Bitcoin Security

Bitcoin a virtual anonymous currency, recently became the target of Malware authors. This trojan infostealer.Coinbit will search for wallet.dat and then upload it via ftp. The attacker will then be able
to spend all of your bitcoins.

This is only the start of what's to come, I predict a much more widespread attack of this genre in the near future. This is why Bitcoin users and especially the one who are holding a large amount of coins need to worry about this issue and take every possible measures to secure their transactions environment.

The recent events gave me the idea to create BitVault LiveCD, with this LiveCD you will be able to do Bitcoin Transactions, chat on IRC, surf the web anonymously and soon to be able to use the OpenVPN client. Inside this secure environment, everything will be loaded inside your RAM and by using the BitVault Wizard you will be guided in the installation of the Bitcoin client and the process of decryption of your TrueCrypt container.

If you wish to read more about BitVault and download your copy please click here.

Dropbox Security update

Good news from Dropbox Team, they released a new build to fix the latest Security concerns, here's the patch note :

1.2.0:
o Security enhancements, an attacker will not be able to steal your computer's account credentials just by copying configuration files to another machine.
o New encrypted database format to prevent unauthorized access to local Dropbox client database.
o Other small fixes
o Continued 10.7 support

About 3 weeks ago, Derek Newton discovered that we could simply copy the file config.db to any computer and sync everything without notifying the user. Since this day many users were worried about their files and many scenarios of attack were discussed. Some would argue that it wasn't such a big deal but I think more security layers are always welcome, 

particularly in today's world.

Activation Ransom trojan

New kind of Ransom Trojan, this one is very clever by using a phone call for making money! If you ever get caught by this trojan please use this activation code to unlock your computer: 1351236

You can read the full article here

HTTPS & Cookies

Lets face it, everyone wish they could surf the web anonymously without leaving any traces but the reality is that YOU CAN'T! 

Privacy is really important, yet most popular websites still use HTTP over HTTPS, the main reason why they are still using this protocol is probably a question of money or they are just plain stupid. Back in October 2010, Eric Butler released Firesheep, this little tool serve the purpose to demonstrate just how EASY it is to Hijack an HTTP session, you could take over an entire facebook account in a matter of minutes. Today facebook finally announced that they will now offer a full secure data transmission via SSL for all its pages and not only during log-in.

This is a good news for the web but what we really need is full end-to-end encryption, this is the only way to avoid capturing cookies. In a world where everyone shares their stories and pictures on the web on all kind of social networks, the last thing we want is a "hacker" (no need to be a hacker to hijack an http session nowaday...) to intercept our cookies and then do all kind of stuff to our account or even worst impersonating you on the web. SSL is very important for the future of Web 2.0 and if the security can't follow the hackers scene, then we are in big trouble.

In september 2010, Samy Kamkar created a new type of cookies name "evercookie" which also use HTML5 storage methods. Here's the description of this new type of cookies ;

"evercookie is a javascript API available that produces
extremely persistent cookies in a browser. Its goal
is to identify a client even after they've removed standard
cookies, Flash cookies (Local Shared Objects or LSOs), and
others.

evercookie accomplishes this by storing the cookie data in
several types of storage mechanisms that are available on
the local browser. Additionally, if evercookie has found the
user has removed any of the types of cookies in question, it
recreates them using each mechanism available."

This is really interesting on so many levels because it means that any sites could use this "evercookie" and always know who you are even if you took the time to delete your cookies. Of course some users may know how to delete this type of cookie, but for most users they have no clue how to do it. This is a real concern for users privacy but we have yet to see any popular websites using this new methods of data storage.

If the Web 2.0 can't protect their users with SSL well I guess we will have to work in the background and release tools which can help in the protection of users privacy!

That is all for today, I might blog again in a couple days...months? years?!

Hello World!

After many years of reading interesting blog, I finally decided to create mine. If you are interested about technology, virus/malwares, reverse engineering, programing and all kind of other stuff well you might like this one.

Check out my projects here: http://www.kittybomber.com/