Sunday, 31 May 2015

Linksys Warns Customers For Password Webcam

Linksys has warned customers with a webcam that they must change the default password, or else run the risk that others gain access to the device and the images can watch. "To avoid these unwanted access you change the default password of the camera", let the company know in an email.

In the message, the manufacturer that, in order to ensure that the wireless cameras as safe as possible, there by justice in the United States worked together to address the issue. As part of this collaboration is for the business cameras firmware developed that helps to change the default password and secure the camera on. The firmware is available for the models LCAD03FLN, LCAD03VLNOD, LCAM0336OD and LCAB03VLNOD.

If users do not change the password during the installation of the firmware, they will remind see a red bar in the window with the camera images. Furthermore, users are advised to change their passwords regularly and use a combination of letters and numbers. Is also advised to use a strong password for the router. In recent months, there are several websites on the Internet appeared where it was possible to watch along with the images from cameras that use default passwords.

Advertising Company Superfish Closes Doors After Storm Of Criticism

Advertising company Superfish, early this year in the center was a storm of criticism, the doors closed.Superfish delivered to Lenovo a program that intercepted on all kinds of laptop models SSL connections to inject ads.

The adware used for this purpose its own root certificate. Researchers managed to crack the password using the private key of the Superfish certificate. This makes it possible in some cases to perform man-in-the-middle attacks against systems running Superfish and the certificate installed. Because of the incident Lenovo Superfish decided not to deliver laptops and offered a tool to remove. In addition, there were all kinds of lawsuits.

Co-founder Adi Pinhas has now decided to close Superfish and the company's technology through a new company, Visual Just to be used. Instead of injecting ads Visual works Just to smartphone apps that can recognize pictures and can search for similar images, without any text labels are required. According Pinhas was the move to this "visual search software" is already underway, but which was accelerated by all the criticism that erupted after the vulnerability.

That's not to say Just Visual nothing to do with the ads will have. The visual search engine is in fact focused on the search for specific objects by telephone. The search engine can then show ads of similar products. In addition, the company hopes to make money on licenses for the use of technology. Well Just Visual will follow industry standards for safety and privacy, as late as Chief Product Officer Keven Lee opposite the Associated Press know.

DNS Changing Malware Worldwide Institutions Routers

Recently, a well-known security researcher showed that vulnerabilities in popular routers actively attacked by malware, but also weak and default passwords appear to be a way through which attackers take control of the devices. Anti-virus company Trend Micro warns of DNS changer malware. The malware executes from the internal network user brute force attacks on the administrator interface of the router.

Then, the DNS settings are adjusted. The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. By adjusting the DNS of the router can fit criminals traffic from users via their server run.Most operating systems are configured to use the DNS settings of the router. Once a computer or other device connected to the router, the custom DNS settings will be used. This allows users of the assailants attacked router forwarding to as phishing sites or into downloading malware.

"Keep Custom DNS settings that users do not know if they navigate to reliable or fake websites," says Fernando Merces. He notes that users who have not changed the default password of the router particular risk. The attack begins via a phishing attack, which points to a page with a script. This script then runs from the internal network brute-force attack on the router.Because the browser is running the script, the traffic is sent to the router as an internal request.

The script use the assailants attempting to both the IP address and password of the router councils. The script supports different models and manufacturers, among others TP-Link and D-Link. The attacks seem focused on Brazil, where 88.3% of the attacked device was observed, followed by the US (2.9%) and Japan (1.3%). Users are advised to use secure passwords for all accounts on the router, change the default IP address and disable the remote management features. In addition, Firefox NoScript is recommended that the execution of scripts can block in the browser.

Programmer Launches Kill My iPhone Service

An American programmer has put an online service that uses a vulnerability in iMessage to make iPhones crash. The service is called Kill My iPhone! and was designed by John Pacific . By using the service, it is possible to provide a telephone number, after which it receives a specified number malignant text message. This message tells iMessage crash and causes the iPhone reboots.

Apple has already indicated an update for the bug to work in the program and published earlier this workaround . Kill My iPhone! is according to Pacific because of various restrictions only in the United States are available. Furthermore, the programmer that the service should only be used on iPhones which authorization was given.

Saturday, 30 May 2015

VPN Service Hola Used For DDoS Attack On 8Chan

The popular free VPN service Hola has recently been used to carry out a DDoS attack on the 8Chan website. Hola is as an extension for Google Chrome easy to install and use, which besides being free explains the popularity. In order not to pay for the traffic of users makes the VPN service using a P2P system where the traffic of users is through the connection of other users.

What many users do not know is that the company behind the VPN service sells the users of bandwidth via a service called Luminati. Luminati gives people to pay for access to the Hola network, for example, to commercial traffic anonymous routing.In this way Hola remains free to users. Via Luminati However, it is also possible to use the bandwidth of Hola users for DDoS attacks.

On May 24 was Luminati used as botnet to attack the 8Can website, so let investigator Nikoloz Kokhreidze Monday already know. The founder of 8Chan, Fredrick Brennan, then placed a warning on the website that users Hola better not use. "Hola is the most unethical VPN've ever seen," he observes. In a response to Business Insider Hola let know that the party that the DDoS attack conducted could use any VPN service. In addition, it should also be obvious to users how Hola works, but is there because of all the fuss surrounding private details are put on the website.

Macro-Malware Steals Thousands Of Documents From Companies

From late February to mid-March, assailants carried out a campaign macro malware was used to steal passwords and documents thousands of businesses. The attack began with an e-mail contained a Word document. In the document were hidden macros that, when activated by the receiver, malware installed.

Via this malware were then the credentials of workers and business documents stolen. According to anti-virus firm Kaspersky Lab , the attackers managed to steal a total of 10,000 documents of companies, mainly from Thailand and India, although Belgian companies were targeted. In addition, also found thousands of stolen credentials, coming from hundreds of infected computers. By looking at the stolen credentials, according to the virus fighter very clear that workers malware statements sent to each other, since the host names and internal applications were the same.

Android Phone App Lets Look Unnoticed Porn

Google Play researchers again several malicious Android apps encountered after installing the device unnoticed kinds of porn sites and make visits to these sites to open multiple links and advertisements. In late April discovered anti-virus company Avast called "Dubsmash 2 app" on Google Play that was downloaded between 100,000 and 500,000 times before Google removed these.

Once the app actively trying to hide from the user and then visited several pornography sites in the background. Presumably the creator got paid for clicks that generated the app. Clicks that advertisers think they are carried out by people. Although Google removed the app there are recent days several variants of the app on Google Play appeared as late as anti-virus company ESET know.

Apps that should keep Google actually, say the researchers from the company. In a period of several days, several variants of the Trojan Dubsmash 2 uploaded and removed by Google. Yet one variant in two days would have been downloaded about 5,000 times. A total of nine discovered called Dubsmash 2 apps which were in reality "porn clickers". Once active every minute is charged a porn site, followed by a random click pattern.

"Although click fraud causes no direct harm to victims, such as to steal passwords, generates a lot of traffic and thereby generating additional costs for victims who have a data limit, so they remain at the end of the month with a high phone bill" , the researchers note. Which argue that Google Play has some weaknesses, given that the same malicious app could be placed several times on the app store before they intervened.

Schneier: Most People Will Never Use Tor Or PGP

Despite all the fuss about the revelations of Edward Snowden and the NSA surveillance in practice most people will never take anti-surveillance measures. In fact, most surveillance tools such as Facebook, Google and a smartphone are voluntarily used by people because they are like "handy", says security expert Bruce Schneier opposite Wired .

When asked how he ordinary, honest Internet users would convince tools like Tor or PGP or use your own mail server, he says this is not possible. The surveillance tools, he says, convenient and free. "That's why we use them. Most technical solutions to avoid surveillance to use tedious and difficult. And they only work to a certain level."

Schneier gives as an example the cell phone, which he describes as an "incidental tracking device". "If that was not the case, the system could not deliver phone calls. Metadata is very intimate and the surveillance data can not be encrypted." When it comes to addressing surveillance should therefore not be given to technical solutions, Schneier says.

The important thing is just to talk about it with each other, he says. "These are political issues that require political solutions, and it will be no political issues if we do not make Currently surveillance yet not showy,. We do not notice it because it happens automatically in the background Snowden left us. see what happens when people notice it. People should notice whatsoever of the lake. "

Friday, 29 May 2015

Confiscated Domain Megaupload Points To Malware

Two domain names of Megaupload by the US government in early 2012 seized are now being used to infect users with malware and forward to Internet cams, as discovered website TorrentFreak .Megaupload was the upload and download site from Internet entrepreneur Kim Dotcom.

For alleged copyright infringement and online piracy were Dotcom and several others indicted by the US. Who and had received a warning that the domains were seized. It seems that the domain names have not been extended allowing another party they could register or attackers there have been accessed in a different way. Code on the website sends visitors will see through to scam sites or have ads that offer malware. Commenting Dotcom criticized the actions of the authorities. For several years, the Internet entrepreneur has a new online storage service called Mega.

Apple Blocks Unsafe Versions Adobe Flash Player

A little later than usual, Apple released an update to block insecure versions of Adobe Flash Player on Mac OS X, however, are Windows users who certainly have to ensure that they have the latest version.Mac OS X has a "Web Plugin blocking mechanism" that Apple can update to block insecure browser plug-ins and to protect users from potential attacks.

On May 12, Adobe patched 18 vulnerabilities in Adobe Flash Player that could allow an attacker in the worst case, the underlying system could take over completely. Safari users not using the latest version of Flash Player and a site visit to see the plug-in call have since today a notification. The report says that Adobe Flash Player is outdated and there is a newer version can be downloaded from Adobe. The blockade applies to all Flash Player versions prior to and blocks more vulnerable versions of Flash Player, but does so usually a few days after the update in question appeared.

But they are Windows users who must surely check whether they are using the most recent version, as cyber criminals have begun attacking one of the vulnerabilities that Adobe patched two weeks ago. Again, there is a trend whereby the exploit to attack the vulnerability soon after the release of the security appears. In this case it is the Angler Exploit kit which is now able to Flash users with version and earlier attack, warns security firm FireEye . Through this page, users can see whether and which version of Flash Player is installed on their system.

"Dormant" Ransomware Makes Victims Worldwide

Main Locker Screen
This week, the world of computers with a new ransomware variant infected become infected systems which quietly and suddenly became active on 25 May. It is the locker-ransomware which like other kinds of ransomware specimens encrypts files on the system.

According Bleeping Computer is a large number of people worldwide affected by the malware. After the encryption users will see a notification that they have to pay 0.1 bitcoin. That comes with the current exchange rate equivalent to 22 euros. An amount that is one-tenth of what questions ransomware many other instances. In the warning that users get to see is further stated that they should not investigate Locker ransomware or remove, because the private key will be destroyed and the data is no longer decrypt.

Experts, however, that this is just a way to scare people so that they pay the amount requested. Besides the forum Bleeping Computer are also social news site Reddit been several reports of the victims appeared to have the amount paid. It is the low price of 22 euros given as a reason to watch or by paying the files are recoverable. Several victims have thereby know that after the pay could decrypt their files and so got back.

How Locker ransomware exactly spreads is not yet confirmed, but possibly it is a cracked version of Minecraft or sports streaming sites, although e-mail attachments and exploits are mentioned. The ransomware would just delete the Volume Shadow Copies on the C drive. This would be possible through the Volume Shadow Copies of other disks for files that have been encrypted there without paying retrieve .

Malignant Macro Virus Bypasses Via MHTML Format

Cyber criminals have used a remarkable file to malicious macros invisible for virus scanners, as several researchers have discovered. The use of macros in Office documents has become a popular tactic to spread malware.

Macros are disabled by default in Office, but when users enable the macro can download and install malware. Recently discovered researcher Bart Blaze a spam campaign where there is a doc file with malicious macros added. In reality it turned out to be a Word MHTML file. According to researchers at security firm Trustwave beat the criminals after making the malicious macro as an MHTML file, to which then rename it to .doc or .xls. As a result the file will be opened by Microsoft Office.

When the spam campaign was detected showed that most virus scanners that are not detected. According to investigators, the criminals have malicious macros intentionally saved as MHTML file, to circumvent virus. An analysis of the MHTML file shows that the part of the evil macro via base64 encoded. In case users open the attachment and run the macro is a Trojan horse installed that is specifically designed to steal money from online bank accounts. Users also are advised to Microsoft Office can be configured to all macros are blocked.

Thursday, 28 May 2015

Android Ransomware Not Give Paying User Penalty

Last week, more than 15,000 e-mails are sent with Android ransomware that occurs when a security update for Adobe Flash Player. The messages contain little text, except that the enclosed APK file, "Check Updates.apk" is an update to Flash Player.

In reality, it is ransomware that locks the device and a warning from the FBI shows. According to the warning, the user would have viewed pornographic websites. To unlock the device must be an amount of $ 500 to be paid. If the user attempts to unlock the device, the amount is increased to $ 1,500, reports the Romanian antivirus company BitDefender .

According to the Spanish security company S21sec ransomware makers find new ways to spread their creations. Currently used mainly social engineering, but new capabilities are added continuously, according to the IT security officer. Users also are advised to install APK files from untrusted sources and email filtering with MOT attachments.

Phone Scammer Locks Browser With Pornographic Pictures

Phone Scammers have in recent years various tricks used to defraud people, such as simulating Blue Screen of Deaths in the browser to give all sorts of warnings, and a new variant is now underway with pornographic pictures and Javascript code.

The scams are all under the same steps, the user is notified that he has to call a help desk. This is called a help desk that allows the user into paying for undelivered services or products. The scam is slightly different from the phone scammers who call people at home, but the end result is the same.

In a new version of the scam the scammers lock the browser users with pornographic images in the background. Then a pop-up is displayed that there are suspicious activities on the computer and found a help desk to be called. To prevent users can easily connect the mention is made of javascript code usage.

According to anti-virus firm Malwarebytes discovered that the scam sends the phone number the user to a telephone exchange, where workers often pose as Microsoft staff and try to gain remote access to the computer. Then states that the computer malware and should be paid to remove it.

Linux Malware Allows Routers On Facebook And Twitter Defraud

Linux / Moose Overview
Researchers have discovered a new form of Linux malware that tries to take over routers subsequently on social networks like Facebook, Twitter, YouTube, Instagram and other sites to commit fraud with. The malware is called Moose ( pdf ) and scans the internet in search of Linux routers with an accessible Telnet service. Once found, will perform a brute force attack to gain Telnet access to the router.

Moose will modify the DNS in the event of a successful attack, steal the unencrypted network traffic to and from the router, perform man-in-the-middle attacks and offer proxy services for the malware creator. In practice, the malware will steal HTTP cookies from the aforementioned social networking sites to perform with fraudulent actions, such as "track", "view" and "like" of users and content on the websites.

In addition, the malware infected routers will also be used to scan for new vulnerable systems. According to researchers from the Slovak anti-virus company ESET malware is remarkable, because most Linux malware going around and it has developed features on routers to perform DDoS attacks. ESET also denounces the security of routers to be desired and allows this type of malware can strike.

"Witness the primitive techniques Moose used to access other devices, it is unfortunate that the security vendors of routers do not take seriously", say the researchers conclude. That also recommend IT experts to check the routers acquaintances on firmware updates and safe settings if they are nearby.

18 Virus Scanners For Linux Systems Tested

The Austrian test lab AV-Comparatives tested for the first virus for Linux. According to the test organ Linux is often considered a more secure platform than Windows, but does exist malware for Linux. In addition, Linux systems are often used as a file server, and can therefore come into contact with Windows Malware.

By installing a virus scanner can this malware are detected and thus prevent Windows computers become infected. The test report indicates AV-Comparatives also explain why so few Linux malware in circulation. That would relate to the large number of Linux Kernels and Linux distributions. The large number of different software configurations makes it more difficult for an attacker to produce malware that is compatible with a large part of the configurations.

Another factor that AV-Comparatives is pointing to is the small market share of Linux, which makes no lucrative target for attackers. This low proportion may also explain the small number of virus scanners for Linux compared to Windows. Unlike an earlier test of Virus Bulletin , AV-Comparatives decided not to test with malware but only to see the operation and features of the programs. For example, for each program discussed the installation and user interface.

Wednesday, 27 May 2015

Microsoft Is Software That Adapts Engine Block

For users from adware and other unwanted changes to protect the browser Microsoft last year, various measures announced with programs that do not comply with the rules by the security of the software giant will be identified and blocked.

One of the measures announced by Microsoft to prevent users can not change their search engine after it has been modified.Some adware programs and change the default search engine by their own search engine and then try to prevent users restore the original engine in many ways.

From June 1 this year, Microsoft will detect and block these types of programs. It also involves programs that contain code to avoid customizing the search engine, but where this is not enabled. To avoid detection later Microsoft advises developers of these programs is therefore to remove the code.

Analysis Tool IDA Reset License Keys After Server Hack

The makers of IDA, a popular tool for analyzing and reverse engineering, among other malware, users are warned that one of the company's servers is hacked. In addition, there may license files compromised.The license files contain the license key of the user and product name, and the names and email addresses. All other data would not have been captured.

When the attack was carried out unknown because the attackers a "low profile" held, said an e-mail that was sent to users whose Justincasemusic Android Police a screenshot made. A copy of the e-mail also appeared on Pastebin . According to the developers, the attack may be carried out through the dynamic part of the web server, namely the forum and blogging software.

As a precaution, there was created a new license key for users, which is transmitted over the same warning mail. Users should use this key when applying for future updates, as the old key is no longer recognized by the server. In addition, users are advised to change the forum password they used. IDA is considered by many experts considered to be the standard tool for reverse engineering and is being used to analyze malware.

E-mail Resumes And Internship Requests Infects Tills

Researchers have discovered a new variant of checkout malware that spreads via e-mail. The emails focus on companies and have different topics ranging from training requests and resumes, to ask if there are job vacancies. Attached is added to the e-mail a Word document. This document states that it is a secure document and the user macros must turn to see the content.

Once macros are enabled, the document will download the malware. This malware additional malware can be downloaded and installed. Through the malware that is first the attackers can determine what malware is then to be actively installed. It is then possible to install malware that targets POS systems that run on Windows. Several retail chains, especially in the US, using payment terminals that are connected to a Windows computer.

Once the computer is infected, the malware can intercept the data of credit cards and collect processed through the POS system. With the stolen payment card data can then be fraudulent. According to security firm FireEye shows that even attack cyber criminals engaged in random spam operations include cash and malware that can be used to infect some of their victims.

Avast: Virus Scanner To Scan HTTPS Traffic

As more Internet traffic over SSL is encrypted, it is important that virus scanners can inspect HTTPS traffic, even though they have here a "man-in-the-Middle" with self-signed certificates to perform. That leaves anti-virus company Avast know, the free virus scanner is one of the most widely used anti-virus programs in the world.

An SSL certificate is used to encrypt traffic between websites and visitors. Traffic is theoretically no longer available by third parties. To still analyze whether the traffic is free of malware or other malicious code, Avast installs on computers a self signed certificate that is accepted by the browser. Normally give self-signed certificates in the browser a warning, because the publisher is not trusted. To solve this Avast adds itself as a certificate authority to the browser so that certificate or trust.

Once the browser a SSL connection setup the virus will own this certificate to use that now causes no warning. This way you will find there is actually a man-in-the-Middle (MITM) attack place. According to Avast this is necessary to scan the traffic.There is also a difference with traditional MITM attacks, said the virus fighter. "The" man in the middle "that we use is on the same computer as the browser and uses the same Internet connection."

Avast also announced that it generates a different private key for each certificate. A user would with its own installation therefore can not intercept traffic from other Avast users. Yet recently proposed a security researcher that the process of virus scanners, including those from Avast, safety HTTPS undermine.

Adware Disguises Himself As AdBlocker Plus Browser

Adblock Plus is a popular browser extension that must stop ads, but now researchers have discovered a form of adware that is just as Adblock Plus disguises in the browser. The adware refers to himself in the browser "AdBlocker" with the publisher AdBlocker and AdBlocker Plus logo.

Furthermore, it is also adapted to the installation date, so users do not immediately see the installed extension when sorting by date. Once the active adware makes all kinds of ads to view websites. In order to prevent the adware is easily noticed and removed which also makes use of single-rootkit elements, as discovered anti-virus company Malware Bytes .

For the installation, the use of a adware "LSP hijacker". LSP stands for Layered Service Provider and is a DLL that the Winsock API (Application Programming Interface) used to inject itself into the TCP / IP stack. Since it can intercept all traffic between the Internet and applications, filter and customize. According to analyst Pieter Arntz allows use of the rootkit components and LSP hijacker see that "potentially unwanted software" more and more like real malware starts to behave.

Tuesday, 26 May 2015

Server Digital Bank Robbery Points To Russian Secret Service

Researchers from the Japanese anti-virus company Trend Micro were strange to look at when a server that was used in a bank robbery comprehensive digital suddenly pointed to an IP address of the Russian secret service FSB. Late last and early this year warned security for a group of attackers, called "Anunak "or" Carbanak "who knew to break through malware with banks and tens of millions of euros booty made.

The malware was driven by the gang used several domain names, as Command & Control (C & C) server functioned. Since the revelations infrastructure Carbanak monitored. Last week was the IP address of one of the C & C domains suddenly turned and pointed to an IP address of the FSB, let analyst Maxim Goncharov know. He does not think the FSB of adjustment and is therefore suspect that it is a joke of the domain owner, though a blunder also not excluded.

NSA Began Phasing Eavesdroppers

The US National Security Agency began to phase out the eavesdropping program that collected the phone records of US citizens and stored, now the Senate no agreement has been reached on an extension of the program, reports the Associated Press .

On June 1 expires section 215 of the Patriot Act, which allows intelligence services may collect phone records of Americans.Investigation FBI also uses this section, only to collect financial and other information in national security cases. As a solution was devised a new proposal, the USA Freedom Act.

This proposal would end the massive storage of telephone data, but would allow the NSA to the data store by searching telecom providers by case. However, the proposal fell short of three votes, since the Republicans voted against it. Because the outcome is the NSA now started to reduce the search of domestic telephone data. On May 31, the Senate comes back together for one last rescue attempt.

Researcher Bypasses Windows UAC New Trick

Windows User Account Control (UAC) is a security measure in accordance with Microsoft to protect computers from "hackers and malicious software," but through a new trick to get around, as demonstrated by security researcher Cylance.

As software or a user wants to change some Windows settings or try to perform actions that require administrative privileges displays a UAC warning. Only when the user gives permission, the action will also be performed. In case the user does not have administrator rights, he must first enter the administrator password before the action is performed.


Researcher Derek Soeder developed malware to attack it in Windows Explorer. The malware, Soeder "ShameOnUAC", and injects itself into the Explorer process which does not have administrator rights. Then watch this process until the user wants to start a program as an administrator. The application of this program to the administrator rights is manipulated by malware and provide any additional commands. For example, commands can through the command prompt in Windows are executed or made ​​changes to the Windows Registry.

Soeder explains that in case the user starts cmd.exe and then accept the UAC warning ShameOnUAC can first run a command with administrator rights before the user gets to see the command prompt. The attack is easy to prevent, users must namely "Show details" click in the UAC warning. The added jobs are namely displayed. However, it is up to the user to do so every time.

"It is important to note that UAC works just referred to. ShameOnUAC is eerie to see in action, because it shows that every user already malware inadvertently elevated privileges have been able to give that was the end of practice, the information by any time ignoring that they could observe it, "says the researcher. In the event malware administrative rights on a computer can get because attackers can take complete control over the system. Soeder himself says that he is always present after his research examines the details of a UAC warning.

Monday, 25 May 2015

Database AdultFriendFinder Offered For 15,000 Euros

The man who claims to be responsible for the break-in at the erotic dating site Adult Friend Finder now offers the full database of private information for sale, amounting to 70 bitcoins. With the current exchange rate, that equates to more than 15,000 euros, as discovered IT consultant Bev Robb.

There had already been a part of the database containing the sexual preference of 3.9 million members , as well as their email addresses, user names, birth dates, post codes and IP addresses put online. The complete database would also contain credit card information. In a FAQ about the incident late AdultFriendFinder however, know that there is no evidence that personal financial information or passwords have been compromised. The man behind the burglary is also announced that he can hack any website within a week, with a budget of 750 bitcoins is requested. That would be the current exchange rate is 165,000 euros.

Stallman: Windows And Mac OS Are Malware

Much of the software in circulation today is malware. It are programs that treat their users bad, says Richard Stallman, which is Windows, Mac OS and iOS gives specific examples. Stallman is the creator of the GNU operating system.

He uses the definition of malware not only for viruses and Trojans, but for programs that users are treated badly. Stallman Something that has become commonplace, writes in a column for The Guardian. "There are so many cases of proprietary malware reported that we should consider any closed program as suspicious and dangerous." Some of these programs closed spy on users, while others are made ​​to chain users through DRM solutions. Other programs impose censorship on weather and some software is specially designed to sabotage users, Stallman continues.

As an example he mentions malware operating systems like Windows, Mac OS and iOS. This is software that users chains, spies and censors. An Internet that closed out all kinds of software solutions exist is not to be trusted. Stallman calls therefore users to take action. So should software and Web services that spy on users or follow avoided.

It should be collectively invested in free solutions that users do not follow the web. Thirdly legislation must come through democratic ways which prohibits several "malware practices." It is also necessary that there be a democracy, says Stallman.Something which according to him is not the case with trade agreements such as TTP and TTIP those companies actually offer the ability to suppress democracy.

Pentagon Blocks 2500 WikiLeaks-Like Website

The Pentagon blocks on its own unclassified defense network 2500 WikiLeaks-like websites, reports the website Public Intelligence , which is one of the blocked sites. Once one of these websites defense personnel attempting to access a message appears.

It says that the website is blocked and there is contact with the local network center should be included to access if it is "mission critical". In 2013, an intelligence analyst made such a request, according to a newly published e-mail. According to the request of the Public Intelligence website was used for open sources. There followed an email exchange between the brigade who had to approve the request and the IT department of the intelligence division.

Eventually the IT department pointed out that it was a WikiLeaks-like website was blocked by the US Cyber ​​Command. If the analyst's website still needed, she could use a different solution. What exactly that solution is in the published email unrecognizable. In the case of Public Intelligence, this is remarkable, because the site has published documents from Snowden or WikiLeaks. Further investigation revealed that the Cyber ​​Command in total 2482 WikiLeaks-like website late block.

Frisian USB Stick For Anonymous Surfing Costs 999 Euros

A Frisian company has launched a USB flash drive 999 which users can go online anonymously and encrypted communication. The Crypto Boss, as the stick is called, comes with a browser, photo editing suite, accounting, email client and an office suite. Also, there PGP encryption software included to be able to e-mail. It therefore seems to privacy operating system Tails.

By default, the operating system of the Crypto Boss using the Tor network, which users can go online anonymously. Data is stored on the USB drive, so there are no traces on the hard drive of the computer. Furthermore, all data is encrypted by default. To use the Crypto Boss, users must also specify a password.

"The big advantage of Crypto Boss versus others is that we provide a combination of hardware and software that is immediately ready for use. Other privacy-centric operating systems must be downloaded by the user and installed in a very roundabout way to a USB stick. The Crypto Boss is much more user friendly and actually used by everyone from the box, "said the Frisian company behind the stick located in Drachten.

The Crypto Boss comes in three versions. The 32GB version costs $ 999, while versions of 64GB and 128GB respectively cost 1199 euro and 1399 euro. If USB drive seems to be using the Corsair Flash Survivor Stealth. For users who are looking for a similar, cheaper solution is the aforementioned Tails . This is also an operating system to the Internet with anonymous and encrypted communication which also contains various tools like LibreOffice, GIMP and Audacity. It is also free to download and use.

Sunday, 24 May 2015

Malware Steals 80,000 Euros Of Belgian Company

Cyber criminals are using malware 80,000 last month from a Belgian company managed to steal. The malware is aimed at companies that use the Isabel system for Internet banking. This week it was announced that several Belgian companies by the malware were affected.

One of these companies is metal processor Breetec. "My sister Sandra was paid to perform via Isabel," says director Koen Beckers opposite Het Belang van Limburg . "A few days later I saw on the account statement that was paid just over 80,000 at one time to a recipient in Dubai. It was remarkable, because that's a serious amount of money for our business, not ordinary. My sister showed that payment could not to have done. "

The malware where the Belgian companies by affected spreads via e-mail. Once running on the computer the malware puts a fraudulent transaction done. Isabel works with a card reader and PIN required to approve the transaction. The malware transaction can not perform themselves. After getting all of the transaction from the user's card reader, however, will squeak.The risk is that the user now enters his PIN as an automatism and so approves the transaction itself.

Meanwhile, the company that Isabel develops a warning posted on its website. It states that companies recognize an infection if they need to enter the PIN Isabel repeatedly while it is not expected, users are regularly logged and Isabel 6 should reboot and the computer becomes slow. To protect themselves against malware is recommended to disable macros in Microsoft Office, any unknown links or opening attachments, two that multiple persons transactions drafting and drawing and limiting the authority of users to a maximum amount which is sufficient for small daily payments.

Date 3.9 Million Members In Adult Dating Search Engine

This week that attackers had managed to steal a database of adult dating site Adult FriendFinder containing the personal information of 3.9 million members . The data were then made ​​public. Security expert Troy Hunt has this data now added to his " "search engine.

For a variety of large data breaches that occurred in recent years, such as those from Adobe, with data from tens of millions of users were captured, Hunt decided to create a website that contains information from hacked databases. Internet users can search through this search engine or even their e-mail address is being stolen from such intrusion. The search engine now contains the details of all known hacked businesses and 183 million accounts.

The data come from burglaries at Adobe, , Bitcoin Security Forum, Snap Chat, Stratfor, Gawker, Forbes, Yahoo, Sony and other companies. Users can enter their email address on the website and get that message right away or they are listed in one of the stolen databases. Internet users also can sign up so they get automatically notified if their email address is listed in a stolen database that is added to the search engine in the future.

Dell: Companies Should Block .Zip And .Exe Files

Companies that want to guard against ransomware would be wise to block .zip and .exe files so they can not get into e-mail to employees. Advising Dell SecureWorks . The advice stated in a comprehensive analysis of the Tesla Crypt-ransomware.

Like other ransomware is spreading Tesla Crypt via email and encrypts all kinds of files on the computer. It thereby ignores music formats like MP3 and video files like MP4. The ransom, which runs into the hundreds of dollars, via bitcoin, PaySafeCard and uKash be paid. In the case of Tesla Crypt Cisco recently unveiled a decryption utility that allows files to be decrypted without charge. Companies and organizations can, however, take several steps to protect themselves against possible infections.

Besides blocking executable files and zip archives is recommended operating system and browser plug-ins to keep up-to-date. Furthermore must permissions on shared network drives are controlled so that users with insufficient privileges Files can adapt. Finally, proposed a "software restriction policy", so as ransomware Tesla Crypt no changes in commonly used directories as "AppData" can make.

Saturday, 23 May 2015

Leaks In Routers Belkin, TP-Link D-Link Active Attacked

Focus cyber criminals in attacking vulnerabilities especially on browsers and browser plug-ins, however, are also an interesting target routers. A well-known researcher has discovered a exploit kit namely that leaks into the routers include Belkin, TP-Link D-Link attacks.

These are vulnerabilities that are disclosed in 2008, 2013 and 2015 and patched. Because routers are not automatically updated and many consumers do not own install available updates, it can indeed prevent further routers in circulation with vulnerabilities of seven years ago. In addition, the exploit kit also performs brute force attacks on all other models, including those from Microsoft and Linksys. In case the attacks are successful adjusts the DNS of the router. This allows attackers to traffic from the attacked router by running their own servers, or users of the attacked router forwarding to phishing sites.

Security Researcher 'JuK' of the blog Malware Do not Need Coffee discovered the exploitkit. That appears to work only from certain IP ranges. Once a router has changed the IP addresses of the DNS servers are changed and then reboot the router.As a secondary DNS server defaults DNS server of Google. This should prevent the investigator users suspect something when there are problems with the IP address of the first DNS server arise.

Firefox Goes Ads Based On Behavioral Show

Firefox, this summer ads based on the user's surfing habits show. The browser will then when you open a new tab "Suggested Tiles" show. These are ads that are based on the user's browsing habits. This would be taken into account with the users of privacy. To make the ads relevant to a limited amount of data sent to Mozilla there.

Since then analyzed and shared with partners from Mozilla. According to the developer, the browser via Suggested Tiles possible to display relevant ads that users' privacy is respected and he or she maintains control over the data. "We believe that users should be able to easily understand what content is promoted, who it is and why they see it," said Mozilla's Darren Herman .

"It is the user who is the owner of the profile. Only a Firefox user can change its own surf history," he notes. Additionally, users can opt out of Suggested Tiles through two mouse clicks. According to Herman, the advertising function will ensure that advertisers with millions of Firefox users to get in touch. Suggested Tiles will soon be added to the beta version of Firefox and end up somewhere this summer in the final version of Firefox. This feature will first be rolled out among American Firefox users.

CryptoWall-Ransomware Spreading Through SVG Files

Cyber ​​criminals have found a new way to distribute ransomware, namely the use of SVG files, so says security firm AppRiver. Scalable Vector Graphics (SVG) is a graphics format that supports interactive features and animations.

Thus, it is possible to add scripts to an SVG image. The now discovered attack starts with an e-mail claiming to contain a resume. It is a ZIP file that contains an SVG file again. At the SVG is a piece of JavaScript added again downloads a ZIP file. This .zip file contains CryptoWall-ransomware. It is an EXE file that the user has to extract and open. Once opened encrypts CryptoWall kinds of files and then ask hundreds of dollars ransom to decrypt them.

Malware Steals Money From Banking System Companies In Belgium

Cyber ​​criminals have developed malware is able to steal money from a system which Belgian companies are using online banking. It is the Isabel system used by 35,000 Belgian companies, sole traders and professionals. For several companies would be robbed by the malware, with considerable sums of money from bank accounts are transferred.

By Isabel can arrange business transactions with different banks and integrate them into their accounting systems. Because the malware all notaries have been warned by the Royal Federation of Belgian Notaries. In one notary would now be looted a large amount, reports De Tijd . In order to cash fraudulent transaction set up the malware waits until the user sits at his computer.

Isabel works with a card reader and PIN required to approve the transaction. The malware transaction can not perform themselves. After getting all of the transaction from the user's card reader, however, will squeak. The risk is that the user now as an automatism enters his PIN and approve such transaction. For the spread of malware, which is badly by anti-virus programs detected, e-mail attachments are used. The Belgian police have already set various studies robbed Isabel customers.

Friday, 22 May 2015

Dozens Minecraft Apps On Google Play Prove Scareware

On Google Play, researchers from the Slovak anti-virus company ESET found dozens of apps that occur as cheats for the popular computer game Minecraft, but in reality scareware. It involves a total of 33 applications that were placed on Google Play over a period of nine months and have been downloaded between 660,000 and 2,800,000 times.

The apps do not do what they promise and show after starting only banners claiming that the Android device with a "dangerous virus" infected. Then offered to remove the virus, for which there should be a "virus" via SMS enabled. However, it is an SMS user subscription costs 4.80 euro per week. ESET recommends that Android users to still only download apps from official app stores, to check what permissions the app asks and be read reviews from users.

Hacker Finds Way For Unlimited Coffee At Starbucks

A hacker has found a way allowing him unlimited coffee at coffee chain Starbucks could gain or gift cards could upgrade with millions of dollars. Via is possible to create a personal account, where users can add gift cards to their transactions can view and even transfer money between gift cards.

Through the gift cards, it is possible to settle in the coffee shops chain. Hacker Ego Homakov discovered a "race condition" in which he could transfer money from one gift card to two of his other gift cards. Homakov tried to approach Starbucks after its discovery, but that proved difficult. Eventually, he succeeded nevertheless in anyone in the coffee chain lights and the problem was resolved within 10 days.

After he had done bug message the hacker himself was called by Starbucks. Not to thank him, but there was talk of "fraud" and "malicious actions" Homakov so late in his analysis of the vulnerability know. On Reddit , where Homakov announced his discovery, has become a heated debate erupted or the reaction of Starbucks on the bug message was justified or not.

Private Data 3.9 Million Members Adult Dating Leaked

Attackers have managed to gain access to a database of popular adult dating site Adult FriendFinder and subsequently the private data of 3.9 million members leaked. It is the sexual preference of users, whether they are heterosexual or homosexual, and extramarital relationships search and e-mail addresses, user names, birth dates, post codes and IP addresses. Among the leaked data are also data from users who had asked the website to delete their account.

Reported that the British television Channel4 . The data of the users would be traded on a black market, where the captured email addresses now with all kinds of spam and infected e-mails are bombarded. The data stolen were also found data from British government and army personnel. Experts warn that these data can be used for targeted attacks on interesting individuals.

In a statement, the dating site says that there are now cooperating with the authorities and a forensic investigation. Depending on the results will take measures to protect the website users. How the attackers access to the database managed to get is unknown.

Secret Unit Google Fights Against Botnets And Click Fraud

Google has a secret unit of over a hundred people who are working every day with combating botnets click and ad commit fraud. The botnets generate traffic and clicks for ads and would advertisers and advertising platforms billions of euros.

Google is the largest ad provider on the Internet ad fraud and therefore constitutes a serious risk to giant internal. A risk is increasing. "We are at a point which malware is being used mainly for advertising fraud," says Douglas Hunter Google versus Ad Age . The website received a unique insight into the workings of the secret unit, whose existence has not been made ​​public by Google.


To combat fraud, the ad team analyzes all kinds of malware, which include Google through the online virus scan service VirusTotal receives. By analyzing the malware a click fraud botnet can be mapped. Then look at the traffic that generates the malware. Traffic which malware authors try to make it look as human as possible.

In the Google case "non-human" traffic will encounter the publisher ads showing not paid and the advertiser is no fee will be charged. By now inspire to step outside Google hopes other companies to share their findings and to tackle together ad fraud."Our job is to increase the cost for the fraudsters to a point that advertising fraud no longer interesting for them," concludes De Jager.

Google Loopholes In Using Secret Question

Using only a secret question to reset a forgotten password is unsafe and should be avoided, as Google sets on the basis of own research ( pdf ). Many sites still use the secret question as a way for users to access their account if they have forgotten the login details. The problem of the secret question is that attackers can try to guess the answer and so to reset the password.

Thus, an attacker with the secret question of English users "what is your favorite meal" 19.7% chance to guess which one time. The answer is "pizza". With ten attempts an attacker 24% chance the question "what is the name of your first teacher" to answer in Arabic speaking users. With the same number of attempts an attacker 21% chance the question of Spanish speakers, "What is your father's middle name," to answer. In the case of Koreans make ten attempts a success rate of 39% on the question "what city were you born" and 43% with the question of what is the favorite food.

It also showed that many users had identical answers to secret questions which are believed to be correct very safe, such as "what is your phone number" and "what is your airmiles number". In this case it was found that 37% of people intentionally wrong information by filling out the idea that this makes the answer more difficult to guess. The research, which Google hundreds of millions of secret questions and answers analyzed, also shows that 40% of English speaking users the answer to the secret question no longer know if they have to fill.


According to the researchers, the study shows that the secret question really is unfit to reset passwords and websites as well as users should think carefully whether they want to use secret questions. Google says that the secret question not be used as a standalone way to reset passwords. Furthermore, should website owners use other authentication methods, such as SMS codes or a second email address. "That is both safer and easier to use," concludes Elie Bursztein Google.