Month: March 2016

CloudFlare: 94 Percent of Tor Traffic Is Automated or Malicious

Posted on Updated on

CloudFlare explains how it deals with Tor traffic. After being accused of intentionally sabotaging Tor traffic last month, CloudFlare has come forward with an official statement in which it explains why the company does what it does.

Regular Tor users are well aware of CloudFlare’s practice of showing CAPTCHAs to users who are accessing the websites of their clients using a Tor exit node IP.

According to CloudFlare, this measure was implemented after it constantly saw Tor IPs being abused for suspicious activity.

CloudFlare shows CAPTCHAs to Tor users because it has to

“Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious,” CloudFlare wrote yesterday. “That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers.”

This includes a large amount of comment spam, requests from vulnerability scanners, ad click fraud, content scraping, and login scanning.

On the matter of surveillance, also raised by members of the Tor Project, CloudFlare has denied that it tracks Tor users across its infrastructure, saying that they actually do the opposite, opting not to implement a super-cookie like system.

Nevertheless, CloudFlare admits that it does track and mark Tor exit node IP addresses and it also assigns them higher threat scores. Because the Tor Browser includes user anti-fingerprinting protection, and because CloudFlare says that it respects the project’s goal of providing anonymity to its users, it has no alternative than to show CAPTCHAs to users coming from a Tor-based IP.

The decision is controversial and will likely annoy legitimate Tor users, but to be fair, CloudFlare is a security firm, and all its clients hire its services for this purpose.

Most of CloudFlare’s clients would like to ban Tor traffic altogether

In fact, CloudFlare reveals that many of its clients would like to downright ban Tor traffic altogether, and it is only because of CloudFlare that this hasn’t happened yet.

The company explains that it intentionally left out options in its customer backend panel that would have allowed its clients to blacklist Tor, and only shows the option to whitelist Tor addresses or show a CAPTCHA field.

The decision was made because the company fears the scandal that would come with blacklisting Tor traffic altogether. CloudFlare understands why Tor was created in the first place and that it’s not the Tor Project’s fault that cyber-criminals are also using it.

The company has also recently started working with the Tor Project in order to create some sort of client-side solution in the Tor Browser itself, so CloudFlare and other security firms can distinguish legitimate Tor users from automated requests and ban the latter.

Additionally, CloudFlare also wants the Tor Project to start using SHA256 for generating .onion addresses. More of its clients could thus create .onion versions for their legitimate sites, where they could redirect Tor traffic and where CloudFlare wouldn’t have to display its CAPTCHAs, which in recent weeks have been failing at an astonishing high rate.


vBulletin resets passwords after a targeted attack

Posted on

vBulletin has suffered a severe attack last week that breached one of the Germany servers, in response it informed users that all passwords had been reset.

vBulletin has suffered a severe attack last week, in response it informed users that all passwords had been reset. According to the vBulletin developer Paul Marsden one of the Germany servers was breached by an unauthorized party.

“Due to the discovery yesterday of unauthorized access to of one of the VBG servers it is possible the hacker may have gained access to other vb systems as well. Therefore we have again taken the precaution of resetting all user password hashes. To be able to login to the site you will need to use the lost password functionality.
We apologise for any inconvenience this may cause.” said Marsden.

The attackers have breached the Germany (VBG – “”) server, a circumstance that could have allowed them to access other systems of the organization, including “” and “”

At the time I was writing there aren’t other details on the data breach, Marsden highlighted that hackers haven’t used any exploits, a claim supported by the fact that the hackers server doesn’t run any instance of the popular CMS.

Mardden believes attackers have carefully planned the attack:

“I can tell you it wasnt via any vB exploit – in fact, the VBG site doesnt run vbulletin. Someone clearly targetted the site, it was obvious they had planned this quite carefully.”said Marsden.

This isn’t the first time that the platform is targeted by hackers, in November 2015, the official forum was shut down after a hacker using the online moniker “Coldzer0” defaced it.

The website has been defaced and the forum was displaying the message “Hacked by Coldzer0.”

According to, vBulletin, Foxit Software forums have been hacked by Coldzer0 that stole hundreds of thousands of users’ records.

The hacker published screenshots that show he managed to upload a shell to the forum website and accessed user personal information, including user IDs, names, email addresses, security questions and answers, and password salts).

vBulletin forum hacked 2

As usual, I strongly suggest users to change the passwords on any other website where they shared the same login credentials.



Posted on Updated on

El motivo de los servicios de seguridad en redes informáticas es mantener seguro los activos de la información y proteger los recursos informáticos empresariales. Normalmente, las empresas se encuentran amenazadas por los riesgos y vulnerabilidades para estar conectadas al internet o manejar información confidencial de los clientes. Acerca de la seguridad de redes informáticas existen evidencias estadísticas avaladas por empresas de seguridad de redes informáticas que señalan que en los países como México, Brasil, Estados Unidos, Colombia, Argentina, UAE, India; dos de cada tres empresas sufrieron ataques sobre sus infraestructuras de redes informáticas (LAN).
Muchas empresas piensan que con el simple hecho de instalar un antivirus o cortafuego en la red ya están libres de riesgos, esto es un error muy común, hay riesgos relacionados con éstos, pero otros muchos que no lo están. Para preservar seguridad en redes informáticas, deben considerar todos los riesgos. Los riesgos informáticos pueden ser clasificados en riesgos externos y riesgos internos. Los riesgos externos se originan fuera de la red como un hacker externo de la red. Los riesgos internos se originan dentro de la red como un empleado o un hacker externo quien tiene acceso a los recursos de la red.
Según profesores del curso de seguridad en la red, los riesgos se presentan debido a las soluciones ineficientes de seguridad con las que cuentan las empresas y porque no existen conocimientos relacionados con la implementación de soluciones de seguridad en la red. Las soluciones de seguridad en redes informáticas protejan los recursos informáticos de los riesgos externos e internos. Además, la seguridad en redes informáticas es la clave para cumplir con las normas de protección de datos y conseguir la confianza de los clientes, mencionan los expertos de empresas de seguridad de redes informáticas. A continuación se presentan algunos de los mecanismos para mejorar la seguridad de red inalámbrica y alámbrica.



Si está configurando una red alámbrica, puede seguir algunos de los siguientes mecanismos de seguridad en redes informáticas recomendados por empresas de seguridad de redes informáticas.

  • Según el curso de seguridad en la red, para aumentar la seguridad en la red, debe activar la actualización automática de cada equipo y dispositivo de la red. Los sistemas operativos pueden instalar actualizaciones importantes automáticamente. Una actualización puede incluir parches de algunas vulnerabilidades, actualización para mejorar la experiencia del usuario y rendimiento.
  • Use un cortafuego/firewall que podría impedir los hackers que obtengan acceso a los recursos de la red. Un cortafuego permite controlar el acceso y filtra todas las comunicaciones en la red.
  • Implementar otras soluciones de seguridad de la red junto con cortafuegos permite aislar redes para evitar que cierto tipo de información fluya. Consultores de empresa de seguridad de redes, señalan que un firewall puede permitir accesos a la red local desde Internet si el usuario se ha autentificado como usuario interno. También los cortafuegos pueden tener la funcionalidad de Anti-Spam o debe usar una solución de Anti-Spam.
  • Los virus pueden meterse en una computadora por spam, discos duros, USB, CDs o por archivos que se descargan de Internet. Ya que cada día hay nuevos virus, debe actualizar el software antivirus de forma periódica. Los antivirus ayudan en la detección y en ocasiones, en la destrucción de virus. Según experiencia de los expertos de soluciones de seguridad de redes, existen diferentes tipos de soluciones de antivirus en el mercado. Consultores de empresa de seguridad de redes, señalan que los usuarios generales pueden usar antivirus gratis como de Avast pero los usuarios empresariales deben usar una solución adecuada dependiendo de tipo de infraestructura informática.
  • Use IDS- IPS (Sistema de detección de intrusos y prevención de intrusos). IDS- IPS son servicios de seguridad en redes que permiten detección de intrusos y prevención de intrusos. Un IDS/IPS detecta en una manera proactiva patrones complejos de tráfico y da una capacidad de responder a cualquier ataque inminente en su red. Según expertos de soluciones de seguridad de redes, sistema de detección de intrusos y prevención de intrusos es un software/hardware usado para detectar ataques cibernéticos a un computador o a una red. Los eventos generados por IDS/IPS debe ser supervisados por su equipo de TI o puede tomar ayuda de empresa de seguridad de redes informáticas quien con susservicios de seguridad en redes analizarán el tráfico de la red en tiempo real.
  • VLAN (LAN virtual) es un procedimiento de crear redes lógicamente independientes dentro de una red informática. Una red informática podría tener varias redes virtuales. VLAN es una de las importantes soluciones de seguridad de redes que divide los grupos de usuarios de una red física real en segmentos de redes lógicas. Explica profesor de curso de seguridad en la red que una VLAN consiste en una red de computadoras que se comportan como si estuvieron conectados al mismo conmutador. Usted puede configurar las VLANs mediante software en lugar de hardware, lo que las hace considerablemente flexibles. Para implementar más seguridad, puede aprender como configurar Prívate VLAN, Micro VLAN con el curso de seguridad en la red.
  • Una lista de control de acceso o ACL se usan para implementar seguridad lógica. ACL es uno de los mecanismos de seguridad en redes informáticas que ayuda determinar los permisos de acceso apropiados a un recurso de la red. ACL filtra tráfico de la red y solo permite el tráfico de red de acuerdo a alguna condición. Además ACL controla el flujo del tráfico en computadores, enrutadores y conmutadores de la red. Conforme los especialistas de los servicios de seguridad en redes la lista de control de acceso es una necesidad básica por cualquier red. Debe configurar reglas que detallan puertos de servicio, nombres de dominios, nombres de terminales junto con los permisos en ACL. Una combinación de VLAN y ACL es muy bueno para seguridad y puede aprender como configurar VLAN ACL’s con la capacitación de seguridad de redes.
  • Implementar mecanismos de seguridad en redes informáticas como IPsec (Internet Protocol security) por encriptación. IPsec es un conjunto de protocolos cuya función es asegurar las comunicaciones en la capa de red y en la capa de transporte, tanto en TCP como en UDP. IPsec ayuda en autenticación y encriptación de los paquetes. Según los especialistas de los servicios de seguridad en redes, IPsec es muy flexible, ya que puede ser utilizado para proteger protocolo de Internet (IP) y protocolo de transporte (TCP, UDP). Puede usar IPsec junto con las aplicaciones que usan SSL o TLS. También puede usar VPN por comunicaciones críticas o implementar una solución completa de IPsec.
  • Instalar servidores de TFTP, RADIUS dependiendo de las necesidades junto con otras soluciones de seguridad de redes mencionadas antes.
  • Activar servidores de logs que le ayudará grabar todo la actividad en la red. Acuerdo con los profesores de la capacitación de seguridad de redes este mecanismo es muy importante para hacer un seguimiento cuando se produce un incidente de seguridad.
  • Asegura las configuraciones de los equipos de la red y selecciona una configuración sabiendo el propósito de la configuración. Además debe cambiar los parámetros y configuraciones por defecto de conmutadores, enrutador etc. Por parte de las aplicaciones de la red, los expertos de servicios de seguridad en redes aconsejan que deba desactivar servicios que no se utilizan. Por lo tanto revisa en todos los sistemas qué servicios utilizan, y si no le sirven, desactiva y desinstala.
  • Tomar ayuda de proveedores/empresas de seguridad de redes para implementar políticas de seguridad, copias de seguridad y hacer auditoria de seguridad de la red junto con test de detección de intrusos y vulnerabilidades.


Si está configurando una red inalámbrica, puede seguir algunos de los siguientes mecanismos de seguridad en redes inalámbricas recomendados por empresas de seguridad de redes informáticas.

  • Debe configurar una clave de seguridad de red inalámbrica con WPA2-PSK activado. Con el cifrado activado, nadie podrá conectarse a su red sin la clave de seguridad y es muy difícil de hacer fuerza bruta. Esto ayudaría a impedir los intentos de acceso no autorizado a la red. Debe tener una clave de seguridad muy fuerte para que los ataques de diccionario no puedan romper la clave.
  • Debe cambiar el nombre y la contraseña de administrador predeterminados del enrutador o el punto de acceso. Además debe cambiar nombre de red inalámbrica predeterminado conocido como identificador de red (SSID). Puede usar alguna solución de seguridad de redes inalámbrica que ayudará cambiar las claves, contraseñas y SSID periódicamente.
  • Debe seleccionar la ubicación del enrutador o el punto de acceso cuidadosamente para que la señal no llegue afuera de sus instalaciones.
  • Puede filtrar direcciones MAC y permitir acceso al WiFi a los dispositivos conocidos. También hay opción de ocultar SSID para qué no está visible en búsqueda normal de redes disponibles.

Estos mecanismos de seguridad en redes informáticas son básicos para implementar seguridad en la red alámbrica e inalámbrica. Por seguridad avanzada, debe tomar ayuda de una empresa de seguridad de redes informáticas o tomar curso de seguridad en la red para implementar soluciones avanzadas.

Top 10 Tips To Protect Yourself From Hackers

Posted on

Follow these Top 10 Tech Security Tips To Keep Yourself Safe From Hackers.If you are surfing the net or your computer is linked in anyway to Internet, you would be aware of the risks that cyber criminals pose to you. Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. On the other hand, data security means protecting data, such as a database, from destructive forces and from the unwanted actions of unauthorized users.

Top 10 Tips To Protect Yourself From Hackers

Every computer user needs to know the basic things to keep their device and data secure. Given below are the few tips and habits that can help you:

10. Look Out for Social Engineering Attacks

Social engineering is the biggest security concern these days, as cyber thieves and hackers smartly gain access to your secure information either through mimicking other companies, phishing and other common strategies. You need to be careful of all the suspicious phone calls, emails, links and other communications that you receive. Also, it is known that most of the data breaches come from internal sources. Hence, awareness is the important key, as it may be astonishing to know that even security experts can be easily tricked or hacked into.

9. Make Your Phone’s Lock Code More Secure

Many of us consider that the default 4-digit PIN is the most secure locking code. However, it is not. It is always better to add an extra digit to make your phone more secure. For iOS and Android, go to settings and add one more digit to make your phone’s lock code more. Further, Android also has lock screen tools that lets you enhance your phone’s security. Lastly, it is recommended to change your PIN if it’s one of these.

8. Always Back Up Your Computer/Smartphone

It is vital to frequently backup and make duplicate copies of all your important data to keep it safe. You can use a backup system with CrashPlan, or Windows’ built-in tools or Mac’s Time Machine.

7. Install the Best Antivirus and Anti-Malware Software

To keep viruses and malware at bay, it is suggested that you use one antivirus tool, such as Sophos Anti-Virus for Mac or such as Avira for Windows, as well as an anti-malware tool for on-demand scanning, such as Malwarebytes.

6. Lock Down Your Wireless Router

The first line of defense for your home network is your router. To keep your Wi-Fi secure, you need to change the router’s administrator login, use WPA2 (AES) encryption, and change other basic settings.

5. Never Send Sensitive Information Over Email Unless It’s Encrypted

Sensitive information, such as your bank info, social security number, tax returns, or confidential business info, should never be sent over email without encryption. It’s too risky. Encrypt files with one of these tools before sending them or use a service like super simple ProtonMail or encrypt your emails with PGP. Encrypt all the things.

4. Don’t Use Public Wi-Fi Without A VPN

While using public Wi-Fi, it is important to use a network that has security. To stay safe on public Wi-Fi networks, your best defense will be to use a VPN (Virtual Private Network), which keeps you safe even in other conditions too.

3. Use A Password Manager

It is impossible to remember every password for each and every site and service you use. That’s where password managers come handy. While security and convenience are the features that you need to look for, however, select the password that has the features you need.

2. Use Two-Factor Verification

Two-factor authentication offers the extra layer of security that protects you in case your password gets stolen. Turn this feature on in all the places where you can use TwoFactorAuth. Further, if you lose your phone (most often used as the authentication device), you can still get back into your account if you plan ahead.

10. Frequently Review Your App Permissions and Security Settings

Lastly, you still have to be watchful and make sure your software is always up-to-date besides following the above steps. Always remember to update the router firmware or regularly clean up app permissions, such as Facebook, Twitter, Google or use a site like MyPermissions to clean up multiple services. You can even get a bonus for keeping up with your security needs, as Google sometimes offers free storage just for doing a security check.


How does it feel like to be a part of Anonymous explains Female Hacker

Posted on

Female member of Anonymous explains what it is like to be a part of the worldwide hacktivist group.Anonymous – The name generates awe in some while others view it with derision as being a group of script kiddies. Anonymous is a loosely associated international network of activist and hacktivist entities. It has no central leadership and can be loosely termed as a Internet gathering of like minded people. Anonymous began from a 4Chan board in 2003 and went on to become world’s premier hacktivism group. They have had their successes and misses in online campaigns and are famous for their DDoS attacks on corporate websites.

How does it feel like to be a part of Anonymous explains Female Hacker

Their latest flagship campaign which is underway is #OpISIS against the Islamic State of Iraq and Syria. This campaign was announced after the gruesome killings of innocent bystanders at Charlie Hebdo headquarters in Paris and was reinvigorated after the Paris and Brussels terror attacks. Under this campaign, Anonymous hacktivists have brought down thousands of ISIS linked websites and got Twitter and Facebook to ban propaganda pages belonging to ISIS affiliates.

What does it feel to a member of such an organisation. A female member of GhostSec, which is affiliated to Anonymous and a vital partner in #OpISIS, spoke to Huffington Post about how it feels to a female member of the hacktivist group.

The female hacker who chose to remain unnamed said that she was from United States and was working in computer field. When asked about how she felt working with GhostSec, she notes that, “I absolutely love my participation in GhostSec. When there’s something like this happening around the world (terrorism), I have trouble sitting on the sidelines. I’m happy to be involved in the fight against ISIS.”

She also confirmed about the shift in hacking tactics of Anonymous after the Paris attacks. “Currently, we are more focused on intel collection than on shutting websites down. So, we scour the Internet ­ social media, websites and the Darknet for terrorist activity. We then analyse data for threats, propaganda, etc. Any actionable intel is sent to the appropriate law­ enforcement agency,” she said.

Anonymous has been at the forefront of reporting terrorists related social media accounts of Facebook and Twitter. However, now there is a automated service which looks after that, the hacker noted,

“We no longer deal with reporting social media accounts. There are automated services, such as CtrlSec, which do that. So, that frees us up for intel collection. When I collect intel I usually leave the site up so that law­ enforcement can also analyse it and then they can shut the site down,” she said.

“Particularly egregious terror sites we shut down immediately due to the imminent danger they present. Terrorist sites that recruit fall under this category,” the hacker added.

The female hacker joined GhostSec and Anonymous after they launched #OpISIS, “I started helping them shortly after GhostSec joined #OpISIS. I was impressed with them and the work that they did and eventually ended up joining,” she notes.

When asked about how it feels to a female hacker, she said this about preconception of female hackers around the world, “Not that I’m aware of. People are a little more curious about it. But, I haven’t observed any discrimination of female hackers.”

When asked of her final words to describe Anonymous, she noted,

“One thing a lot of people seem to not be aware of is that Anonymous is a collective made up of many different groups and individuals with viewpoints across the political spectrum.

Often people are puzzled when they read that Anonymous has done something that seems totally opposite of the collective’s philosophy. There is no one philosophy, really.


Sophisticated Malvertising Campaign Abusing Baidu API Goes On for Five Months

Posted on

In wake of recent discovery, Baidu decides to disallow user-defined scripts and Flash content in its ads. A malvertising campaign has been ravaging Chinese users, employing the Baidu advertising platform, and abusing one of its ad APIs to push malware on the users’ computers.

The malicious campaign was first spotted in October 2015, but due to its highly sophisticated and multi-stage infection techniques, it was only understood and stopped in February 2016.

According to security researchers from FireEye, the attacker behind this campaign was using one of Baidu’s ad APIs to create malicious ads, which would later be displayed on legitimate websites.

Malicious content was (re)constructed on the client-side

The ad API allowed the crooks to embed a simple HTML redirector in the Baidu code responsible for loading the ads. This redirector would start a series of JS-based loops, which would load code after code, eventually landing a malicious iframe on the legitimate website.

A second iframe would be loaded later, and both would combine their own set of parameters that would be merged and form the URL where the actual malicious script resided. The malicious ad code would then instruct the user’s browser to download and automatically execute this script, which was a VBScript file.

In turn, this VBScript downloaded a trojan named Win32/Jongiti, which is a multi-purpose malware downloader that connected to a C&C server and downloaded other threats, based on the attacker’s instructions.

FireEye says that, while it monitored this campaign, it saw Jongiti download PUPs, keyloggers and pornographic content droppers.

As FireEye noted, the attack seems to be extremely effective against users running older IE versions, who are quite numerous in China. The attack doesn’t work on IE11, due to recent security measures added to the browser.

Baidu took security measures to prevent future attacks

After making their discovery, the security vendor contacted Baidu, who addressed the issue and even introduced some changes to its API service to prevent future abuses.

First of all, after March 31, Baidu will stop allowing users to upload custom scripts and Flash on its ad platform. This is a major move since this means that attackers wouldn’t be able to host malvertising content on Baidu’s platform and would need to find new techniques to exploit its service.

Secondly, Baidu has also made it mandatory for all new accounts to register using a phone number and domain name registration record. In China, these two have a real-name enforcement policy and will allow the company to track down attackers and hand them over to the police.

Malvertising campaign was using different vectors to hide malicious content

Malvertising campaign was using different vectors to hide malicious content


Tor Project says it can quickly catch spying code

Posted on

The organization has worked for three years to improve its ability to catch fraudulent software. The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.

There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.

Tor developers are now designing the system in such a way that many people can verify if code has been changed and “eliminate single points of failure,”wrote Mike Perry, lead developer of the Tor Browser, on Monday.


Over the last few years, Tor has concentrated on enabling users to take its source code and create their “deterministic builds” of Tor that can be verified using the organization’s public cryptographic keys and other public copies of the application.

“Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue,” Perry wrote. “From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered.”

Two cryptographic keys would be required for a tampered version of the Tor Browser to be distributed without at least initially tripping security checks: the SSL/TLS key that secures the connection between a user and Tor Project servers plus the key used to sign a software update.

“Right now, two keys are required, and those keys are not accessible by the same people,” Perry wrote in a Q&A near the end of the post. “They are also secured in different ways.”

Even if an attacker obtained the keys, in theory people would be able to check the software’s hash and figure out if it may have been tampered with.

Apple is fighting a federal court’s order to create a special version of iOS 9 that would remove security protections on an iPhone 5c used by Syed Rizwan Farook, one of the San Bernardino mass shooters.

A ruling against Apple is widely feared by technology companies, as it could give the government wider leverage to order companies to undermine encryption systems in their products.

On Monday, the Justice Department indicated it is investigating an alternative method to crack Farook’s iPhone, which if successful would not require Apple’s assistance.

Perry wrote that the Tor Project stands “with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software.”

Tor, short for The Onion Router, is a network that provides more anonymous browsing across the Internet using a customized Firefox Web browser.  The project was started by the U.S. Naval Research Laboratory but is now maintained by the nonprofit Tor Project.

Web browsing traffic is encrypted and routed through random proxy servers, making it harder to figure out the true IP address of a computer. Tor is a critical tool for activists and dissidents, as it provides a stronger layer of privacy and anonymity.

But some functions of Tor have also been embraced by cybercriminals, which has prompted interest from law enforcement. Thousands of websites run as Tor “hidden” services, which have a special “.onion” URL and are only accessible using the customized browser.

The Silk Road, the underground market shut down by the FBI in October 2013, is one of the most infamous sites to use the hidden services feature.