A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens of thousands of euros to local charities that support cancer research. On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform. In an early version of its Web site, Coinhive said its service was first tested on pr0gramm, and that the founder(s) of Coinhive considered pr0gramm “their platform” of 11 years (exactly the length of time pr0gramm has been online). Coinhive declined to say who was running their service, and tried to tell me their earlier statement about Coinhive’s longtime affiliation with pr0gramm was a convenient lie that was used to helped jump-start the service by enlisting the help of pr0gramm’s thousands of members. Undeterred, I proceeded with my research based on the assumption that one or more of the founders of pr0gramm were involved in Coinhive. When I learned the real-life identities of the pr0gramm founders and approached them directly, each deflected questions about their apparent roles in founding and launching Coinhive. However, shortly after the Coinhive story went live, the original founder of pr0gramm (Dominic Szablewski, a.k.a. “cha0s”) published a blog post acknowledging that he was in fact the creator of Coinhive. What’s more, Coinhive has since added legal contact information to its Web site, and has said it is now taking steps to ensure that it no longer profits from cryptocurrency mining activity after hacked Web sites owners report finding Coinhive’s code on their sites. Normally, when KrebsOnSecurity publishes a piece that sheds light on a corner of the Internet that would rather remain in the shadows, the response is as predictable as it is swift: Distributed denial-of-service (DDoS) attacks on this site combined with threats of physical violence and harm from anonymous users on Twitter and other social networks. While this site did receive several small DDoS attacks this week — and more than a few anonymous threats of physical violence and even death related to the Coinhive story — the response from pr0gramm members has been remarkably positive overall. The pr0gramm community quickly seized on the fact that my last name — Krebs — means “crab” and “cancer” in German. Apparently urged by one of the pr0gramm founders named in the story to express their anger in “objective and polite” ways, several pr0gramm members took to donating money to the Deutsche Krebshilfe (German Cancer Aid/DKMS) Web site as a way to display their unity and numbers. The protest (pr0test?) soon caught on in the Twitter hashtag “#KrebsIsCancer,” promoted and re-tweeted heavily by pr0gramm members as a means to “Fight Krebs” or fight cancer. According to a story on Wednesday about the effort in Germany’s biggest news portal T-Online.de, German Cancer Aid had at that point received some 4,100 small donations totaling more than 103,000 Euros (~ USD $126,000). The publication said another organization, the German Cancer Research Center, reported 74 small donations likely connected to the effort. In a statement via Twitter, DKMS Germany said it could not say for sure the total amount the #KrebsIsCancer movement raised, but that it did achieve “above average levels” of donations several days this week. “Last Tuesday alone, a total of over € 50,000 was received. “The amounts can not be assigned directly to the action, but are largely the result” of the #KrebsIsCancer campaign, DKMS said. from https://krebsonsecurity.com/2018/03/coinhive-expose-prompts-cancer-research-fundraiser/
0 Comments
Cracking your screen during the Easter Holiday is no yoking matter. The average person will break their phone just 10 weeks after purchase. Nobody wants to fall victim to an accidental smash or break. That’s where iMend come in… Over the following days, we are giving you the chance to win a Screen Protector for a phone of your choice. With 25 prizes up for grabs, this is a great opportunity for you to protect your phone before For your chance to win, just follow the instructions below: Facebook: Like, Share and Comment the make and model of your device. Twitter: Like and RT the Tweet, and Comment the make and model of your device. It’s really that easy! We’ll pick one winner on Tuesday 2nd April 2018. And don’t forget this competition is open to everyone, so feel free to share and let your friends know too! What happens next: We will pick 25 winners at random. Winners will need to like or be following us at the time of the prize draw to be eligible for the prize. The Legal Stuff 1. The promoter is: iMend.com, whose registered office is at iMend.com, Spear House, Burntwood, Staffordshire, WS7 3GL, United Kingdom. Employees of iMend or anyone else connected in any way with iMend.com, the competition or helping to set up the competition shall not be permitted to enter the competition. 3. There is no entry fee and no purchase necessary to enter this competition. 4. Closing date and time for entry will be the 2nd April 2018 at 5pm PDT. After this date, no further entries to the competition will be permitted. 5. No responsibility can be accepted for entries not received for whatever reason. 6. The rules of the competition and the prize for each winner are as follows: 7. Prize: 25x Screen Protectors. Once 25 winners are chosen, the iMend team will contact him/her and ask them to send their contact details to so the iMend team can dispatch the prize. 8. iMend.com reserve the right to cancel or amend the competition and these terms and conditions. 9. The promoter is not responsible for inaccurate prize details supplied to any entrant by any third party connected with this competition. 10. No cash alternative to the prize will be offered. The prize is not transferable. Prize is subject to availability and we reserve the right to substitute any prize with another of equivalent value without giving notice. 11. Winners must be a UK resident and will be chosen at 5pm by iMend management from all entries received and verified by Promoter and or its agents. 12. The winner will be notified by social media on 28th March 2018. If the winner cannot be contacted or does not claim the prize within a further 7 days of the notification, we reserve the right to withdraw the prize from the winner and pick a replacement winner. 13. The promoter will notify the winner when and where the prize can be collected. 14. The promoter’s decision in respect of all matters to do with the competition will be final and no correspondence will be entered into. 15. By entering this competition, an entrant is indicating his/her agreement to be bound by these terms and conditions. 16. The competition and these terms and conditions will be governed by English law and any disputes will be subject to the exclusive jurisdiction of the courts of England. 17. The winner agrees to the use of his/her name and image in any publicity material. Any personal data relating to the winner or any other entrants will be used solely in accordance with current UK data protection legislation and will not be disclosed to a third party without the entrant’s prior consent. 18. Entry into the competition will be deemed as acceptance of these terms and conditions. 19. This promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook, Twitter or any other Social Network. You are providing your information to iMend and not to any other party. The information provided will be used in conjunction with the following Privacy Policy found at http://www.imend.com The post Screen Protector Giveaway – 25 Prizes Up For Grabs appeared first on iMend Blog. from https://www.imend.com/blog/screen-protector-giveaway-25-prizes-up-for-grabs/ Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.” Matthew Chambers is a senior security adviser at SecureWorks, an Atlanta-based firm that helps companies defend against and respond to cyberattacks. Earlier this month Chambers penned a post on his personal blog detailing what he found after several users he looks after accidentally mistyped different domains — such as espn[dot]cm. Chambers said the user who visited that domain told him that after typing in espn.com he quickly had his computer screen filled with alerts about malware and countless other pop-ups. Security logs for that user’s system revealed the user had actually typed espn[dot]cm, but when Chambers reviewed the source code at that Web page he found an innocuous placeholder content page instead. “One thing we notice is that any links generated off these domains tend to only work one time, if you try to revisit it’s a 404,” Chambers wrote, referring to the standard 404 message displayed in the browser when a Web page is not found. “The file is deleted to prevent researchers from trying to grab it, or automatic scanners from downloading it. Also, some of the exploit code on these sites will randomly vaporize, and they will have no code on them, but were just being weaponized in campaigns. It could be the user agent, or some other factor, but they definitely go dormant for periods of time.” Espn[dot]cm is one of more than a thousand so-called “typosquatting” domains hosted on the same Internet address (85.25.199.30), including aetna[dot]cm, aol[dot]cm, box[dot]cm, chase[dot]cm, citicards[dot]com, costco[dot]com, facebook[dot]cm, geico[dot]cm, hulu[dot]cm, itunes[dot]cm, pnc[dot]cm, slate[dot]cm, suntrust[dot]cm, turbotax[dot]cm, and walmart[dot]cm. I’ve compiled a partial list of the most popular typosquatting domains that are part of this network here (PDF). KrebsOnSecurity sought to dig a bit deeper into Chambers’ findings, researching some of the domain registration records tied to the list of dot-cm typosquatting domains. Helpfully, all of the domains currently redirect visitors to just one of two landing pages — either antistrophebail[dot]com or chillcardiac[dot]com. For the moment, if one visits either of these domains directly via a desktop Web browser (again, I’d advise against this) chances are the site will display a message saying, “Sorry, we currently have no promotions available right now.” Browsing some of them with a mobile device sometimes leads to a page urging the visitor to complete a “short survey” in exchange for “a chance to get an gift [sic] cards, coupons and other amazing deals!” Those antistrophebail and chillcardiac domains — as well as 1,500+ others — were registered to the email address: [email protected]. A Web search on that address doesn’t tell us much, but entering it at Yahoo‘s “forgot password” page lists a partially obfuscated address to which Yahoo can send an account key that may be used to reset the password for the account. That address is k*****ng@mediabreakaway[dot]com. The full email address is kmanning@mediabreakaway[dot]com. According to the “leadership” page at mediabreakaway[dot]com, the email address [email protected] almost certainly belongs to one Kacy Manning, who is listed as the “Manager of Special Projects” at Colorado based marketing firm Media Breakaway LLC. Media Breakaway is headed by Scott Richter, a convicted felon who’s been successfully sued for spamming by some of the biggest media companies over the years. In 2003, New York’s attorney general sued Richter and his former company OptInRealBig[dot]com after an investigation by Microsoft found his company was the source of hundreds of millions of spam emails daily touting dubious products and services. OptInRealBig later declared bankruptcy in the face of a $500 million judgment against the company. At the time, anti-spam group Spamhaus listed Richter as the world’s third most prolific spammer worldwide. For more on how Richter views his business, check out this hilarious interview that Richter gave to the The Daily Show in 2004. In 2006, Richter paid $7 million to Microsoft in a settlement arising out of a lawsuit alleging illegal spamming. In 2007, Richter and Media Breakaway were sued by social networking site MySpace; a year later, an arbitration firm awarded MySpace $6 million in damages and attorneys fees. In 2013, the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit firm which oversees the domain name registration industry, terminated the registrar agreement for Dynamic Dolphin, a domain name registrar of which Richter was the CEO. According to the contracts that ICANN requires all registrars to sign, registrars may not have anyone as an officer of the company who has been convicted of a criminal offense involving financial activities. While Richter’s spam offenses all involve civil matters, KrebsOnSecurity discovered several years ago that Richter had actually pleaded guilty in 2003 to a felony grand larceny charge. Richter, then 32, was busted for conspiring to deal in stolen goods, including a Bobcat, a generator, laptop computers, cigarettes and tools. He later pleaded guilty to one felony count of grand larceny, and was ordered to pay nearly $38,000 in restitution to cover costs linked to the case. Neither Richter nor Media Breakaway responded to requests for comment on this story. Chambers said it appears Media Breakaway is selling advertising space to unscrupulous actors who are pushing potentially unwanted programs (PUPs) or adware over the network. “You end up coming out of the funnel into an advertiser’s payload site, and Media Breakaway is the publisher that routes those ‘parked/typosquatting’ sites as a gateway,” Chambers said. “Research on the IP under VirusTotal Communicating Files shows files like this one (42/66 engines) reporting to the IP address that hosts all these sites, and it goes back to at least March 2015. That file SETUPINST.EXE has detection primarily as LiveSoftAction, GetNow, ElDorado, and Multitoolbar. I think it’s just pushing out [content] for sketchy advertisers.” It’s remarkable that so many huge corporate brand names aren’t doing more to police their trademarks and to prevent would-be visitors from falling victim to such blatant typosquatting traps. Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can lodge typosquatting complaints with the World Intellectual Property Organization (WIPO). The complainant can wrest control over a disputed domain name, but first needs to show that the registered domain name is identical or “confusingly similar” to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith. Everyone makes typ0s from time to time, which is why it’s a good idea to avoid directly navigating to Web sites you frequent. Instead, bookmark the sites you visit most, particularly those that store your personal and financial information, or that require a login for access. Oh, and if your security or antivirus software allows you to block all Web sites in a given top-level domain, it might not be a bad idea to block anything coming out of dot-cm (the country code top-level domain for Cameroon): A report published in December 2009 by McAfee found that .cm was the riskiest domain in the world, with 36.7% of the sites posing a security risk to PCs. from https://krebsonsecurity.com/2018/03/omitting-the-o-in-com-could-be-costly/ Get 10% off ALL repairs in the iMend.com FLASH SALE. This discount is available across all repairs booked from Tuesday 27th March until midnight on Wednesday 28th March. This offer includes both call-out and mail-in repairs How the discount works!Mail-in Repairs
Call-Out Repairs
You can also call our customer service team on 0333 014 4262 and give them the code and they will place the repair for you. Terms and conditions:
If you would like to book your repair please do not hesitate to get in contact with a member of our customer service team on 0333 014 4262. The post Flash Sale – 10% Off All Repairs appeared first on iMend Blog. from https://www.imend.com/blog/flash-sale-for-48-hrs-10-off-all-repairs/ Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service. Coinhive is a cryptocurrency mining service that relies on a small chunk of computer code designed to be installed on Web sites. The code uses some or all of the computing power of any browser that visits the site in question, enlisting the machine in a bid to mine bits of the Monero cryptocurrency. Monero differs from Bitcoin in that its transactions are virtually untraceble, and there is no way for an outsider to track Monero transactions between two parties. Naturally, this quality makes Monero an especially appealing choice for cybercriminals. Coinhive released its mining code last summer, pitching it as a way for Web site owners to earn an income without running intrusive or annoying advertisements. But since then, Coinhive’s code has emerged as the top malware threat tracked by multiple security firms. That’s because much of the time the code is installed on hacked Web sites — without the owner’s knowledge or permission. Much like a malware infection by a malicious bot or Trojan, Coinhive’s code frequently locks up a user’s browser and drains the device’s battery as it continues to mine Monero for as long a visitor is browsing the site. According to publicwww.com, a service that indexes the source code of Web sites, there are nearly 32,000 Web sites currently running Coinhive’s JavaScript miner code. It’s impossible to say how many of those sites have installed the code intentionally, but in recent months hackers have secretly stitched it into some extremely high-profile Web sites, including sites for such companies as The Los Angeles Times, mobile device maker Blackberry, Politifact, and Showtime. And it’s turning up in some unexpected places: In December, Coinhive code was found embedded in all Web pages served by a WiFi hotspot at a Starbucks in Buenos Aires. For roughly a week in January, Coinhive was found hidden inside of YouTube advertisements (via Google’s DoubleClick platform) in select countries, including Japan, France, Taiwan, Italy and Spain. In February, Coinhive was found on “Browsealoud,” a service provided by Texthelp that reads web pages out loud for the visually impaired. The service is widely used on many UK government websites, in addition to a few US and Canadian government sites. What does Coinhive get out of all this? Coinhive keeps 30 percent of whatever amount of Monero cryptocurrency that is mined using its code, whether or not a Web site has given consent to run it. The code is tied to a special cryptographic key that identifies which user account is to receive the other 70 percent. Coinhive does accept abuse complaints, but it generally refuses to respond to any complaints that do not come from a hacked Web site’s owner (it mostly ignores abuse complaints lodged by third parties). What’s more, when Coinhive does respond to abuse complaints, it does so by invalidating the key tied to the abuse. But according to Troy Mursch, a security expert who spends much of his time tracking Coinhive and other instances of “cryptojacking,” killing the key doesn’t do anything to stop Coinhive’s code from continuing to mine Monero on a hacked site. Once a key is invalidated, Mursch said, Coinhive keeps 100 percent of the cryptocurrency mined by sites tied to that account from then on. Mursch said Coinhive appears to have zero incentive to police the widespread abuse that is leveraging its platform. “When they ‘terminate’ a key, it just terminates the user on that platform, it doesn’t stop the malicious JavaScript from running, and it just means that particular Coinhive user doesn’t get paid anymore,” Mursch said. “The code keeps running, and Coinhive gets all of it. Maybe they can’t do anything about it, or maybe they don’t want to. But as long as the code is still on the hacked site, it’s still making them money.” Reached for comment about this apparent conflict of interest, Coinhive replied with a highly technical response, claiming the organization is working on a fix to correct that conflict. “We have developed Coinhive under the assumption that site keys are immutable,” Coinhive wrote in an email to KrebsOnSecurity. “This is evident by the fact that a site key can not be deleted by a user. This assumption greatly simplified our initial development. We can cache site keys on our WebSocket servers instead of reloading them from the database for every new client. We’re working on a mechanism [to] propagate the invalidation of a key to our WebSocket servers.” AUTHEDMINECoinhive has responded to such criticism by releasing a version of their code called “AuthedMine,” which is designed to seek a Web site visitor’s consent before running the Monero mining scripts. Coinhive maintains that approximately 35 percent of the Monero cryptocurrency mining activity that uses its platform comes from sites using AuthedMine. But according to a report published in February by security firm Malwarebytes, the AuthedMine code is “barely used” compared to the use of Coinhive’s mining code that does not seek permission from Web site visitors. Malwarebytes’ telemetry data (drawn from antivirus alerts when users browse to a site running Coinhive’s code) determined that AuthedMine is used in a little more than one percent of all cases that involve Coinhive’s mining code. Asked to comment on the Malwarebytes findings, Coinhive replied that if relatively few people are using AuthedMine it might be because anti-malware companies like Malwarebytes have made it unprofitable for people to do so. “They identify our opt-in version as a threat and block it,” Coinhive said. “Why would anyone use AuthedMine if it’s blocked just as our original implementation? We don’t think there’s any way that we could have launched Coinhive and not get it blacklisted by Antiviruses. If antiviruses say ‘mining is bad,’ then mining is bad.” Similarly, data from the aforementioned source code tracking site publicwww.com shows that some 32,000 sites are running the original Coinhive mining script, while the site lists just under 1,200 sites running AuthedMine. WHO IS COINHIVE?[Author’s’ note: Ordinarily, I prefer to link to sources of information cited in stories, such as those on Coinhive’s own site and other entities mentioned throughout the rest of this piece. However, because many of these links either go to sites that actively mine with Coinhive or that include decidedly not-safe-for-work content, I have included screenshots instead of links in these cases]. According to a since-deleted statement on the original version of Coinhive’s Web site — coin-hive[dot]com — Coinhive was born out of an experiment on the German-language image hosting and discussion forum pr0gramm[dot]com. Indeed, multiple discussion threads on pr0gramm[dot]com show that Coinhive’s code first surfaced there in the third week of July 2017. At the time, the experiment was dubbed “pr0miner,” and those threads indicate that the core programmer responsible for pr0miner used the nickname “int13h” on pr0gramm. In a message to this author, Coinhive confirmed that “most of the work back then was done by int13h, who is still on our team.”I asked Coinhive for clarity on the disappearance of the above statement from its site concerning its affiliation with pr0gramm. Coinhive replied that it had been a convenient fiction: “The owners of pr0gramm are good friends and we’ve helped them with their infrastructure and various projects in the past. They let us use pr0gramm as a testbed for the miner and also allowed us to use their name to get some more credibility. Launching a new platform is difficult if you don’t have a track record. As we later gained some publicity, this statement was no longer needed.” Asked for clarification about the “platform” referred to in its statement (“We are self-funded and have been running this platform for the past 11 years”) Coinhive replied, “Sorry for not making it clearer: ‘this platform’ is indeed pr0gramm.” After receiving this response, it occurred to me that someone might be able to find out who’s running Coinhive by determining the identities of the pr0gramm forum administrators. I reasoned that if they were not one and the same, the pr0gramm admins almost certainly would know the identities of the folks behind Coinhive. WHO IS PR0GRAMM?So I set about trying to figure out who’s running pr0gramm. It wasn’t easy, but in the end all of the information needed to determine that was freely available online. Let me be crystal clear on this point: All of the data I gathered (and presented in the detailed ‘mind map’ below) was derived from either public Web site WHOIS domain name registration records or from information posted to various social media networks by the pr0gramm administrators themselves. In other words, there is nothing in this research that was not put online by the pr0gramm administrators themselves. I began with the pr0gramm domain itself which, like many other domains tied to this research, was originally registered to an individual named Dr. Matthias Moench. Mr. Moench is only tangentially connected to this research, so I will dispense with a discussion of him for now except to say that he is a convicted spammer and murderer, and that the last subsection of this story explains who Moench is and why he may be connected to so many of these domains. His is a fascinating and terrifying story. Through many weeks of research, I learned that pr0gramm was originally tied to a network of adult Web sites linked to two companies that were both incorporated more than a decade ago in Las Vegas, Nevada: Eroxell Limited, and Dustweb Inc. Both of these companies stated they were involved in online advertising of some form or another. Both Eroxell and Dustweb, as well as several related pr0gramm Web sites (e.g., pr0mining[dot]com, pr0mart[dot]de, pr0shop[dot]com) are connected to a German man named Reinhard Fuerstberger, whose domain registration records include the email address “admin@pr0gramm[dot]com”. Eroxell/Dustweb also each are connected to a company incorporated in Spain called Suntainment SL, of which Fuerstberger is the apparent owner. As stated on pr0gramm’s own site, the forum began in 2007 as a German language message board that originated from an automated bot that would index and display images posted to certain online chat channels associated with the wildly popular video first-person shooter game Quake. As the forum’s user base grew, so did the diversity of the site’s cache of images, and pr0gramm began offering paid so-called “pr0mium” accounts that allowed users to view all of the forum’s not-safe-for-work images and to comment on the discussion board. When pr0gramm last July first launched pr0miner (the precursor to what is now Coinhive), it invited pr0gramm members to try the code on their own sites, offering any who did so to claim their reward in the form of pr0mium points. DEIMOS AND PHOBOSPr0gramm was launched in late 2007 by a Quake enthusiast from Germany named Dominic Szablewski, a computer expert better known to most on pr0gramm by his screen name “cha0s.” At the time of pr0gramm’s inception, Szbalewski ran a Quake discussion board called chaosquake[dot]de, and a personal blog — phoboslab[dot]org. I was able to determine this by tracing a variety of connections, but most importantly because phoboslab and pr0gramm both once shared the same Google Analytics tracking code (UA-571256). Reached via email, Szablewski said he did not wish to comment for this story beyond stating that he sold pr0gramm a few years ago to another, unnamed individual. Multiple longtime pr0gramm members have remarked that since cha0s departed as administrator, the forum has become overrun by individuals with populist far-right political leanings. Mr. Fuerstberger describes himself on various social media sites as a “politically incorrect, Bavarian separatist” [Wiki link added]. What’s more, there are countless posts on pr0gramm that are particularly hateful and denigrating to specific ethnic or religious groups. Responding to questions via email, Fuerstberger said he had no idea pr0gramm was used to launch Coinhive. “I can assure you that I heard about Coinhive for the first time in my life earlier this week,” he said. “I can assure you that the company Suntainment has nothing to do with it. I do not even have anything to do with Pr0gram. That’s what my partner does. When I found out now what was abusing my company, I was shocked.” Below is a “mind map” I assembled to keep track of the connections between and among the various names, emails and Web sites mentioned in this research. GAMBI was able to learn the identity of Fuerstberger’s partner — the current pr0gramm administrator, who goes by the nickname “Gamb” — by following the WHOIS data from sites registered to the U.S.-based company tied to pr0gramm (Eroxell Ltd). Among the many domains registered to Eroxell was deimoslab[dot]com, which at one point was a site that sold electronics. As can be seen below in a copy of the site from 2010 (thanks to archive.org), the proprietor of deimoslab used the same Gamb nickname. Deimos and Phobos are the names of the two moons of the planet Mars. They also refer to the names of the fourth and fifth level in the computer game “Doom.” In addition, they are the names of two spaceships that feature prominently in the game Quake II. A passive DNS lookup on an Internet address long used by pr0gramm[dot]com shows that deimoslab[dot]com once shared the server with several other domains, including phpeditor[dot]de. According to a historic WHOIS lookup on phpeditor[dot]de, the domain was originally registered by an Andre Krumb from Gross-Gerau, Germany. When I discovered this connection, I still couldn’t see anything tying Krumb to “Gamb,” the nickname of the current administrator of pr0gramm. That is, until I began searching the Web for online forum accounts leveraging usernames that included the nickname “Gamb.” One such site is ameisenforum[dot]de, a discussion forum for people interested in creating and raising ant farms. I didn’t know what to make of this initially and so at first disregarded it. That is, until I discovered that the email address used to register phpeditor[dot]de also was used to register a rather unusual domain: antsonline[dot]de. In a series of email exchanges with KrebsOnSecurity, Krumb acknowledged that he was the administrator of pr0gramm (as well as chief technology officer at the aforementioned Suntainment SL), but insisted that neither he nor pr0gramm was involved in Coinhive. Krumb repeatedly told me something I still have trouble believing: That Coinhive was the work of just one individual — int13h, the pr0gramm user credited by Coinhive with creating its mining code. “Coinhive is not affiliated with Suntainment or Suntainment’s permanent employees in any way,” Krumb said in an email, declining to share any information about int13h. “Also it’s not a group of people you are looking for, it’s just one guy who sometimes worked for Suntainment as a freelancer.” COINHIVE CHANGES ITS STORY, WEB SITEVery soon after I began receiving email replies from Mr. Fuerstberger and Mr. Krumb, I started getting emails from Coinhive again. “Some people involved with pr0gramm have contacted us, saying they’re being extorted by you,” Coinhive wrote. “They want to run pr0gramm anonymously because admins and moderators had a history of being harassed by some trolls. I’m sure you can relate to that. You have them on edge, which of course is exactly where you want them. While we must applaud your efficiency for finding information, your tactics for doing so are questionable in our opinion.” Coinhive was rather dramatically referring to my communications with Krumb, in which I stated that I was seeking more information about int13h and anyone else affiliated with Coinhive. “We want to make it very clear again that Coinhive in its current form has nothing to do with pr0gramm or its owners,” Coinhive said. “We tested a ‘toy implementation’ of the miner on pr0gramm, because they had a community open for these kind of things. That’s it.” When asked about their earlier statement to this author — that the people behind Coinhive claimed pr0gramm as “their platform of 11 years” (which, incidentally, is exactly how long pr0gramm has been online) — Coinhive reiterated its revised statement: That this had been a convenient fabrication, and that the two were completely separate organizations. On March 22, the Coinhive folks sent me a follow-up email, saying that in response to my inquiries they consulted their legal team and decided to add some contact information to their Web site. That addition, which can be viewed at coinhive[dot]com/legal, lists a company in Kaiserlautern, Germany called Badges2Go UG. Business records show Badges2Go is a limited liability company established in April 2017 and headed by a Sylvia Klein from Frankfurt. Klein’s Linkedin profile states that she is the CEO of several organizations in Germany, including one called Blockchain Future. “I founded Badges2Go as an incubator for promising web and mobile applications,” Klein said in a instant message chat with KrebsOnSecurity. “Coinhive is one of them. Right now we check the potential and fix the next steps to professionalize the service.” THE BIZARRE SIDE STORY OF DR. MATTHIAS MOENCHI have one final and disturbing anecdote to share about some of the Web site registration data in the mind map above. As mentioned earlier, readers can see that many of the domain names tied to the pr0gramm forum administrators were originally registered to an individual named “Dr. Matthias Moench.” When I first began this research back in January 2018, I guessed that Mr. Moench was almost certainly a pseudonym used to throw off researchers. But the truth is Dr. Moench is indeed a real person — and a very scary individual at that. According to a chilling 2014 article in the German daily newspaper Die Welt, Moench was the son of a wealthy entrepreneurial family in Germany who was convicted at age 19 of hiring a Turkish man to murder his parents a year earlier in 1988. Die Welt says the man Moench hired used a machete to hack to death Moench’s parents and the family poodle. Moench reportedly later explained his actions by saying he was upset that his parents bought him a used car for his 18th birthday instead of the Ferrari that he’d always wanted. Moench was ultimately convicted and sentenced to nine years in a juvenile detention facility, but he would only serve five years of that sentence. Upon his release, Moench claimed he had found religion and wished to become a priest. Somewhere along the way, however, Moench ditched the priest idea and decided to become a spammer instead. For years, he worked assiduously to pump out spam emails pimping erectile dysfunction medications, reportedly earning at least 21.5 million Euros from his various spamming activities. Once again, Mr. Moench was arrested and put on trial. In 2015, he and several other co-defendants were convicted of fraud and drug-related offenses. Moench was sentenced to six years in prison. According to Lars-Marten Nagel, the author of the original Die Welt story on Moench’s murderous childhood, German prosecutors say Moench is expected to be released from prison later this year. It may be tempting to connect the pr0gramm administrators with Mr. Moench, but it seems likely that there is little to no connection here. An incredibly detailed blog post from 2006 which sought to determine the identity of the Matthias Moench named as the original registrant of so many domains (they number in the tens of thousands) found that Moench himself stated on several Internet forums that his name and mailing addresses in Germany and the Czech Republic could be freely used or abused by any like-minded spammer or scammer who wished to hide his identity. Apparently, many people took him up on that offer. from https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/ The City of San Diego, Calif. is suing consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law. The lawsuit, filed by San Diego city attorney Mara Elliott, concerns a data breach at an Experian subsidiary that lasted for nine months ending in 2013. As first reported here in October 2013, a Vietnamese man named Hieu Minh Ngo ran an identity theft service online and gained access to sensitive consumer information by posing as a licensed private investigator in the United States. In reality, the fraudster was running his identity theft service from Vietnam, and paying Experian thousands of dollars in cash each month for access to 200 million consumer records. Ngo then resold that access to more than 1,300 customers of his ID theft service. KrebsOnSecurity first wrote about Ngo’s ID theft service — alternately called Superget[dot]info and Findget[dot]me — in 2011. Ngo was arrested after being lured out of Vietnam by the U.S. Secret Service. He later pleaded guilty to identity fraud charges and was sentenced in July 2015 to 13 years in prison. News of the lawsuit comes from The San Diego Union-Tribune, which says the city attorney alleges that some 30 million consumers could have had their information stolen in the breach, including an estimated 250,000 people in San Diego. “Elliott’s office cited the Internal Revenue Service in saying hackers filed more than 13,000 false returns using the hacked information, obtaining $65 million in fraudulent tax refunds,” writes Union-Tribune reporter Greg Moran. Experian did not respond to requests for comment. In December 2013, an executive from Experian told Congress that the company was not aware of any consumers who had been harmed by the incident. However, soon after Ngo was extradited to the United States, the Secret Service began identifying and rounding up dozens of customers of Ngo’s identity theft service. And most of Ngo’s customers were indeed involved in tax refund fraud with the states and the IRS. Tax refund fraud affects hundreds of thousands of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS. In May 2014, KrebsOnSecurity reported that Ngo’s identity theft service was connected to an identity theft ring that operated out of New Jersey and New York and specialized in tax refund and credit card fraud. In October 2014, a Florida man was sentenced to 27 months for using Ngo’s service to purchase Social Security numbers and bank account records on more than 100 Americans with the intent to open credit card accounts and file fraudulent tax refund requests in the victims’ names. Another customer of Ngo’s ID theft service led U.S. Marshals on a multi-state fugitive chase after being convicted of fraud and sentenced to 124 months in jail. According to the Union-Tribune, the lawsuit seeks civil monetary penalties under the state’s Unfair Competition Law, as well as a court order compelling the Costa Mesa-based company to formally notify consumers whose personal information was stolen and to pay costs for identity protection services for those people. If the city prevails in its lawsuit, Experian also could be facing some hefty fines: Companies that fail to notify California residents when their personal information is exposed in a breach could face penalties of up to $2,500 for each violation. from https://krebsonsecurity.com/2018/03/san-diego-sues-experian-over-id-theft-service/ Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state. The figures, commissioned by small business loan provider Fundera and conducted by Wakefield Research, surveyed some 1,000 adults in the U.S. Respondents were asked to self-report how much they spent on the freezes; 32 percent said the freezes cost them $10 or less, but 38 percent said the total cost was $30 or more. The average cost to consumers who froze their credit after the Equifax breach was $23. A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name. Depending on your state of residence, the cost of placing a freeze on your credit file can run between $3 and $10 per credit bureau, and in many states the bureaus also can charge fees for temporarily “thawing” and removing a freeze (according a list published by Consumers Union, residents of four states — Indiana, Maine, North Carolina, South Carolina — do not need to pay to place, thaw or lift a freeze). In a blog post published today, Fundera said the percentage of people who froze their credit in response to the Equifax breach incrementally decreases as people get older. “Thirty-two percent of millennials, 16 percent of Generation Xers and 12 percent of baby boomers froze their credit,” Fundera explained. “This data is surprising considering that older generations have been working on building their credit for a longer period of time, and thus they have a more established record to protect.” However, freeze fees could soon be a thing of the past. A provision included in a bill passed by the U.S. Senate on March 14 would require credit-reporting firms to let consumers place a freeze without paying (the measure is awaiting action in the House of Representatives). But there may be a catch: According to CNBC, the congressional effort to require free freezes is part of a larger measure, S. 2155, which rolls back some banking regulations put in place after the financial crisis that rocked the U.S. economy a decade ago. Consumer advocacy groups like Consumers Union and the U.S. Public Interest Research Group (USPIRG) have long advocated for free credit freezes. But they’re not too wild about S. 2155, arguing that it would undermine banking regulations passed in the wake of the 2007-2008 financial crisis. In a March 8 letter (PDF) opposing the bill, Consumers Union said the security freeze section fails to include a number of important consumer protections, such as a provision for the consumer to temporarily “lift” the freeze in order to open credit. “Moreover, it could preclude the states from making important improvements to expand protections against identity theft,” Consumers Union wrote. While it may seem like credit bureaus realized a huge financial windfall as a result of the Equifax breach, it’s important to keep in mind that credit bureaus also make money by selling your credit report to potential lenders — something they can’t do if there’s a freeze on your credit file. Curious about what a freeze involves, how to file one, and other options aside from the credit freeze? Check out this in-depth Q&A that KrebsOnSecurity published not long after the Equifax breach. Also, if you haven’t done so lately, take a moment to visit annualcreditreport.com to get a free copy of your credit file. A consumer survey published earlier this month found that roughly half of all Americans haven’t bothered to do this since the Equifax breach. from https://krebsonsecurity.com/2018/03/survey-americans-spent-1-4b-on-credit-freeze-fees-in-wake-of-equifax-breach/ iMend.com are proud to unveil their revamped repair centre. Boasting a spacious layout, purpose-built workstations and state-of-the-art equipment, iMend has upgraded their facility with the future in mind. As iMend continues to grow, the repair hub is designed to manage the increasing number of postal and bulk repairs arriving on site each day, improving the experience for all customers and business users alike. Would you like to see the finished product? Take a virtual tour of the new repair centre by viewing the gallery below: Is your phone or tablet in need of repair? Visit our website or call our friendly customer service team on: 0333 014 4262 and book your repair today. The post iMend Unveil New Repair Centre appeared first on iMend Blog. from https://www.imend.com/blog/imend-unveil-new-repair-centre/ A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer. The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t reveal the private key to the PC. Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such hacks would be unremarkable because they fall under the #1 rule of security — namely, if an attacker has physical access to your device, then it is not your device anymore. The trouble is that consumer demand for Ledger’s products has frequently outpaced the company’s ability to produce them (it has sold over a million of its most popular Nano S models to date). This has prompted the company’s chief technology officer to state publicly that Ledger’s built-in security model is so robust that it is safe to purchase their products from a wide range of third-party sellers, including Amazon and eBay. But Rashid discovered that a reseller of Ledger’s products could update the devices with malicious code that would lie in wait for a potential buyer to use it, and then siphon the private key and drain the user’s cryptocurrency account(s) when the user goes to use it. The crux of the problem is that Ledger’s devices contain a secure processor chip and a non-secure microcontroller chip. The latter is used for a variety of non-security related purposes, from handling the USB connections to displaying text on the Ledger’s digital display, but the two chips still pass information between each other. Rashid found that an attacker could compromise the insecure processor (the microcontroller) on Ledger devices to run malicious code without being detected. Ledger’s products do contain a mechanism for checking to ensure the code powering the devices has not been modified, but Rashid’s proof-of-concept code — being released today in tandem with an announcement from Ledger about a new firmware update designed to fix the bug — allows an attacker to force the device to sidestep those security checks. “You’re essentially trusting a non-secure chip not to change what’s displayed on the screen or change what the buttons are saying,” Rasheed said in an interview with KrebsOnSecurity. “You can install whatever you want on that non-secure chip, because the code running on there can lie to you.” Kenneth White, director of the Open Crypto Audit Project, had an opportunity to review Rashid’s findings prior to their publication today. White said he was impressed with the elegance of the proof-of-concept attack code, which Rashid sent to Ledger approximately four months ago. A copy of Rashid’s research paper on the vulnerability is available here (PDF). A video of Rashid demonstrating his attack is below. White said Rashid’s code subverts the security of the Ledger’s process for generating a backup code for a user’s private key, which relies on a random number generator that can be made to produce non-random results. “In this case [the attacker] can set it to whatever he wants,” White said. “The victim generates keys and backup codes, but in fact those codes have been predicted by the attacker in advance because he controls the Ledger’s random number generator.” Rashid said Ledger initially dismissed his findings as implausible. But in a blog post published today, Ledger says it has since fixed the flaw Rasheed found — as well as others discovered and reported by different security researchers — in a firmware update that brings Ledger Nano S devices from firmware version 1.3.1 to version 1.4.1 (the company actually released the firmware update on March 6, potentially giving attackers time to reverse engineer Rashid’s method). The company is still working on an update for its pricier Ledger Blue devices, which company CTO Charles Guillemet said should be ready soon. Guillemet said Nano-S devices should alert users that a firmware update is available when the customer first plugs the device into a computer. “The vulnerability he found was based on the fact that the secure element tries to authenticate the microcontroller, and that authentication is not strong enough,” Guillemet told KrebsOnSecurity. “This update does authentication more tightly so that it’s not possible to fool the user.” Rasheed said unlike its competitors in the hardware wallet industry, Ledger includes no tamper protection seal or any other device that might warn customers that a Nano S has been physically opened or modified prior to its first use by the customer. “They make it so easy to open the device that you can take your fingernail and open it up,” he said. Asked whether Ledger intends to add tamper protection to its products, Guillemet said such mechanisms do not add any security. “For us, a tamper proof seal is nothing that adds security to the device because it’s very easy to counterfeit,” Guillemet said. “You can buy some security seals on the web. For us, it’s a lie to our customers to use this kind of seal to prove the genuineness of our product.” Guillemet said despite Rasheed’s findings, he sees no reason to change his recommendation that interested customers should feel free to purchase the company’s products through third party vendors. “As we have upgraded our solution to prove the genuineness of our product using cryptographic checks, I don’t see why we should change this statement,” he said. Nevertheless, given that many cryptocurrency owners turn to hardware wallets like Ledger to safeguard some or all of their virtual currency, it’s probably a good idea if you are going to rely on one of these devices to purchase it directly from the source, and to apply any available firmware updates before using it. from https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/ We have recently added over 25 new models to our website, with repairs now available for Samsung J5 (2017), Sony Xperia XA2 and LG V30, alongside other popular Mobile Phones and Tablet repairs. Among our new additions is Google’s latest flagship phone – Google Pixel 2.
As the photo indicates, the device has been dropped on its corner cracking the screen and bruising the LCD. Watch this Google Pixel 2 undergo a screen replacement in the video below: Completing this repair takes skill and precision. Our Android expert has put together 5 tips all professional technicians follow when performing this repair: Google Pixel 2 Screen Replacement – Top 5 Tech Tips A Google Pixel 2 Screen Replacement is difficult and should not be attempted unless you are an experienced in Mobile Phone Repairs. Here are some top tips on how to fix a broken Google Pixel 2 Screen.
Once the glue has set, the device is quality checked and shipped back to its owner. If you would like to book a Google Pixel 2 Screen Replacement, look no further than iMend.com. Click here to see our range of repairs. The post Google Pixel 2 Screen Replacement – Top 5 Tech Tips appeared first on iMend Blog. from https://www.imend.com/blog/google-pixel-2-screen-replacement-top-5-tech-tips/ |
ABOUT MEHi my name is Anthony I am 32 years old from Houston. I am working in local store selling electronic devices. I have been interested in eclectronics since childhood and I like to reacd about it. Archives
April 2019
Categories |