PJ está a contratar

do DN online:

Concurso aberto para mais 120 inspetores tem em mira áreas consideradas prioritárias pela Direção Nacional da PJ

A corrupção e o crime informático, duas das áreas mais modernas e sofisticadas da criminalidade, vão ser reforçadas daqui a dois anos, quando estiverem formados mais 120 inspetores.

O concurso para estas novas 120 vagas abriu no dia 20 de março e requer licenciaturas em 86 cursos diferentes, com claro destaque para as áreas de Administração e Gestão de Empresas e engenharias nas áreas dos computadores e telecomunicações. Sendo que por causa do previsto na lei orgânica da PJ, 40 vagas (33% do total) estão à partida reservadas para candidatos com licenciaturas em Direito.
A importância dada ao ciberterrorismo é tal que a PJ vai ter uma Unidade Nacional de Investigação do Crime Informático (UNCII), que contará com 100 inspetores no total, como revelou ao DN o diretor nacional da Judiciária, Almeida Rodrigues. Trata-se, afinal, de uma criminalidade que não tem parado de subir desde 2011, ano em que foi criado o Gabinete do Cibercrime na Procuradoria Geral da República.

certificados falsos da Google

Maintaining digital certificate security
Google Online Security Blog
Adam Langley

On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC.

CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist.

We promptly alerted CNNIC and other major browsers about the incident, and we blocked the MCS Holdings certificate in Chrome with a CRLSet push. CNNIC responded on the 22nd to explain that they had contracted with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. However, rather than keep the private key in a suitable HSM, MCS installed it in a man-in-the-middle proxy. These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons. The employees’ computers normally have to be configured to trust a proxy for it to be able to do this. However, in this case, the presumed proxy was given the full authority of a public CA, which is a serious breach of the CA system. This situation is similar to a failure by ANSSI in 2013.

This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to hold it.

Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of abuse and we are not suggesting that people change passwords or take other action. At this time we are considering what further actions are appropriate.

This event also highlights, again, that the Certificate Transparency effort is critical for protecting the security of certificates in the future.

(Details of the certificate chain for software vendors can be found here.)

Evitar vulnerabilidades de projecto no software

Há muito trabalho em evitar vulnerabilidades de codificação. Este documento é sobre evitar vulnerabilidades de projecto:



Estreou há pouco tempo uma versão "cyber" das séries CSI. Giro, mas não resistiram às perseguições de carros, tiros,...

Ataques contra a bolsa

Hackers target hedge funds to manipulate trading algorithms
SC Magazine

The financial institutions are under attack from a new generation of cyber-criminals, ones that are looking to exploit weaknesses in the algorithms used to conduct automatic trades. Algorithms are widely used within financial institutions to generate mass trades – at one venture capital company, an algorithm has been appointed to the board of directors

EJ Hilbert, head of cyber-investigations at Kroll, said that algorithms were a tempting target for cyber-criminals. “Algorithms manipulate data and the bad guys understand that – manipulating data is what they know.”

He couldn't say how common a problem it was as he could only comment on cases where Kroll was brought into investigate. He did say that he knew of at least two recent cases: one where the company had in place procedures that identified a particular issue and one where the company just thought there was something not quite right. “In one case, the bad guy was someone internal; in the other, we couldn't identify where the gang was from.” He pointed out, however, that these were highly organised criminal gangs, ones who were able to sell information and launder the proceeds accordingly.

Hilbert, a former FBI cyber-crime investigator said the really interesting question is what the criminals would do with the compromised source code, whether it would be used to sell it back to the companies that it had been stolen from or whether the criminals would use it themselves. “We know, from monitoring the dark web, that there are discussions about how to use this information,” he said. 

Financial authorities have already identified a problem with hedge funds. In April last year, the USA's Security Exchange Commission said it would be looking into brokerage firms and investments advisors to ascertain how protected they were against cyber-attacks and what steps they were taking to protect customer data.

On this side of the pond, regulatory authorities are more circumspect. “We would ensure that companies have adequate systems and controls in place for the management of IT risks,” said a spokeswoman for the Finance Conduct Authority, but said that the authority didn't treat hedge fund companies any different from other financial institutions. Nor did the FCA look into any detail at the level of protection. “We're a financial regulator not a body that assesses IT risk,” the spokeswoman said.

Hilbert said the regulators would want to keep a close eye on trading systems and maybe introduce new procedures. “When there was a lot of credit card crime, systems were tightened and PCI DSS was introduced and there's no less of a problem,” he said.

Memory Analysis Suite for Mozilla InvestiGators

The Masche MWoS team presents their work on building a Memory Analysis Suite for Mozilla InvestiGators (MIG). MASCHE is a cross-platform Go library that provides low-level memory scanning on Linux, Windows and MacOS. It was developed by a team of 4 students from University of Buenos Aires, and part of the Mozilla Winter of Security initiative.

artigo original

Quebrar protecções de segurança alterando bits de memória


AS MOORE’S LAW has packed more and more transistors onto a single memory chip, scientists have fretted for years that electric charges that “leak” out from those tiny components might cause unpredictable errors in neighboring semiconductors. But now a team of Google researchers has demonstrated a more unexpected problem with that electromagnetic leakage: hackers can use it to purposefully corrupt portions of some laptops’ memory, and even to bypass the security protections of those computers.

In a post on its Google Project Zero security blog Monday, a group of the company’s researchers revealed new hacker exploits that take advantage of what’s known as the “Rowhammer” technique. Here’s how Rowhammer gets its name: In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer’s memory, “hammering” it until the charge from that row leaks into the next row of memory. That electromagnetic leakage can cause what’s known as “bit flipping,” in which transistors in the neighboring row of memory have their state reversed, turning ones into zeros or vice versa. And for the first time, the Google researchers have shown that they can use that bit flipping to actually gain unintended levels of control over a victim computer. Their Rowhammer hack can allow a “privilege escalation,” expanding the attacker’s influence beyond a certain fenced-in portion of memory to more sensitive areas.


Apresentação da ferramenta WAP em Lisboa

Pode ser interessante, agora que a ferramenta ultrapassou os 2000 downloads :-)

March 18 @ 19:00 - 21:00

Speaker: Ibéria Medeiros

Session Title: Web Application Protection

Session Description:

Nesta sessão são abordados os seguintes temas:
- a importância da ferramenta WAP;
– o enquadramento em pen-testing;
– como se compara com outras ferramentas – vantagens e desvantagens;
– quais as suas principais funcionalidades, explicando as mesmas numa perspectiva de segurança de informação;
– demonstração da ferramenta, das vulnerabilidades detectadas, e possível exploração das mesmas.

Registration: http://security3v3ntz-webapplicationprotection.eventbrite.co.uk

Location: ISCTE, Edifício 1, Auditório 0NE01


EU Cybersecurity Maturity Dashboard 2015

EU Cybersecurity Maturity Dashboard 2015
"The promise of today’s interconnected world is immeasurable.Technology has become integral to virtually every sector of the global economy, including banking, communications and the electrical grid. The benefits that stem from that promise, however, face very real threats.

The purpose of this report — the first-of-its-kind BSA EU Cybersecurity Dashboard — is to provide government officials in each of the EU Member States with an opportunity to evaluate their country’s policies against these metrics, as well as their European neighbors."

consultar o quadro

Angler & Domain Shadowing

Cisco blog

Angler is currently the best exploit kit on the market
. The security industry has been waiting in anticipation to see which kit would replace “Blackhole”. While Angler may not have replaced Blackhole in terms of volume, the high level of sophistication and widespread usage leads us to declare Angler as the winner. It has shown the capability of integrating new exploits, including 0-days, quickly and effectively. With a new technique we’re calling Domain Shadowing, Angler has shown it is working hard to avoid standard detection.

Domain shadowing is the process of using users domain registration logins to create subdomains (i.e. says.imperialsocks.com). Angler Exploit Kit has begun utilizing these hijacked domain registrant accounts to serve malicious content. This is an increasingly effective attack vector since most individuals don’t monitor their domain registrant accounts regularly. These accounts are typically compromised through phishing. The threat actor then logs in with credentials and creates large amounts of subdomains. Since a lot of users have multiple domains this can provide a nearly endless supply of domains. Talos has found several hundred accounts that have been compromised that have control of thousands of unique domains. We have identified close to 10K unique subdomains being utilized. This behavior has shown to be an effective way to avoid typical detection techniques like blacklisting of sites or IP addresses. Since this campaign has done an exceptional job of rotation not only the subdomains, but also the IP addresses associated with the campaign. Additionally, these subdomains are being rotated quickly minimizing the time the exploits are active, further hindering both block list effectiveness and analysis. This is all done with the users already registered domains. No additional domain registration was found.

This recent campaign has been running since late December and coupled with the recent Flash 0-day has shown to be a new evolution in exploit kits. Utilizing 0-days and advanced evasion techniques were once reserved for targeted attacks and are now being packaged as the next evolution in the productized industrialization of hacking. This illustrates how products like Angler have raised the bar for the effectiveness of user driven exploit frameworks putting it in the same arena as the advanced threat market. Previously, the information security industry has been trying to focus on detecting the threats like common, user targeted attacks while taking an “its not if, but when” approach to the advanced threats. Angler is now in the category of “not if, but when your organization will be impacted.”