature set Flush Cache command Advanced Power Management feature set CFA feature set Device has enabled the following command sets/features: NOP command READ BUFFER command WRITE BUFFER command Read look-ahead Write cache Power Management feature set Flush Cache command Advanced Power Management feature set CFA feature set # sudo atactl wd0 Model: SAMSUNG MP0804H, Rev: UE100-14, Serial #: S042J10Y241522 Device type: ATA, fixed Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 156368016 Device capabilities: ATA standby timer values IORDY operation IORDY disabling Device supports the following standards: ATA-1 ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 Master password revision code 0xfffe Device supports the following command sets: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set Security Mode feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set Automatic Acoustic Management feature set Set Max security extension commands Advanced Power Management feature set DOWNLOAD MICROCODE command SMART self-test SMART error logging Device has enabled the following command sets/features: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set DOWNLOAD MICROCODE command -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
CIA Overseeing 3-Day War Game on Internet
http://news.yahoo.com/s/ap/20050526/ap_on_hi_te/internet_terrorprinter=1 Yahoo! CIA Overseeing 3-Day War Game on Internet By TED BRIDIS, AP Technology Writer2 hours, 12 minutes ago The CIA is conducting a secretive war game, dubbed Silent Horizon, this week to practice defending against an electronic assault on the same scale as the Sept. 11 terrorism attacks. The three-day exercise, ending Thursday, was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants. They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Va., about two hours southwest of Washington. The simulated attacks were carried out five years in the future by a fictional alliance of anti-American organizations, including anti-globalization hackers. The most serious damage was expected to be inflicted in the war game's closing hours. The national security simulation was significant because its premise - a devastating cyberattack that affects government and parts of the economy with the same magnitude as the Sept. 11, 2001, suicide hijackings - contravenes assurances by U.S. counterterrorism experts that such far-reaching effects from a cyberattack are highly unlikely. Previous government simulations have modeled damage from cyberattacks more narrowly. You hear less and less about the digital Pearl Harbor, said Dennis McGrath, who helped run three similar war games for the Institute for Security Technology Studies at Dartmouth College. What people call cyberterrorism, it's just not at the top of the list. The CIA's little-known Information Operations Center, which evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers, was running the war game. About 75 people, mostly from the CIA, gathered in conference rooms and reacted to signs of mock computer attacks. The government remains most concerned about terrorists using explosions, radiation and biological threats. FBI Director Robert Mueller warned earlier this year that terrorists increasingly are recruiting computer scientists but said most hackers do not have the resources or motivation to attack the U.S. critical information infrastructures. The government's most recent intelligence assessment of future threats through the year 2020 said cyberattacks are expected, but terrorists will continue to primarily employ conventional weapons. Authorities have expressed concerns about terrorists combining physical attacks, such as bombings, with hacker attacks to disrupt communications or rescue efforts. One of the things the intelligence community was accused of was a lack of imagination, said Dorothy Denning of the Naval Postgraduate School, an expert on Internet threats who was invited by the CIA to participate but declined. You want to think about not just what you think may affect you but about scenarios that might seem unlikely. Livewire, an earlier cyberterrorism exercise for the Homeland Security Department and other federal agencies, concluded there were serious questions about government's role during a cyberattack, depending on who was identified as the culprit - terrorists, a foreign government or bored teenagers. It also questioned whether the U.S. government would be able to detect the early stages of such an attack without significant help from private technology companies. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Citibank discloses private information to improve security
List, In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the ATM card. Not only are these personal identifiers sent in an insecure communication, such use is not authorized by the person they identify. Therefore, I believe that some points need to be made in regard to right to privacy and security expectations. It's the usual tactic of pushing the liability to the user. The account holder gets the full liability for the security procedure used by the bank. A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the bank to the account holder. This combination would not be static, because it could be changed by the user at will, and would not identify the user in any other way. Private, identifying information of customers have been used before by banks for customer login. The account holder's name, the ATM card number, the account number, and the SSN have all been used, and abandoned, for Internet banking login. Why? Because of the increased exposure creating additional risks. Now, with the unilateral disclosure by Citibank of the account holder's name as used in the account and the last four digits of the ATM number, Citibank is back tracking its own advances in user login (when they abandoned those identifiers). Of course, banks consider the ATM card their property, as well as the number they contain. However, the ATM card number is a unique personal identifier and should not be disclosed in a plaintext email without authorization. A much better solution (see above) exists, even using plaintext email -- use a codeword that is agreed beforehand with the user. This would be a win-win solution, with no additional privacy and security risk. Or is email becoming even more insecure, with our private information being more and more disclosed by those who should actually guard it, in the name of security? Cheers, Ed Gerck -- I use ZSentry Mail Secure Email https://zsentry.com/R/index.html/[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Light gun fires photons one by one [from New Scientist]
Light gun fires photons one by one * 16:19 24 May 2005 * NewScientist.com news service * Justin Mullins The first photon gun capable of firing single particles of light over optical fibres was unveiled on Tuesday. The breakthrough may remove one of the final obstacles keeping perfectly secure messages from being sent over standard telephone fibres. Encryption techniques change each character in a message in a way that can be reversed by a receiver who possesses the relevant key. But sending the key to the receiver is just as troublesome as sending the message as it too can be intercepted - a problem known as key distribution. Twenty years ago, North American physicists Giles Brassard and Charles Bennett outlined a way to send a key without anyone being able to eavesdrop. Their idea rests on the notion that a message sent using quantum particles - such as photons - is so fragile that measuring the photons changes their properties. So anybody listening in to a transmission would destroy it - which the sender and receiver would easily notice. But so-called quantum encryption works only if the key is sent using individual photons, rather than the pulses of many photons that are used for communication today. But sending single photons is tricky. Too many photons In the last year, a number of companies have begun selling quantum encryption kits that create single photons by reducing the intensity of a laser beam so that it produces pulses each containing less than one photon, on average. But there always remains a small probability that any pulse will contain two or more photons. This is a potentially serious weakness because a hacker could intercept the extra photons without the sender and receiver being any the wiser. Now Andrew Shields and colleagues at Toshibas Cambridge Research Laboratory in the UK have developed a light-emitting diode (LED) that allows a data transfer rate of 1 megabit per second. And crucially, the photon gun works at the same light wavelength as commercial optical fibres - at 1.3 micrometers. It could be commercially available within two to three years, says Shields. Exotic clusters The device is essentially a standard LED made of gallium arsenide but containing a layer of quantum dots - exotic clusters of indium arsenide each containing just a few thousand atoms. In a conventional LED, electrons in the central layer combine with holes - or absences of electrons - releasing a photon in the process. In the new device, this recombination takes place only inside the quantum dots which emit photons of a wavelength similar to their size. So the size of the dots determines the wavelength at which the device operates. A masking layer then allows only the light from a single dot to escape, ensuring that the device emits only one photon at a time. This device should finally close the security loophole in the current quantum encryption techniques. We are in the process of building our own quantum encryption equipment, says Shields. It will make the process of communicating using the quantum properties of light much more efficient, notes Will Stewart, chairman of Innos, a silicon research and development company in the UK. The Toshiba team unveiled the device at the Quantum Electronics and Laser Science Conference in Baltimore, US. [From: http://www.newscientist.com/article.ns?id=dn7420] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]