Wednesday, 30 September 2015

Edward Snowden Opens Twitter Account And Follow NSA



Whistleblower Edward Snowden has opened a Twitter account that he is following one other Twitter account, namely that the US secret service NSA for which he worked. The first tweet Snowden "Can you hear me now" was about 94 000 times retweeted.

In the 16 hours since Snowden his accountsnowden opened he got 893 000 followers. It is a by Twitter verified account, there is no question of a hoax. In the first few tweets communicates Snowden especially with astrophysicist Neil DeGrasse Tyson. Recently published the whistleblower Star Talk, the radio show DeGrasse Tyson. Snowden is still in Russia, which granted him asylum in 2013, after he had fled from the United States with a large amount of confidential documents from the NSA.

Developer Citadel Malware Sentenced To 4.5 Years In Prison


A developer of the Citadel malware, making more than 11 million computers were infected, was convicted in the United States to a term of 4.5 years. Citadel was specifically designed to steal money from bank accounts, but was also used to make other data booty.

That lets you know the US Department of Justice. However, it does not seem to be the developer who developed the first version of Citadel. In the statement of the Ministry is mainly spoken that now condemned man Citadel distributed and installed on computers. Citadel was a popular tool among cyber criminals to infect with internet users and steal all kinds of data. Worldwide, hundreds of botnets were active from which existed by Citadel-infected computers.

The computers became infected e-mail attachments and drive-by downloads. Besides using Citadel and managing a Citadel botnet was now the condemned man, a 22-year-old Russian, also accused of providing online help to improve Citadel. The Russian man worked from Russia, but could be when he was arrested in Spain. Citadel would have caused, according to the US Department of Justice more than $ 500 million in damages. In addition to his prison sentence, the man must also pay compensation of $ 322,000.

German Publisher Loses Lawsuit Against Adblock Plus


One of the biggest publishers in Europe have lost a lawsuit in Germany against Adblock Plus, with the German court the popular AdBlocker declared legal. Axel Springer SE in more than 40 countries and is responsible for publications as Die Welt, Bild, Sport Bild, Fakt and Business Insider.

According to lawyers for the publisher, the press has the fundamental right to advertise and advertisements would not be using products like Adblock Plus may be blocked. The lawyers argued that the publisher Axel Springer AG as the core task is displaying ads to visitors. "Journalistic content is only a means for readers to show the ads," so they let the judge know.

The judge ruled that Adblock Plus, which has tens of millions of users worldwide, is legal and therefore just can remain. In a response saying the developers of the AdBlocker that they continue to work with publishers, advertisers and websites in order not to encourage intrusive ads, finding new ways to improve and achieve a sustainable internet ecosystem for everyone advertisements. In April and May pulled German publishers and television companies in lawsuits against Adblock Plus even though the short straw.

Anti-Virus Company With Molotov Cocktails Attacked



The Russian anti-virus company Doctor Web last year with firebombs attacked after it published an analysis of malware that allows criminals to steal money from ATMs. That the virus fighter on the website announced. In the attacks no injuries.

End December 2013 Doctor Web published an analysis of the "Trojan.Skimer". It went to a Trojan was able to infect a widely used type of ATM and then steal PINs and other card data. Following the publication of the analysis Doctor Web received a threatening email from a group of criminals who called himself "Syndicate". According to the group was the analysis of the anti-virus company threatens the malware criminals and would thus get duped. They gave Doctor Web a week time to verwijdere the analysis, otherwise the company's programmers would be attacked.

March last year was one of the offices of the anti-virus company twice attacked with Molotov cocktails. After the attacks, Doctor Web received a second threatening mail. This time the criminals threatened to destroy all the offices of the company. The Russian virus fighter ignored the threats and allowed the analysis are online. Eventually the office in St. Petersburg was attacked for a third time, let Boris Sharov, CEO of Doctor Web, opposite Brian Krebs know. There were also three times attempted to break into an office in Moscow.

The damage caused by the Molotov cocktails were insignificant, but the fear was there at the staff well, said Sharov. He thinks that the persons who carried out the attacks were hired by the developers of the malware and that it was not the programmers themselves. Doctor Web's analysts believe that the programmers had promised the malware to various criminal gangs, but had not yet delivered. The analysis of the anti-virus company would shortly after the development of the Trojan horse appeared, but before the programmers could deliver malware to their customers, which placed them in a difficult position.

Student Makes Website That Identifies Porn Viewers


A Belgian student has created a website that identifies porn viewers to see as to make the risk of the data recorded by the browser. "Whenever we visit a website, there are always small bits of information stored in the local cache," explains Inti The Ceukelaire out.

"On a subsequent visit this data is re-addressed and do you get a faster loading time. If the files significantly faster loading, this indicates that the site has already been visited," the multimedia student at the Erasmus University College Brussels. With the website he wants to show that privacy is not as obvious as users often think. "Some think that the removal of the browsing history is sufficient. Bad luck," he warns (pdf).

Currently supports the test benjijeenpornomens.be five porn sites. "But the possibilities are endless and are limited not only to pornography. Thus political parties may also consider what competitors you have visited," says De Ceukelaire."Hackers can exploit this information to blackmail unwitting visitors. Then they do not do that with an explicit test, but without the victims knowing it."

According student Aaron Thijs, which last year a similar vulnerability discovered, correcting the problem is not easy. "The functionality is abused, provides a better browsing experience. Efficiency and speed go often to the detriment of safety. It is not just possible to fix this leak completely. Sensitive sites will be unavoidable and necessary." The Ceukelaire advises Internet users to use the incognito or privacy mode browser only access websites that are fully trusted. It should be closed after each browser sessions and require users to regularly empty the cache.

Anti-Virus Company F-Secure Launches Free AdBlocker For iOS


The Finnish anti-virus firm F-Secure today announced a free AdBlocker for iOS nine launched that allows iPhone and iPad users can block ads. Since the launch of Apple's iOS nine state that apps block ads, which is a series of adblockers yielded.

However, F-Secure is the first security company that offers such software for iOS users. According to the anti-virus business users can surf faster by blocking ads, it saves bandwidth and protects privacy. In addition, according to the virus fighter is user privacy guaranteed. As F-Secure do not know which ads have blocked its own app and which websites users have visited. AdBlocker like the app is called, is free from the Apple App Store to download.

Researcher Makes Malicious SFX Archives Using WinRAR



Through a leak in the popular archiving program WinRAR it is possible to create a malicious SFX archive that random Internet users to attack, so warns the National Cyber ​​Security Center (NCSC), but according to the developers of the software it is a feature .

WinRAR is a very popular program for packing and unpacking files. Besides the standard RAR archive, the software can also make a Self Able Extract (SFX) archives. In this case the archive file is unpacked automatically when the user opens the file, regardless of whether they have installed WinRAR or not. By letting users open a malicious SFX archive an attacker could execute arbitrary code with the rights of the logged in user.

The vulnerability is caused by an attacker to create an SFX archive malicious HTML code in the "Text to display in SFX window" option can add. This allows an attacker to specify code to be executed automatically when you open the SFX file, such as downloading and executing an .exe file. According to the German Heise, it is a feature of the SFX-documented option. The developers of WinRAR could therefore see no reason to prevent the downloading of executable files via the web.

Microsoft: Windows 10 Designed With Privacy In Mind


Despite the privacy concerns of users Windows 10 developed with privacy in mind, as Microsoft has announced. The software giant responded to all the commotion that plays since the launch of the new operating system. This applies in particular to the data collected.

According to Microsoft's Terry Myerson, there were during the development of Windows 10 two central privacy principles.Namely that Windows 10 collects information to improve the software and users to determine what information is collected.In addition, Microsoft makes a distinction between the data it collects or not. These are three different levels.

The first level is safety and reliability information. Windows 10 In this case, collect a limited amount of information to provide users with a "safe and reliable" experience. This relates to device ID, device type and information from crashed programs. It is not about the content or files of users. Further, it would Microsoft take various steps in order to prevent that the name, e-mail address or ID of user account is stored.

The second level relates to personalized data, for example, a user's favorite club, so as to provide relevant information.However, users can determine what Microsoft may collect in this case. The third level refers Myerson advertisement data are not collected. Thus the content of e-mail or other communication is not scanned in order to offer targeted ads.

Parental Supervision

In addition to an explanation, Microsoft also revealed that because of the privacy criticized the "familiy features" will adapt, with the default settings will be better suited for teenagers. Microsoft also will customize the alerts that have children and parents about the usage reports. Windows 10 has parental controls, allowing children's activities can be monitored. There was criticism came from parents after upgrading to Windows 10 suddenly got all kinds of information about the surfing habits of their children.

Russian Manufacturer Delivers Android Tablet With Malware


Every now and then discover investigators Android devices come standard with malware. In most cases, these changes to the operating system that have been implemented by the parties. The Russian anti-virus company Doctor Web reported now to have discovered a Russian manufacturer that an Android tablet from the factory provides all of malware.

It is Oysters, which is primarily active in the Russian market. The T104 HVI 3G tablet from the company's researchers at Doctor Web a Trojan horse. The malware can send all kinds of information about the device to its creators, as well as install all kinds of additional applications. In addition, the malware can turn on the option to install applications from untrusted sources. The Russian manufacturer has been informed about the problem, but the firmware that offers it's own website still contains the malware.

Tuesday, 29 September 2015

FBI Warns Students For Phone Scam


The US FBI has investigative students studying in the United States warned of a new telephone scam that takes place at this time. The students are a number is called that of the FBI. However, this is a spoofed phone number.

In the United States, it is possible to use special spoofing services to spoof the own number, which makes the actual phone number is not displayed to the recipient. Instead, it will get to see a telephone number chosen by the caller. When the scam that is taking place does the caller as someone of the US Government or FBI and that the student has a fine open or tax.

It also happens that students with arrests are threatened or that they can not graduate unless the outstanding amounts are paid through Money Gram. Meanwhile were students at several American universities have been approached by the scammers. The FBI warns students that individuals never via phone will approach money and that no personal information should be given to unknown callers.

Encryption Software Crypt Vera Patches TrueCrypt Leak


There is a new version of Vera Crypt appeared on the TrueCrypt software-based encryption. A researcher at Google had in TrueCrypt two leaks discovered which were also present in Vera Crypt.Through the leak could be a local attacker who already has access to the system to increase its rights.

TrueCrypt is no longer supported since last year, making the two vulnerabilities are not patched. Vera Crypt is based on the source code of TrueCrypt and is still actively maintained. Besides the two vulnerabilities are also fixed several other non-security related bugs. Users of Vera Crypt therefore be advised to version 1.15 upgrade.

James Forshaw, the Google researcher who vulnerabilities discovered, suggests that this is not about backdoors, but that they unwittingly came through the TrueCrypt audit. Last year it was TrueCrypt for the presence of back doors audited, whereby various problems were found. Backdoors were not found. A few weeks after the first part of the audit was completed decided to stop the TrueCrypt developers with the development of the software. The problems found were not patched as a result, which also applies to new vulnerabilities.

Infected Ads On YouPorn And Pornhub


After xHamster are also on the popular porn site Pornhub and YouPorn contaminated ads have appeared that tried to infect visitors with malware, says anti-malware company Malwarebytes. The websites get together 800 million visitors per month.

Pornhub is according to Alexa on the 64th spot of most visited websites on the internet. YouPorn is at the 161st place back. The ads came from the ExoClick ad network. The ads sent visitors without being noticed this through to a website with the Angler-exploitkit. This exploitkit uses known vulnerabilities include Adobe Flash Player and Internet Explorer to install malware. For whatever it's malware was not disclosed.

After Geek Mind, publisher Pornhub and YouPorn, discovered the ad network ads were off the infected ads. The company also states that all third-party advertising on "continuous basis" audit to malvertising, as mentioned infected ads preventable. Recently, it was also for the third time in a year hit by xHamster. This website receives nearly half a billion visitors monthly.

Adblockers Great Success In Apple App Store


Apps that allow users to block ads on websites are a great success in the Apple App Store and developers deliver tens of thousands of dollars, reports the Wall Street Journal. Since the launch of iOS 9 makes it possible to block ads on iPhones and iPads.

In the first week since the launch of iOS nine are the 10 most popular apps together AdBlocker downloaded about 600,000 times. The AdBlocker app Crystal managed to get more than 100,000 downloads in a week, what the developer resulted in an estimated $ 75,000. Another AdBlocker app, the 4-dollar Blockr, has already passed the 35 000 downloads.Since launching the app AdBlocker Purify the developer has delivered more than $ 150,000.

The first popular AdBlocker in the App Store was Peace, which resulted in two days 38,000 downloads passed and the developer $ 110,000. He decided to remove his creation but from the App Store because it rigorously blocked ads. In most cases, the applications are made by one or two developers. Thus Crystal created by one programmer, who was here two months working on it.

Conference

Today starts the Advertising Week conference in New York. For a week, the ad industry convened at adblockers will be one of the most discussed topics. Many publishers and ad networks are worried about the rise of adblockers, which are no longer used only by geeks, but have become mainstream. "We have people learned how to circumvent advertising and that's a problem," said Maryam Banikarim, chief marketing officer of Hyatt Hotels chain.

Researchers Stop Malware In Shortened Links On Twitter



Researchers have developed a system that malicious shortened links on Twitter to identify and stop. The system will be tested next year during the European Football Championship, as reported in the Engineering and Physical Sciences Research Council (EPSRC).

Together with the Economic and Social Research Council (ESRC) the SPSRC has funded the research. For the study, the researchers collected links during the recent World Cup cricket and the Super Bowl were sent out and investigated the interaction between a website and the computer to determine whether there was an attack. In case occurred adjustments on the computer, such as new processes, custom registry files or modified files, there was malware.

Then the researchers used system activities, such as data exchanged between the computer and a remote server, processor utilization and status of the network to get to know the system to the signs of a malignant and benign link.Researchers from Cardiff University which conducted the study to determine knew within five seconds with an accuracy of 83% or it was an attack or not.

Within 30 seconds% accuracy to 98% were incurred as a user clicked on a shortened link and malware to the infected computer. "Because links on Twitter are always abbreviated due to character limitations in messages it is very difficult to determine which are legitimate," said Pete Burnap of the University and leader of the study. "We have the European Championship next summer, which will cause a large spike in Twitter traffic and we expect to test our system during this event."

Hilton Investigates Possible Credit Card Theft In Hotels


The famous Hilton hotel chain has launched an investigation after attackers may have stolen the credit card details of customers. IT journalist Brian Krebs was tipped by sources with five banks that fraud pattern with stolen credit card information to different hotels from the Hilton was traceable.

According to the sources involves various chains of Hilton in the United States, including the luxury Waldorf Astoria Hotels & Resorts, as well as Embassy Suites, Doubletree and Hampton Inn and Suites. How many hotels there may be hacked is unknown. The sources also stated that the incident possibly dating back to November 2014 and may still be going on.

In the past, criminals have often at hotels struck, for example, through gift shops and restaurants. By hacking the POS systems of these spots can be installed malware to steal credit card information along. The stolen data is then fraudulently. In May, it appeared that the Hard Rock Hotel and Casino in Las Vegas in a similar way to credit card information was stolen.

Monday, 28 September 2015

Backdoor Account In Popular IP Cameras Discovered


A researcher has discovered in potentially tens of thousands of IP cameras undocumented telnet port on the internet so there is a known default password can log on to the devices. The problem would play in inexpensive IP cameras from different manufacturers.

Which manufacturers will want Zoltan Balazs not disclose. Through a network scan, he managed to find the undocumented telnet port. Balazs let know, however, that other researchers have found the same problem before, only through an analysis of the firmware. The problem is that the password to login to the telnet port can not be changed via a graphical user interface.

This may be through the console, but the password change is not permanent. After a reboot the default password will be replaced. "I think it can be said that this is a backdoor," said Balazs. Through access to the password for the FTP server, SMTP server, and Wi-Fi network can be obtained. Also, it is possible to gain access to the normal administrator interface of the camera.

In most cases, the IP camera is protected by a firewall or NAT, so the telnet port is not accessible over the internet, says the researcher. "But there are always exceptions," he observes. Balazs says that users can create a script to change the password on reboot or telnet service completely off. "99% of people who think buys this IP cameras that they are safe," says the researcher. On Reddit sets a reader that up to 70,000 devices on the Internet have to do with the issue.

Man Charged Steal $ 600,000 Via E-mail


In the United States a 28-year-old man charged with steal more than $ 600,000 through e-mail and an attempt to similarly $ 1.3 million prize. The man is suspected to have emails sent to companies with payment orders for the finance department.

The emails seem to stop coming to the company and include a PDF document with instructions for payment. To the e-mail appear to have legitimate domain names were registered that looked very much like the domain names of the attacked companies. This type of fraud is called "Business E-Mail Compromise" scam. The suspect was in the crosshairs of the FBI after two businesses were defrauded in this way. Both companies made ​​over $ 100,000. The used PDF files were sent to the accused traced suspect. The suspect is guilty, if to a prison term of up to 30 years and a fine of $ 1 million will be condemned.

Worldwide, there are, according to the FBI by now more than 8,000 companies ripped off in this way, of which 7,000 in the United States. The damage amounted to $ 800 million, again the majority, $ 750 million in the US In addition to the 800 million dollars that the FBI recorded in the first eight months of this year, other investigative agencies have a loss amount of $ 400 million observed, causing total damage at $ 1.2 billion comes out.

US Navy Ships Will Protect Against Cyber Attacks


The US Navy is working on a system to protect ships against cyber attacks, as more and more physical systems accessible via the Internet. The system is called Resilient Hull, Mechanical and Electrical Security (Rhimes) and to prevent malicious attackers to take over or turn off the mechanical and electrical control systems.

"The purpose of Rhimes is to repel cyber attacks," said Rear-Admiral Mat Winter. "This technology helps the Navy to protect the ship's physical systems, but it can also have important applications in the protection of the physical infrastructure of our country." The system must eventually prevent attackers from accessing the programmable logic controllers (PLCs), which are in communication with the physical systems of the ship.

To protect the ship systems used different techniques Rhimes to stop entire classes of attacks. In addition, the security system ensures that every controller just slightly different. An exploit for one controller will then no longer work for the other controllers. This technique can be used according to the Navy also, for example, factories, automobiles and airplanes. When Rhimes will be launched was not disclosed.

Vulnerabilities In Windows Version TrueCrypt Discovered


In the Windows version of the ever popular encryption program TrueCrypt and the derivative Vera Crypt has a Google security researcher found leaking. It involves two different vulnerabilities allow a local attacker's rights on the system could increase.

The problems are caused by the way the encryption programs deal with drive letters and tokens. According to Mounir Idrassi, the developer of Vera Crypt, the problem with the drive letters a critical problem. In the case of Vera Crypt vulnerability is now patched in version 1.15, which will be released soon. TrueCrypt however, is no longer supported,allowing users of this software remain vulnerable.

Last year the developers of TrueCrypt indicated that they stopped supporting the software and it was unsafe to continue using the program. In response, decided to Idrassi Vera Crypt develop. It involves a fork, a spin-off on the original TrueCrypt source code is based. Idrassi however has made ​​several improvements to provide more protection. In addition, Vera Crypt actively supported.

Sunday, 27 September 2015

Apple Will Protect Mac Computers From malware XcodeGhost


 In addition, also put a new variant of the Genieo-adware on the black list, let developer of Mac software Intego know.

XcodeGhost came a few days regularly in the news. Chinese developers had downloaded an infected websites through unofficial version of Xcode for OS X, Apple's tool for developing apps. The infected Xcode ensured that the developed apps became infected. Apple yesterday published a list of the 25 most downloaded apps infected. Besides XcodeGhost is now also detected a new version of the Genieo-adware. This adware creates problems for years to Mac users, according to the questions and comments on the official Apple forum.

Saturday, 26 September 2015

Porn XHamster Spread Malware Weather


For the third time in a year there are again infected ads on the most popular porn xHamster published that attempted to infect visitors with malware. XHamster receives nearly half a billion monthly visitors and is on the 71st place of most visited websites on the internet.

The infected ads first carried out various checks. Thus, it ensures that the visitor Internet Explorer and certain security tools such as Wireshark and Fiddler active, said anti-malware company Malwarebytes. In case it IE users without said security tools went unnoticed was a page loaded with the Nuclear-exploitkit. This exploitkit uses known vulnerabilities include Adobe Flash Player and Internet Explorer users have not patched.

In the case the attack was successful was ransomware and other malware installed. After being informed removed the ad network TrafficHaus infected ads. A few days later appeared again malicious ads on xHamster. This time the browser was based Brow lock ransomware spread. This ransomware is not on the computer, but locks the browser via a special JavaScript and states that the user must pay to get access again.

Again TrafficHaus was informed. Malwarebytes but does not know if the second round with malicious ads has been removed. In January and April also appeared already contaminated ads on xHamster.

Office Documents Favorite Target Attackers


Microsoft Office documents are the favorite target of attackers at companies and organizations know how to break or there for work, according to research (pdf) Intel Security among more than 500 IT professionals to at least one large data intrusion were given to make.

The intrusions are both performed by external attackers as their own staff. 57% of the attack was the work of external attackers. The remaining 43% came in the name of their own staff. In half of these cases, there was set-up, while in the other half of the internal incidents was unintentional. At both internal and external attackers Office documents are the favorite target, followed by .txt and .csv files.

In most cases, the stolen files contain information about customers and employees. A quarter of the data was stolen by "tunneling 'protocols such as FTP and SCP, while 40% of data thefts occurred stolen via physical media. In the latter case, thus organizations are advised to encrypt data.

Malware Allows Criminals Through Proper Code Empty ATM


Researchers have discovered a new instance of malware that criminals, after entering the correct PIN, the ATM shows empty. In recent years, several malware specimens found that money can be stolen from ATMs. The now discovered Green Dispensing malware is however designed to leave no trace after the theft.

The malware is doted with an effective removal process, says digital security company Proofpoint. To install Green Dispenser is likely to require physical access to the ATM, where Proofpoint does not exclude employees who are responsible for the security or control of the machine also play a role in infections. Once Green Dispenser operates like any ATM malware, but it also has several distinct features.

Thus the malware works only if it is the year 2015 and the month earlier than September. In addition, a kind of two-factor authentication is applied. Indeed, there are two PINs required to access the malware. A fixed PIN and a dynamic PIN. The second PIN is obtained by scanning a QR code on the screen of the infected ATM. Only authorized people can empty the machine in this way. The malware can give an "out of service" message.

Another feature that stands out is how the malware deletes itself after the theft. For this it uses SDelete, a Microsoft program to permanently delete data. Green Dispenser is still observed only in Mexico, but that may change as Thoufique Haq of Proofpoint. "While current attack only to certain geographical areas such as Mexico are limited, it is only a matter of time before these techniques are used worldwide."

Hashes(SHA256):

CERT / CC Warns Cookie Vulnerability In Browsers


One problem with the way placed HTTP cookies can ensure that attackers can circumvent HTTPS and can steal private information, warns the CERT Coordination Center (CERT / CC) at Carnegie Mellon University. The problem is in all major browsers.

The problem is that the standard for cookies specifies no mechanism for separation and integrity and browsers do not always authenticate the domain settings of a cookie. An attacker could use this to set a cookie that is used later for an HTTPS connection, instead of the cookie from the website. An attacker can therefore a cookie for example.com locations on the computer that the actual cookie for www.example.com overwrites the victim loads HTTPS content. By another vulnerability used in the server use the cookie to the attacker to obtain private information.

The investigators who have the problem during the last USENIX Security Symposium discussed state that a cookie a so-called "secure flag" may contain, indicating that it has to be sent only over a HTTPS connection. However, there is no corresponding flag that indicates how the cookie is placed. An attacker could via a man-in-the-middle thus inject cookies used on subsequent HTTPS connections. According to the CERT / CC are there attempts to secure cookie management undertaken but all failed due to a lack of a widely implemented standard.

As a solution, the organization that the standard must be adjusted for cookies. In the meantime, the researchers advise websites HSTS (HTTP Strict Transport Security) for a top-level domain to set up and use the "includeSubDomains" option.This partly avoids the possibility of an attacker to place top-level cookies cookies for a subdomain, such as www.domeinnaam.tld override. End users are advised to use the latest browser version. In particular IE users make wise here. Internet Explorer 11 is the only IE version that supports HSTS.

Friday, 25 September 2015

Windows Version For The Internet Of Things Will Bitlocker


A special version of Windows for the Internet of Things (IoT) is intended will have several security measures that are also present in the normal versions. Windows 10 IoT Core is a Windows version without the familiar "Windows shell experience." Developers can develop an app for the operating system immediately to the interface of the device.

Windows 10 IoT Core works currently only on the Raspberry Pi and the second MinnowBoard Max, two mini-computers.The operating system is still in development and Microsoft will soon roll out a new test version. This version will also add multiple security to the system, namely Secure Boot and Bitlocker. Microsoft's Bitlocker encryption software that allows both the complete system and individual files can be encrypted.

Secure Boot is a security standard developed by the computer industry. Once the computer is booted, the firmware verifies the digital signature of each element of the boot software, including firmware, drivers and operating system. If all the signatures are correct will restart the computer and displays the firmware control to the operating system. The test version of Windows 10 IoT Core is via the Windows Insider Program download.

Mozilla: Industry Must Understand Adblock Users Better


In recent weeks on the internet between the supporters and opponents of adblockers a fierce debate erupted, but according to Mozilla, it is important that the industry understands why users use such resources on the web.

The answer here is not entirely clear, according to Mozilla's DENELLE Dixon Thayer. The reasons vary by user and device used. Desktop Users would be more focused on their privacy, and performance, while mobile users want to reduce power and data usage. "As an industry, we need to better understand the wishes of users," said Dixon Thayer. The wishes of users and commercial interests are not mutually exclusive. Rather they are both necessary for a healthy web, according to the Chief Legal Officer of Mozilla.

In addition, especially the collection of usage data plays an important role. According to Dixon-Thayer the collection of data is not inherently detrimental. It can also provide all kinds of benefits. However, it is important that users know this and keep control of the data collected. Otherwise, the confidence in the entire system can be lost, which is also at the expense of the proper parties.

Tracking Protection

Mozilla now wants to determine the cause of the problem which has arisen not only by research but also by developing features and products that provide a better balance and increase confidence in the web. In order to find this balance is also required to the input from users. Therefore, users are asked in the latest beta version of Firefox Private Browsing with Tracking Protection test. Through this feature, users have more control over the data collection.

"As an industry, we need to see which places the user in the product vision instead of the user as a goal to be achieved. It is the only way to respect user choices and the best, most trusted and valuable experience offer, "concludes Dixon Thayer.

Lenovo Again Accused Of Installing Dubious Software


Computer manufacturer Lenovo is again accused of installing dubious software on laptops. Previously, the company came under fire because the Superfish spyware bundled with laptops. Later it turned out that on some models a BIOS rootkit was installed to install the software on their own computers, even though Windows is installed from a clean DVD.

This time enables IT expert Michael Horowitz Lenovo tracking software to install so-called refurbished laptops. Horowitz had two such laptops purchased directly from IBM. The computers were provided with a clean installation of Windows 7 Professional. When analyzing the software on the computer expert saw that the program "Lenovo Customer Feedback Program 64" was performed daily.

According to the description of the program will send the data every day to Lenovo. In the configuration of the software he found a DLL file named Omniture, a company that deals with web analytics and online marketing. "While there appear no additional ads in the ThinkPads, there is something to monitor and track," said Horowitz. "On the one hand, it is surprising because the machines were refurbished and sold by IBM. On the other hand, it is in view of the past of Lenovo not at all surprising."

Lenovo has made ​​a separate page put on the software online. In it, the computer giant announced that Lenovo systems include programs that can communicate with servers on the Internet. It is non-personal and non-identifying information about using the Lenovo software are sent to the company. To avoid this, users with administrative privileges, the scheduled tasks of the Lenovo Customer Feedback Program off.

Apple Publishes List Of Top 25 Infected Apps


Apple has as indicated previously published the list of the 25 infected apps were downloaded the most. The apps infected with malware XcodeGhost, which can send information about the device and apps. According to Apple the malware is not in a position to steal personal information.

We deliberately for a Top 25 chosen because in addition to these 25 applications, the number of affected users is very small. Users who have downloaded an infected app are advised to update the app, which addresses the issue. If the app is no longer available in the App Store, the update will appear soon. In the Top 25 apps are of WeChat, DiDi Taxi, Railroad 12 306, China Unicom, Baidu music, Himalay FM and various games. The apps have been downloaded by millions of people, mainly in China. Furthermore, Apple users will also be separate warn.

EBay Phishing Site Hosted By EBay Itself



EBay users have long been the target of phishing attacks and phishing sites, but researchers have now discovered an eBay phishing site that was hosted on the infrastructure of the auction site itself. The phishing site is offered from the domain ebaydesc.com, which is normally used to host the descriptions of goods offered on eBay.


These descriptions are then displayed via an iframe on the eBay website. Instead of a definition criminals have now created a phishing page that asks for the credentials German eBay users. After users enter their data being sent to the real eBay page, which states that the username or password was invalid.

Meanwhile, the entered credentials sent to a server with a Russian IP address. According to Internet company Netcraft that the phishing page offers discovered eBay by allowing HTML and scripts in the making of descriptions, crooks many opportunities to perform phishing attacks.

Cisco Launches Scanner For Finding Hacked Routers


Cisco has a scanner launched enabling organizations hacked routers can be found on their network where the firmware is updated. Attackers appear to hack through stolen passwords or physical access Cisco routers and install a custom operating system.

This custom operating system is called the SYNFUL Knock-malware. Through the malware continue to keep the attackers access to the corporate network, even resetting the router. Cisco recently conducted a scan on the internet and discovered 199 IP addresses that were infected with the SYNFUL Knock-malware. Now, Cisco has developed a tool that allows customers hacked routers can find on their own network. It is in this case only routers that are infected with the SYNFUL Knock-malware.

The tool does come with a manual. The rotation of the tool via network address translation (NAT) can affect the accuracy of the tool and make sure the tool hacked routers can not detect. Cisco advises to carry out the tool from a network location where there is no NAT between the scanning system and the routers.

Thursday, 24 September 2015

5.6 Million Fingerprints With US Government Stolen



At the hack of US government agency OPM fingerprints from 5.6 million people have been stolen and not 1.1 million, as previously indicated. This is shown by research from the Office of Personnel Management (OPM) and the US Department of Defense.

Public authority, which is responsible for screening officers, was twice hacked. At the first break proved the data of 4.2 million civil servants to be captured. During the investigation into this burglary second burglary was discovered, with much more data were captured. In addition, it was very sensitive data that officials had to fill in the screening forms, such as mental health problems, drug and alcohol use, arrests by police, bankruptcies and user names, passwords, and in some cases fingerprints. In July, it became clear that in this second break-in, the data of 21.5 million Americans have been stolen.

Abuse data

According to experts, the potential for abuse of the stolen fingerprint data limited. This could be in the future, as technology continues to evolve, change. That's why the FBI will, the Department of Homeland Security, the Ministry of Justice and members of the intelligence community launch an investigation to see how this fingerprint data now and in the future can be exploited by enemies.

The parties will also work on ways to prevent such abuse. If it turns out that it is possible to abuse the fingerprint data in the future, the US government will separate the people affected here warn. All affected individuals will be alerted by the OPM on the incident. In addition, all victims eligible for credit monitoring. Something the US government $ 133 million will cost.

Proton Mail Supports Encrypted Emails From Facebook


The free encrypted email service Proton Mail has a new feature added allowing users now receive encrypted emails from Facebook that are automatically decrypted. To make this possible, PGP encrypted emails from Facebook supported. The social networking site decided in June to send encrypted e-mail notifications support.

Facebook users can add their OpenPGP public key to their profile. This key is then used by Facebook for encrypting the email notifications that are sent to the email address of the user. Facebook has chosen to implement the e-mail encryption for GNU Privacy Guard (GPG), the popular and free implementation of the OpenPGP standard.

Ease of Use

Proton Mail claims to be the first e-mail service that supports the PGP-encrypted e-mails from Facebook now "seamless".This means that PGP-encrypted messages from Facebook automatically open in Proton Mail. Previously internet users had to use PGP in Facebook install the PGP software, keys generate and use different plug-ins. Proton Mail users now only need to key in their public Facebook import. If it is the developers will automate this process in the future.

"If we really want a more private and secure Internet is crucial to work together and we congratulate Facebook for the use of open standards," according to the developers of Proton Mail. "We are pleased that major players such as Facebook support these efforts and as more companies will join in the movement to improve online privacy not stop." Proton Mail was developed with the help of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.

Google: Anti-Virus Software, Kaspersky Still Leak


The anti-virus software of the Russian anti-virus firm Kaspersky Lab still contains multiple vulnerabilities, says Google researcher Tavis Ormandy. Recently released the virus fighter that's been a big leak could poem was found by Ormandy and the system could allow an attacker to take complete without users here had to do something.

The researcher Google has much more major vulnerabilities found in the anti-virus software, so Ormandy late in an analysis of the leak know that are already patched. The analysis was made ​​on the Project Zero blog from Google. Project Zero is a team consisting of Google hackers and researchers looking for vulnerabilities in popular software. This included the anti-virus software from Kaspersky scrutinized.

Not patched

"Many of the bug reports I submitted are still not patched, but Kaspersky has made enough progress that I can talk about some of the problems," as the researcher says. Ormandy had found dozens of bugs in the anti-virus software and reported. The research shows that some of the most dangerous leaks were very easy to abuse. The researcher is pleased that Kaspersky Lab here for additional security rolls out. The impact of a vulnerability will increase in anti-virus software because the virus often file system and network traffic intercepted.

Visiting a website or receive an e-mail is enough to be attacked. It is then not even be necessary to open the e-mail, since the input / output of the reception of the e-mail is sufficient to cause the vulnerability. Besides the discovered vulnerabilities Ormandy also found several major design flaws in other parts of the anti-virus software. These other vulnerabilities to attack his distance. As the updates previously been deferred, he will discuss these issues later.

Security software harmful?

According to Ormandy, there are strong indications that there is an active trade in exploits for antivirus software exists."Research shows that a readily accessible attack surface that exposure to targeted attacks increased enormously," says the researcher. Therefore, he believes that security software developers the strictest security guidelines when developing their software must implement in order to reduce problems caused by the software. Something that fail anti-virus companies. In the past Ormandy has major problems in the software of anti-virus company Sophos and ESET found.

The researcher concludes with a warning and request for anti-virus companies. They would parts of their software does not have to run with system privileges. "Do not wait for the network worm that it has provided in your software, or targeted attacks against your users. Add even today the development of a sandbox to your development plan." Regarding the outstanding vulnerabilities in the software of Kaspersky Ormandy says that the anti-virus company responds very quickly and that a number of critical vulnerabilities in the coming weeks will be patched.

Apple Will Host Xcode In China to Prevent Malware


To new malware in the App Store has Apple decided to prevent the development program Xcode to host locally in China. That Apple chief executive Phil Schiller against the Chinese website Sina.com announced. Last week showed that infected apps in the App Store had ended.

The apps were infected with the XcodeGhost malware. Several Chinese Xcode developers had downloaded from an unofficial website. Xcode is Apple's official tool for developing apps for iOS or OS X. The version that the developers had downloaded were infected with malware, which also became infected by their developed apps. These apps were then placed in the App Store, where Apple controls the malware did not notice.

Download

For Chinese developers may take a very long time to download the 3GB large Xcode. "In the US there is only 25 minutes to download, in China, it may take three times longer," said Schiller. That is also a reason that Chinese developers are trying to download software through unofficial channels. Apple recommends that developers use Xcode and other development software, only download via the official website.

To make this easier for Chinese developers has now decided to host the development programs locally, so they can be downloaded quickly. Regarding XcodeGhost malware according to Schiller, there are no indications that the infected apps user data forwarded.

American 'Funda' Spread Malware Via Infected Ads


Cyber criminals are again managed to place infected ads on a very popular website with tens of millions of visitors who attempted to install malware. It is Realtor.com, the US counterpart of Funda which all kinds of real estate is offered.

The website is according to market researcher Alexa at the 101st place of most visited websites in the United States and a 485ste place worldwide. It is estimated that Realtor.com monthly 28 million visitors. The attackers previously infected ads on the English website of eBay, Drudge Report and other major websites were seated according to anti-malware company Malwarebytes also behind this attack. Through advertising network Adspirit.net the affected ads were posted on the website.

The ads sent visitors without being noticed this through to a website with the Angler-exploitkit. This exploitkit uses known vulnerabilities include Adobe Flash Player and Internet Explorer to install malware. For whatever it's malware was not disclosed. After being informed, the publisher of Realtor.com and Adspirit off the ads. Internet users whose software was up-to-date were no known risk. Yesterday it became known that criminals a week infected ads on Forbes.com have shown.

HP Laser Printers Protects Against BIOS Attacks


Computer manufacturer HP has three new laser printers announced which security (pdf) that enable attacks to be prevented in the BIOS of the printer. The BIOS (Basic Input / Output System) is a set of basic instructions for communication between the operating system and printer hardware.

It is essential for the operation of the printer, and also the first major software that is loaded. Attacks on the BIOS are difficult to detect and may give attackers longer period of time access to a device. Printers run while also risk of being attacked. Many corporate networks are printers on the network accessible. The security of the network printer is often forgotten, so that the devices can serve as input for attackers.

To protect printers, HP has therefore implemented various security measures. This involves HP Sure Start, a measure that can recognize malicious BIOS attacks and recover. This protection was already present in the Elite line of HP computers, but has now also been added to the printers. Furthermore, it is whitelisting used only known allowable firmware to install the printer and there is "Run-time Intrusion Detection" which monitors the printer memory for malicious attacks.

The three new security measures are standard in the Enterprise LaserJet printers and OfficeJet printers with HP Enterprise X Page Wide Technology. In addition to the features through a firmware update on several HP LaserJet Enterprise printers installed that are available since April. Furthermore, whitelisting and Run-time Intrusion Detection are added to HP LaserJet and OfficeJet printers Enterprise Enterprise X printers since 2011. For this, an HP FutureSmart service pack update must be installed.

Wednesday, 23 September 2015

Gmail Lets Users Email Addresses Block


A new feature in Gmail makes it now possible for users to block mail from specific email addresses. According to Sri Harsha Somanchi Google must give the new feature users more control over their inbox, for example if they are harassed by e-mail .

In case a user specific email address block the e-mail sender will be automatically placed in the spam folder. The option is now available to Gmail users and will appear next week for Android. In addition, Android users will soon have the option to unsubscribe simply from the Gmail app for newsletters.

Mozilla Patches Numerous Leaks In Firefox 41


Mozilla has released a new version of Firefox where 27 vulnerabilities patched. Through six vulnerabilities an attacker without much interaction from a user his or her system in the worst case can take over completely. This would require visiting a hacked or malicious Web site or see getting an infected ad suffice.

In Firefox 41 are further resolved numerous other bugs and added new features. One of the new additions to the browser is perfect forward secrecy for WebRTC. WebRTC is an open source project developed by Google which provides browsers with Real-Time Communications (RTC). To the communications from users secure for applications and applications that WebRTC now use perfect forward secrecy required.

PFS at each session to generate a separate key and removed after the end of the session or sending a message. In the case attackers the encryption key compromise, they do not yet have access to the previously stored messages (sessions) of users, as these are generated using a separate derived key. WebRTC, according to critics, a privacy risk because the information users can leak. Updating to Firefox 41 via the automatic update feature of the browser, Mozilla.org.

Forbes.com Spread Malware Via Infected Adverts


On the very popular website of business magazine Forbes have been infected for some time ads shown to infect visitors with malware tried. Forbes.com state according to market researcher Alexa on the 74th spot of most visited websites in the United States and the 154th place worldwide.

The website is monthly by more than 31 million visited visitors. Those visitors were from 8 to 15 September dished ads so they were undetected to a website with the Angler- and Neutrino-exploit kits. This exploit kits exploit known vulnerabilities include Adobe Flash Player. In case there is no up-to-date software was used silently malware could be installed on the computer, says security firm FireEye.

For what exactly will the malware was not disclosed. The ads were via an advertising service from a third party displayed on the Forbes website. According FireEye use of contaminated advertising remains a popular attack method for criminals.Via advertising platforms, especially those that hold real-time auctions for ad space, attackers can choose exactly where their malicious content is displayed.

In case the infected appear ads on popular websites the chance of massive infection is significantly increased, allowing both users and businesses at risk, according to the security company. After being informed Forbes has removed the infected ads. Last year, even though malware via Forbes.com spread. When attackers used a widget on the website that zero-day vulnerabilities in Internet Explorer and Adobe Flash Player attacked.