Saturday, 31 October 2015

New Pineapple For Wifi Hacking Announced

A tool that researchers use frequently on television and in workshops to demonstrate the risks of Wi-Fi networks, the WiFi Pineapple and will be releasing a new version of the versatile device. That the developer via Twitter announced.

The WiFi Pineapple is a small device that has multiple Ethernet ports, a Wi-Fi and a USB connection and runs on the Jasager firmware. This firmware is based on OpenWRT, a popular alternative for many router operating systems. What the pineapple makes it ideal for testing applications, Wi-Fi networks and WiFi users is how it occurs as an access point.

Many smartphones, laptops and tablets have network software that automatically connect to access points which was signed earlier. The pineapple says these devices against which it is one of these access points, after which the victim of the device connects automatically. Then all WiFi traffic passes through the pineapple and can be stored, analyzed and manipulated.

Besides demonstrations of the tool is also used by penetration testers, law enforcement agencies, the military and government, so let Hak5 know, the company that develops the pineapple. The WiFi Pineapple Mark V is the latest model, but is no longer offered by Hak5. Namely the reason is a new model. Details are still missing, except that the new Pineapple "soon" appears.

Second Teen Arrested For Attack On TalkTalk

In Britain, a second teenager arrested for the attack on the British ISP TalkTalk, causing some customers to wonder how good the security actually was. Last week, TalkTalk became the target of an attack. It is still unclear whether it contains customer data has been stolen.

Last Wednesday TalkTalk came with an update on the investigation, but the ISP still claims that there is "possible" data is accessed. On Tuesday, the British police announced that an attack because of the 15-year-old boy was arrested. Now comes the Metropolitan Police with the news that a 16-year-old boy has been arrested. In addition, two searches are performed.

The news that two teenagers may be responsible for the attack does some customers are wondering how good security systems TalkTalk. "It sounds like Talk Talk to the euro shop went to get their security systems", says a subscriber. Other customers are wondering whether their information safe with the provider as teenagers know the systems to attack.

Dating Fraud Costs Britons 45 Million

In the past year, thousands of Britons were victims of dating fraud and total ripped off for an amount of 45 million euros, as the late British police know. Just over 3500 people were victims of dating fraud, where they are approached on dating sites.

The scammer tries a 'relationship' to engage with the victim and ask in time to money. According to the British police, many people think all approved profiles on dating sites, but this is often not the case. Anyone can create an account, even scammers. To warn the public this now launched a special campaign.

Microsoft Launched Windows 10 Experiment With Pirated Softwares

Microsoft will soon launch an experiment in which users of a pirated version of Windows 7 or Windows 8.1 simply a legal version of Windows 10 can upgrade. At present, users can install a free legal version of either operating system Windows 10.

According to Microsoft, users would an illegal version kinds of "creative ways" seeking to start the upgrading process, then purchase a legal version of Windows 10. How many users it will make Microsoft is not known, but because of these developments, there will soon be in the United States to start an experiment.

Users of a counterfeit version of Windows 7 or 8.1 will be able to make a legal version of its operating system via a mouse click. This can be done via the Windows Store or entering an activation code which is obtained somewhere else. If this make Microsoft allows more users with a genuine Windows version works will expand the experiment and rolling out in other countries.

Man Robs German Banks With USB Stick

The German police are searching for a man who robbed two banks in Berlin this summer via a USB stick. On camera images show how the man, opening a cash machine and connect a USB stick. Hereinafter, a combination on the keypad is entered after which the ATM spends money.

The man hit twice on the same day in August, both at a branch of Postbank Kreissparkasse, according to the police report. How much money is at the 'USB robbery "stolen was not disclosed. The use of USB devices with malware to empty ATMs is not new, but mainly takes place outside Europe, such as Mexico and Russia. A police spokesman leaves in front of the Berliner Zeitung that the method of attack by malware 20 times in Europe is used in which four times in Germany.

Barber Pays 1000 Euros After Ransomware Infection

A Scottish hairdresser has been the victim of ransomware, with a database containing customer data was encrypted. Despite paying 1000 euro ransom turned out to be a big part of the corrupted files, making the barber customer contact information and other information is lost.

Exactly how the attack took place late hairdresser Ellen Conlin Hair & Beauty not know in Glasgow. According to the Evening Times the attackers would not only have encrypted the company database, but also important information have been removed. The attack occurred exactly is unclear. However, the attack would hairdresser possibly thousands of euros because of missed appointments can cost. The attacked systems contained appointments, salary information, customer history, shares information and marketing data.

The salon now considering suing the developer and supplier of the software. "I pay them to store my information safe," said the owner of the salon which has about 3,000 members. He gave the supplier the order to pay the ransom. It was only $ 350, but was increased to 1,000 euros. Eventually, the attackers sent a decryption key, but it did not work properly. A large part of the information was corrupted. Therefore the company has lost more than a year of important data.

Let's Give Encrypt Known Phishing Sites No SSL Certificate

The free SSL service Let's Encrypt, where soon everyone a free SSL certificate for their website can request, will provisionally no certificates issue to known malware and phishing sites. Let's Encrypt aims to make the entire web through an encrypted connection to let go.

Critics worry that criminals will take advantage of the initiative to ask for their phishing sites SSL certificates. This would be a legitimate feel the phishing sites because they have a "lock" in the address bar. Consumers are always told the past few years in order to check for the presence of the lock-icon. According Let's Encrypt need an SSL certificate can not be seen as a form of approval. Certificate Authorities (CA), the parties who issue SSL certificates are in fact not well equipped to engage in the fight against phishing and malware.

Players like Google and Microsoft are here as Let's Encrypt better suited because they have more visibility on the ecosystem. Users are therefore better off with the anti-phishing and anti-malware filters that offer browsers. In addition, an SSL certificate must not be seen as special, according to the free certificate authority. "HTTPS is important for almost all websites," said the organization. The presence of an SSL certificate should therefore not be seen as an exception, but should be correct standard.

To meet the concerns of critics goes Let's Encrypt temporarily use the Google Safe Browsing API. This is a database of Google consisting of all kinds of malware and phishing sites. Websites in this database will of Let's Encrypt receive a certificate. The reason for introducing this measure is that many people still find a nice idea that a certificate authority is no longer engaged in the fight against malware and phishing, says Josh Aas, director of Internet Security Research Group (ISRG). Let's Encrypt is an initiative of the ISRG.

Microsoft Will Offer Windows 10 Through Windows Update

Microsoft will soon be on computers running Windows 7 and Windows 8.1 start offering Windows 10 through Windows Update. It is primarily an optional update. According to Microsoft, this should make it easier for users to switch to the new operating system.

Early next year, the Windows 10 update will appear as "recommended update" will be offered. Depending on the Windows Update settings, this may mean that the upgrade takes place automatically. Before the actual installation is running, users have the ability to break down the system or put through. After installing Windows 10 users have 31 days to let restore the previous operating system and the latest version of Windows do not like Microsoft as late Terry Myerson know.


There soon a new version of the Media Creation Tool, Microsoft software to witness a DVD or USB stick from which Windows 10 can be installed. Now there are between 32- and 64-bit and Windows version such as Home or Pro are selected, but later allows users to create a single image to make it all installations.

Avira Complains Freemium.Com Due To Adware

German antivirus company Avira has filed a lawsuit against the download site because users tricked into installing adware and potentially unwanted software. "It is time to tackle adware directly at the source," said Avira's CEO Tavis Witteveen.

" engages in unfair competition that violates the privacy rights of consumers and invalid contracts used", he tells. Through kinds of programs can be downloaded. The problem is the installation tool of Freemium, a "wrapper", which, according to Avira as potentially unwanted programs may be classified. The tool would use social engineering to users, in addition to the desired software, also letting unwanted applications installed.

The wrapper according to the virus fighter compared with ten layers of wrapping paper for a gift, where there is much room for surprises. Who one program through the wrapper will download may eventually end up with four additional programs, two browser extensions and a desktop link to a gaming site. The wrapper is also applied to other download sites, such as ProSiebenSat.1 Media AG, an investor in and the download portal of, a website publisher Axel Springer.

Friday, 30 October 2015

Tor Launches Chat Program Secure Chat

The creators of the Tor network have launched software that allows users of many different chat programs or channels through one simple encrypted chat program. Tor Messenger as the chat program is called, sends messages over the Tor network.

It thereby supports different transport networks like Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and other networks. In addition, Off-the-Record (OTR) Messaging by default. This makes the messages are encrypted and users can check that the person with whom they chat actually the person he or she claims to be. Furthermore OTR also adds perfect forward secrecy, and "deniability" so that it can be denied that the user has sent an IM message.

Tor Messenger or uses existing networks so that users with existing contacts and without much adaptation can continue chatting. This approach means that metadata can be stored by the server of the chat network. However, the route to the server is hidden, as it runs over the Tor network. The version launched today is a test version and is available for Linux, Mac and Windows.

Google Would Work On Android Version For Desktops

Google is currently developing an Android version for desktop computers, so let sources opposite the Wall Street Journal and The Verge know. Next year, Google would be working with several manufacturers to produce desktop computers running Android.

It would ultimately be the intention of Chrome OS and Android to combine one operating system as supporting and developing two different operating systems is costly and confusing for manufacturers can be. The emphasis on Android does not mean that Chrome OS will soon disappear, the Chrome-based operating system that is used in many cheaper laptops called Chromebooks.

Manufacturers who produce Chromebooks will be able to still use Chrome but also have a choice of Android, says Re / code.Google CEO Hiroshi Lockheimer, senior vice president of Android, Chrome Cast and Chrome OS, leave via Twitter that Chromebooks still much in demand, and Google is Chrome OS remains committed.

Luxembourgers Develop USB-Cleaning Machine

USB sticks are for years by malware used to spread from computer to computer, but the Computer Incident Response Center (CIRC) of the Luxembourg government has now developed a real USB-cleaning machine to process simple and fast strange USB sticks.

The CIRCLean USB Sanitizer is a solution mean to retrieve documents from untrusted USB sticks. It converts an untrusted document automatically to a readable format and saves the clean file to a trusted or USB stick. As a platform used CIRCLean a Raspberry Pi, a small computer. This means that it is also not necessary to connect the suspect USB flash drive to a computer.

"CIRCLean can as a kind of air gap between the untrusted USB memory stick and the computer to be seen," said the Luxembourg CIRC. The advantage of the device is that no technical knowledge is required and anyone can use it. The software that is running on via the Raspberry Pi GitHub available and can be verified by anyone.

Copy-Pasting Google URL May Leak Past Searches

Who shares with Google search queries run the risk of seeing others get past searches. It discovered Jeremy Rubin. The problem is to reproduce in a few simple steps. As a first example, there must in Chrome or Firefox in the search bar something to be sought.

Then must make the Google search page to be searched for something else. The URL in the address bar will now include both searches. Users who do not see and pass the URL of their search so others can share unintentionally sensitive searches, says Rubin. He warned Google, but the Internet giant announced that it will not solve the problem.

Seagate Unveils 8TB Hard Drive For Video Surveillance

Seagate has unveiled the first in China to 8TB of hard drive designed specifically for video surveillance is made. A total of 64 security cameras simultaneously send their data to the disk, which can be used 24 hours a day, 7 days a week, according to Storage Review.

According to Tech Times would Seagate have indicated that the earlier hard disks that developed were not able to cope with the requirements for the writing of data by video surveillance systems. The hard drives were therefore at risk to overheat. The now revealed 8TB of hard drive uses less power and offers rotating sensors to counteract the effects of vibration when the disc is used in a system with multiple disks. The disc is in the United States costs $ 385. A price in the Netherlands is not yet known.

Recent Poem Flash Leak In Crosshairs Of Cyber Criminals

A critical vulnerability in Adobe Flash Player which ten days ago an emergency patch rolled out is now being actively attacked by cyber criminals. At the time Adobe update rolled out the company claimed that the vulnerability was used only in targeted attacks on a limited scale.

Now reports researcher JuK of the blog Malware do not need Coffee that an exploit of the vulnerability using the Angler-exploitkit added. Consequently have less technical knowledge cybercriminals with the means to attack the Flash leak. The Angler exploitkit was in recent months in large-scale advertising campaigns on popular websites used.

Criminals use this ad network of popular websites to spread infected ads. These ads send visitors unnoticed to a page with the Angler-exploitkit. In case users have their Flash Player or other software is not up-to-date, they can become infected with malware. Now the recent poems Flash leak also been added to the Angler-exploitkit cyber criminals have a greater opportunity to infect internet users, since the update of October 16 may not yet installed anywhere.

In case the attack is successful, the Bedep Trojan is installed on computers. This Trojan can install additional malware, including malware for advertising fraud and ransomware, and the computer part of a botnet. The Flash vulnerability was two weeks before the attack on the 'wild' was discovered already by Google to Adobe reported. Through this page to monitor Internet users whether they are using Flash version.

Ransomware Provides Criminals Possibly $325 Million

The newest variant of CryptoWall-ransomware the creators possibly $ 325 million delivered, say Fortinet, Intel Security, Palo Alto Networks and Symantec (pdf). Concrete evidence that the criminals that amount actually earned their ransomware lacking.

CryptoWall is a form of ransomware that appeared almost a year ago for the first time. Like other ransomware encrypts files on the computer and pay victims for decryption. For their study looked at the security to version 3 of CryptoWall. This version is spread mainly via e-mail, according to analysis of 70,000. 67% use email as an infection vector, while 31% spread through vulnerabilities in popular software such as Adobe Flash Player and Internet Explorer.

The infection vector of the remaining percentage is not disclosed. In the case of the e-mails are mostly zipped attachments sent with it .scr files. Scr is the file for Windows screensavers, but acts the same as a normal .exe file. To leave nothing suspecting victims were adjusted as the icons of the files. In addition, in Windows by default not show the file extension, allowing users not to realize that it was an executable file.


According to the security CryptoWall version 3 would have caused an estimated damage of $ 325 million, but this is not clearly substantiated in the report. For example, it pointed to the bitcoin-wallets where victims had to make money at it, but the construction of the $ 325 million is not explained. The gang used according to the kinds of security-bitcoin wallets to funnel money and so to cover their tracks, which hampered the investigation.

Further inside, the report pointed to a campaign that made ​​15.000 victims, but it is unclear whether all of these victims have been paid, as researchers use the words "would account" and "associated".


The security companies know that the damage is based on a large bitcoin wallet which reportedly all payments of the victims eventually ended up. With an average ransom amount of $ 500 which would involve some 650,000 victims CryptoWall version 3 paid the ransom. Earlier research at Dell SecureWorks showed another variant of CryptoWall that only 0.27% of the paid victims. If this percentage would apply to version 3 would mean that hundreds of millions of people have been infected worldwide, which seems unlikely. We have companies therefore requested further explanation.

Thursday, 29 October 2015

Google Punishes Symantec Because Tampering With SSL Certificates

Google has punished Symantec because the company has tampered with SSL certificates, which are just as important for the trust on the Internet. In September, Google discovered that Symantec wrongly an Extended Validation (EV) pre-certificate for and had spent.

This was done without Google had asked whether there had consented to do so. Besides security, Symantec also provides SSL certificates provided for identifying web sites and encrypting traffic between websites and visitors. To do this it has several brands, such as VeriSign, GeoTrust, Thawte and RapidSSL. For several years, Symantec is the largest player in the market for SSL certificates. Because of the improper issuance of the certificates, Symantec chose to several workers dismiss.

Also asked Google for a research report. The report (pdf) revealed that 23 test certificates from five organizations without their knowledge were issued, including for domains from Google and Opera. Google has discovered even more dubious certificates Symantec and asked for clarification. Symantec again carried out a research and found that there were a further 164 certificates issued for 76 domains, as well as 2458 certificates for domains that are never registered.


According to Google, it is worrying that a certification authority has so many problems and the magnitude could not even determine during the first investigation. Therefore, Google will stricter demands on the Symantec certificate. As of June 1, 2016 must support all of the security certificates Certificate Transparency. This is a proprietary technology that Google must address several structural flaws in the SSL certificate system. Certificates issued after this date and do not meet here can cause problems within Google products.

Furthermore, Google will ask the public research report on the incident will be expanded with an analysis of why the 164 additional certificates were not found in the first place and what was the cause of any failure. Furthermore, Google also wants a detailed report on the measures that Symantec will take to correct the errors found and to prevent future. Finally, the security company should also have a comprehensive audit carried out by a third party.

MySQL Servers Used For DDoS Attacks

A group of criminals infects MySQL servers with malware and then let them carry out DDoS attacks. It reports the American security company Symantec in a blog posting.

To hijack the servers, the attackers use a "user-defined function" (UDF). It is in this case to code that can be invoked from within MySQL to provide features which can not offer the database management system. Its use to access MySQL servers is not new and was already discussed in 2005. In this case, the attackers use a UDF to install Chikdos malware on the server. This malware, in late 2013 already in the news.

At the latest campaign attackers Symantec may use an automated scanner or a worm to compromise the MySQL servers and install a UDF. However, the exact method of infection has not been identified. Once the servers are infected, they download a DDoS tool for executing DDoS attacks on websites.

To get around this kind of attack, administrators advised not to run with administrative rights to the SQL server. The SQL server must be patched regularly, and must be safe programming SQL Injection can be prevented. Furthermore, administrators can check for the presence of new user accounts and ensure that remote management is configured securely.

Downloader.Chikdos hashes

Laptop Researcher Suspects Sabotage In German Hotel

The German security researcher Stefan Esser suspect him in a hotel in Frankfurt has become the victim of sabotage, where someone may have tried to copy his laptop drive or manipulate. That Esser announced this week via Twitter announced.

"That terrible moment when you leave your laptop in a hotel room and return the laptop and then subsequently claiming that the memory is faulty," says the German researcher. According to him, someone tried to backdoor in his computer, but did not too professional, leaving clear fallow traces left behind. Through his Twitter account Esser published several photos, including a hard drive that might be taken out of the laptop.

In another photograph Esser shows a picture of the handle that is damaged. Essert suggests that the damage to his MacBook can not be caused by the cleaner. "The laptop was just two hours at dinner only long after the room was cleaned." The 'attacked' laptop turned Mac OS X El Capitan with full disk encryption through FileVault. In addition Esser had for disk encryption, a password other than set their account password. The researcher is also known for finding vulnerabilities in iOS and PHP.

New Browser-Attack Reveals Surfing Behavior On Websites

One researcher has demonstrated a new browser attack that websites can retrieve the browsing habits of visitors, as well as the browsing history before the user is deleted. The attack uses HTTP Strict Transport Security (HTST) and Content Security Policy (CSP).

HSTS allows websites visited to visit via HTTPS only over HTTPS, even though HTTP is introduced into the address bar.The browser in this case captures the user's command and turns off automatically in HTTPS. CSP is a measure to prevent cross-site scripting. The attack this weekend during the ToorCon conference was demonstrated by researcher Yan Zhu(pdf).


In order to carry out the attack must embed a malicious page images from a website-HSTS. However, the browser will attempt to load the images via HTTP. CSP is then used to prevent HSTS ensures that they are loaded via HTTPS. In the case CSP an image block this causes an error message. Based on the time it takes for the error message can be determined whether the Internet user HSTS the website from which the image was attempted to load previously visited.

Besides the explanation in her own weblog has Yan Zhu also a demonstration page put online that only works with Chrome and Firefox. Additionally, the HTTPS Everywhere browser plug-in must be disabled. Could be found only previously visited websites that make use HSTS. On Hacker News suggested that websites can avoid the attack by their domain to the HSTS preload ruse to add like. In this case the hardcoded domain name included in the browser so that is visited only via HTTPS. An employee of Mozilla calls it on Reddit a "smart attack" and states that the browser developer looking for a solution.

CIA Director Denounces Reporting On Email Hacking

CIA Director John Brennan, one of whom recently an old and disused private mail account was hacked, complains about the media coverage, as criminal activity in this way have given a platform. That Brennan recently said at a conference in Washington.

A teenager with two others knew an old AOL account Brennan via social engineering to hijack. In addition, were found several documents that WikiLeaks then made public. It was contact lists, recommendations on Afghanistan and Pakistan, addresses and phone numbers. Brennan According to some media have blown the incident and falsely claimed that he had done something wrong.

"Criminal activities provide a platform and disseminating information was inappropriate," as told the CIA director. Brennan says worrying about what people will do with the published data. He sees in the incident, the necessity that authorities have sufficient opportunities and powers to conduct investigations. The hacked AOL account since 2008 would no longer be used by Brennan, said AFP.

Lenovo Close Vulnerabilities In System Software Update

Lenovo recently released a new version of the system software update that fixes several vulnerabilities which attackers could increase their user rights. Something that is especially a problem in corporate environments, said Martin Rakhmanov from security firm Trustwave.

He discovered can perform one of the vulnerabilities could allow a user who has access to a system can read and delete arbitrary files, as well as assignments as manager. The leak of Rakhmanov does not stand alone. In recent months, were discovered several vulnerabilities in the "System Update Software". The software is installed on most Lenovo computers and checks for new versions of drivers and other software. Using the software, users can also download and install updates.

The leak that Rakhmanov discovered, according to the researcher, especially in corporate environments is a serious problem, since the Lenovo software is installed on each workstation Lenovo. Administrators therefore be advised to version 5.07.0013 to update.

Wednesday, 28 October 2015

FBI Denies Payment Advice To Ransomware Victims

The FBI provides victims of ransomware no advice to pay the demanded ransom, as has informed the American investigative know. Last week, an FBI agent in the news which said that paying the FBI ransomware victims regularly advises.

"Ransomware is so good," said FBI agent Joseph Bonavolonta. "To be honest, we often advise people to pay the ransom."A spokesman for the FBI late to anti-virus firm Sophos know that the investigative makes no recommendations to companies. However, the FBI puts the opportunities to affected companies. "It is up to the companies to decide what is the best solution for them. That is whether to restore backups, access a security professional or pay."

It also asked whether victims have to pay or not. In this case pointed to a website that recommends not to pay. According to Paul Ducklin of Sophos, people and enforcement agencies simply talk if it is not about their data. He also states that pay quite okay, but that appearance is preferred.

Website Court Of Arbitration Spread Malware

Attackers have to hack this summer the website of the Permanent Court of Arbitration knowledge and provide malicious code to infect visitors with malware tried, reports Bloomberg. The incident occurred in July, when there is a dispute played between the Philippines and China over the South China Sea.

The case was already submitted in 2013, but last summer found the first hearings took place. According to the US Threat Connect was also hacked the Court's website and includes malware. The attack would have been native to China and aimed at diplomats, lawyers and journalists who are interested in the case. Details about the malware and hacking are not mentioned, but it would go to malware to steal information along. The Court leaves in a statement that the website was inaccessible for several days in July because of technical difficulties. What was the cause of this is unknown. The Court was certainly not of the alleged attack on the pitch.

Update 450 Million Users Shockwave Player

More than 450 million people get from Adobe advised to install an important update for Shockwave Player within 72 hours. Shockwave, not to be confused with Flash Player is a browser plug-in, for example to play games. According to Adobe runs on more than 450 million systems.

The now discovered vulnerability allows attackers to execute arbitrary code on the computer. Visiting a hacked or malicious website is enough in this case, no further action is required. Adobe makes installing the update, then the highest priority with a time window of up to 72 hours is recommended. One problem with Shockwave is that it does not have an automatic update feature. Users will also have Adobe Shockwave Player using the Adobe website must install to have the most recent version in which the problem is solved.

WhatsApp Collects Phone Numbers And Call Duration

WhatsApp collects phone numbers, duration of calls and other information, as researchers from the University of New Haven determined. WhatsApp, the popular chat app in the world and has over 800 million users worldwide.

Last year it was acquired by Facebook for $ 19 billion. Due to the acquisition by the social network and the large number of users, according to the researchers, is important to know how the network protocol of WhatsApp works and what forensically relevant data it contains. For the study, the researchers decided to unravel the connection between the WhatsApp program and the WhatsApp servers.

Through the network traffic, the researchers were able to identify various data, such as WhatsApp phone numbers, metadata about the call set-up and the duration of the call. They also discovered the codec used WhatsApp for calls, as well as the IP addresses of the relay servers which run the WhatsApp conversations.

"Our research shows which data can be gathered through forensic examination of WhatsApp and provides a way for others to conduct additional research on network forensics messaging apps," said researcher Ibrahim Baggili. The researchers note that decrypting the network traffic was not easy. For this it is necessary to have access to both the data on the device as the entire network traffic. The research of the researchers: "WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages" is published in the journal Digital Investigation.

Google Friday Close Critical Vulnerability In Picasa

Upcoming Friday, October 30th, Google will for the second time trying to close a critical vulnerability in Picasa, the photo service of the Internet giant. The vulnerability a remote attacker to take over the system, as security reports Secunia which discovered the problem.

Picasa is a free service and Google's program to edit your photos and share. By using the vulnerability in the software, it is possible to create a 'integer overflow "to cause, after which random code on the computer may be carried out, such as the installation of malware. The problem has been fixed in version 3.9.140 build version 3.9.140 build 248 and 239 for Windows.

Secunia warned Google in early August for the issue. On September 19 there appeared an update in the form of version 3.9.140 build 248, only this version does not solve the problem. Next Friday, Google has shown once again that it will release an update for the vulnerability. In the meantime, there is no solution to the problem, according to Secunia.

Malwarebytes: No Malware Explosion On The Mac

Recently came out with a US security investigation that this year an explosion of Mac malware has occurred, but according to anti-malware company Malwarebytes this is not true. The amount of new malware for Apple's operating system would because for years the valleys.

Bit9 + Carbon Black, such as the US company called, suggested that this year almost 1000 new malware specimens was observed for the Mac. Five times as many as in 2010, 2011, 2012, 2013 and 2014 combined. Details were lacking in the investigation of the company. Malwarebytes late now know that last year only six new families of malware for the Mac have appeared. This year, the count is three new threats.

It involved an infected version of Xcode, Apple's development software where mostly Chinese app developers were victims. There was Ocean Lotus, a threat that infected a few users in China. Finally there was another nameless specimen discovered that users of MacKeeper attacked.


Why do Mac users with a surge of potentially unwanted software (PUPs) had to face, such as adware. "Adware for Mac multiplies like the proverbial rabbits," said analyst Thomas Reed. According to him making many Mac users with adware.While adware steal any information or money, it can cause problems. Thus users find it annoying and can cause performance problems and crashes.

Yet there is also possible, according to Reed a positive side because Mac users aware of online threats, which is an immediate serious danger. "This can ensure safe behavior, something that users were often told it was not necessary, as" Macs do not get viruses. "And that behavior can make a difference if there appear really something evil in the future."

Tuesday, 27 October 2015

15-Year-Old Boy Arrested For Assault On TalkTalk

British police arrested a 15-year-old from Northern Ireland for the attack on the British ISP TalkTalk, reports the Metropolitan Police. It is still unclear whether the attack there customer data is captured.The provider sets in a statement that the investigation is still ongoing.

"But unfortunately there is a chance that some of the following information may be accessed," said TalkTalk. This relates to names, addresses, birth dates, email addresses, phone numbers, TalkTalk account details and credit and debit card information and / or bank details. The possible stolen card information, however, would not be able to be used for financial transactions. The provider is also pleased with the swift action of the police.

Survey: 20% Of People Crossing Unknown USB Stick Into PC

Despite the risks, there are still people who are using unknown USB drives into their computer or stabbing their employer. According to research from industry association CompTIA. The organization carried out an experiment with 200 unlabeled USB sticks which in crowded places in Chicago, Cleveland, San Francisco and Washington DC were left behind.

In about 20% of cases the USB sticks were taken and connected to a computer. Users also were engaged in risky behavior, such as opening files and links on the USB sticks. Further research by CompTIA in 1200 among US workers showed that 94% regularly use their laptops or mobile devices at public Wi-Fi networks, and 69% are working at the time with work related issues. In addition, 38% of employees indicated that they use passwords from work for personal accounts.

Criticism Joomla Leak Within Four Hours After Patch Attacked

A critical vulnerability in their content management system Joomla where last week a patch for appeared four hours after the release of the update has already attacked. The creators of Joomla administrators and webmasters had already in advance for the security warning.

The opinion stated that administrators had to be ready to roll out the update immediately. According to security firm Sucuri is very easy via the vulnerability to gain full administrator access. Sucuri says it saw direct attacks against two popular Joomla sites within four hours after the release of the update. By trying to steal the session logged managers Both websites were at the time of the attacks are not patched. And this probably applies to many more websites.

The update was in fact rolled out on Thursday afternoon, with many administrators probably were already free. Currently there are on the whole internet scans covering all kinds of random Joomla sites are scanned. In the case of scanned websites are vulnerable to the attack is carried out. Meanwhile says Sucuri have seen tens of thousands of attacks.According to the security company have the attacks show that webmasters and administrators have less than 24 hours to roll out an update to this type of serious problems.

Ransomware Threatens With Publishing Encrypted Data

In Germany, new ransomware surfaced that not only encrypts files, but the system locks and threatens private data, to publish photos and videos on the Web. Chimera as the ransomware is called, focuses on companies.

Via so-called vacancies, job applications, contracts and applications are businesses approached. In the e-mails reference is made to a file on Dropbox for further information. This file is the ransomware which kinds of files on the computer encrypts. Furthermore Chimera searches for files on network drives to encrypt. The system then also be locked and a message appears with instructions.

The instructions let victims know that they have to pay almost 2.5 bitcoin, what with the current exchange rate is about 635 euros. The report furthermore states that if there is no paid personal data, photos and videos will appear with the victim's name on the Internet. Traditional ransomware encrypts files often alone. Threatening to steal and publishing of data is therefore not new. Chimera or eventually the data put online as claimed is unknown, said Botfrei.

11-Year-Old Sells Strong Passwords For Two Dollars

A 11-year-old girl from New York City sells over the internet strong passwords for $ 2 each. According to Mira Modi seems to be paying for a password might be crazy, but is itself coming up with passwords much crazier. Primary school student asks people to choose weak passwords, such as 12 345 or password. With its website she tries to change it.

Diceware is a method for creating passwords and passphrases. In the case of this method, Modi uses them to generate passwords from six random words. Across Ars Technica let the 11-year-old know that many of her friends do not understand how to create strong and secure passwords.


Once they get an order modes rolls her die and she seeks the corresponding word in a printed version of the Diceware glossary. Then she writes by hand the password on a piece of paper and send it by mail to the customer. By now they would have sold some 30 passwords. Regarding the safety of this system, she says she does not remember the passwords of customers and therefore can not exploit. She also says passwords do not save on her computer. As they enter passwords by post send the government can they only with a court order.

Ads On Porn Sites Spread Browser Ransomware

Visitors to porn sites have been warned of rogue ads that users of Internet Explorer forwarded to a page with browser ransomware. This ransomware encrypts files but locks the browser and that the user has committed a crime.

Also, the claims that the page of the user's files are encrypted, while this is not the case. Then there must be an amount of between 100 and 500 euros paid to regain access to the system. The criminals behind this ransomware use a vulnerability in Internet Explorer to determine whether it is a genuine user and not a sandbox or honeypot researchers.

The page locks the browser uses JavaScript to prevent the closing of the page. Even if users pay will not close the page.Using Task Manager browser lock can however be undone. The ads that direct visitors since August this year already active on porn sites and have the features, reports anti-virus company BitDefender.

British Companies For 83 Million Stolen Via Phishing

In Britain, nine people were arrested who managed to steal via telephone phishing 83 million companies. The scammers called corporate bank clients and occurred thereby for the bank employees. By phone spoofing looked like there was also the bank concerned was called.

The scammers then knew through social engineering to steal all kinds of banking information which they knew to gain access to bank accounts. Money from the companies was subsequently made ​​to the accounts of straw men. Through these accounts the money was withdrawn from ATMs. The British police advise bank customers to never give out personal information such as passwords, share passwords, PINs or provide other personal details, even if from a legitimate bank account number appears to be dialed.

Monday, 26 October 2015

Test: How Safe Are Scanners Anyway?

Virus scanners should work against all kinds of malware and other threats, providing protection, but what is it really the security situation of this kind of security suites? That question decided the German test lab AV-Test to answer by looking at both business and consumer products.

Security software should not only be able to detect threats, but also the software required to take security measures in order not to be attacked or make it more difficult for an attacker. Various techniques are available, such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). Anti-virus companies have to add this technology to their own software.

Of the 21 tested products for consumers were found six full DEP and ASLR use, namely Avira, BullGuard, ESET, Kaspersky, McAfee and Symantec. Quick Heal, Norman and K7 do so at less than 30% of stocks. Corporate products outperformed, whereby three of 10 scored the maximum 100%, namely two products and one of Kaspersky from Symantec. 8 products were thereby above 90%. Only Bitdefender (79.7%) and Seqrite (29.8%) scored lower.


Looked or all files of the security suites can be digitally signed and whether there was a valid digital certificate used for the second part of the test. Ant-virus companies require other software developers to sign their files digitally, which helps in the detection of malware, says AV-Test. In addition, a virus must be able to monitor their own authenticity and integrity, which help digital signatures with valid certificates and hash values.

Among business products showed that possessed 50% of unsigned files. In consumer products it was 60%. According to AV-Test, the results show that some anti-virus companies to be still awake. On the other hand, there are also companies that have taken steps since last year, the last test. "But many have done absolutely nothing," said the German test lab.

Monitors Computer Use Should Prevent Malware

An Israeli company has a solution developed from malware with the computer usage behavior is monitored. Through "behavioral biometrics" must attack by banking Trojans such as Dyre and Dridex be prevented. This malware can nestle in the browser and allows attackers continue executing from the infected computer transactions via internet banking.

According to the Israeli BioCatch this makes it difficult for banks to detect fraudulent transactions, since the computer and the IP address are known and there is no evidence of automated scripts. BioCatch now says the technology it has developed that analyzes hundreds of parameters related to user interaction. This then provides a model which can be determined whether it really is the user who controls the computer or that it is malware.

Mozilla Firefox Extension Removes Spying After Miss

Mozilla has removed an extension for Firefox because those users spying and this is not detected during the inspection. It is about the add-on Download Manager S3. With nearly 120,000 users a reasonably popular add-on. Through the add-on downloads can be managed through a small status bar.

The developer of the Download Manager prompts users through a pop-up to support. In this case, additional ads will be displayed, according to the explanation of the add-on. A reader of Reddit discovered, however, that if the user agrees to this, the add-on sends back all kinds of information, such as the HTML of the page visited, customer ID and other data.The reader notes that data collection is not enabled by default, but the developer is trying to turn it in a misleading manner. An employee of Mozilla confirmed on Reddit the behavior of the add-on. He argues that Mozilla has made ​​a mistake.

All extensions for Firefox on appear to be fact checked. A reviewer who checks the add-ons saw a "policy violation" in the latest update of the add-on was added overlooked. Then Mozilla decided all the add-ons on check for this offense, which have resulted in another similar case. Both add-ons are now disabled, according to the Mozilla employee. The Download Manager S3 is indeed no longer on to find, but Mozilla has not yet extend to the blocklist put. In this case, Firefox will unsafe or unstable add-ons that users turn off automatically.

Germany Investigates Espionage Virus On Government Laptop

The German government has launched an investigation into espionage by the US secret service NSA and British intelligence agency GCHQ because of an infected laptop. On the laptop of a department of the Federal Chancellery's highly advanced Regin-espionage virus was discovered, reports Der Spiegel.

According to the Russian anti-virus firm Kaspersky Lab, the relevant NSA or been responsible for the development of the malware. Previously, the virus was already spying on a USB stick found by a staff member of Chancellor Angela Merkel.How infects computers Regin exactly is still unknown, but once active can collect the data in a very sophisticated way.Further details about the study and how the malware was detected not given by Der Spiegel. Earlier, the German authorities decided to investigate eavesdropping on the mobile phone of Merkel by the NSA, but this study was stopped in June because of a lack of evidence.

Sunday, 25 October 2015

Students Accused Of Hacking Into US School System

Three pupils have been indicted in the United States for hacking into the system of their school. The boys would have adapted their own figures and the roster of some 300 students have changed. The arrest of the three came after months of police investigation.

The study, which began in July, showed that the timetables were revised and numbers of two students. However, the three students denied being guilty. Police suspect that one of the now detained students had joined a hardware keylogger on a computer keystrokes which were stored. The student would have won if the passwords and user names of dozens of teachers and administrators.

During a search at one of the students, the keylogger was found, and reporting Newsday and NY Daily News. On the device were the credentials of the school staff. The school late in a statement on its website that the changes to the figures and schedules, after being discovered, have been immediately canceled.

Botnet Security Cameras Used For DDoS Attack

It is not just routers and computers that need to be secured, because researchers have identified a botnet of hacked about 900 security cameras discovered that was used to carry out DDoS attacks on a cloud service. This was reported by security firm Imperva.

The cameras are located in various countries, but were concentrated primarily in India. Investigators found the cameras malware that searches for certain devices via Telnet and SSH. This relates to devices on BusyBox run a Linux distribution for embedded systems, and are vulnerable to brute force attacks. In this case it appeared that all hacked cameras were accessible via the default login password. The researchers therefore call on administrators to always change default passwords, whether it's a router, access point or security.

German Government Gives Safety Tips For Cloud Use

More and more people are making use of cloud services, which both benefits and risks entails. The reason for the German Federal Office for Information Security (BSI), part of the German Ministry of the Interior, to various tips to give.

While cloud providers are responsible for the safety and the use of cloud services is easy, data should not simply be placed in the cloud, says the BSI. So data can be sent unencrypted through which others can intercept and it is not always clear where the data is stored. Following several recommendations, however, can be made safely use the cloud, says the BSI. The department recommends that only access the cloud via a secure system.

It should be a secure password for cloud services and set login to the cloud via an unsecured Wi-Fi network can be avoided. In addition, operators must read the terms and conditions of the cloud service and figure out the location of the data centers used. In the case of sensitive or important information which should only be stored encrypted in the cloud.Finally, users must check how their data is deleted from the cloud. Some cloud providers store backups namely in different data centers.