The german hacker club CCC claims that they found a trojan malware used by german federal police (german source).
It seems that the software has many security issues and, even worse, has abilities which are illegal under german law.
The interesting question is now: Does it really originate from german authorities? Of course they deny that. And if so, how would one prove that? It seems that the trojan uses command servers outside of germany. At the moment it is unclear who operates these machines.
I do not expect that this will ever be resolved completely. It's way too embarrassing.
Update: The Bavarian Government accepted responsibility for the trojan. Antivirus vendors claim that it would be caught be heuristic malware detectors. Looks like there is an egg on someone's face.
Monday 10 October 2011
Sunday 4 September 2011
Progress at Quantum Computing
NIST scientists have prepared a single qubit with an error rate, under 10-4, that is low enough to enable error correction.
Because decoherence destroys the quantum information that is needed for the quantum algorithm that is supposed to run on the computer, scientists need to implement error correction to be able to implement a quantum algorithm. Therefore, this is an important step towards a working quantum computer.
The experiment which is published in the linked article achieved the low error rate by manipulating one trapped atom with microwaves instead of laser beams.
Because decoherence destroys the quantum information that is needed for the quantum algorithm that is supposed to run on the computer, scientists need to implement error correction to be able to implement a quantum algorithm. Therefore, this is an important step towards a working quantum computer.
The experiment which is published in the linked article achieved the low error rate by manipulating one trapped atom with microwaves instead of laser beams.
Wednesday 27 April 2011
Experimental attack on mTAN
F-Secure reports (link in german) that the trojan SpyEye has a new attack on the mTAN online banking security system. Users of infected PCs are tricked into installing malware on their Symbian mobile phones.
In order to do so, the attacker needs the phone's IMEI number, which is not a security credential in itself, but a user should become suspicious nowadays if their bank wants to know their IMEI number. Therefore I suggest to categorize this attack as experimental.
The urgent question behind this is: why did the Symbian developers base the security of their operating system on IMEI numbers?
Botnets Transfer 11 Million Dollar to China
The FBI reportsthat the usual suspects, namely ZeuS and SpyNet were used to steal 11 Million dollars and transfer that money to China.
Probably the victims were attacked using targeted "spearphishing" emails.
This issue is known since long, how long will it take until this will be eventually fixed?
Probably the victims were attacked using targeted "spearphishing" emails.
This issue is known since long, how long will it take until this will be eventually fixed?
Sunday 20 March 2011
RSA Incident Neboulous
Intruders may have stolen data pertaining to RSA one time password (OTP) tokens. However, RSA won't tell the general public what has happened. There is a support note which is accessible only to customers.
OTP uses keys that need to remain secret, but I don't think these keys have been stolen.
OTP uses keys that need to remain secret, but I don't think these keys have been stolen.
Sunday 6 March 2011
TrustZone and Trusted Execution Environment
This post describes a recent security addition to mobile phones. It has a superficial similarity to the trusted platform module (TPM). Because the TPM seems to cast doubt on anything "trusted" I will compare TrustZone and TPM.
TrustZone is a virtualization technology. The basic idea is that the processor can be switched between normal mode and secure mode. Because of the virtualization the normal mode is unaffected by the secure mode. The secure mode is based on the TrustZone. More technically, some peripherals and keys are only accessible from the secure mode.
The TPM did not use virtualization. There was no unaffected more. It became unclear whether the owner of the computer or the owner of the TPM keys was the real master of the computer.
TrustZone can and will be used to implement a DRM system. However, it won't enforce anything in the normal world. Thus people who do not like to use DRM, can simply ignore it.
Still, there is a feature that will be useful to everyone: The secure mode can be used to protect PIN entry or display of sensitive information from malware. There is hope that such a technology might disrupt the creation of a criminal ecosystem on mobile phones before it gets out of control like it happened on PCs.
The secure mode is typically started from the normal mode, for example because the user wants to enter a PIN. The smart card standardization organization Global Platform intends to standardize this API under the name Trusted Execution Environment. That's the other T-word from the title.
TrustZone is a virtualization technology. The basic idea is that the processor can be switched between normal mode and secure mode. Because of the virtualization the normal mode is unaffected by the secure mode. The secure mode is based on the TrustZone. More technically, some peripherals and keys are only accessible from the secure mode.
The TPM did not use virtualization. There was no unaffected more. It became unclear whether the owner of the computer or the owner of the TPM keys was the real master of the computer.
TrustZone can and will be used to implement a DRM system. However, it won't enforce anything in the normal world. Thus people who do not like to use DRM, can simply ignore it.
Still, there is a feature that will be useful to everyone: The secure mode can be used to protect PIN entry or display of sensitive information from malware. There is hope that such a technology might disrupt the creation of a criminal ecosystem on mobile phones before it gets out of control like it happened on PCs.
The secure mode is typically started from the normal mode, for example because the user wants to enter a PIN. The smart card standardization organization Global Platform intends to standardize this API under the name Trusted Execution Environment. That's the other T-word from the title.
Wednesday 2 March 2011
Malware on Android
As everyone reports: there has been malware on Google's Android market. I have to add that such a thing removes the remaining security from SMS-TANs or similar two factor authentication schemes. One way out of that problem would be to use an additional trusted execution environment on smart phones.
Sunday 27 February 2011
German Police Infects PC at Customs Control
The German newspaper Der Spiegel writes in its issue 9/2011 that the PC of a suspect was infectected with spyware at the customs control. It seems they had permission by a judge, but that this permission did not include the main functionality of the program: to send in a screenshot every thirty seconds. Pretty scary, I would think.
Saturday 12 February 2011
CISCO report on malware
Cisco published an interesting report on the 2010 developments on the malware scene. They discuss the economics of malware, the recruiting of mules (people who funnel stolen money on criminal's accounts) and future developments. The prediction I find most interesting is that Apple computers will be targeted next year. Another prediction is of course that smartphones will targeted.
Subscribe to:
Posts (Atom)
Posts
