2014/04/25

Bad business: ALL major companies are hosting malware – Cisco | foodonia

Every single one of 30 major companies tested by Cisco over the course of 2013 had malicious traffic on their networks, according to an annual report released by the company.


Cisco analyzed network traffic on the 30 firms, and found that 100% of the companies were communicating with known malicious sites – and 96% of the firms communicated wiith servers that had been hijacked by cybercriminals, according to SC Magazine’s report.


“In spite of their best efforts to keep their networks free of malicious threats, all of the organizations Cisco examined during 2013 showed evidence of suspicious traffic,” the report’s writers concluded.


“There should be an assumption by all users, perhaps, that nothing in the cyber world can or should be trusted.”


“In addition, mobile malware is growing rapidly, which further increases risk. Most IT security teams don’t have the capabillity to identify potential threats from these devices.”


Mobile malware represented a small, but rapidly growing part of the threats Cisco analyzed – with 1.3% of Web malware on mobile devices, 99% of which was on the Android platform.


In addition, many of the networks analyzed appeared to be communicating with government or military sites, despite having no business reason to do so. This could be evidence that cybercriminals were using the networks as a platform to attack further targets.


“Traffic to these sites may not be a definitive sign of a compromise, but for organizations that do not habitually do business with the government or the military, such traffic could indicate that networks are being compromised so that criminals can use them to breach government or military websites and networks,” the report said.


The Register reports that Cisco’s analysts noted that many of the networks were calling malicious hosts for long periods – an indicator that penetrations of their networks were going unnoticed.


Cisco’s analysis was based on 200,000 IP addresses, 400,000 malware samples, 33 million files from endpoints and 28 million network connections.


The post Bad business: ALL major companies are hosting malware – Cisco appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/24

Twitter awash in miracle diet pills spam onslaught | foodonia

Twitter was flooded by an avalanche of spam from compromised accounts, leading to shortened links and pages promising miracle weight loss, diet pills, and products which would “change lives.”


The attack, which began around 2pm Pacific Time according to CNET’s report, appeared to be linked to third-party sites and apps connected to Twitter.


Ars Technica reported that early on in the attack, every single one of the Tweets contained the tag “via weheartit.com,” a site which hosts services for image sharing and promotion.


Twitter flagged the links in the spam as unsafe – CNET described one as leading to pages which spoofed Women’s Health magazine, and including phrases such as, “If I didn’t try this, my life wouldn’t have changed.” Another page offered a “miracle pill” for weight loss.


Ars Technica reports that researchers have yet to analyze the link to see if it attempts to install malware, but Twitter has flagged it as unsafe. The page referred to “garcinia cambogia” – a vegetable extract often used in weight loss supplements, and a favourite “miracle diet cure” of spammers.


Representatives of We Heart It Tweeted, “We’ve temporarily disabled sign-in and sharing via Twitter while we look into an issue. Please sign-in via email in the meantime.”


Time magazine commented that the attack showed the potential for “cascading” attacks online, as attackers enter via one service to attack the users of another.


Ars Technica’s Dan Goodin comments, “The incident is a potent reminder of how a security lapse of one site or app maker can cascade over to other sites and the millions of people who visit them. We Heart It, which in December said it had 25 million monthly users, allows users to share content directly on Twitter without leaving the site, presumably by using the OAuth authentication mechanism to link accounts between the two sites.”


The post Twitter awash in miracle diet pills spam onslaught appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/23

Google offers refunds all round for buyers of fake “Virus Shield” app | foodonia

Google is offering full refunds to buyers of the Virus Shield app which briefly topped the Android charts last week – but turned out to offer no protection whatsoever.


According to Tech Week Europe, Google emailed buyers saying, “We’re reaching out to you because you recently purchased the “Virus Shield” app on Google Play. This app made the false claim that it provided one-click virus protection; in reality, it did not.


“Google Play’s policies strictly prohibit false claims like these, and in light of this, we’re refunding you for your ‘Virus Shield’ purchase. You should see funds returned to your account within the next 14 days.


“Additionally we’d like to offer you $5 promotional credit, which can be used to purchase digital content on Google Play such as apps, games, books, music and movies. We’re sorry for any inconvenience this may have caused; rest assured that we’re always working to make Google Play better for our users.”


Deviant Solutions, he developer of the app had previously said that the version had been uploaded to the Play Store by mistake, telling the Guardian, “One of our developers simply made a foolish mistake,”The app version that was decompiled by AndroidPolice was not intended to be released. It was an early placeholder that our ui designer created. There was a mix-up between the version that contained the antivirus code for our app.”


Armed with an impressive-looking shield logo, security app Virus Shield shot to the top of the sales charts on Android last week, becoming the top new paid download on Google Play, according to Appbrain’s statistics – and offering “protection for personal information”.


There was one, tiny, problem: the app was a fake. Virus Shield wasn’t a Trojan or spyware – both of which are common on Google’s unpoliced app store, as reported by We Live Security here, it just didn’t do anything.


The app was downloaded more than 10,000 times, at a price of $4, according to Android Police, and users rated it an impressive 4.7 out of 5. Neowin described the app as “a complete scam”.


Recruiting experts via Google Plus, Android Police analyzed the code of Virus Shield, and found that its only function was that the logo changed slightly when tapped on the touchscreen. The code contained no other security features whatsoever.


The reviews were presumably fake – but the high score was enough to tempt a sufficient number of buyers to gain the app some explosure on the store, according to Gizmodo. ESET’s guide to spotting scammy apps details some of the tricks used to sell malicious – or useless – apps. Popular game FTL appeared on Play, but buyers were forced to give it a five-star rating to start playing. It didn’t work, of course.


Virus Shield promised that it “Prevents harmful apps from being installed on your device” and “protects your personal information.”


The app was pulled from the store by Google, but a search for its name reveals a huge number of ‘antivirus’ apps from unknown developers, offering vague promises of protection for phones.


ESET’s guide to how to spot – and avoid – such apps details telltale signs that an app isn’t what it seems. Like many ‘fakes’, Virus Shield was by an unknown developer, whose descriptions on other sites were less than flattering.


Android Police wrote, “Let’s not mince words here. This is fraud, pure and simple, and the developer “Deviant Solutions” potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it’s on the top of the charts, at least a few people will be buying it in the belief that it will protect them.”


The post Google offers refunds all round for buyers of fake “Virus Shield” app appeared first on We Live Security.






Brought by: http://foodonia.com

AOL diet spam email assaults world | foodonia

A flood of emails seemingly from AOL addresses has hit inboxes around the world, as the company locks down its email service and investigates whether customer accounts have been hacked.


The Register reports that the spam, which is diet-themed, seems to originate from an intensive “spoofing” attack. The site joked that the flood of email from AOL may have made some users feel they had “fallen into a time rift, and it’s the Nineties.”


AOL has posted a page to help consumers, and explains, “”spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it.”


PC Mag reports that the company said: “These emails do not originate from AOL and do not have any contact with the AOL Mail system – their addresses are just edited to make them appear that way. The message actually originates from the spammer’s email account and is sent from the spammer’s email server.”


PC World advises that the easiest way to tell if you’ve been affected by the AOL diet spam is to look for “bounce backs” from emails you did not send, but instead were sent by the “spoofed” address.


It’s still unclear if any AOL accounts actually have been hacked. USA Today reports that some users reported via Twitter that their accounts had been hacked.


In a blog post, AOL said, “Today we moved to change our DMARC policy to p=reject. This helps to protect AOL Mail users’ addresses from unauthorized use. It also stops delivery on what previously would have been considered authorized mail sent on behalf of AOL Mail users via non-AOL servers. If you’re a bulk sender on behalf of AOL addresses, that probably includes mail sent from you.”


“AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints. We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.”


The post AOL diet spam email assaults world appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/22

Fake Facebook app attack can lead to your Android being spied upon, and your bank account being hacked | foodonia

Are you a Facebook user?


If so, be on your guard if you see a screen like the following popping up on your screen:



Verification


Welcome back


Due to a rising number of attempts in order to gain unlawful access to the personal information of our users and to prevent corrupted page data to spread Facebook administration introduces new extra safety protection system. It’s free and it keeps you safe. Our IT specialists developed unique software tool for safe and secure authorization. With this software you don’t need any extra account profile or password all you need is to install it and everytime you log in you will input an access code generated by the software on your personal phone. We care for our users, protection of their private information is one of the priorities. Meanwhile application might not be available for some operating systems.


[Prompt for mobile phone number]



Facebook web injection

Hopefully the poor grammar is enough to trigger your alarm bells, and prevent you from entering your mobile phone number.


But if it’s not, there is a risk that malicious hackers could soon be listening in to the calls made on your Android smartphone, intercepting your SMS text messages, and even listening in to any private conversations you are having in the vicinity of your phone.


And, if the hackers can read your SMS messages, they can potentially break into your online bank accounts too.


ESET threat researcher Jean-Ian Boutin detailed the latest incarnation of this threat last week, in a blog post on We Live Security.


Here is how the attack works.


The message you have seen pop up while you are logged in to Facebook isn’t from Facebook itself, but it’s not the case that Facebook’s website has been hacked either.


Hackers are using a notorious banking Trojan horse called Win32/Qadars to display the bogus message from Facebook, in an aggressive attempt to infect Android smartphones.


The Windows-based malware is being used to inject the message into your web browser via JavaScript – making it appear, to all intents and purposes, as if Facebook’s website is serving up the form.


If you make the mistake of giving the form your mobile phone number, you are prompted to download an app onto your Android smartphone.


SMS verification


Regular readers of We Live Security won’t be surprised to see that the app download is hosted on a third-party site, rather than the more trusted official Google Play store, meaning that you may have to change your Android settings to permit the installation:


Malicious Android app install


This should be, of course, another opportunity for alarm bells to ring in your head. If Facebook was rolling out a new security feature, that required the installation of a new app on your Android phone, wouldn’t they use the regular Android app store to distribute it?


And why would the app need God-like admin powers over your smartphone which mean it could, if it wished, completely wipe all of the data on your device?


The truth is, of course, that the attack is trying to dupe you into installing an Android Trojan horse called iBanking (detected by ESET security products as Android/Spy.Agent.AF) onto your smartphone.


Once in place, the Android Trojan can spy on the phone’s activities, including private voice calls, stealing SMS messages, contact lists and call logs, recording audio captured by the Android devices’s microphone even when it’s not making a call, and grabbing the device’s GPS co-ordinates.


In the past, the iBanking malware has been used to bypass two-factor authentication systems, intercepting the mTANs (mobile transaction authorization numbers) sent via SMS by many online banks, as well as popular internet services such as Google, Twitter and – indeed – Facebook itself.


Clearly the online criminals recognise that more and more people are recognising the value of enabling two factor authentication on their online accounts, and evolving their malware to try to waltz around it.


Although the malware can be used to steal two factor authentication tokens for a variety of websites, including social networks, it seems likely that the principal targets for this kind of malware will still be online bank accounts for some time to come.


After all, that’s where the big money is.


Further reading:



The post Fake Facebook app attack can lead to your Android being spied upon, and your bank account being hacked appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/15

Heartbleed claims British mums and Canadian tax payers as victims | foodonia

The critical security vulnerability in OpenSSL known commonly as “Heartbleed” continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.


For instance, Mumsnet – a phenomenally popular British parenting website with 1.5 million registered users – has reported that its servers were not only vulnerable, but that users’ data had been accessed as a result:



On Friday 11 April, it became apparent that what is widely known as the ‘Heartbleed bug’ had been used to access data from Mumsnet users’ accounts.


Heartbleed is a security hole that existed in OpenSSL, the security framework which most websites around the world use. There’s a summary of Heartbleed and its effects here.


On Thursday 10 April we at MNHQ became aware of the bug and immediately ran tests to see if the Mumsnet servers were vulnerable. As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it seems that users’ data was accessed prior to our applying this fix.


So, over the weekend, we decided we needed to ask all Mumsnet users to change their passwords. So, you will no longer be able to log in to Mumsnet with a password that you chose before 5.45pm on Saturday April 12, 2014.


We have no way of knowing which Mumsnetters were affected by this. The worst case scenario is that the data of every Mumsnet user account was accessed. That’s why we’ve required every user to reset their password.



I must admit I was a little puzzled by the statement. One of the “features” of the Heartbleed bug is that it doesn’t leave any clues that systems have been compromised, making it hard for sites to know that they have fallen victim.


However, BBC technology reporter Rory Cellan-Jones got to the bottom of the mystery when interviewing Mumsnet chief executive and founder Justine Roberts about the security scare.


In that report, Roberts says that she became aware that hackers had accessed users’ passwords when her own Mumsnet account was used without permission by a hacker, who subsequently posted a message claiming that they had accessed the account after exploiting the Heartbleed OpenSSL flaw.


A smoking gun and convincing evidence that Heartbleed was involved? Perhaps not. After all, perhaps Roberts was phished or had keylogging spyware on a computer that she had used that grabbed her password.


Mumsnet Heartbleed advisory


However, Mumsnet was perhaps wise under the circumstances to assume the worst and force members (known as Mumsnetters) to reset any password created on or before Saturday.


And I was pleased to see as well that Mumsnet recommended users change their passwords anywhere else on the net where they might be using the same password.


It’s worth everybody realising that you should never use the same password in more than one place – otherwise you could have an account breach on a site which might not be critically important (Mumsnet, for instance) leading to much more serious hacks of your personal information elsewhere.


Meanwhile, in other news from the other side of the great Atlantic pond, the Canadian tax agency has revealed that social insurance numbers of about 900 taxpayers were removed from CRA systems by hackers exploiting the Heartbleed vulnerability.



Regrettably, the CRA has been notified by the Government of Canada’s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period. Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability. We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed.



Again, it’s not clear how the Canadian authorities determined that the Heartbleed security hole had been the vehicle for stealing the tax payers’ information.


But one thing is obvious. Now it has been publicly proven how easy it is to exploit Heartbleed, we can expect more and more online criminals to try their luck, and see what information they might be able to glean from online companies and websites that have not taken sufficient steps to protect the data on their servers.


The post Heartbleed claims British mums and Canadian tax payers as victims appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/10

Windigo not Windigone: Linux/Ebury updated | foodonia

There have been some interesting new developments since we published our report on Operation Windigo. In this blog post you will read about a Linux/Ebury update, more details around our publicly released indicators of compromise (IOC), and we wanted to thank the security community for its help since the release of the report.



Updates to Linux/Ebury



As previously described at length, Linux/Ebury is an OpenSSH backdoor and credential stealer that is the backbone of the operation. It provides the malicious group with all the server resources it needs to run all the other malware services, be it Linux/Cdorked, Perl/Calfbot, or its own infrastructure.


As we were in the process of publishing the report, we stumbled upon version 1.3.5 of Linux/Ebury. We shared the sample, but were unable to provide more details about it in the original report due to time constraints.


The criminal gang behind Linux/Ebury has updated the code that deals with the shared memory segment so as to restrict its permissions. The permissions were rather broad previously (666) and they have restricted them to only the owner (600). We believe this was done in response to the Ebury FAQ published before our report by CERT‑Bund, which recommended looking out for shared memory with broad permissions (666). This small change could trick the administrators of infected systems into believing that their machines are not infected after all.













Version 1.3.5 Older versions
Ebury shared memory segment creation in version 1.3.5 Ebury shared memory segment creation before version 1.3.5


Updated Indicators of Compromise (IOC)



Both CERT‑Bund’s FAQ and our own IOCs have been updated to reflect the new permissions. This update doesn’t affect the ssh -G check, but we expect that the malicious group is working on an update right now to defeat this easy check. We will post an update to our blog if that happens.



How to determine if you are infected



Based on the feedback we received, we decided to give more details about the techniques one may use to determine if a machine is infected with the various pieces of malware from this operation.


Here we will focus on several commands and tools useful for system administrators or power-users to investigate individual systems under their control. For larger providers we advise that you look at the network-based indicators that we provided when we released our report.



Linux/Ebury



The backdoored ssh associated with Linux/Ebury carries additional “features” that were added to ssh to accommodate the malicious operators. The -G parameter is one of those. The ssh -G indicator thus relies on the fact that on a clean system there is no -G switch, meaning that when issuing the command one gets the following error:



ssh: illegal option -- G

Here is what the console looks like on a clean system:



$ ssh -G
ssh: illegal option -- G
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]

Here is what the console looks like on an infected system:



$ ssh -G
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]

There is no mention of the illegal option. Note that newer versions of OpenSSH will output unknown instead of illegal.


The command that we provided in our previous blog take advantage of this behavior, printing “System clean” if the words “illegal” or “unknown” were matched in the output of ssh -G and printing “System infected” otherwise.



ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

One case of a false positive that was brought to our attention was that this technique is ineffective if the Linux distribution used on the system had applied the patches for X.509 certificate support in OpenSSH. Gentoo with the X509 USE flag is one such distribution. Use the shared memory inspection technique described below in that case.


Shared Memory Inspection


Linux/Ebury relies on POSIX shared memory segments (SHMs) for inter-process communications. Currently, it uses large segments of over 3 megabytes of memory.


First, a word of caution: other processes could legitimately create shared memory segments. Be sure to verify that sshd is the process that created the segment, as we show below.


Identifying large shared memory segments can be done by running ipcs -m as root:



# ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch
0x00000000 0 root 644 80 2
0x00000000 32769 root 644 16384 2
0x00000000 65538 root 644 280 2
0x000010e0 465272836 root 600 3282312 0

Looking for the process that created the shared memory segment is possible with the ipcs -m -p command:



# ipcs -m -p
------ Shared Memory Creator/Last-op PIDs --------
shmid owner cpid lpid
0 root 4162 4183
32769 root 4162 4183
65538 root 4162 4183
465272836 root 15029 17377

Checking whether the process matches sshd with a ps aux piped in grep with the process id (replacing 15029 with the proper process ID found with ipcs):



# ps aux | grep 15029
root 11531 0.0 0.0 103284 828 pts/0 S+ 16:40 0:00 grep 15029
root 15029 0.0 0.0 66300 1204 ? Ss Jan26 0:00 /usr/sbin/sshd

An sshd process using shared memory segments of around 3 megabytes (3282312 bytes in this case) is a strong indicator of compromise.



Linux/Cdorked



There are a few approaches one can use to detect whether a server is infected with Linux/Cdorked. A simple way is to leverage a specific behavior of the backdoor that redirects any requests to /favicon.iso to Google.


Running this simple curl command:



curl -i http://myserver/favicon.iso | grep "Location:"

will result in the following output on an infected server:



$ curl -i http://myserver/favicon.iso | grep "Location:"
Location: http://google.com/

Depending on configuration, a clean site will return either nothing on this particular command, or a different Location header. Further inspection can be done by removing the grep portion of the command: curl -i http://myserver/favicon.iso.


Additionally, one can look at the shared memory segments similarly to the Linux/Ebury case except that the process creator of the shared memory will be apache (httpd), nginx or lighttpd. On newer variants of Linux/Cdorked remember that the permissions are more strict than before (600 instead of the previous 666).


Be careful when looking for shared memory segments since they could be normal depending on your setup. For example we know that suPHP uses shared memory.



Perl/Calfbot



The presence of a /tmp/... file reveals that a server is infected and the file creation timestamp will accurately reflect the infection time. However, if the server is rebooted or the C&C server sends a KILL command, the file will still be present but the malware will not be running anymore. In order to confirm an active infection, one must test for the presence of a lock on /tmp/... using the following command:



flock --nb /tmp/... echo "System clean" || echo "System infected"

If a system is infected, lsof can be used to see what process owns that lock:



lsof /tmp/...

The following command can also be used to confirm that the targets of the /proc/*/exe symbolic links are the real crond executable:



pgrep -x "crond" | xargs -I '{}' ls -la "/proc/{}/exe"

Anything looking like "/tmp/ " (with a space) in the output is very suspicious.


Note that pgrep requires the procps package. If you can’t install pgrep replace



pgrep -x crond

with



ps -ef | grep crond | grep -v grep | awk '{print $2}'


It’s far from over



After we released our report, we saw the malicious group reaching out to infected systems and reconfiguring them using the Xver command. Unfortunately this prevents us from reliably estimating the number of systems that were cleaned.


Since this command is one of those that triggers our Linux/Ebury snort rule, we would advise ISPs or hosting providers to try to monitor their whole network and protect their customers.



Thank you security community!



Thanks to the widespread interest in our research, we were able to raise awareness of this operation to a point where we have been contacted by many other researchers. We have engaged in new collaborations, received more samples and are getting more and more people notified and systems cleaned. These new collaborations are leading to reinvigorated efforts to shut down this operation — or at least impede its effectiveness.


We would like to invite anyone who is affected by the operation and would like to help take it down to reach us at windigo@eset.sk.


Linux/Ebury – Version 1.3.5 – libkeyutils.so : e2a204636bda486c43d7929880eba6cb8e9de068


The post Windigo not Windigone: Linux/Ebury updated appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/09

NSA revelations shake faith in tech U.S. firms as Harris poll shows public conflicted | foodonia

The National Security Agency (NSA) surveillance activities revealed by former CIA contractor Edward Snowden appear to be taking a serious toll on public confidence in technology companies in America, such as Internet service providers and software companies, according to a Harris poll commissioned by ESET. The poll found that two-thirds of adult Americans who said they are at least somewhat familiar with the NSA revelations believe such companies have violated the trust of users “by working with the government to secretly monitor communications of private citizens.”

nsa-harris-eset-violated-640s67

That violation of trust led 60% of those Americans familiar with the NSA revelations to agree with this statement: “I am say now less trusting of technology companies…as they may be assisting the government in surveillance of private citizens.”


Taken together with the changes in online behavior uncovered by the same poll and reported on We Live Security last week, these findings support the idea that economic fallout from the NSA’s activities may be broader than first thought. With well over half of the respondents signalling a decline in trust, it is reasonable to ponder the impact of this phenomenon on the uptake of technology products and services.

nsa-harris-eset-less-trust-640s60

We already know that a small–but in my opinion significant–percentage of people are reducing their use of technology, so is there a trend toward delaying or modifying the purchase of software or Internet services? While the ESET survey did not address this question directly, I would love to see major media organizations and public opinion researchers exploring questions like this.


In fact, we did get two interesting data points from a poll released last week by Reason-Rupe. The poll covered a wide range of social and political issues in America and included this question: “Which of the following do you trust the most with your personal information?” The choices included the IRS, the NSA, Google, and Facebook. The results, which echo some of the ESET findings I will report in a moment, indicate that the two tech giants have a lot of work to do when it comes to public trust. Both the IRS and NSA were trusted more than Google and Facebook, who were ranked as most trusted with personal information by just 10% and 5% of the survey subjects respectively. Even though many Americans dislike the IRS, it was trusted by more than a third of respondents (35%), whereas the NSA was trusted by less than one in five (18%).


When it came to the second privacy-related Reason-Rupe question, “Who do you think is most likely to violate your privacy?” the NSA topped the list at 36%. Facebook was ranked second most likely to violate privacy at 26%, while Google was relatively well-regarded at 10%. We will return to this aspect of trust in a moment.


Tech distrust tempered by public safety concerns?


While the ESET survey revealed considerable levels of mistrust and antipathy toward technology companies among people familiar with the NSA revelations, arising from the apparent involvement of firms in secret government surveillance, these sentiments were not universal. A significant number of the same group of people, familiar with the NSA revelations, people told us companies should cooperate in government surveillance efforts. Indeed, just over half said companies should cooperate. nsa-harris-cooperate-640s52

So what is going on here? Another statistic might provide a clue. We found that mass surveillance has a fair number of supporters in America. Of those Americans who were surveyed and who said that they were at least somewhat familiar with the NSA revelations, 57% agreed that mass surveillance at the scale revealed by Snowden helps prevent terrorism (versus 43% that disagreed). Note that the statement says “scale” revealed and not type, and therein may lie another clue.

nsa-harris-helps-640s57

I get the impression that people see value in surveillance as a defense and deterrent, but they are not necessarily happy with the way the government has gone about the surveillance. I’m not saying that’s the only way to interpret the survey results, but that is my best guest, bolstered by one more finding: the number of people who “believe there should be new laws implemented to better regulate government surveillance.” An impressive 81% of American adults who said they were at least somewhat familiar with the NSA revelations agreed with that statement.

nsa-harris-eset-laws-640s81


Whether or not American politicians and political candidates are asking the same question and getting the same answer, I don’t know. However, as the mid-term elections get closer, and position statements on surveillance legislation are publicized, we may find out.


Cyber crime vs. government surveillance vs. companies


We have already seen some political responses from the very same technology companies about whom the public has strongly mixed feelings. I think there will need to be much more of the same if said companies are to lower the level of concern we discovered when we asked: Which one of the following aspects of surveillance and data gathering concerns you the most? Well over half (58%) of Americans familiar with the NSA revelations are most concerned about surveillance and data gathering by companies for profit.

company-profit-surveillance-concern


Just as tech companies will need to keep working on earning the public’s trust, companies and organizations of all kinds will need to be vigilant when it comes to cyber crime. Why? Because our survey suggests that, when it comes to the security of their personal information, people are far more worried about criminal hackers than government data gathering.


Over two-in-five (42%) Americans familiar with the NSA revelations are most worried about criminal hackers stealing information (e.g., personal details, passwords, bank or credit card information) from a company or service they trusted (either online of offline). A further one third (33%) are most worried about criminal hackers stealing information.


I grouped those two responses in the following pie chart, which also reflects the 18% of those surveyed who are most worried about secret surveillance and data gathering directed by the government at private citizens such as themselves, plus a small percentage who are either worried about some other security risk or not worried at all.

nsa-slices-of-security-concern


What should tech targets and other companies do?


If your tech company is likely to be a target of the negative sentiment reported here, you might be wondering what you should be doing to win back confidence. In my opinion the watchword is transparency. Be as open and honest as you can about how you deal with government requests for data. Publicize your policies on this and every other aspect of data privacy. Be proactive in starting a conversation about privacy with your customers.


You should also give serious consideration to taking visible political action. If there is a bright spot in the attitudes we have observed it is that 74% of people we interviewed in an NSA related survey late last year said they would admire a company “that took a stand against unlimited government access to my personal information.”


And what if you’re not a tech company, or don’t consider your firm to be tarnished by the Snowden/NSA revelations? I think you still need to be sensitive to the opinions we uncovered. They are yet another indicator that the American public is more sensitive than ever about how their personal information is handled. Not that the NSA is the only factor in play. There is no doubt in my mind that the massive security breach at Target, revealed in the closing days of 2013, has further fueled data privacy concerns. Again, my advice is to embrace transparency and be up front about your privacy policies and commitment to data security. Given the blanket media coverage of the NSA revelations and the Target breach, organizations can no longer claim to be surprised if there is a data breach and the data subjects get very upset.


Survey Methodology: The survey was conducted online within the United States by Harris Poll on behalf of ESET from February 4-6, 2014 among 2,034 U.S. adult adults ages 18 and older, among which 1,691 are at least somewhat familiar with the NSA revelations. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact esetpr@schwartzmsl.com.


Survey Reporting: Unless otherwise noted in the text, percentages reported for responses refer to the 1,691 persons who said they were at least somewhat familiar with the NSA revelations.


The post NSA revelations shake faith in tech U.S. firms as Harris poll shows public conflicted appeared first on We Live Security.






Brought by: http://foodonia.com

“New weapon” against malware intrusion designed by American student | foodonia

A new technique for spotting cyber attacks has been designed by a young American student – and could prevent attacks against planes and power plants, by looking for abnormal communications within computers, rather than sifting for malicious software.


Patricia Moat, a doctoral student who talked of her ambitions in a student magazine at Binghamton University, says, “This is like catching an intruder coming into your house. And it excites me to do something most people have never done.”


Moat is working with a team funded by the Air Force Office of Scientific Research, uses a system which scans for “system calls” – communications between applications and a computer’s operating system, such as Windows. IT can defend against attacks which other methods – such as scanning for malware – can’t, according to Computer magazine.


Spotting ‘abnormal’ calls can be key to stopping disasters, according to her supervisor Victor Skormin. Moat’s supervisor Victor Skormin says that the approach can be used on many different computerised systems: he gives the example of planes misdirected to land short of a runway, or of power grids robbed of electricity, as reported by Homeland Security’s in-house magazine.


“Actually, it’s a war taking place in cyberspace, and it requires many different weapons and defenses,” Skormin says. “There are many existing attacks that our application works against very successfully.”


Moat and Skormin’s technology monitor all the signals sent between applications and the operating system – system calls happen constantly, such as when an application accesses files – but looks for abnormal calls, by comparing a system’s behavior with its state of “normalcy”


By designing a system which looks for abnormal behaviour in the way that many different systems operate, the tteam may be able to fend off novel attacks – even ones built to attack one specific system.


The post “New weapon” against malware intrusion designed by American student appeared first on We Live Security.






Brought by: http://foodonia.com

‘Heartbleed’ encryption flaw leaves millions of sites at risk | foodonia

A flaw in an encryption technology used to protect major websites including Yahoo has left a huge amount of private data at risk – researchers advise internet users to change all their passwords.


The bug, known as ‘Heartbleed’ is described as one of the “most serious security flaws ever found” according to the Telegraph’s report. It afffects the open-source encryption software OenSSL – which is used on millions of web servers – and has been undiscovered for more than two years. The Telegraph reports that it could have been used to steal passwords, credit card details and even encryption keys, without trace.


Threatpost says that the vulnerability has affected major sites including password manager LastPass and the FBI’s web presence, and says, “Attacks can leak private keys, usernames and passwords and other sensitive data, and some large sites, including Yahoo Mail and others, are vulnerable right now.” Threatpost says that a proof-of-concept exploit for the bug has already been posted on coding site Github.


The researchers who discovered Heartbleed say that it has left private keys, and other secrets exposed “for years”. The researchers tested the vulnerability themselves and were able to, ““We have tested some of our own services from an attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information, we were able steal from ourselves secret keys, usernames and passwords, instant messages, emails and business critical documents and communication.”


The bug was discovered by researchers from Finnnish firm Codenomicon working with Google. A dedicated website helps to explain some of the risks – although the researchers admit they do not know how widely teh bug has been exploited.


“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet,” the firm writes.


“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”


ESET Senior Research Fellow David Harley offers advice on how to deal with problem, “Sites that have never run the 1.0.1 and 1.0.2-beta releases of OpenSSL including 1.0.1f and 1.0.2-beta1 shouldn’t be panicking about this, but those that are running them need to upgrade to 1.0.1g or recompile -DOPENSSL_NO_HEARTBEATS, as recommended by the OpenSSL security advisory. However, they should also be looking for and revoking (and reissuing) compromised keys, and changing user passwords. This applies even to sites that ran a vulnerable version for a while but have upgraded since, as the bug has been around since 2011. While I haven’t checked all the links and resources listed there, this site looks like an excellent starting point for sites that need to know more about the problem and its remediation, as well as the heartbleed.com page. It’s worth remembering that some embedded devices also use OpenSSL: it isn’t just a server issue.”


Open SSL wrote on their site, “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1.”


The post ‘Heartbleed’ encryption flaw leaves millions of sites at risk appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/08

If you love someone, upgrade them from XP | foodonia

Sting famously sang “If you love someone, set them free.”


Here’s my suggested improvement: “If you love someone, upgrade them from XP.”


It’s not actually such an odd connection to make. Way back in October 2001, Sting gave a free concert in New York’s Bryant Park to “celebrate the launch of Microsoft Windows XP”.


Don’t believe me? Here’s the press release, and a photo of the lute-playing Geordie in action at the event:


Sting


Why am I singing variations on songs by the former lead singer of The Police?


Well, today is the last day that Microsoft will be publishing security patches for Windows XP.


That’s clearly bad news for computer users who are still using the ageing operating system, as there is no doubt that malicious hackers will attempt to exploit the millions of vulnerable PCs out there.


And that’s why we’re calling on you to help.


Chances are, if you’re reading We Live Security, that you’re a tech-savvy computer user with a healthy interest in information security. Maybe you actually work in an IT department, or are responsible for keeping the computers in your home or office safe-and-sound from malware attacks.


And, if you’re regularly reading We Live Security, you will have seen plenty of warnings about the upcoming demise of Windows XP support and – hopefully – have taken steps and measures to ensure that computers under your care will not be affected.


Seeing as Microsoft first announced the end-of-life for Windows XP way back in 2007, it’s hard for anyone to complain that they haven’t been given enough time to sort something out.


However, there are millions of computer users out there who are blissfully ignorant of the XP cut-off date. They may not even know if they have Windows XP installed or a different versions of Windows (if that’s the case, here’s a helpful website which can tell you in the blink of an eye).


And I believe that it us, the nerdy geeks who are into computers and follow the security news, who have a moral right to help the great unwashed.


If you have friends or family who you suspect might be using a creaky old version of Windows, which might be XP, then now is the time to pay them a visit and offer them a helping hand.


Chances are that your Aunty Hilda doesn’t know how to upgrade to a more modern version of Windows, or is frightened of making a mistake, and they could do with the support of someone friendly to help them make the switch.


And, if their computer is too old or doesn’t have powerful enough hardware to run a more modern version of Windows, don’t forget there are alternatives out there.


Maybe now would be a good time to switch to an alternative operating system such as one running a flavour of Unix (I realise that’s not a great option for many users, and may terrify them more than visiting the shops to buy a newer PC).


Alternatively, if they find some spare cash down the back of the sofa and have been seen gazing longingly at Apple’s trendy gadgets, maybe they would be open to splashing out on an Apple MacBook or iMac?


The important thing is for users to switch from Windows XP as soon as possible, before their computers are attacked and compromised.


The first step is to raise awareness of the issue. You can do that this weekend by paying them a visit, and offering to take a quick look at their PC for them.


The next step is to do something about it. Again, you can help to advise on what the best steps for that particular individual is.


But, whatever you do, don’t leave your friend or family member in the lurch when it comes to XP. Be a decent net citizen and lend them a helping hand, at what could be – for many – a baffling time of change and adjustment.


Further reading:



The post If you love someone, upgrade them from XP appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/07

Swooping robot attack which felled triathlete “may be work of hackers” | foodonia

A competitor in an Australian triathlon was hospitalized with injuries and “pieces of propeller in her head” after a drone plunged from the sky, causing head injuries.


The competitor, Raija Ogden was treated by paramedics at the scene after the UAV (Unmanned Aerial Vehicle) suddenly plunged from the sky, hitting her on the head. The UAV had been filming the race.


The vehicle, a helicopter-style ‘drone’ may have been attacked by hackers, according to the owner of New Era Photography and Film, who said the incident appeared to be “suspicious”, according to local paper Everything Geraldton.


“We are currently in discussions with the videographers to assess how the incident occurred and the circumstances surrounding the accident,” the drone’s owner, Warren Abrams, said.


Sky News reported that Abrams claims that initial investigations show that someone “channel hopped” the aerial device – making it uncontrollable. Abrams claimed that a similar incident had affected the drone earlier in the day. .


Network World reported that Ogden said, “I have lacerations on my head from the drone and the ambulance crew took a piece of propeller from my head. My hair was completely red with blood. I didn’t hit the ground.”


The Register reported that the Australian Broadcasting Corporation said that the drone’s operators had concluded that “channel hopping” was involved, and commented, “perhaps it is time for sports administrators to give some serious consideration to airspace management?”


The post Swooping robot attack which felled triathlete “may be work of hackers” appeared first on We Live Security.






Brought by: http://foodonia.com

“Virus Shield” app is top-selling hit – but does absolutely nothing | foodonia

Armed with an impressive-looking shield logo, security app Virus Shield shot to the top of the sales charts on Android last week, becoming the top new paid download on Google Play, according to Appbrain’s statistics – and offering “protection for personal information”.


There was one, tiny, problem: the app was a fake. Virus Shield wasn’t a Trojan or spyware – both of which are common on Google’s unpoliced app store, as reported by We Live Security here, it just didn’t do anything.


The app was downloaded more than 10,000 times, at a price of $4, according to Android Police, and users rated it an impressive 4.7 out of 5. Neowin described the app as “a complete scam”.


Recruiting experts via Google Plus, Android Police analyzed the code of Virus Shield, and found that its only function was that the logo changed slightly when tapped on the touchscreen. The code contained no other security features whatsoever.


The reviews were presumably fake – but the high score was enough to tempt a sufficient number of buyers to gain the app some explosure on the store, according to Gizmodo. ESET’s guide to spotting scammy apps details some of the tricks used to sell malicious – or useless – apps. Popular game FTL appeared on Play, but buyers were forced to give it a five-star rating to start playing. It didn’t work, of course.


Virus Shield promised that it “Prevents harmful apps from being installed on your device” and “protects your personal information.”


The app was pulled from the store by Google, but a search for its name reveals a huge number of ‘antivirus’ apps from unknown developers, offering vague promises of protection for phones.


ESET’s guide to how to spot – and avoid – such apps details telltale signs that an app isn’t what it seems. Like many ‘fakes’, Virus Shield was by an unknown developer, whose descriptions on other sites were less than flattering.


Android Police wrote, “Let’s not mince words here. This is fraud, pure and simple, and the developer “Deviant Solutions” potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it’s on the top of the charts, at least a few people will be buying it in the belief that it will protect them.”


ESET’s in-depth guide to spotting ‘bad’ apps on Google Play can be found here.


The post “Virus Shield” app is top-selling hit – but does absolutely nothing appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/06

Two-thirds of parents spy “regularly” on children’s social media accounts | foodonia

Social media accounts are the hubs of young people’s lives, but today’s youngsters would do well to check their friends lists and privacy settings – two-thirds of parents check social media accounts without their chldren’s knolwedge.


The poll, of 2,105 UK parents focused on the social media use of children aged 13-16, and was conducted by voucher company VoucherCloud. Facebook’s legal minimum age is 13, although children much younger than this use the site – previous research by the London School of Economics found that 43% of children aged nine to 12 used the site, according to a BBC report.


Two-thirds of the respondents to the survey admitted to using various methods to check on children “without their knowledge.” Of those polled, 81% of parents said that their children used social media, while 19% said they either did not, or that they were unaware whether they did.


This revealed that 73% of the children that used social media were on Facebook, making it the most popular site, whilst 56% were on Twitter. A further 49% used Instagram.


Many parents made sure to be aware of the passwords for such accounts – and used this sign into the accounts without the knowledge of their children. More than half (55%) admitted to this, and a third (31%) did so “on a regular basis”.


Two-thirds of parents – 67% – also searched for their children’s profiles online to monitor them anonymously. It’s widely known, though, that children often use fake names on social sites, to avoid monitoring by either schools or parents – a tactic employed frequently by cyberbullies according to youth research agency Family, Kids and Youth, as reported by The Guardian.


Parents were asked, ‘Do you know the passwords to either your children’s personal email account or any of their social media accounts?’. 45% of the parents claimed to know their child/children’s email password, whilst 36% knew their social media login details for at least one of their profiles.


Most parents admitted that their prime concern was “safety”. A further third sayid that they did so simply to check what their children were up to – as ‘they didn’t tell them anything.’


Nick Bagot, a 42-year-old London parent, said that parents often ‘shared’ accounts such as Apple IDs which allowed further monitoring: “Using the same Apple ID across several products – an iPad, an iPhone, a Mac – allows me to monitor my children’s emails and texts via iMessage. Children often forget that this is even possible.”


One-fifth of those surveyed had found something ‘incriminating’ by snooping on social accounts, and of those, more than half (53%) had confronted their children about this.


Those parents who confronted their child/children were asked ‘Did you confess that you’d checked up on their social media or email account(s)?’ to which 38% said ‘yes’, but the majority, 62%, made out that they’d found out ‘by other means’.


Matthew Wood of vouchercloud made the following comment:”Today’s world can often come across as a sinister place to parents. Media coverage of social media related nightmares is widespread, so it’s no surprise that they’re wary of what their children are up to. Are they sexting? Are they talking to strangers online? It seems that many parents think the only way to find out is via stealth.”


“It’s sad to see that some parents feel the only way they can assess what their children are up to is via a sly look at their social media. Is this indicative of the modern world? This might be the case, but teenagers have always been well known for their secretive ways, so perhaps parents shouldn’t take it to heart too much and should just accept it’s one of those phases.”


Writing for SafeSoundFamily ESET Senior Research Fellow David Harley says that parents should use the internet with their children, starting as early as pre-school age – and the key is a “gentle, guided introduction.”



The post Two-thirds of parents spy “regularly” on children’s social media accounts appeared first on We Live Security.






Brought by: http://foodonia.com

The future of security: Microsoft rewards 5-year-old who found critical password flaw | foodonia

Most five year olds can write their own name – but few have a job title to put after it. A young Xbox fan has joined an elite group of official Microsoft “security researchers” after he exposed a security flaw on Xbox’s Live Service.


Kristoffer von Hassel was also rewarded with free games, a free subscription and an official thanks from the company, after exposing a simple and potentially damaging security flaw, according to Yahoo News.


The five-year-old’s “hack” revealed a serious flaw in Xbox Live’s authentication system, which Microsoft has since fixed, and has named the young gamer as a researcher on its website, according to a report by 10 News.


In a statement, the company said: “We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.”


Kristoffersen was officially thanked by the company for expposing the flaw – which he worked out as a way to log into his Dad’s acccount in San Diego without knowing his password. Xbox Live accounts not only give access to real-money transactions, but also would allow young gamers access to violent games, and games age-rated for profanity among their players.


The hack is simple. Kristoffersen discovered that if he entered a wrong password, then simply entered blank spaces to fill the entire password field as his second authentication attempt, he was able to use his father’s account freely, according to the BBC‘s report.


“I got nervous. I thought he was going to find out,” Kristoffer said in an interview with local TV station KGTV. “I thought someone was going to steal the Xbox.”


As well as an official thanks from the company, his name is immortalised alongside other (mostly older) security researchers on a Microsoft web page, “The Microsoft Security Response Center (MSRC) is pleased to recognize the security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities. Each name listed represents an individual or company who has privately disclosed one or more security vulnerabilities in our online services and worked with us to remediate the issue.



The post The future of security: Microsoft rewards 5-year-old who found critical password flaw appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/04

Microsoft to fix zero-day flaw that meant just previewing an Outlook email could infect your computer | foodonia

Patch Tuesday, the day when Microsoft releases its regular bundle of security fixes, is looming – and now we have some details of what it is going to contain.


A Microsoft Security Bulletin pre-announces that the company will release four bulletins, two rated Critical and two rated Important in severity, on 8th April.


In a blog post, Dustin Childs of Microsoft’s Trustworthy Computing group confirmed that one of the fixes would relate to a zero-day flaw that has left users’ computers open to infection simply by previewing a boobytrapped email in Microsoft Outlook.


When discovered a couple of weeks ago, Microsoft explained that the exploit related to the handling of Rich Text Format (RTF) files:



At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted [rich text format] RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.



RTF fileClearly it’s good news that this critical flaw, which has been apparently exploited in the wild in targeted attacks, is now being fixed.


It’s one thing to have a security hole that relies upon users visiting an infected website, or opening a dodgy attachment – but it’s quite a different level of threat when simply *previewing* a message in your email client infects your computer.


By Patch Tuesday standards though, four bulletins equals quite a light month. But, unfortunately, there are two ways of looking at this.


You could, if you’re an eternal optimist, argue that the relatively small update means that Microsoft has turned a corner, and its products are well on the road for finally turning a corner when it comes to security vulnerabilities.


Or, if you’re a grumpy old pessimist who has worked in IT security for more than 20 years and feels like they’ve seen it all before, you might fear that online criminals are holding back on their vulnerabilities and exploits until after the cut-off date for Windows XP.


After all, any exploits uncovered in Microsoft software products after April 8th aren’t going to get fixed for Windows XP users. And there’s every likelihood that come the May Patch Tuesday, malicious hackers will attempt to reverse-engineer Microsoft’s fixes for more modern versions of Windows and see if they could be used to attack vulnerable XP systems.


Is the glass half empty or half full? I guess we will all know soon enough.


Further reading:



The post Microsoft to fix zero-day flaw that meant just previewing an Outlook email could infect your computer appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/03

“Domestic spyware” apps increasingly precursor to violence – or murder | foodonia

Apps designed to ‘report’ on handset users’ communications while remaining undetected have increasingly become a factor in cases of domestic violence and even murder.


The apps, many on sale via app stores for smartphones such as iPhone, BlackBerry and Android, are marketed as a means for parents to monitor children’s use of smart devices, according to TechDirt.


But an Australian study has found that 97% of domestic violence cases involved the use of spyware by the abusive partner.


CBS tested software on sale in America, and found that such software was often legal due to loopholes – for isntance, it was marketed as a tool to track rogue employees or children.


One such package boasted, “All phone calls are recorded. Once you log into your account, you can see when the call was made, the number associated with the person on the other side and even listen in.The same goes for text messages. Even more shocking, if a phone call wasn’t taking place but the phone was on, it could be used to bug a room and even record video. The GPS also allows someone to track where you are at any given moment of the day.”


One such app, Mobistealth was used in a murder case in Australia by killer Simon Gittany to read his girlfriend’s Lisa Harnum’s SMS messages. In one message, she revealed plans to escape the abusive relationship, and he threw her off the balcony of a 15th floor apartment.


Mobistealth, along with other products such as Flexispy, are available online in free and premium versions. Mobistealth describes itself as, “a full-featured powerful cell phone tracking software package that enables you to get all the answers to your questions. What questions you say? They are questions about where the phone has been and what its user has been doing with it. With Mobistealth Android Spy Software, you can find out where the phone has been and where it is now. On the control panel, you get a line-by-line history with a date/time stamp linked to a map showing where the target phone has been. You can adjust the polling interval to get near real time logging of the target phone’s GPS location.”


“The Basic version of Mobistealth allows you to view the target phone’s contact file. This is useful because it answers the question as to whom your child or employee is communicating with.


With Mobistealth, you get to see the incoming and outgoing history of whom the target phone user was chatting with, conversing with, and planning with. Every SMS message on the phone gets sent to the Mobistealth server so that you can read what your child or employee is discussing. Even if they delete the message thread, you still retain it for viewing from your control panel.”


In the Victorian study, 46% of victims said they felt as if they were being ‘watched’, but less than half of those had told anyone of this.


In the UK, a team at Newcastle University has developed counter-spyware to protect victims.


Following the initial pilot studies, trials of the new technologies will begin next month. Victims can simply point a phone’s camera at a QR code on a poster, to ‘clean’ evidence that may enrage a spouse.


“Any online access leaves behind an electronic trail which can easily be followed to see what we’ve been up to,” explains Dr Budi Arief, from the Centre for Cybercrime and Computer Security (CCCS) at Newcastle University.


“For most of us this is a useful record but for someone living in fear of abuse the very systems set up to help them can actually be used against them. “What our technology does is erase these electronic footprints, allowing people to seek help in safety without fear of reprisal.”

For domestic abuse victims, even seeking help can be risky.


“Another important consideration in the case of domestic violence is that in many cases, victims do not know where to get help from,” adds Mr Martin Emms, a PhD student at the School of Computing Science. As a solution, the Newcastle University team has developed single use URL codes that can be distributed to victims.


These codes – represented as QR codes – are embedded into innocent-looking postcards and flyers and take the user directly to a support site. As the name suggests, the link will only direct its user to a support site once; subsequent attempts to use it will be directed to a ‘safe page’ – an innocuous one such as BBC News or Google home page.


This will be used in combination with the cleaner app. Once accessed, the app selectively wipes clean the user’s digital footprints, removing any trace of their search for support – including temporary internet files, browser history entries and cookies – while leaving other electronic trails intact.


“This is very important as a completely clean browsing history raises suspicions,” explains Mr Emms.


Instead of a postcard, the information is embedded in a poster advertising the domestic violence support service. Positioned in public places, the feature is only available while the user is standing close to the poster. Once they leave the area, the information cannot be accessed using either the history or the back button.


“We talk a lot about digital inclusion and the work being done to make it accessible to all,” says Dr Arief.


“Our work has highlighted a vulnerable group whose need for online access is greater than most. These people are prevented from getting help, not through a lack of access or digital knowledge but through fear.


“Our hope is these technologies can be used to overcome this particular barrier and give more victims of domestic violence the confidence to seek help.”


The post “Domestic spyware” apps increasingly precursor to violence – or murder appeared first on We Live Security.






Brought by: http://foodonia.com

With just days to go, just how many PCs are still running Windows XP? | foodonia

Next Tuesday, April 8 2014, Microsoft will release the last ever security patches for Windows XP.


And if you look at the figures from Net Market Share, things aren’t looking too good.


Net Market Share keeps a tally on worldwide operating system and browser usage by measuing the hits on websites and – according to them – Windows XP is still powering some 27.69% of worldwide PCs.


Worldwide operating system marketshare


That’s an alarming statistic. But is it true?


Well, as we have all learnt through life, statistics can be deceptive.


The truth is that in much of the world, the usage of Windows XP is probably not anywhere near 27.69%. It’s commonly believed that the figures have been skewed massively by China where – according to some reports – Windows XP still had a marketshare of approximately 50% at the end of 2013.


A large part of the problem in China, no doubt, is the widespread usage of pirated versions of the operating system dubbed “GhostXP” locally.


Chinese pirated copy of Windows XP


The stat appears to be backed up by Microsoft’s figures for usage of the no-longer-trusted Internet Explorer 6, the default browser in Windows XP.


Microsoft’s IE 6 Countdown website gives percentages for Internet Explorer 6 usage around the world.


IE6 around the world


And, surprise surprise, there’s only one country which sticks out like a sore thumb: China.


Close-up of chart, focusing on China


Regardless of what the figure for Windows XP usage is in your country, chances are that even if a small percentage of your internet-using population is using the old OS, it could still amount to a considerable number of computers.


And that’s a problem.


Because, if those computers continue to run Windows XP, and don’t receive any more security patches they are not just putting themselves and the data they carry at risk, they are endangering all of us who use the internet.


How so? Well, every computer that is compromised or hijacked by hackers can be used as a launchpad for further attacks – whether they be denial-of-service attacks, spammed out phishing campaigns, or deliberate dissemination of malware.


And if it happens that you are unlucky enough to have your personal information stored on a computer at a business still running Windows XP (and sadly, many businesses are still running legacy computers running creaky old versions of the Windows operating system) then it could be your private sensitive data that is up for grabs.


The worry is that malicious hackers will reverse-engineer future security patches from Microsoft (designed to enhance the security of more recent versions of Windows), but the flaws that they are designed to fix will also be present in the newly-retired XP operating system.


Windows XPIn short, hackers will be interested in targeting the now poorly-protected Windows XP platform with even greater vigour.


ESET security veteran and fellow WeLiveSecurity scribe Aryeh Goretsky has written some wise words, offering practical tips for people who have decided they need a little extra time and plan to stay protecting Windows XP computers for a little while longer.


Aryeh has also documented what to do if you think you are ready to bite the bullet and move on.


And, by the way, if you’re not sure if you are running Windows XP or not, here is a helpful webpage created by Microsoft: http://amirunningxp.com


The post With just days to go, just how many PCs are still running Windows XP? appeared first on We Live Security.






Brought by: http://foodonia.com

2014/04/01

Tesla shocker as researcher picks electric supercar’s lock | foodonia

Security questions were raised over the app-based “key” used to unlock the electric supercar Tesla – after a researcher showed it was possible to guess the key’s six-digit PIN by brute force. The Model S is rated one of the safest cars on the road – but the electronic security system protecting its locks may not be quite as bulletproof, researchers claim.


The Tesla car is “locked” using an iPhone app, accesssed via a basic six-character password, according to Sky News.


This leaves the car vulnerable to ‘brute force’ hacks where attackers try thousands of passwords until they find the corrrect one.


The hack was shown off by researcher Nitech Dhanjani at a conference in Singapore. While obtaining the password would not allow the attacker to drive the car, it would alllow attachers to drain batteries, operating headlights and halting charging.


Dhanjani pointed out that the ‘static’ password system also meant that phishing attacks could be used to obtain the password, and thus control the Model S’s systems.


Gizmodo pointed out that the methods Dhanjani highlighted were similar to those used to gain access to any online account – and not what one would expect of a high-end supercar such as the Tesla Model S.


In a blog post, Dhanjani wrote,“The Tesla website doesn’t seem to have any particular account lockout policy per incorrect login attempts. This puts owners at risk since a malicious entity can attempt to brute-force the account and gain access to the iPhone functionality.


in a statement, Tesla said, “”Our customers’ security is our top priority, be that in developing a car with the highest safety rating or doing everything we can to protect them against online security breaches.”


“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process.”


Tesla said that it had altered its software to lock out users after five incorrect attempts.


Speaking to CNN, Dhanjani said that he was personally not concerned by the security of his own Model S, “”The time is right now for Tesla to fix this. As other car manufacturers draw inspiration from Tesla’s design and architecture, there will be more people to compromise and launch attacks against.”


The post Tesla shocker as researcher picks electric supercar’s lock appeared first on We Live Security.






Brought by: http://foodonia.com