07 Aug 15. Facebook’s new security chief has called on the internet industry to go beyond securing the web “for the 1 per cent” and create cyber security defences that will work across emerging markets. Alex Stamos, a former Yahoo security executive famous for his vehement criticism of the US National Security Agency, said he would prioritise building security solutions to protect people who do not have the benefits of the most up to date technology. Speaking on the sidelines of the Def Con cyber security conference in Las Vegas, Mr Stamos said consumer internet companies such as Facebook could not rely on the security industry to keep all their users across the world safe.
“We can’t say you are only safe if you are on the latest phone in a country with a great human rights record,” he said.
Responsibility for fighting hackers has landed mainly with the private sector, unlike so-called offline criminals who are targeted by law enforcement agencies. Private sector companies tend to target wealthy customers such as banks rather than ordinary users in developing countries. Facebook’s Internet.org initiative aims to connect the two-thirds of the world’s population that are not already online, mainly through the launch of apps providing access to basic information and the social network that carriers do not charge data fees for. But it is also experimenting with bringing internet access to the furthest flung corners of the world by beaming it down from drones and lasers. Mr Stamos, who joined the company six weeks ago, said securing Internet.org was one of his top priorities and that Facebook and its peers had an “obligation” to do so. For example, millions of people in developing countries use phones which run unofficial versions of Android that are never updated when new security flaws are found, making them easy targets for cyber criminals. Despite the billions of dollars pouring into cyber security start-ups, several of which were selling their wares at the neighbouring Black Hat conference, he said few were focusing on the needs of consumers beyond the West.
“There has been an explosion of booth space and if you look at those companies, the vast, vast majority are targeting not just enterprises but large, diverse enterprises with security teams,” he said. “It makes sense for them to sell for people with money.”
At Yahoo, Mr Stamos led a drive to add an option for strong end-to-end encryption to Yahoo mail, working closely with Google and its web mail service, as he advocated encryption as a way to keep users private from mass surveillance by government agencies such as the NSA. But he said he did not yet have plans to announce the introduction of this type of encryption, which ensures even the technology company cannot view the data, at Facebook. (Source: FT.com)
06 Aug 15. Panda Emissary APT concentrated in attacking aerospace companies. Panda Emissary, supposed Chinese ATP group, is targeting high-profile governments and organisations that are looking for defence aerospace projects. Researchers at Dell found that the group used watering hole attacks. The group likes to compromise websites that are popular with a target organisation’s personnel—they’ve already compromised more than 100 sites. The group exploits old vulnerabilities that are not yet patched by victims. Dell discovered that the APT group usually exploited Java flaws. The watering holes used by these hackers include a whitelist to run surgical attacks by ensuring that only staff from a target organisation is infected and remains in their radar for a while. The group used custom tools OWaAuth web shell and ASPXTool along with popular criminal hacking tools PlugX RAT, HttpBrowser and China Chopper. The Panda Emissary group targeted large manufacturing companies that supply defence organisations, energy firms, embassies in Washington DC, representing countries in the Middle East, Europe, and Asia, NGOs mainly focused on international relations and defence and