Skip navigation
Help

Cisco Systems

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Dan Goodin

Aurich Lawson / Thinkstock

Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.

The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet's most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said. Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren't ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes.

Researchers also don't know precisely how many sites have been infected by Darkleech. The server malware employs a sophisticated array of conditions to determine when to inject malicious links into the webpages shown to end users. Visitors using IP addresses belonging to security and hosting firms are passed over, as are people who have recently been attacked or who don't access the pages from specific search queries. The ability of Darkleech to inject unique links on the fly is also hindering research into the elusive infection toolkit.

Read 14 remaining paragraphs | Comments

0
Your rating: None


A representation of how TLS works.

Nadhem J. AlFardan and Kenneth G. Paterson

Software developers are racing to patch a recently discovered vulnerability that allows attackers to recover the plaintext of authentication cookies and other encrypted data as they travel over the Internet and other unsecured networks.

The discovery is significant because in many cases it makes it possible for attackers to completely subvert the protection provided by the secure sockets layer and transport layer protocols. Together, SSL, TLS, and a close TLS relative known as Datagram Transport Layer Security are the sole cryptographic means for websites to prove their authenticity and to encrypt data as it travels between end users and Web servers. The so-called "Lucky Thirteen" attacks devised by computer scientists to exploit the weaknesses work against virtually all open-source TLS implementations, and possibly implementations supported by Apple and Cisco Systems as well. (Microsoft told the researchers it has determined its software isn't susceptible.)

The attacks are extremely complex, so for the time being, average end users are probably more susceptible to attacks that use phishing e-mails or rely on fraudulently issued digital certificates to defeat the Web encryption protection. Nonetheless, the success of the cryptographers' exploits—including the full plaintext recovery of data protected by the widely used OpenSSL implementation—has clearly gotten the attention of the developers who maintain those programs. Already, the Opera browser and PolarSSL have been patched to plug the hole, and developers for OpenSSL, NSS, and CyaSSL are expected to issue updates soon.

Read 13 remaining paragraphs | Comments

0
Your rating: None

Enlarge

Kaspersky Lab

Researchers have uncovered an ongoing, large-scale computer espionage network that's targeting hundreds of diplomatic, governmental, and scientific organizations in at least 39 countries, including the Russian Federation, Iran, and the United States.

Operation Red October, as researchers from antivirus provider Kaspersky Lab have dubbed the highly coordinated campaign, has been active since 2007, raising the possibility it has already siphoned up hundreds of terabytes of sensitive information. It uses more than 1,000 distinct modules that have never been seen before to customize attack profiles for each victim. Among other things, components target individual PCs, networking equipment from Cisco Systems, and smartphones from Apple, Microsoft, and Nokia. The attack also features a network of command-and-control servers with a complexity that rivals that used by the Flame espionage malware that targeted Iran.

"This is a pretty glaring example of a multiyear cyber espionage campaign," Kaspersky Lab expert Kurt Baumgartner told Ars. "We haven't seen these sorts of modules being distributed, so the customized approach to attacking individual victims is something we haven't seen before at this level."

Read 13 remaining paragraphs | Comments

0
Your rating: None


TedxTughlaqRdChange - Anand Chulani

After being trained by the guru of all motivational speakers, Anthony Robbins (coached Sir Anthony Hopkins to President Clinton to Donna Karan to Andre Agassi), international speaker, leadership & peak performance coach, Anand Chulani created LOL Method which empowers leaders in sport, business to optimize their optimize their talent and perform at their peak consistently. In the last year, the LOL Method has been embraced by leaders of companies such as Google, Airtel, Bharti, Vodafone, Turner Broadcasting, Exonn Mobil, Lloyds Bank, UBS, Target, Cisco Systems and Credit Suisse and organizations such as YPO International and the International Association of Hostage Negotiation. An expert in peak performance and emotional fitness, Chulani is a regular guest on Bloomberg News and has written articles for Harper's Bazaar, CNN GO and LA Confidential. As part of his expertise, Chulani coaches people to get the best out of talents, keep themselves in good emotional shape and knock out limiting patterns and beliefs to help them get results in areas that range from anti-smoking to weight loss to relationship management to performing at their best at home and at work.
From:
TEDxTalks
Views:
45

1
ratings
Time:
19:54
More in
People & Blogs

0
Your rating: None

girl-phone-technolohy

Experts are growing more concerned about the effect of technological advancement on a generation of Americans.

According to a survey conducted by the Pew Research Center and Elon University, more than half of the 1,021 respondents believe that constant multitasking and zealous decision-making capabilities will generally produce positive outcomes for young adults in the future.

On the other hand, 42 percent of respondents think that the wired mentality will actually impair cognitive abilities. By 2020, Millennials will "spend most of their energy sharing short social messages, being entertained, and being distracted away from deep engagement with people and knowledge." They'll lack "deep-thinking capabilities" and "face-to-face social skills."

The good news is that Millennials will become good decision-makers and nimble analysts, but the bad news is that they'll expect instant gratification and will, often, make quick, shallow choices.

“Memories are becoming hyperlinks to information triggered by keywords and URLs," says Geoloqi's CEO Amber Case. "We are becoming ‘persistent paleontologists’ of our own external memories, as our brains are storing the keywords to get back to those memories and not the full memories themselves."

The respondents in the survey were chosen specifically for their leadership roles in prominent organizations, including GoogleMicrosoft, Cisco Systems, Yahoo, Ericsson Research, Harvard, MIT and Yale, and 40 percent of them are research scientists. 

The survey concluded that the only solution to minimizing the worse and maximizing the best would be to focus on reforming education and emphasizing digital literacy. 

"Educators should teach the management of multiple information streams, emphasizing the skills of filtering, analyzing, and synthesizing information. Also of value is an appreciation for silence and focused contemplation," the study says.

DON'T MISS: 13 ways the recession has changed how millennials view work>

Please follow Careers on Twitter and Facebook.

Join the conversation about this story »

See Also:

0
Your rating: None