events
TRANSCRIPT
EVENTS
CALENDAR
20Computer Fraud & Security January 2013
19–22 February 2013OWASP AppSec AsiaPac 2013Jeju, South Koreahttp://bit.ly/SVp1cx
24–25 February 2013Security BSides San FranciscoSan Francisco, USwww.securitybsides.com/w/page/35868077/BSidesSanFrancisco
25 February – 1 March 2013RSA Conference 2013San Francisco, USwww.rsaconference.com
11–15 March 2013TroopersHeidelberg, Germanywww.troopers.de
12–15 March 2013Black Hat EuropeAmsterdam, Netherlandswww.blackhat.com/eu-13/
25–26 March 20138th International Conference on Information Warfare and Security (ICIW)Denver, UShttp://academic-conferences.org
5–7 April 2013Security BSides Puerto RicoSan Juan, Puerto Ricohttp://bit.ly/Q6wWFn
8–11 April 2013Hack in the BoxAmsterdam, Netherlandshttp://conference.hitb.org
23–25 April 2013Infosecurity Europe 2013Earls Court, London, UKwww.infosec.co.uk
24 April 2013Security BSides LondonLondon, UKhttp://bit.ly/XvAtPE
...Continued from page 3platforms. This allows users to run unsigned code on Surface tablets and other devices, effectively jailbreaking the platform.
The exploit is possible because much of the Windows RT code has been ported directly from Windows 8. This includes a byte in the kernel that sets the minimum signing level for code execution. On Windows 8, this is set to 0 so that any code can be run. But on Windows RT, it is set to 8, meaning that code must be signed by Microsoft in order to run. That’s because Microsoft is attempting to create a similar ‘walled garden’ to that of Apple’s for devices such as the Slate. However, Rokr claims to have been able to use a debugger to inject modified code, allowing any software to be run – at least until the device is restarted. Full details are available here: http://bit.ly/201301clrokr.
Iran under cyber-attack – or not
In a series of events that amply illustrates the fog of cyberwar,
Iran announced that it was under attack from data-wiping malware that was quickly – and probably wrongly – attributed to the US and Israeli governments. This was followed by the claim that some of its facilities had come under attack from Stuxnet-like malware – only for this to be later denied.
In December 2012, the Iranian Computer Emergency Response Team, Maher, reported that it had detected a data-wiping attack – dubbed GrooveMonitor or BatchWiper depending on which anti-malware vendor you’re talking to.
The malware is dropped as a self-extracting WinRar file called GrooveMonitor.exe. This in turn unarchives and runs executable programs that erase all files on drives D: to I: and on the desktop. The fact that the malware only carries out these actions between certain dates – pairs of dates extending as far ahead as Feb 2015 – has
led to speculation by some, including Maher, that this was a targeted attack. Maher also said the malware has not been widely distributed, although it hasn’t given details of the victims.
The Industrial Safety and Security Source website ran an article suggesting that, like Stuxnet, this attack was the work of US and Israeli intelligence forces, and said a CIA source had confirmed this. However, this seems unlikely – and not just because the CIA isn’t in the habit of confirming covert actions. Unlike Stuxnet – which was arguably the most complex and sophisticated malware ever used – GrooveMonitor consisted simply of crude batch files that had been turned into Windows PE files using the BAT2EXE tool. In addition, one of the executables was 16-bit only and would not run on 64-bit machines. Instead, it would raise an error.
Following this attack, the Iranian Students News Agency (ISNA) announced that a power station – the Bandar Abbas Tavanir electrical utility – in the south of Iran had been hit by a Stuxnet-like virus. Ali Akbar Akhavan, head of Iran’s Passive Defence Organisation, was quoted by ISNA as saying that manufacturing industries in the Hormuzgan province had also been attacked. But Akhavan later issued a statement claiming that ISNA had misquoted him.
Study shows 94% of US healthcare organisations leaked data
In the past two years, 94% of US healthcare organisations contacted
for a Ponemon Institute report admitted that they had suffered at least one data breach, mostly as a
reported that they had more than five data breaches in that time.
This shows a rise – albeit a small one, given the enormity of the problem – with a similar survey undertaken two years ago. In the 2010 report, 86% of organisations admitted to breaches in the preceding two years, although only 29% had five or more data leaks.