Wednesday, 20 April 2016

Chat App Viber Also Adds End-To-End Encryption



The popular chat and VoIP app Viber, which has over 600 million users in their own words, will encrypt all calls through end-to-end encryption. It developers have announced today . Through Viber users can chat with each other and whistles.

By adding encryption have Viber users under the assurance that their messages are not intercepted, whether it's for group or one-on-one meetings and regardless of platform. All that users have to do is use the latest version of Viber. Then, the chat app will show if the call is encrypted.

Users will see a gray lock when the call is encrypted. It is also possible to authenticate contacts manually. In this case, the lock will be green. Rolling out the encryption will take place over the next two weeks. In addition to the announcement of encryption Viber also has "Hidden Chats" revealed. Through this option, users can hide certain conversations in the main window so that only the user knows that they exist.

Ad Network Distributes Hundreds Of Infected Ads


A Scottish ad network that gets 10 billion impressions per month in his own words has been used in recent weeks to distribute hundreds of infected ads. Through the ads, which appeared under other porn sites and torrent sites, ransomware was disseminated.

This enables anti-malware company Malwarebytes . The company in the past two weeks had more than 400 unique infected ads of the Scottish advertising network AdsTerra, also known as Terra Clicks stemmed. Malwarebytes decided to warn AdsTerra but has not received a response yet. The ads direct visitors unnoticed by the Magnitude exploitkit. This exploitkit uses known vulnerabilities in Adobe Flash Player and Internet Explorer to infect computers with Cerber-ransomware.

Users who are not redirected to the Magnitude exploitkit, for example because they use certain security software or a virtual machine, will see a pop-up that there is a problem with their computer and they need to call a helpdesk. These are the familiar phone scam in which fraudsters try to gain access to the computer and victims to resolve not charge existing problems.

Tuesday, 19 April 2016

Adobe: Flash Player Security Thwart Hackers


Adobe security measures in recent months have added to Flash Player ensures that hackers could not carry out successful attacks on the media player during a recent hacking contest, as the software company announced.

During the annual Pwn2Own contest hackers are rewarded for demonstrating unknown vulnerabilities in different browsers and Adobe Flash Player. During the last edition of March Flash Player was finally twice successfully hacked , but that number could be higher, says Peleus Uhley of Adobe. In preparation for the hack contest Adobe rolled several updates to enhance the security of Flash Player.

These measures paid off as several attempts to hack Flash Player failed thus said Uhley. Still, Flash Player has been successfully hacked twice. "These victories show that there is always more vendors can do to improve security," he continues. Uhley notes that companies such as Adobe, Microsoft and Google are engaged in a race with hackers.

Adobe invests in his own words than a lot of security and regularly adds features to thwart it. hackers as only goal. "Such measures are increasingly being added. The companies themselves will change on the frontline of this battle and to grow the more expensive." According Uhley help hacking contests like Pwn2Own software companies to develop. "While Pwn2Own each year seems to take the same required innovations and challenges to books every year results," said Uhley.

Android Device With Fingerprint Reader Often Locked


Android devices that have a fingerprint reader are more locked than devices that do not offer this option. This was reported in the published today Google Android Security annual report ( pdf ). The use of screen lock helps according to Google both privacy and security.

However, research shows that many users set a screen lock because they find it difficult. With the launch of Android 5.0, users can, however, choose the "Smart Lock" option, in which a device remains unlocked until it is held by the user. This can be determined on the basis of various items such as Bluetooth, on-body detection 'and a trusted location. This reduces the number of times a user must manually unlock his device.

Since Android 6.0 fingerprint readers are supported, however, and this has a positive effect on the use of screen lock. Users can now unlock your phone using just their fingerprint. From Google figures show that the use of screen lock is more common on devices with a fingerprint reader. Is set at 55.8% of the Nexus 5 and Nexus 6 devices screen lock. With Nexus and Nexus 5X- 6P devices, which have a fingerprint reader, this is 91.5%. With other Android devices that have screen lock is being used on a fingerprint reader.

Google: Sharp Drop In Android Malware On Google Play


The number of malicious apps in Google Play has dropped sharply last year, says Google in a new report. For the second time the Internet giant published the Android Security annual report ( pdf ). Compared to 2014 took the risk of the installation of malicious applications by 40% in 2015.

The malicious apps are divided by Google in various categories like apps that collect data, spyware, Trojans and apps to download additional software. The percentage of apps which collects data decreased by 40%, to 0.08% of all installations.Spyware decreased by 60% to 0.02% of the installations and malicious downloaders saw a 50% decrease to 0.01% of all installations. However, the category of Trojans rose from 0.01% to 0.02%. Eventually it was less than 0.15% of all Android Devices that download malicious apps from Google Play only apps installed.

About 0.5% of the devices that was downloaded from Google Play apps as well as other resources to deal with malicious apps. In addition, Google says that it also protects users download these apps from other sources. For this, use the Verify Apps. Warnings Verify apps were improved last year, which was an increase of 50% of users decided not to install the app in question after a warning. End of 2014 Android Phones got to it first with ransomware. This category of malware was according to Google last year found only outside of Google Play.

Google Helps Owners Hacked Websites With Maid


If Google webmasters and owners of a hacked website helps to existing vulnerabilities and malicious code quickly resolved, according to research. According to Google , more than 10 million Internet users every week with malicious Web sites in touch.

It often involves hacked websites which install owner or webmaster failed security updates or to choose a strong password.This makes it easy for cyber criminals to take over a website and use for example distributing malware. Google warns Internet users of such web sites, but many webmasters do not follow the Internet giant by that something is wrong.

And even if they are informed of the security incident, they miss to overcome the knowledge to solve the problem. Google therefore decided to look together with the University of California at Berkeley how webmasters can be best informed and the problem as soon as possible can be resolved. From the research shows that if Google cooperates directly with the webmaster, 75% of webmasters manages to secure their website. A process that takes an average of three days.

To help webmasters soon be considered by investigators three important steps. The first and most difficult step is to inform the webmaster. In the case webmasters their website via Webmaster Tools have registered a Google mail ensures that 75% of webmasters secures the website. In the case of the webmaster is unknown the e-mail address, have browser warnings and alerts in the search engine a success rate of 54% and 43%.

The second step in the process is to give hints about the harmful content. Attackers often hide their files, which complicates the cleaning process. In the event Google tips on the infection to the webmaster e-mailed this made sure that the cleaning sheet was 62% faster than warnings without tips. The third step is to make sure that continues to clean the site. Google investigated and cleaned hacked websites and found that 12% had been hacked again within 30 days. That shows, according to the Internet giant how important it is to find the cause of a hack rather than to remedy the effects.

Gates Supports Microsoft's Lawsuit Against US Government


Bill Gates supports the lawsuit by Microsoft against the US government users whose data must be warned searched by the authorities. At present receive email providers from the US government often a 'gag order', said she is not allowed to inform users. According to Microsoft, this is going too far and the software giant wants the court therefore corrects the situation.

Gates leaves in front of Reuters know that the government in some cases information from email providers must obtain without the user in question gets to know this, but this is the exception and not the rule. Gates further calls for cooperation between government and tech companies to find the right balance when requesting private data. "I do not think there is anyone who thinks that the government should get all or that the government absolutely must get nothing."

New York Police Launch Campaign Against Encryption



The police force of New York 's Manhattan along with the Attorney General and various organizations for crime victims a campaign against encryption starts. According to the initiators of the campaign "#UnlockJustice 'it is important to highlight the impact of encryption for public safety and crime victims.

"The debate over encryption is often determined by privacy and security, where there is no thought about the impact on victims," ​​said Attorney General Manhattan Cyrus Vance. "That narrow view ignores the impact of encryption for the investigation and prosecution of crimes." According to Vance all consumer must be able to be searched by investigators.

Apple and Google have, however, ensured that this is not currently the case, he said. "Congress should not allow companies to make devices that against his injunctions file. Companies should not be allowed to give criminals a place where they can go about their business. Victims of crime are entitled to greater protection than criminals."

According to Police Commissioner William Bratton undermines the existence of devices for which a court order is not the justice system applies. "This is a crisis in the making and goes beyond a single terror case. Providing shelter for pedophiles, rapists and murderers through their mobile phone affects unprecedented casualties. This exception of the judicial system is unsustainable and must be corrected immediately . "

In addition, hundreds of the initiators point for devices that can not be searched. Through the campaign, they hope to educate the public about this. The created for the campaign hashtag was quickly adopted by proponents of encryption. "People deserve better protection than criminals. Standard strong encryption protects citizens against robbers and thieves," said security expert The Grugq . Other Twitter users claim that it is a campaign of misinformation and encryption just helps in protecting data.

Microsoft Warns Of E-mails With Attachments JavaScript


Microsoft has issued a warning to spam messages that contain a JavaScript file attached and try to infect your computer with malware, including Locky-ransomware. The JavaScript attachments are back wrapped in a rar or zip file, says Alden Pornasdoro Microsoft.

In addition to use JavaScript files cyber criminals also Office documents with malicious macros to spread ransomware. According to Microsoft can be rapidly infected a computer via a JavaScript file. "It is interesting to note that an Office attachment with malicious macros usually two or more clicks required to open the document. One click for the document, and another click to activate the macro. On the other hand, the JavaScript annex just one or two clicks to run, "Pornasdoro notes.

He adds that it is very unusual for people to send JavaScript files attached. Who receives such a file must therefore not open. Pornasdoro also advises organizations to enable AppLocker so dubious software can not be performed. In addition, administrators are advised to disable macros in Office programs.

Finland's F-Secure has advice given how the Windows Script Host can be disabled so that JavaScript files are no longer open.

BlackBerry CEO Cryptically On Assistance To Canadian Police



BlackBerry CEO John Chen has responded at a news that BlackBerry Canadian police would have the encryption key to the encrypted BlackBerry messages could decrypt. Chen does not want to confirm or deny the report.

Last week Vice Magazine came out with a report showing that Canadian police were able to decrypt encrypted BlackBerry messages. At that BlackBerry did not respond, but last night there appeared a blog posting by Chen . In it he argues that tech companies must meet reasonable court orders to give investigators access to data. He also repeated his earlier statement that it is objectionable as companies put their reputation over the public interest.

He then briefly discusses the case of the Canadian police, but would not say whether the Canadian police indeed received the encryption key. Chen said the only thing is that BlackBerry has held in this case to its own principles. "For BlackBerry, there is a balance of what is right, such as helping in the detection of criminals, and prevent government violate the privacy of citizens. We have found this balance, even though governments have pressured us to our ethical principles change."

Police Asked Apple To About 341 Units


The Dutch police Apple has in the second half of last year asked for information on 341 Apple devices, according to a new Transparency Report of the tech company ( pdf ). It went to a total of 39 requests related to 341 devices.

Sixteen requests were granted by Apple. According to Apple will most requests for lost or stolen devices. In the first half of 2015 were still 25 requests filed with about 85 aircraft was searched. During that period twelve requests were honored.

In addition to information about devices, the police also sought information about Apple accounts. In the second half of 2015 was about thirteen data requests related to 13 Apple accounts. In five cases, data were presented. three more requests came in the first half of 2015 within the information requested on three accounts. In one case, when Apple decided to hand over information.

In addition, Apple also received three emergency requests from the police in the second half of last year. This relates to data requests made in an emergency, for example, to save a life or prevent injury. In the first half of 2015, it went to one emergency request.