Spyware, viruses, & security forum: NEWS - October 04, 2012

.. Web Host

Several Web sites in Sweden, including the nation's central bank and two government affiliates, were hit with attacks this week, supposedly in retaliation for a police raid on an Internet company tied to The Pirate Bay, the world's largest file sharing site.

That site also was offline until Wednesday, but its officials say it was due to broken Power Distribution Unit.

The group Anonymous warned in a YouTube video that there would be repercussions after a two-day raid earlier this week on Web host PeriQ Networks AB in Solna, just outside Stockholm.

"We see this as a crime against freedom of information," a narrator said. "Swedish goverment will know our capabilities and what we want."

Sweden's Courts Administration site was hit by a DDoS attack, while a "foul message" was left at the National Board of Health and Welfare's web site. As of Wednesday evening, it was business as usual at both sites.

Pirate Bay's four Swedish founders have all been convicted of illegal file sharing, but the Web site continues to operate and is now registered in the Seychelles. Two of The Pirate Bay's founders started PRQ.

Continued : https://threatpost.com/en_us/blogs/swedish-sites-attacked-retaliation-police-raid-web-host-100312

Related:
PRQ Raid Targets Revealed, Pirate Party Gets Boost, Plot Thickens....
Swedish police confiscate three servers during raid on former Pirate Bay host

HSTS, the HTTP Strict Transport Security protocol, has been approved as a proposed standard by the IETF. HSTS is designed to allow web sites to ensure that only secure connections are being made to them by informing browsers that they should use a secure connection. The mechanism works by the server responding with a Strict-Transport-Security header which signals to the browser that it should connect using HTTPS for a time, not only for this connection but, potentially for subdomains as well. Once a browser gets this header it is under orders to only use secure connections to the site.

Many sites have previously either used HTTP redirects to get users to their secure pages or insecurely taken user names and passwords before sending the user on their way to an HTTPS page. HSTS reduces the ability for an attacker listening in on those connections to gather cookies or other data which may be exchanged on a session which began insecurely; a flaw which Firesheep has exploited since 2010.

HSTS has already been picked up by the industry, with PayPal, Blogspot and Etsy implementing the server side and Chrome, Firefox and Opera implementing the browser side. Microsoft's Internet Explorer and Apple's Safari have yet to incorporate HSTS

Continued : http://www.h-online.com/open/news/item/HSTS-becomes-IETF-proposed-standard-1722502.html

The UK will invest £2 million to set up a "centre of excellence" that will dish out advice to other countries needing to beef up their cyber security research and practices, Foreign Secretary William Hague said at the Budapest Conference on Cyberspace.

The funds will go towards establishing the Centre for Global Cyber-Security Capacity Building, which will be based at one of eight academic institutions designated 'Academic Centres of Excellence in Cyber Security Research'.

The Centre, which will bring together governments, researchers and security experts, will aim to position the UK at the centre of international cyber security efforts.

"Cyberspace is emerging as a new dimension in conflicts of the future. Many nations simply do not yet have the defences or the resources to counter state-sponsored cyber attack," Hague said.

"If we do not find ways of agreeing principles to moderate such behaviour and to deal with its consequences, then some countries could find themselves vulnerable to a wholly new strategic threat: effectively held to ransom by hostile states," he added.

Continued : http://www.itproportal.com/2012/10/04/uk-to-invest-2m-in-global-cyber-security-centre/

Also:
UK government to invest £2m in international cybersecurity centre
UK.gov to spunk £2m a year policing global cyber-security

.."I am calling you from Windows":

"Cold caller from "Windows Technical Support" asks for remote access to my PC."

When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.

This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such "boiler room" call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.

I walked around my office with the phone against my ear, then settled into my desk chair and put the call on speakerphone. I wanted to know just what it felt like to be on the receiving end of such a call. I wanted to know how a group of scammers half a world away convinced random and often tech-illiterate people to do things like run the built-in Windows Event Viewer, then connect to a website, download software, and install it (together, no easy feat for many mainstream users). I wanted to know just how the scammers eventually convinced their marks to open up remote control of their PCs to strangers who had just called them on the telephone.

Continued : http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/

Related to:
FTC Halts Massive Tech Support Scams
FTC Blocks "Tech Support" Fraud Schemes Linked to India
FTC shuts down tech support scams from India that charged $49-$450 to remove nonexistent malware