O mistério TrueCrypt

http://www.theregister.co.uk/2014/05/28/truecrypt_hack/

The website of popular drive-encryption software TrueCrypt has been ripped up and replaced with a stark warning to not use the crypto-tool. It's also distributing a new version of the software, 7.2, which appears to have been compromised.

It's feared the project, run by a highly secretive team of anonymous developers, has been hijacked by unknown parties. The easy-to-use data-protecting utility is favored by NSA whistleblower Edward Snowden and his journo pals, as well as plenty of privacy-conscious people.

site do TrueCrypt: http://truecrypt.sourceforge.net

Kali Linux 1.0.7

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands: (...)

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant amount of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs, to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

Direito ao esquecimento

"Uma decisão do Tribunal de Justiça da União Europeia na semana passada — que reconheceu o “direito ao esquecimento” no caso de um cidadão espanhol — provocou uma onda de debates e uma divisão entre Europa e Estados Unidos."

No Público, “Direito ao esquecimento” esquece o quê: privacidade ou liberdade de expressão?

Grande operação da Europol contra o malware BlackShades

excertos do comunicado da Europol:

During two days of operations taking place in 16 countries worldwide, coordinated by Eurojust in The Hague and supported by the European Cybercrime Centre (EC3) at Europol, creators, sellers and users of BlackShades malware were targeted by judicial and law enforcement authorities.

During both action days, 359 house searches were carried out worldwide, and more than 80 people were arrested. Over 1100 data storage devices suspected of being used in illegal activities were seized, including computers, laptops, mobile telephones, routers, external hard drives and USB memory sticks. Substantial quantities of cash, illegal firearms and drugs were also seized.

A recent case in the Netherlands of BlackShades malware being used for criminal purposes was that of an 18-year-old man who infected at least 2000 computers, controlling the victim’s webcams to take pictures of women and girls.

Countries that undertook action against creators, sellers and users of the malware included the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, USA, Canada, Chile, Croatia, Italy, Moldova and Switzerland.

(...)

BlackShades has sold and distributed malicious software (malware) to thousands of individuals throughout the world. BlackShades' flagship product was the BlackShades RAT, a sophisticated piece of malware that enables its users to remotely and surreptitiously gain complete control over a victim's computer. Once installed on a victim's computer, a user of the RAT is free to, among other things, access and view documents, photographs and other files, record all of the keystrokes entered and even activate the webcam on the victim's computer - all of which could be done without the victim's knowledge. BlackShades also makes it possible to carry out large-scale distributed denial-of-service (DDoS) cyber-attacks.

A particularly malicious aspect of this software is the ability to encrypt and deny access to files. BlackShades provides sample letters such as the following for users of the software to modify:

comunicado completo

RFC 7258: Pervasive Monitoring Is an Attack

Não é brincadeira, é mesmo um novo RFC do IETF:

Internet Engineering Task Force (IETF)                        S. Farrell
Request for Comments: 7258                        Trinity College Dublin
BCP: 188                                                   H. Tschofenig
Category: Best Current Practice                                 ARM Ltd.
ISSN: 2070-1721                                                 May 2014


                   Pervasive Monitoring Is an Attack

Abstract

   Pervasive monitoring is a technical attack that should be mitigated
   in the design of IETF protocols, where possible.

Status of This Memo

   This memo documents an Internet Best Current Practice.

(...)

1.  Pervasive Monitoring Is a Widespread Attack on Privacy

   Pervasive Monitoring (PM) is widespread (and often covert)
   surveillance through intrusive gathering of protocol artefacts,
   including application content, or protocol metadata such as headers.
   Active or passive wiretaps and traffic analysis, (e.g., correlation,
   timing or measuring packet sizes), or subverting the cryptographic
   keys used to secure protocols can also be used as part of pervasive
   monitoring.  PM is distinguished by being indiscriminate and very
   large scale, rather than by introducing new types of technical
   compromise.

   The IETF community's technical assessment is that PM is an attack on
   the privacy of Internet users and organisations.  The IETF community
   has expressed strong agreement that PM is an attack that needs to be
   mitigated where possible, via the design of protocols that make PM
   significantly more expensive or infeasible.  Pervasive monitoring was
   discussed at the technical plenary of the November 2013 IETF meeting
   [IETF88Plenary] and then through extensive exchanges on IETF mailing
   lists.  This document records the IETF community's consensus and
   establishes the technical nature of PM.

   The term "attack" is used here in a technical sense that differs
   somewhat from common English usage.  In common English usage, an
   attack is an aggressive action perpetrated by an opponent, intended
   to enforce the opponent's will on the attacked party.  The term is
   used here to refer to behavior that subverts the intent of
   communicating parties without the agreement of those parties.  An
   attack may change the content of the communication, record the
   content or external characteristics of the communication, or through
   correlation with other communication events, reveal information the
   parties did not intend to be revealed.  It may also have other
   effects that similarly subvert the intent of a communicator.
   [RFC4949] contains a more complete definition for the term "attack".
   We also use the term in the singular here, even though PM in reality
   may consist of a multifaceted set of coordinated attacks.

   In particular, the term "attack", used technically, implies nothing
   about the motivation of the actor mounting the attack.  The
   motivation for PM can range from non-targeted nation-state
   surveillance, to legal but privacy-unfriendly purposes by commercial
   enterprises, to illegal actions by criminals.  The same techniques to
   achieve PM can be used regardless of motivation.  Thus, we cannot
   defend against the most nefarious actors while allowing monitoring by
   other actors no matter how benevolent some might consider them to be,
   since the actions required of the attacker are indistinguishable from
   other attacks.  The motivation for PM is, therefore, not relevant for
   how PM is mitigated in IETF protocols.

(...)

Ciber-crime em Portugal

Só 27 foram condenados por ataques informáticos e a maioria com multa

(...)

Em seis anos, 27 arguidos (36%), num total de 75, foram condenados por ataques informáticos, segundo a estatística de processos judiciais referentes àquelas situações fornecidos pelo Ministério da Justiça (MJ) ao PÚBLICO. A maioria dos arguidos, condenados pelos crimes de sabotagem informática e acesso ilegítimo, incorreram somente em penas de multa. Entre 2007 e 2012, período ao qual se referem os dados, ninguém foi condenado a penas de prisão efectiva. Alguns arguidos poderão ter sido condenados a penas suspensas de prisão, mas por razões de segredo estatístico estes casos não são revelados. O MJ ainda não tem informação referente ao ano passado.

(...)

“Este tipo de investigação tem dificuldades específicas. Os ataques informáticas costumam recorrer a servidores de cloud, sendo a informação móvel pela sua própria natureza e difícil de localizar. Além disso, este tipo de técnicas criminosas recorre normalmente a software de anonimização e a VPN [conexão encriptada], que tornam a investigação difícil”, sublinhou a Procuradoria-Geral da República (PGR).

As dificuldades parecem, contudo, não explicar tudo. Fonte da PJ garantiu ao PÚBLICO que as duas brigadas que se dedicam a investigar estes crimes há muito tempo que aguardam reforço. Aliás, quando alguém sai destas brigadas para outros serviços, os lugares ficam por ocupar, apontou. O director nacional adjunto da PJ, Pedro do Carmo, fez questão de salientar ao PÚBLICO, porém, que “a falta de meios não está em causa” e que os meios existentes são, neste momento, adequados “face às necessidades”.

(...)

Vistos de fora, aos olhos de outras empresas da área, os ataques surgem como tendo sido relativamente pouco elaborados. “Aquilo que estamos habituados a ver nestes ataques é que não são de todo sofisticados. São feitos com ferramentas automatizadas, que estão disponíveis a qualquer pessoa que tenha motivação”, observa o director técnico da AnubisNetworks, João Gouveia, ressalvando não ter informação sobre o caso concreto.

artigo completo no Público


Mais sites oficiais atacados

"Os sites da Administração Pública continuam na mira dos hackers. Desta vez os alvos foram o site GID - Gestão Integrada da Saúde e o site Associação na Hora, que sofreram um ataque do tipo "deface"."

Notícia no Tek Sapo

Ataque à PGR

Desde 2011 que é conhecida a falha de segurança que os Anonymous terão explorado no passado 25 de abril para atacar os sites da PGR, da Procuradoria-Geral do Distrito de Lisboa (PGDL) e do Sistema de Informação do Ministério Público. A PGR terá mesmo sabido desta falha da pior forma: em 2011, um grupo de hacktivistas (as notícias da altura referem o grupo LulzSec) terá conseguido desviar informações sobre alguns processos mais mediáticos que constavam no repositório da PGR, usando a mesma falha de segurança para lançar um ataque de SQL Injection.

Depois do ataque realizado em 2011, a PGR terá sido alertada, por mais de uma vez, para a existência da falha de segurança existente nos sistemas, apurou a Exame Informática. Além de avisos de colegas e especialistas, também o fabricante da plataforma que continha a vulnerabilidade divulgou alertas sobre os riscos que comportava a falha de segurança em causa.

Nos bastidores da segurança eletrónica, há ainda quem garanta que os Anonymous chegaram a divulgar essa mesma falha de segurança nos fóruns que usam para preparar os seus ataques.

Aparentemente, essa mesma falha não terá sido sanada até ao dia 25 de abril de 2014, data em que os Anonymous decidiram avançar com o denominado “Apagão Nacional” contra os sites da PGR, PGDL e SIMP e revelar contactos de mais de dois mil magistrados, entre outros dados confidenciais.

Não há garantias de que a mesma vulnerabilidade já tenha sido sanada à data da edição deste texto: Por esta ou qualquer outra razão, os sites da PGDL e do SIMP mantêm-se inoperacionais.

texto completo no site da Exame Informática: Anonymous usaram falha conhecida desde 2011 para atacar sites da PGR
Hugo Séneca
 06/05/2014 12:32

Tails e comunicação anónima

Já fiz um post sobre o Tails mas este do Linux.com tem muito informação interessante, incluindo referências para outros projectos semelhantes. Um excerto:


Tails, short for "The Amnesic Incognito Live System," came to the world's attention last month when the Freedom of the Press Foundation revealed that Edward Snowden used a beta version of the Linux distribution to securely communicate with reporters. Now, the same highly secure distro used by Snowden to leak NSA materials has been released as version 1.0 under an open GPLv3 license.

Tails' first line of defense against snoopers is the fact that it's a "live" OS, designed to boot up and run entirely from a USB drive, DVD, or SD card. The distribution is said to leave no trace on the host computer. There's a long tradition of live Linux distributions dating back over a decade with distros such as Knoppix.

Tails' second line of defense is that it uses the open source Tor anonymity network for web surfing and communications. Tor has become increasingly popular among journalists, dissidents, privacy advocates, spies, criminals, terrorists, and others who want to keep their online behavior anonymous. Developed by the U.S. Navy, Tor generates a complex network of virtual tunnels to hide IP addresses from prying eyes.

Finally, Tails supplies security tools including OpenPGP encryption, KeePassX password management, LUKS disk encryption, and Off-the-Record (OTR) encrypted chat. These and other applications like the Pidgin IM client and Claws email client, have been tweaked for security, privacy, and anonymity. For example, Firefox is configured with the HTTPS Everywhere extension from the Electronic Frontier Foundation (EFF). A virtual keyboard helps protect against hardware keyloggers.

Tails also ships with basic productivity tools such as Audacity, GIMP, and OpenOffice. Yet, as Wired recently noted, Tails is not intended as an everyday OS. "That’s because over the course of day-to-day use, you’re likely to use one service or another that could be linked with your identity, blowing your cover entirely," says the story.

Tails has been five years and 36 stable releases in the making, if you include the Amnesia distro it evolved from. Both Amnesia and Incognito, the Debian distro Amnesia was based on, have been merged into Tails.