Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Beware Scare Tactics for Mobile Security Apps

June 20, 2012

It may not be long before your mobile phone is beset by the same sorts of obnoxious, screen-covering, scaremongering ads pimping security software that once inundated desktop users before pop-up blockers became widely-used.
Richard M. Smith, a Boston-based security consultant, was browsing a local news site with his Android phone when his screen was taken over by an alarming message warning of page errors and viruses. Clicking anywhere on the ad takes users to a Web site selling SnapSecure, a mobile antivirus and security subscription service that bills users $5.99 a month.

How Companies Can Beef Up Password Security

June 11, 2012

111 Comments

Separate password breaches last week at LinkedIn, eHarmony and Last.fm exposed millions of credentials, and once again raised the question of whether any company can get password security right. To understand more about why companies keep making the same mistakes and what they might do differently to prevent future password debacles, I interviewed Thomas Ptacek, a security researcher with Matasano Security.

Ptacek is just one of several extremely smart researchers I’ve been speaking with about this topic. Below are some snippets from a conversation we had last week.

Alleged Romanian Subway Hackers Were Lured to U.S.

June 6, 2012

25 Comments

The alleged ringleader of a Romanian hacker gang accused of breaking into and stealing payment card data from hundreds of Subway restaurants made news late last month when he was extradited to face charges in the United States. But perhaps the more interesting story is how his two alleged accomplices happened to have come to this country willingly: They were lured here by undercover U.S. Secret Service agents who promised to shower the men with love and riches.

White House Aims to Stoke Botnet Fight

May 29, 2012

25 Comments

The Obama administration will hold a public meeting at the White House on Wednesday to discuss industry and government efforts to combat botnet activity. Among them is a pilot program to share information about botnet victims between banks and Internet service providers, according to sources familiar with the event.

WHMCS Breach May Be Only Tip of the Trouble

May 24, 2012

104 Comments

A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords — and in some cases credit cards — may turn out to be least of the company’s worries. According to information obtained by KrebsOnSecurity.com, for the past four months hackers have been selling an exclusive zero-day flaw that they claim lets intruders break into Web hosting firms that rely on the software.

Google to Warn 500,000+ of DNS Changer Infections

May 22, 2012

31 Comments

Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens… Read More »

Global Payments Breach Now Dates Back to Jan. 2011

May 17, 2012

28 Comments

The data breach at Atlanta-based credit and debit card processor Global Payments just keeps getting bigger. Earlier this month, I reported that Visa and MasterCard were alerting banks that the breach extended back to June 2011. Now it appears the… Read More »

Facebook Takes Aim at Cross-Browser ‘LilyJade’ Worm

May 17, 2012

42 Comments

Facebook is attempting to dismantle a new social networking worm that spreads via an application built to run seamlessly as a plugin across multiple browsers and operating systems. In an odd twist, the author of the program is doing little to hide his identity, and claims that his “users” actually gain a security benefit from installing his software.

At issue is a program that the author calls “LilyJade,” a browser plugin that uses Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run seamlessly across multiple browsers and operating systems, including Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a user’s Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who accept the terms of service for LilyJade will have their accounts modified to periodically post links that help pimp the program.

Multiple Human Rights, Foreign Policy Sites Hacked

May 15, 2012

6 Comments

A rash of recent and ongoing targeted attacks involving compromises at high-profile Web sites should serve as a sobering reminder of the need to be vigilant about applying browser updates. Hackers have hit a number of prominent foreign policy and human rights group Web sites, configuring them to serve spyware by exploiting newly patched flaws in widely used software from Adobe and Oracle.

At the Crossroads of eThieves and Cyberspies

May 8, 2012

14 Comments

Lost in the annals of campy commercials from the 1980s is a series of ads that featured improbable scenes between two young people (usually of the opposite sex) who somehow caused the inadvertent collision of peanut butter and chocolate. After the mishap, one would complain, “Hey you got your chocolate in my peanut butter!,” and the other would retort, “You got your peanut butter in my chocolate!” The youngsters then sample the product of their happy accident and are amazed to find someone has already combined the two flavors into a sweet and salty treat that is commercially available.

It may be that the Internet security industry is long overdue for its own “Reese’s moment.” Many security experts who got their start analyzing malware and tracking traditional cybercrime recently have transitioned to investigating malware and attacks associated with so-called advanced persistent threat (APT) incidents. The former centers on the theft of financial data that can be used to quickly extract cash from victims; the latter refers to often prolonged attacks involving a hunt for more strategic information, such as intellectual property, trade secrets and data related to national security and defense.