Bitdefender Security for Windows 8 Released

A few days ago Bitdefender released a new version of it’s award winning security software – Bitdefender Windows 8 Security. This release is the first Anti-Virus security program built especially for Windows 8.

If you are familiar with Bitdefender’s Internet Security Suite 2013, then the features will look very familiar to you. Sure, it has the award winning Anti-Virus and phishing defense, Firewall, Intrusion Detection System, Social Media and Online Banking/ Shopping protection. But there are several new features built in just for Windows 8.

Probably one of the top features is the Early Start-Up Scanner that loads Bitdefender first so that it can defend against malicious software from infecting your computer during start-up. Also very important is Bitdefender’s new support for Windows 8 Apps. And scanning is also quicker with Scan-Boost technology.

Bitdefender’s feature set far surpasses the built in Microsoft Anti-Virus. Their Windows 8 Security program costs $74.95 for for up to 3 PC’s for a Year. If you are still not convinced, and want to take it for a test drive you can download a free trial version from their website.

Bitdefender Windows 8 Security – Check it out!

Hacktivists Targeting DNS Servers & an Effective DNS Offensive Counter-Measure

Denial of Service (DoS) attacks used to be the main tool in the Hacktivists toolbox. For the most part, they are not very hi-tech and anyone can run the software to attack websites to aid in their preferred “cause”. But as the recent hacktivism attacks in Israel (and now Pakistan) have shown, DNS server attacks are now all the rage.

DNS SERVERS TARGETED

Why deface one website, when you can just hack the server that holds the IP address to the victim’s site (or sites)! Changing the registered domain name for a website allows you to point the domain name, like Google.pk to ANY server that you want. So, if you can hack the DNS registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.

Luckily the pranksters behind these attacks have just been redirecting these hijacked websites to a bragging page, “This site hacked by …” They seem to be in it to bring attention to their group, or a political cause, instead of doing serious damage.

Hacking into DNS registrar servers is the hard part, creating a website that looks like any one of the ones that was hacked is trivial. It only takes a few seconds to create a clone of a website that looks and acts like the real one, but could serve malware or other malicious functions. So far it seems that these hackers are more interested in just getting across a message.

Just in it for the “Lulz”.

But with the apparent ease that this is happening, you can see the dangers if the hacktivists were a more malicious group. Say like Nation State hackers who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via DNS manipulation.

As you can see locking down these important DNS systems better be a top priority of EVERY nation.

OFFENSIVE COUNTER MEASURE

As mentioned earlier, Denial of Service attacks have not gone away and are still used en mass to tie up websites to make them unavailable. Many times Denial of Service attacks are nothing more than normal communication with a website, but multiplied over many times, from multiple users to tie up a server.

But can anything be done to stop this flood of traffic aimed at a site by thousands if not tens of thousands of attacking machines? Sure there is, according to the popular Patriot Hacker Jester, just reflect the traffic back at the attackers!

During the latest Israel/ Gaza conflict, the hacker group Anonymous jumped in on the Hama’s side and attacked many Israeli websites. So of course, The Jester responded by shutting down 3 Hamas sites and their TV Channel. In response, according to The Jester’s website, Anonymous targeted his website.

So Jester just redirected his DNS server to point back at one of their servers, effectively forcing them to DoS their own server!

His website is protected by “CloudFlare” a popular proxy service that protects users from many attacks. When he saw the incoming attack, he simply told CloudFlare to point his website name “jesterscourt.mil.nf” to one that was supported by Anonymous:

“So I simply redirected my domain name to the Occupy ‘movement’s main website. Known as ‘occupytogether.org’. Remember #Anonhamas are big supporters of the Occupy Movement and many of their ‘members’ are also members of the Occupy Movement. Fair game.”

Denial of Service attacks can last for days or longer. Did the technique work?

Apparently, it did:

The Jester also talks about automatting this process, so when a DoS attack is detected, it automatically forwards the flood of traffic to a list of Anonymous supported sites.

It has been an interesting week. New DNS attacks and apparently new effective offensive counter measures. Will the average corporate website defend itself with The Jester’s techniques?

Probably not, but I could foresee some country’s government sites just might.

Well, maybe off the record…  🙂

Numerous Pakistan Websites taken down by Turkish Hackers

Hundreds of Pakistan websites have been taken down or defaced today, allegedly by the Turkish hacker group Eboz. According to eHacking News almost 300 sites have been affected including the Pakistan Google, Microsoft, Apple, and even EBay.

This is interesting news as earlier in the week a Pakistan hacker group took down many of the Israeli versions of the same sites.

Many websites were defaced with this message that could still be seen on EBay.pk when this article was created:

While others just seemed to be offline, like this screenshot from Google.pk:

And the Pakistani Microsoft site:

Again like the Israeli websites that were defaced, it seems that DNS servers have been hacked in this case as well. Sending some quick pings out to several of the affected sites returned the local loopback address of 127.0.0.1:

This address is used to connect to your local machine and would never be assigned to a live website. Or possibly the address may have been temporarily changed to stop incoming attacks.

And according to TechCrunch, the Pakistani TLD looks to have been compromised in this attack:

“The root of today’s attack, it seems, came via a breach of Pakistan’s TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected organizations via PKNIC’s look up, it appears that all the sites are now redirecting to two nameservers, dns1.freehostia.com and dns2.freehostia.com.”

Hacking DNS servers seems to be the new trend with Hacktivists. And is actually a much more worrisome attack than just defacing a random webpage, as the hacker controls what website the visitor will be sent to.

We will release more information as we hear about it.

Coded Chinese Robotic “Spy Numbers Station” Messages on the Increase

“59372 98324 19043 78903 95320…”. The mechanized female voice drones on and on… What have you stumbled on to? Instructions to spies? Messages exchanged between drug dealers? Deliberate attempts at deception and mis-information?”

– http://www.spynumbers.com/index.html

A “Numbers Station” is a shortwave radio transmission that transmits random numbers, letters or words over the airwaves. Several nations have used the technique to pass coded messages beginning all the way back in World War 1.

According to the Defense News Blog “Intercepts“, there has been an increase in Chinese based communication using this technique. And it would seem that they prefer to use a mechanical robotic sounding woman’s voice to send their messages.

All the listener needs is a “One Time Pad” to be able to decode the transmission. It’s a very old technique, but seems to still be effective!