Posts tagged attack
Popular messaging service WhatsApp is one of another large set of victim companies that have had their web sites hacked for political reasons—using a methodology that has proven to completely circumvent any security measures a web site might have in place.
According to CNET, the domain of the WhatsApp site was hacked to display a pro-Palestinian message during the early morning hours Tuesday. The new page at WhatsApp.com, entitled “You Got Pwned,” showed political messaging from a group known as the KDMS Team, which not only advocated Palestine, but boasted that no security would be enough to stop them.
The WhatsApp home page has since been returned to normal, but during the attack, it was noted that the Domain Name Service records for the WhatsApp site had been changed. This would suggest that the attackers had not actually cracked into WhatsApp, but had instead used DNS spoofing to hijack the web site’s address.
DNS spoofing is an increasingly popular way for malicious hackers to effectively obtain access to a web site. The attack is remarkably simple, and was instrumental in this summer’s hacks of the Twitter and New York Times home pages. While it is not known if this was indeed how WhatsApp was attacked this morning, details from the August 29 attack on the New York Times web site would support the theory.
DNS servers are specialized servers on the Internet that act as a sort of phone book for the Web. Since people usually find it hard to remember the actual IP addresses of web site servers (like 220.127.116.11), DNS enables users to type in something more language friendly, such as readwrite.com. When a human-language address is entered, a DNS server will quickly find the actual IP address and direct the request from the user’s browser to the actual machine, based on the IP address.
There is no one owner of DNS servers. There are many such companies, known as domain name registrars. Register.com, Network Solutions and GoDaddy are three such major registrars in the U.S., with many more such vendors globally.
What is tricky about DNS registrars is that they all have equal weight. If a customer who owns a domain name goes to any registrar in the world and requests the domain name for their web site address be pointed at a computer with another IP address (and can provide proof that they indeed have control of that domain name), then the change will be made.
What happened in August to the New York Times web site didn’t even involve masquerading as the victim. Instead, someone at a U.S. reseller of Australia-based registrar Melbourne IT had their business account hacked after responded to a phishing e-mail message. Once the reseller’s computer was under the control of the hackers, it was used to request the nytimes.com be moved to the false web server as if the request came from the newspaper’s IT staff.
For anyone surfing to the New York Times then, the effect for immediate and completely transparent: it looked as if the Times pages had been completely replaced. In actuality, the Times content was completely untouched… visitors were simply being redirected to another server when they typed nytimes.com in their browser.
It is not known yet, of course, if something similar happened to the WhatsApp site. Someone’s in WhatsApp could have been subverted and used to make the IP address change. Or yet-another registrar’s system could have been directly accessed.
The vulnerability of DNS servers is a pressing problem for the unhindered flow of information and commerce on the Web. All the website security in the world won’t make a bit of difference if a domain name is stolen right out from under a company’s nose. Registrars will need to step up their security game to block direct-access address hacks, and customers will have to watch their own step so that an identity thief doesn’t make a domain change on their behalf.
View full post on ReadWrite
Google’s alternative to Microsoft Office, Google Apps, has always suffered from the fact that it offers a sort of “good enough” compatibility — fine for most basic document and spreadsheet tasks, but not enough to match certain Office features.
Now Google is preparing to use technology from a recent acquisition, QuickOffice, to close that gap.
In recent weeks, Google sources have told me that Google has been internally testing, or “dogfooding,” QuickOffice, which began life as a standalone productivity app that offers better compatibility with Office than Google’s own Apps. Now, however, Google is testing QuickOffice as a cloud-based service in its own Chrome browser.
(Google already provides QuickOffice as part of its Google Apps subscription, specifically as an app for customers with Android tablets or iPads.)
QuickOffice uses the same .DOCX file format that Office does, allowing users to quickly edit and share the same files as Office users. QuickOffice compatibility probably means that more businesses and users will see Google Apps as a viable alternative to Office, wounding Microsoft’s Office cash cow.
Google sources also say they’re confident that Microsoft won’t be able to block QuickOffice with licensing issues or other legal threats. Eventually, these individuals say, QuickOffice will become the foundation of Google Apps, although that’s still a ways off.
The target, Google sources said, isn’t the full PC-based version of Office itself – although that might be a bit of spin. Instead, Google claims to think of QuickOffice as a competitor to Microsoft’s own Web-based versions of Word, PowerPoint, and Excel – which often deliberately fall short of full Office functionality. For now, that means running QuickOffice as a browser app, probably using Google’s Native Client technology, until Google’s engineers can integrate it directly with Apps.
It’s another example of the growing tension between Microsoft and Google, evidenced by the Microsoft’s “rule-breaking” YouTube Windows Phone app and its use of an open API to talk to Google+ users via its Outlook.com Web site.
Google chief executive Larry Page, for example, used his Google I/O keynote to call out Microsoft’s behavior as “really sad,” and said that Microsoft took advantage of the open API. “Being negative is not how we make progress,” Page said. “And most important things are not zero-sum. There’s a lot of opportunity out there.”
Google Tipped QuickOffice Plans At Pixel Launch
Google acquired QuickOffice last year for an undisclosed sum, and the team went quiet. But we know that Google plans to add QuickOffice to the Pixel, because Google said so.
At the launch of the Pixel a few months ago, Google’s Chrome chief, Sundar Pichai, said that it would take two to three months to add QuickOffice to the Pixel, but that it would be included with it. Since it wasn’t available when Google handed out thousands of Pixels to developers Wednesday, it must be coming soon.
Looking back, Pichai actually spoke quite a bit about QuickOffice’s role within Google at the Pixel launch- but the media (probably correctly) focused on the Pixel hardware itself. Pichai set the stage for the Pixel handout by emphasizing, again and again, that the Pixel represented the best Chromebook experience for developers and early adopters: “if you’re living in the cloud, this is the best experience you can use,” Pichai said then.
Microsoft Strikes… Too Soon
Microsoft clearly anticipated a QuickOffice launch at Google I/O. On May 10, it published a blog post that directly attacked the compatibility of Google Apps as well as QuickOffice. Jake Zborowski, a senior product manager at Microsoft, wrote:
Productivity software is built to help people communicate. It’s more than just the words in a document or presentation; it’s about the tone, style and format you use to convey an overall message. People often entrust important information in these documents — from board presentations to financial analyses to book reports. You should be able to trust that what you intend to communicate is what is being seen.
Zborowski’s post included several sample documents that users could download themselves for comparison’s sake, as well as a funny YouTube video that included Rob Schenider and Pete Rose, poking fun at the “gamble” that is Google Apps. In a supporting comment, Zborowski pointed out that Google doesn’t support the Open Document Format, suggesting that Microsoft is more open than Google.
Google representatives shrugged off the post, noting that the example documents relied on Office functions typical users rarely touch, such as watermarks and odd text spacing.
However, Microsoft’s post also noted that Office Web Apps can now be used within Android, leaving the Microsoft-Google competition within the Android tablet space as an app – Google’s QuickOffice – versus a cloud solution, Microsoft’s Office Web apps.
The whole point of the Pixel, according to Pichai, is to show off the power of the cloud. Microsoft, for its part, is still largely wedded to the desktop application, and the $23 billion or so that its Business Division pulls in on an annual basis. (Office 365 doesn’t live in the cloud, although it has cloud hooks in SkyDrive and its subscription delivery system.) That’s a target that Google has attacked for several years now, with dueling customer announcements from both sides marking the ebb and flow of the battle.
Micosoft may be right that Google Apps and QuickOffice don’t offer the full capabilities of Office. But they come close – and “close” has been the selling point behind Apps all along. QuickOffice looks like it could close the gap.
Image Source: Google
View full post on ReadWrite
Microsoft is on the attack again, this time slamming Google Play for the information it shares when users buy apps. The attack ads coincide with another European antitrust complaint orchestrated by Microsoft relating to Google’s Android software.
View full post on Search Engine Watch – Latest
Depending on who you believe, the week long Spamhaus-Cyberbunker cyberattack we covered Wednesday was either a threat to the Internet itself or hyped up by an overzealous security vendor. Either way, it was still serious business.
While much of the Internet disruption may have in fact been localized to Europe, and also potentially caused by tampering with underwater telecom cables in the Mediterranean, big DDoS attacks — that is, distributed denial-of-service assaults that aim to knock target computers off the Internet — are real, and have been on the rise since 2010.
Dan Holden, the director of ASERT, Arbor Networks‘ security engineering and response team, has been monitoring DDoS attacks for more than 12 years. In 2012 his company released a Worldwide Infrastructure Report that reports attack sizes have been peaking at around 100Gbps (check out this detailed look at the report here). This week’s attack was more than 300Gbps — way above the norm, in other words.
That’s because the attackers actually co-opted part of the Internet’s basic infrastructure — the Domain Name System, or DNS — in such a way as to greatly amplify the firehose stream of data they were directing at target computers.
Here’s how they work, according to Carlos Morales, Arbor Networks’ vice president of global sales engineering and operations:
Attackers send DNS queries to a [DNS server] on the Internet but use the victim address as the source of the query. When the response goes back, a response that is usually multiple times the size of the initial query, the response goes to the victim. Multiple this by hundreds of thousands of requests from bots on the Internet spoofing the one victim address and you get a very large flood of traffic to the victim machine.
Holden says DNS is becoming an increasingly popular target for DDoS. As many as 27 million DNS servers across the Internet are “open” in a way that allows them to be hijacked this way.
That means that while this week’s attack may not have knocked us Americans off of the Web, the amount of localized disruption overseas was definitely large enough to cause serious reverberations. This may not have been the Web’s D-Day, but these could definitely be the opening salvo of a hacker blitzkrieg. Let’s hope the ISPs and powers that be don’t Neville Chamberlain it.
Photo courtesy of Shutterstock
View full post on ReadWrite
Did you know that the higher a site is listed in search results, the more traffic that site is likely to receive? If you’re a search marketer, or anyone with a dose of common sense, you do. But Microsoft had research conducted to yet again prove this point, in an attempt to influence the…
Please visit Search Engine Land for the full article.
No one is at all clear at all about the origins of a purported cyber attack against South Korean media and financial organizations yesterday, which left broadcaster and bank networks paralyzed for hours. The obvious culprit is a state-sponsored attack from North Korea, but even if that nation isn’t directly responsible, it may not make a difference, given the heightened tensions in the region.
According to reports, three South Korean TV networks, KBS, MBS and YTN, as well as Shinhan Bank and Nonghyup Bank, reported that their networks had suddenly been shut down on Wednesday afternoon, local time. The takedown was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. There were scattered reports of users seeing skulls on the screens of the affected machines before they shut down, anecdotal evidence that malware was indeed the cause.
South Korea has been the victim of cyber attacks before, of course, just like any other computerized nation. And many of these coordinated efforts have been ultimately traced back to North Korea.
No broadcasts were interrupted by the crashed computers, which apparently only hit the workstations of the television stations’ staff. Some banking services, such as ATM and online banking, were adversely affected by the shutdowns, though the banks are reporting that those services have been restored.
North Korea is suspected of being the source of these attacks, just as they have done in the past. North Korea has increased its saber-rattling following new UN sanctions and joint US-South Korean military exercises being conducted in the region, and even accused the U.S. and South Korea of similar cyber attacks against its Internet servers on March 15.
No proof has been offered yet on the source of these latest attacks, but it ultimately may not matter. This kind of attack could have been launched by anyone, since malware can be easy to deliver to unsuspecting computer users. Anyone from sophisticated cyber criminals to script kiddies could have started this, and until there is detailed analysis of the malware, conclusions should be approached with caution.
The problem is, it may not matter. Malware attacks within such an increasingly tense political and military situation are the equivalent of yelling “fire!” in a movie theater or – more appropriately – throwing a lit match into a barrel of fuel.
No matter what the source of this attack, tensions have been ratcheted up, the South Korean armed forces on a state of higher alert. If things go sideways on the Korean peninsula, this could be the first major confrontation preceded by cyber attacks. And when the dust settles, no one may care who actually wrote the code.
Image courtesy of Shutterstock.
View full post on ReadWrite
Google has largely ignored Bing’s Scroogled campaign, the one attacking it over the pay-for-play change to Google Shoppping & Gmail privacy. But today, Google search chief Amit Singhal pushed back a bit, saying Bing perhaps should focus on making better products rather than attacking…
Please visit Search Engine Land for the full article.