Google Finds More Malware from it's Own Google Play Store.
Google is hard at work killing more Fake ad networks in some more Apps found on their own Play Store. These directed users to install malware disguised as free applications
Yesterday, the folks over at Lookout divulged their latest find. 32 applications, mostly Russian language, were found to contain what Lookout calls "BadNews" -- a new piece of code that facilitates easy installation of malware onto users phones who have it installed. They estimate that apps containing BadNews have been installed over 2,000,000 times. While this is but a small drop compared to the hundreds of millions of Android devices and 25+ Billion apps installed from the Play store, it's still quite the eye popping number.
BadNews is disguised as an ad network. Besides serving ads for other less popular apps containing the BadNews code, it has the ability to send some of your private data (including your phone number and IMEI) to a server. It also displays fake news messages about app updates and links to actual malware that a user could install outside Google Play.
The offending applications, distributed across four different developer accounts, have been purged from Google Play. If you think you may have been affected, or are running one of the apps, Lookout's security application can assist in identifying the things you need to remove.
We appreciate a well researched and legitimate look at malware like this news, and don't want it to get buried like the so many FUD stories around the Internet that are speculation with no numbers. For a list of the applications, and a look at how this was discovered, click the source link below. Carry past the break for some further discussion.
Source: Lookout
Now to talk a bit about how and why this happened, and what users could have done differently to protect themselves. To start with, over 2,000,000 people downloaded an application from Google Play, and said "yes" when asked if they wanted to allow the downloaded application to have access to their phone number. We understand that all the app permissions can be confusing, and that often there are legitimate reasons for apps to request permissions to sensitive information. But we have to be diligent and read those permissions, every time, and pass on the apps we think have requests that sound fishy. While this means that we'll likely have to pass on a few apps that are innocent, it also means we won't have some spammy app sending all our contact data off to some server in the Russian Federation. This is the price of having an open application store, and while Google can come back and remove apps that have gone wild after they are found, we have to practice a little care of our own.
The second one is a no-brainer. If you click an ad banner that promises an update to an app that you downloaded from Google Play, or directs you to download and install any files to your phone, you have to say no. This is why it was a big deal when Facebook decided to go rogue and update their app in an unapproved manner, and why many folks were calling for their heads and removal of their app from Google Play for doing so. If you allow things like this to happen, nobody can help you. This time, these apps would have been detected by a security app like Lookout, but next time they may not. Just Say No.
It's relatively easy to write malicious code and inject it into an application that users want. It's not so easy to distribute it from Google Play, and as a result we see convoluted methods like BadNews to get the job done. Be diligent, be safe, and whenever you're in doubt ask for advice in the forums. We may be bickering between ourselves over whether Samsung or HTC makes the better phone, but we all work together when a friend is in need.
View Comments
Evernote Passwords Stolen So Reset Yours Fast.
On logging into Evernote you'll find that you have to reset your password. Why? Well according to a post on the official Evernote blog, they were hacked, and while no personal information was snatched, emails, usernames, and passwords were. Luckily, those passwords were encrypted, but better safe than sorry.
Samsung Galaxy S3, Galaxy Note 2 and others have a major security flaw.
Samsung's Galaxy S3 and Galaxy Note 2 smartphones have been revealed to suffer from a security flaw found in their Exynos ARM-based system-on-chip (SoC) processors, which could lead to users' personal data being exposed to malware.
First spotted by a user on the XDA Developers forums, the flaw affects all Android-based Samsung devices that use the Exynos 4210 and 4412 system-on-chip processor - including the Galaxy S2, Galaxy S3, Galaxy Note, Galaxy Note 2 and Galaxy Note 10.1, but not the cut-down Galaxy S3 Mini, which uses a different processor. The Samsung-manufactured Nexus 10 tablet, meanwhile, also escapes the bug as it uses the next-generation Exynos 5-series processor rather than the Exynos 4 family.
Currently, the flaw is not known to be exploited in the wild except for an application designed to allow users to 'root' their handsets - a process analogous to 'jailbreaking' an iPhone - without the need to connect the handset to a computer and use third-party software. The developer who discovered it, however, warns that it could be potentially serious: allowing full read/write access to the device's memory, the flaw allows malware to read personal details - including usernames and passwords - or patch itself into other applications, such as to record telephone calls or text messages. The vulnerability could even be used to trigger the device's microphone or camera remotely.
So far, there is no news of an official patch from Samsung, with some researchers releasing a third-party unofficial patch to work around the flaw.
Is your credit card details being stolen at point-of-sale terminals when shopping at big companies?
Administration panel for Dexter, a malicious application that steals credit card data from point-of-sale systems. The malware was recently found on hundreds of computers around the world.
A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses.
Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30 percent of those compromised located in the US, 19 percent in the UK, and nine percent in Canada. Malware that infects point-of-sale terminals can be one of the most efficient ways to carry out payment card fraud because it targets machines with access to large amounts of the required data.
"Instead of going through the trouble of infecting tens of thousands of PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware," Raff wrote. "Dexter is one example of such malware."
Dexter has infected systems running a variety of different versions of Windows, including XP, Home Server, Server 2003, and Windows 7. Once installed, Dexter uploads the contents of computer memory to a server located in the Republic of Seychelles. An online parsing tool then attempts to ferret out Track 1 and Track 2 card data processed by various POS applications. The data is then retrieved by the malware operators, presumably for the purpose of cloning payment cards. More on Dexter here.
It remains unclear how POS systems are infected by Dexter, which gets its name from a string of text found in one of its files. The large percentage of infected Windows servers suggests Web-based exploits and social engineering traps aren't likely vectors, since those types of machines typically aren't used to browse Web pages. Raff declined to identify the businesses infected by the malware.
Internet Explorer 6-10 vulnerability lets hackers track your mouse movements
A vulnerability found in Microsoft's Internet Explorer allows hackers to track the movements of your mouse cursor across the screen, which could in turn reveal data entered on virtual keyboards.
Virtual keyboards and keypads can be used to reduce the chance of a keylogger recording every keystroke and therefore being able to "read" your passwords. However Spider.io discovered that Internet Explorer versions 6 to 10 make it possible for your mouse cursor to be tracked anywhere on screen, even if the IE tab is minimised. You can see a video demonstration of the vulnerability embedded in this post, or you can try it yourself at this link (provided you are browsing with IE).
This particular vulnerability is of concern, because if you use Internet Explorer your mouse movements can be recorded even if you never install any software. A hacker simply needs to buy a display advertising placement on any webpage you visit. As long as the tab with the ad remains open, mouse movements can be tracked.
The analytics company disclosed the vulnerability to Microsoft back in October, but has now gone public. The Microsoft Security Research Centre recognises that there is a vulnerability but has said that there are no immediate plans to patch it. Spider.io says that a number of web analytics companies are already making use of this ability to track cursor movements.
Spider's Douglas de Jager explained to Wired.co.uk that they discovered the issue when looking into ways to measure the position of advertisements on a web page. There are two ways to measure the "viewability" of display advertisements online -- i.e. to check whether the ad slots are placed in a prominent place on the website. (This is because some disreputable publishers have been known to place MPUs and other ad placements outside of the frame of the website so that -- for example -- a video might be playing on repeat out of sight, meaning that the advertiser is paying for views of their video when web users aren't actually able to see them.)
One involves a geometric approach, which compares the position of the four corners of the ad relative to the host webpage and comparing the position of the four corners of the browser's viewpoint relative to the host webpage. A variant of this approach is comparing the ad with the screen edge rather than the host page. This geometric approach doesn't work so well when ads are embedded in "unfriendly" or cross-domain iframes. A second approach involves monitoring browser optimisations: by monitoring how a browser allocates resources to render an ad, you can determine what proportion of the ad is in view -- this is the approach that Spider.io uses.
The Internet Explorer issue arose in the geometric approach that the browser takes, which involves showing the position of the cursor relative to the advertisement and relative to the screen edge -- allowing web analytics companies and potentially hackers to ascertain the cursor position at any point.
In order to glean any meaningful information from this attack, any hacker would need to know what website or application the user was using and the layout of the site. The site would also need to use an onscreen keypad or keyboard to enter sensitive information -- something that ING Direct's online banking service uses.
Virtual keyboards and keypads can be used to reduce the chance of a keylogger recording every keystroke and therefore being able to "read" your passwords. However Spider.io discovered that Internet Explorer versions 6 to 10 make it possible for your mouse cursor to be tracked anywhere on screen, even if the IE tab is minimised. You can see a video demonstration of the vulnerability embedded in this post, or you can try it yourself at this link (provided you are browsing with IE).
This particular vulnerability is of concern, because if you use Internet Explorer your mouse movements can be recorded even if you never install any software. A hacker simply needs to buy a display advertising placement on any webpage you visit. As long as the tab with the ad remains open, mouse movements can be tracked.
The analytics company disclosed the vulnerability to Microsoft back in October, but has now gone public. The Microsoft Security Research Centre recognises that there is a vulnerability but has said that there are no immediate plans to patch it. Spider.io says that a number of web analytics companies are already making use of this ability to track cursor movements.
Spider's Douglas de Jager explained to Wired.co.uk that they discovered the issue when looking into ways to measure the position of advertisements on a web page. There are two ways to measure the "viewability" of display advertisements online -- i.e. to check whether the ad slots are placed in a prominent place on the website. (This is because some disreputable publishers have been known to place MPUs and other ad placements outside of the frame of the website so that -- for example -- a video might be playing on repeat out of sight, meaning that the advertiser is paying for views of their video when web users aren't actually able to see them.)
One involves a geometric approach, which compares the position of the four corners of the ad relative to the host webpage and comparing the position of the four corners of the browser's viewpoint relative to the host webpage. A variant of this approach is comparing the ad with the screen edge rather than the host page. This geometric approach doesn't work so well when ads are embedded in "unfriendly" or cross-domain iframes. A second approach involves monitoring browser optimisations: by monitoring how a browser allocates resources to render an ad, you can determine what proportion of the ad is in view -- this is the approach that Spider.io uses.
The Internet Explorer issue arose in the geometric approach that the browser takes, which involves showing the position of the cursor relative to the advertisement and relative to the screen edge -- allowing web analytics companies and potentially hackers to ascertain the cursor position at any point.
In order to glean any meaningful information from this attack, any hacker would need to know what website or application the user was using and the layout of the site. The site would also need to use an onscreen keypad or keyboard to enter sensitive information -- something that ING Direct's online banking service uses.
Android Malware: Only 15% of it Detected By Google !
Last month, Google unveiled a new security feature that sought to stop what experts have warned is a growing problem on Android phones: malware.
But a security researcher on Tuesday said the service fails to detect the vast majority of harmful apps.
Smartphone owners running Android 4.2 and later with Google Play installed can use the new security service, which is supposed to flag unsafe apps and send users messages that say, “Installing this app may harm your phone” or “Installation has been blocked.” If a user receives the latter message, Google prevents the app from being installed.
But Xuxian Jiang, an associate professor computer science at North Carolina State University, tested Google’s new security service and found it detected only 15 percent of known malicious apps as being dangerous. His research was based on 1,260 samples of malicious code from the Android Malware Genome Project, an initiative run by the university to analyze cybersecurity threats on mobile devices.
He noted that VirusTotal, a cybersecurity software company that Google bought in September, worked better than the security feature that Google unveiled last month. However, VirusTotal has not yet been integrated into Google's new app verification service.
A Google spokesperson said the findings focused on a group of malware "that may not be representative of actual conditions," while Google's new app security service "uses real-world data and multiple detection techniques to protect against Android malware."
"We go after threats users are most likely to face," the spokesperson said.
Security experts have repeatedly warned that the number of malicious Android apps is growing, partly because Google’s method for policing its mobile app store has been less stringent than Apple’s system for keeping malware out of its mobile app store.
Such claims have prompted Google to unveil new mobile security features over the past year. In February, Google unveiled “Bouncer,” which was supposed to flags bad apps before they entered Google’s app store, known as Google Play.
In June, security researchers claimed they had found a workaround that allows hackers to sneak dangerous apps past Bouncer.
"No security approach is foolproof, and added scrutiny can often lead to important improvements," Hiroshi Lockheimer, Android vice president of engineering, wrote in February.
WIndows RT Tablets Windows 8 Serious Vulnerabilities..
It's been less than a month since Windows 8 and Windows RT-powered Surface tablets were launched and went on sale, but Microsoft is already warning that the two next-generation operating systems contain critical security vulnerabilities that are due to be patched this coming Tuesday.
Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security.
The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems.
Among the flaws, a few patches will be delivered for Internet Explorer that will fix a flaw that allows drive-by attacks on vulnerable systems, such as if the user visits a malicious Web page through the browser. Older versions of Internet Explorer, versions IE6, IE7 and IE8, which run on Windows XP, will not be patched.
The latest version of Internet Explorer 10, exclusive to Windows 8 and Windows RT machines, contains no vulnerabilities that Microsoft is yet aware of.
For Office, where a machine could allow remote code execution if a user opens a malicious Office document. Rated as "important," it requires user intervention -- in this case, the code can only run if the user opens up the document.
In all, the six patches will fix 19 vulnerabilities, and will be released through the usual channels in the coming days -- on so-called "Patch Tuesday."
Windows 8 Activation Cracked By Pirates.
Pirates have cracked Windows 8 Activation system in spitete of Microsoft lowering upgrade prices. It seems no matter how cheap it gets there still will be users wanting to get things for free, and for them their will always be a hack or crack to bypass copy protection and activation procedures.
Unlike Windows 7 doing an activation crack on Microsoft Windows 8 is much harder as the operating-system features newer technology to detect and protect illegal activations. Like every other software out there pirates always find a way to beat the protection allowing mass pirating, and once again this has been done for Microsoft Windows 8.
The KMS Activator for Windows 8 is still the prominent method to crack Windows 8 and use it illegally, another variant of the same method seems to be out now as Windows.8.Activator.K.G.v1.11.2012-Genial7
which not only hactivates but also changes some files to make your computer look activated on all relevant screens.
Now, while pirates can activate and use illegal copies of windows 8 - it should be noted that these are not real cracks and work by exploiting the genuine Microsoft KMS activation service aimed for volume licensing. KMS activation method allows copies to Microsoft software's to be activated in bulk legally for 180 days. Similar to KMS activator crack for Windows 8 this new hactivation utility performs the same KMS activations (using an illegal or unauthorized server) which works by installing a service which autoruns on 179/180the day of hactivation to reactivate without user knowing about it. The only additional job done by this new utility is to change some files and make Windows 8 cosmetically report that it is fully activated hiding the real status of 180 days KMS activation.
Unlike Windows 7 doing an activation crack on Microsoft Windows 8 is much harder as the operating-system features newer technology to detect and protect illegal activations. Like every other software out there pirates always find a way to beat the protection allowing mass pirating, and once again this has been done for Microsoft Windows 8.
The KMS Activator for Windows 8 is still the prominent method to crack Windows 8 and use it illegally, another variant of the same method seems to be out now as Windows.8.Activator.K.G.v1.11.2012-Genial7
which not only hactivates but also changes some files to make your computer look activated on all relevant screens.
Now, while pirates can activate and use illegal copies of windows 8 - it should be noted that these are not real cracks and work by exploiting the genuine Microsoft KMS activation service aimed for volume licensing. KMS activation method allows copies to Microsoft software's to be activated in bulk legally for 180 days. Similar to KMS activator crack for Windows 8 this new hactivation utility performs the same KMS activations (using an illegal or unauthorized server) which works by installing a service which autoruns on 179/180the day of hactivation to reactivate without user knowing about it. The only additional job done by this new utility is to change some files and make Windows 8 cosmetically report that it is fully activated hiding the real status of 180 days KMS activation.
Android Malware Up Massively.
Security firm F-Secure’s latest mobile threat report (for Q3) reports “a whopping 51,447 unique samples” detected in the third quarter, up from 5,033 in Q2 and 3,063 in Q1. The majority of the new Android malware detected by F-Secure in Q3 are designed to “generate profit from SMS sending activities or by harvesting information found on the infected device”, it notes — whereas earlier this year driveby malware was the most prolific. Commenting on Android’s security situation last month, a Google spokesman told me: “We are committed to providing a secure experience for consumers in Google Play.” Mountain View claims its data on Android malware shows a 40 percent decrease in “the number of potentially-malicious downloads from Google Play” between the first and second halves of 2011.
Google takes various measured to tackle malware. Earlier this year, when it introduced its app store scanning system — codenamed Bouncer – Hiroshi Lockheimer, VP of Engineering, Android explained how it worked in a blog post
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
In addition to scanning for malicious code, Google’s security approach includes Content policies that Android developers must adhere to — also tightened up this summer — along with what it describes as “a multi-layered security model based on user permissions and application sandboxing”. Any apps that violate Google policies are pulled from Google Play — but of course that does not stop them being offered on third party app markets.
F-Secure notes that the release of Android 4.1 Jelly Bean included “a number of exploit mitigation features as part of an ongoing effort to improve security on the platform” (Engadget reported Jelly Bean adoption had reached 1.2 percent of Android phones and tablets as of September).
The Android malware identified by F-Secure is not broken down by app store source — so it’s not possible to determine what proportion comes from the Google Play store. “We can’t produce stats on the amount of malware from Google Play vs elsewhere as most of our samples come via anonymized sources,” Mikko Hypponen, F-Secure’s chief research officer, told TechCrunch.
Google takes various measured to tackle malware. Earlier this year, when it introduced its app store scanning system — codenamed Bouncer – Hiroshi Lockheimer, VP of Engineering, Android explained how it worked in a blog post
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
In addition to scanning for malicious code, Google’s security approach includes Content policies that Android developers must adhere to — also tightened up this summer — along with what it describes as “a multi-layered security model based on user permissions and application sandboxing”. Any apps that violate Google policies are pulled from Google Play — but of course that does not stop them being offered on third party app markets.
F-Secure notes that the release of Android 4.1 Jelly Bean included “a number of exploit mitigation features as part of an ongoing effort to improve security on the platform” (Engadget reported Jelly Bean adoption had reached 1.2 percent of Android phones and tablets as of September).
The Android malware identified by F-Secure is not broken down by app store source — so it’s not possible to determine what proportion comes from the Google Play store. “We can’t produce stats on the amount of malware from Google Play vs elsewhere as most of our samples come via anonymized sources,” Mikko Hypponen, F-Secure’s chief research officer, told TechCrunch.
Massive Encryption Faults in Android Apps Used by 185 Million Users exposing Bank Details etc.
Computer science researchers have found that Android apps used by upwards of 185 million people can expose online banking and social network credentials, as well as emails and IM content.
The researchers, from Germany's Leibniz University of Hannover and Philipps University of Marburg, have identified 41 apps available on the Play store which leak sensitive information as it travels between phones and servers. The team recreated real-life app use on a local area network and then used existing security exploits to garner confidential information, reports Ars Technica. The researchers write:
"We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted."
The researchers haven't identified which apps are at fault, though they do note that some of them have been downloaded up to 185 million times. They do hint at the kind of software they found was insecure, though, detailing examples of the vulnerabilities they found. Ars Technica gives a round-up:
The researchers, from Germany's Leibniz University of Hannover and Philipps University of Marburg, have identified 41 apps available on the Play store which leak sensitive information as it travels between phones and servers. The team recreated real-life app use on a local area network and then used existing security exploits to garner confidential information, reports Ars Technica. The researchers write:
"We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted."
The researchers haven't identified which apps are at fault, though they do note that some of them have been downloaded up to 185 million times. They do hint at the kind of software they found was insecure, though, detailing examples of the vulnerabilities they found. Ars Technica gives a round-up:
- An anti-virus app that accepted invalid certificates when validating the connection supplying new malware signatures. By exploiting that trust, the researchers were able to feed the app their own malicious signature.
- An app with an install base of 1 million to 5 million users that was billed as a "simple and secure" way to upload and download cloud-based data that exposed login credentials. The leakage was the result of a "broken SSL channel."
- A client app for a popular Web 2.0 site with up to 1 million users, which appears to be offered by a third-party developer. It leaked Facebook and Google credentials when logging in to those sites.
- A "very popular cross-platform messaging service" with an install base of 10 million to 50 million users exposed telephone numbers from the address book.
Viruses Rampant on Medical Equipment in Hospitals
Thu, Oct 18 2012 04:52
| Security
Computerised hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.
Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.
In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.
As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.
"I find this mind-boggling," Fu says. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."
The worries over possible consequences for patients were described last Thursday at a meeting of a medical-device panel at the National Institute of Standards and Technology Information Security & Privacy Advisory Board, of which Fu is a member, in Washington, D.C. At the meeting, Olson described how malware at one point slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.
"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data," Olson said during the meeting, referring to high-risk pregnancy monitors. "Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."
The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.
At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.
Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. "We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can't be used, or they become compromised to the point where their values are adjusted without the software knowing," he said. He explained that when a machine becomes clogged with malware, it could in theory "miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm."
Often the malware is associated with botnets, Olson said, and once it lodges inside a computer, it attempts to contact command-and-control servers for instructions. Botnets, or collections of compromised computers, commonly send spam but can also wage attacks on other computer systems or do other tasks assigned by the organizations that control them (see "Moore's Outlaws").
In September, the Government Accountability Office issued a report warning that computerized medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. The GAO report focused mostly on the threat to two kinds of wireless implanted devices: implanted defibrillators and insulin pumps. The vulnerability of these devices has received widespread press attention (see "Personal Security" and "Keeping Pacemakers Safe from Hackers"), but no actual attacks on them have been reported.
Fu, who is a leader in researching the risks described in the GAO report, said those two classes of device are "a drop in the bucket": thousands of other network-connected devices used for patient care are also vulnerable to infection. "These are life-saving devices. Patients are overwhelmingly safer with them than without them. But cracks are showing," he said. (Fu was Technology Review's Innovator of the Year in 2009.)
Malware problems on hospital devices are rarely reported to state or federal regulators, both Olson and Fu said. This is partly because hospitals believe they have little recourse. Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed. "Maybe that's a failing on our part, that we aren't trying to raise the visibility of the threat," Olson said. "But I think we all feel the threat gets higher and higher."
Speaking at the meeting, Brian Fitzgerald, an FDA deputy director, said that in visiting hospitals around the nation, he has found Beth Israel's problems to be widely shared. "This is a very common profile," he said. The FDA is now reviewing its regulatory stance on software, Fitzgerald told the panel. "This will have to be a gradual process, because it involves changing the culture, changing the technology, bringing in new staff, and making a systematic approach to this," he said.
In an interview Monday, Tam Woodrum, a software executive at the device maker GE Healthcare, said manufacturers are in a tough spot, and the problems are amplified as hospitals expect more and more interconnectedness. He added that despite the FDA's 2009 guidance, regulations make system changes difficult to accomplish: "In order to go back and update the OS, with updated software to run on the next version, it's an onerous regulatory process."
Olson said that in his experience, GE Healthcare does offer software patches and guidance on keeping devices secure, but that not all manufacturers have the same posture. He added that the least-protected devices have been placed behind firewalls. But to do that with all a hospital's software-controlled equipment would require more than 200 firewalls—an unworkable prospect, he said.
John Halamka, Beth Israel's CIO and a Harvard Medical School professor, said he began asking manufacturers for help in isolating their devices from the networks after trouble arose in 2009: the Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that "could not be patched due to [regulatory] restrictions." He said, "No one was harmed, but we had to shut down the systems, clean them, and then isolate them from the Internet/local network."
He added: "Many CTOs are not aware of how to protect their own products with restrictive firewalls. All said they are working to improve security but have not yet produced the necessary enhancements."
Fu says that medical devices need to stop using insecure, unsupported operating systems. "More hospitals and manufacturers need to speak up about the importance of medical-device security," he said after the meeting. "Executives at a few leading manufacturers are beginning to commit engineering resources to get security right, but there are thousands of software-based medical devices out there."
Samsung Galaxy 2 and 3 phones Vulnerable to being reset by malicious code.
www.tech-sanity.com
A major security vulnerability has been discovered in some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models. Security researcher Ravi Borgaonkar at the Ekoparty security conference discovered it several days ago. . It involves the use of a single line of code in a malicious web page to immediately trigger a factory reset without prompting the user, or allowing them to cancel the process. Even more serious is the possibility that this could be paired with a similar glitch to render the user's SIM card inoperable. And as the malicious code is in URI form, it can also be delivered via NFC or QR code.
Various Samsung phones seem to be affected such as Galaxy 2 and 3, the Galaxy Ace and Galaxy Beam. As far as we can tell, though, the bug does not affect Samsung phones running stock Android, like the Galaxy Nexus. So it's Touchwoxz relalated.
The vulnerability is the result of the way the native Samsung dialer app handles USSD codes and telephone links. USSD codes are special combinations of characters that can be entered in the keypad to perform certain functions, like enabling call forwarding, or accessing hidden menus on the device. On Samsung phones, there's also a USSD code for factory resetting the phone (and presumably another for nuking your SIM). This, combined with the fact that the dialer automatically runs telephone links that are passed to it by other apps, results in a particularly nasty issue for anyone unfortunate enough to run by a malicious web page.
There are, of course, other applications of this glitch -- for example, the ability to automatically run numbers through the dialer could be used to call premium-rate phone numbers. But the fact that just visiting a web site could factory reset your phone, wipe your internal storage and nuke your SIM is a very serious issue. So we'd advise you update your software if you're running an S3, and if you're not, we'd recommend using a third-party dialer like Dialer One until all this has blown over.
A major security vulnerability has been discovered in some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models. Security researcher Ravi Borgaonkar at the Ekoparty security conference discovered it several days ago. . It involves the use of a single line of code in a malicious web page to immediately trigger a factory reset without prompting the user, or allowing them to cancel the process. Even more serious is the possibility that this could be paired with a similar glitch to render the user's SIM card inoperable. And as the malicious code is in URI form, it can also be delivered via NFC or QR code.
Various Samsung phones seem to be affected such as Galaxy 2 and 3, the Galaxy Ace and Galaxy Beam. As far as we can tell, though, the bug does not affect Samsung phones running stock Android, like the Galaxy Nexus. So it's Touchwoxz relalated.
The vulnerability is the result of the way the native Samsung dialer app handles USSD codes and telephone links. USSD codes are special combinations of characters that can be entered in the keypad to perform certain functions, like enabling call forwarding, or accessing hidden menus on the device. On Samsung phones, there's also a USSD code for factory resetting the phone (and presumably another for nuking your SIM). This, combined with the fact that the dialer automatically runs telephone links that are passed to it by other apps, results in a particularly nasty issue for anyone unfortunate enough to run by a malicious web page.
There are, of course, other applications of this glitch -- for example, the ability to automatically run numbers through the dialer could be used to call premium-rate phone numbers. But the fact that just visiting a web site could factory reset your phone, wipe your internal storage and nuke your SIM is a very serious issue. So we'd advise you update your software if you're running an S3, and if you're not, we'd recommend using a third-party dialer like Dialer One until all this has blown over.
Microsoft issues security patches for Serious Vulnerabilities.
www.tech-sanity.com
As promised, Microsoft is issuing a security patch for a Flash vulnerability on Windows 8 in Internet Explorer 10. Though the operating system has yet to see its official public release, researchers testing the RTM version found a bug that could cause Flash to crash and allow for attackers to take control of a user's machine. Additionally, the company is rolling out an update to address a security hole in Internet Explorer versions 7 and 8 on Windows XP -- and IE 9 on Windows 7 and Windows Vista -- which left the door open for hackers to spread malware via a specially designed Flash animation. Both security patches are available via Microsoft's Windows Update service.
As promised, Microsoft is issuing a security patch for a Flash vulnerability on Windows 8 in Internet Explorer 10. Though the operating system has yet to see its official public release, researchers testing the RTM version found a bug that could cause Flash to crash and allow for attackers to take control of a user's machine. Additionally, the company is rolling out an update to address a security hole in Internet Explorer versions 7 and 8 on Windows XP -- and IE 9 on Windows 7 and Windows Vista -- which left the door open for hackers to spread malware via a specially designed Flash animation. Both security patches are available via Microsoft's Windows Update service.
Microsoft Nitol botnet discovering PCs straight from the manufacterers.
www.tech-sanity.com
Microsoft helped disrupt more than 500 different strains of malware this week. in an attempt to deal to the Nitol botnet. Retailers in China selling computers with counterfeit versions of Windows loaded with malware where found and felt to. Microsoft discovered that 20 percent of the PCs its researchers purchased in China were infected with malware. Microsoft is calling on suppliers, resellers, distributors, and retailers to safeguard consumers from purchasing machines loaded with malware. "They need to adopt and practice stringent policies that ensure that the computers and software they purchase and resell come from trustworthy sources," says Microsoft's Richard Domingues Boscovich.
Microsoft has previously disrupted the Kelihos (around 100,000 machines) and Zeus botnets (around 13 million infections) by working closely with US officials. For this week's Nitol botnet disruption, a court granted Microsoft's request to takeover the 3322.org domain name, which hosted the Nitol botnet, through a DNS redirect — allowing the company to block Nitol and other malicious subdomains hosted at the site, including over 37 million malware connections. "Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware," says Boscovich. "Today’s action is a step toward preventing that."
Microsoft helped disrupt more than 500 different strains of malware this week. in an attempt to deal to the Nitol botnet. Retailers in China selling computers with counterfeit versions of Windows loaded with malware where found and felt to. Microsoft discovered that 20 percent of the PCs its researchers purchased in China were infected with malware. Microsoft is calling on suppliers, resellers, distributors, and retailers to safeguard consumers from purchasing machines loaded with malware. "They need to adopt and practice stringent policies that ensure that the computers and software they purchase and resell come from trustworthy sources," says Microsoft's Richard Domingues Boscovich.
Microsoft has previously disrupted the Kelihos (around 100,000 machines) and Zeus botnets (around 13 million infections) by working closely with US officials. For this week's Nitol botnet disruption, a court granted Microsoft's request to takeover the 3322.org domain name, which hosted the Nitol botnet, through a DNS redirect — allowing the company to block Nitol and other malicious subdomains hosted at the site, including over 37 million malware connections. "Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware," says Boscovich. "Today’s action is a step toward preventing that."
Oracle releases Java SE 7 bringing first-class support to OS X and Linux on ARM.
www.tech-sanity.com
Oracle announced on Tuesday that it will start offering direct downloads and auto-updates to Java on OS X beginning with the release of Java Standard Edition 7 Update 6. Users can download the Java Runtime Environment (JRE) directly from Oracle's java.com website "soon," according to Oracle, and will receive auto-updates at the same time as Windows, Linux, and Solaris platforms. The update also fully integrates the JavaFX 2.2 libraries, designed to make the development and deployment of desktop applications easier and faster, and adds OS X support for a new JavaFX user interface development tool.
Oracle is also expanding its support for Linux as well. Java SE 7 Update 6 adds support for Linux on ARM, "to address 'general purpose”' ARM systems, such as those used for the emerging micro-server ARM market, and for development platforms such as Raspberry Pi." JavaFX 2.2 also fully supports Linux on x86 and x64 platforms.
The latest release of Java SE 7 now makes OS X a fully supported platform. That includes the JRE, which end users install to run Java-based applications; the JDK, which developers use to develop Java applications; and the JavaFX "rich client platform," used to develop GUI desktop applications. Oracle is also releasing an OS X version of its new JavaFX Scene Builder, which allows developers to build user interfaces using drag-and-drop components (similar to Xcode or Visual Studio).
Apple's continuing inability to stay on top of updating Java resulted in the most widely exploited vulnerability in OS X to date: a quick-spreading trojan known as Flashback. The malware infected over half a million un-patched Macs at its pinnacle, though Apple quickly released patches and a removal tool after news of Flashback became public.
Apple has since effectively ceded responsibility for Java to Oracle, which had begun taking over support of Java on OS X with the release of Java SE 7 Update 4 in April. Apple has still distributed its own updates to Java, releasing critical security patches in concert with Oracle, though it appears end users will be getting updates from Oracle from now on.
"Oracle continues to expand our support for the Java platform, and now, for the first time, consumers and developers have access to the latest Java SE features and security updates across all major operating systems: Windows, Linux, Solaris, and Mac OS X," Hasan Rizvi, senior vice president of Oracle Fusion Middleware and Java Products, said in a statement. "We're also focused on improving the client Java experience with the release of JavaFX Scene Builder and bundling JavaFX with Java SE to provide better performance and improved usability for JavaFX applications, without having to install and maintain a separate product."
Oracle announced on Tuesday that it will start offering direct downloads and auto-updates to Java on OS X beginning with the release of Java Standard Edition 7 Update 6. Users can download the Java Runtime Environment (JRE) directly from Oracle's java.com website "soon," according to Oracle, and will receive auto-updates at the same time as Windows, Linux, and Solaris platforms. The update also fully integrates the JavaFX 2.2 libraries, designed to make the development and deployment of desktop applications easier and faster, and adds OS X support for a new JavaFX user interface development tool.
Oracle is also expanding its support for Linux as well. Java SE 7 Update 6 adds support for Linux on ARM, "to address 'general purpose”' ARM systems, such as those used for the emerging micro-server ARM market, and for development platforms such as Raspberry Pi." JavaFX 2.2 also fully supports Linux on x86 and x64 platforms.
The latest release of Java SE 7 now makes OS X a fully supported platform. That includes the JRE, which end users install to run Java-based applications; the JDK, which developers use to develop Java applications; and the JavaFX "rich client platform," used to develop GUI desktop applications. Oracle is also releasing an OS X version of its new JavaFX Scene Builder, which allows developers to build user interfaces using drag-and-drop components (similar to Xcode or Visual Studio).
Apple's continuing inability to stay on top of updating Java resulted in the most widely exploited vulnerability in OS X to date: a quick-spreading trojan known as Flashback. The malware infected over half a million un-patched Macs at its pinnacle, though Apple quickly released patches and a removal tool after news of Flashback became public.
Apple has since effectively ceded responsibility for Java to Oracle, which had begun taking over support of Java on OS X with the release of Java SE 7 Update 4 in April. Apple has still distributed its own updates to Java, releasing critical security patches in concert with Oracle, though it appears end users will be getting updates from Oracle from now on.
"Oracle continues to expand our support for the Java platform, and now, for the first time, consumers and developers have access to the latest Java SE features and security updates across all major operating systems: Windows, Linux, Solaris, and Mac OS X," Hasan Rizvi, senior vice president of Oracle Fusion Middleware and Java Products, said in a statement. "We're also focused on improving the client Java experience with the release of JavaFX Scene Builder and bundling JavaFX with Java SE to provide better performance and improved usability for JavaFX applications, without having to install and maintain a separate product."
Facebook allegedly did nothing to verify security of apps it was paid to review.
www.tech-sanity.com
Facebook's app programme has been accused by the FTC of being 'deceptive'
Facebook has been accused of deceiving developers after it emerged that the social networking site did nothing to verify the security of applications it was paid tens of thousands of dollars to review, and which it assured users had been checked.
It is believed Facebook was paid up to $95,000 (£60,600) by developers whose applications were entered into its verified apps scheme.
The system gave a green tick of approval to apps that passed what Facebook described as its "test for trustworthy user experiences".
An investigation by the US Federal Trade Commission (FTC) revealed that Facebook took no steps to review the applications in its now-closed scheme. Facebook awarded the verified badge to 254 applications, according to the FTC.
Developers paid Facebook $375, or $175 for a student or non-profit organisation, to be given the green tick. Verified apps were given other benefits including prominence in its search results and a higher ranking on the directory of apps.
Facebook had said it would subject the apps to a "detailed review process", and then give the verified badge to apps that the social network decided were "secure, respectful and transparent".
However, the FTC described the programme as "deceptive" in a 19-page list of wider privacy charges against Facebook.
"Contrary to the statements set forth in paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a verified application's website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application," the FTC said.
Consumers could also have been deceived by the "verified" tickmarks, the FTC suggested, as the site said that the programme "is designed to offer extra assurances to help users identify applications they can trust… that are secure, respectful and transparent, and have demonstrated commitment to compliance with platform policies".
But instead, Facebook "took no steps to verify either the security of a verified application's website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other platform application," the FTC said.
Facebook accepted a settlement with the FTC on Friday. Under its terms Facebook must allow an independent watchdog to make regular privacy inspections for the next 20 years. It came just a day after Google was fined a record $22.5m (£14.4m) by the FTC for circumventing privacy protections on Apple's Safari web browser.
Facebook closed the verified apps program after just six months in December 2009, saying that it would extend "the idea of verification to apply to all of the applications on the Facebook platform". Facebook agreed to undergo privacy vetting for 20 years.
Facebook's app programme has been accused by the FTC of being 'deceptive'
Facebook has been accused of deceiving developers after it emerged that the social networking site did nothing to verify the security of applications it was paid tens of thousands of dollars to review, and which it assured users had been checked.
It is believed Facebook was paid up to $95,000 (£60,600) by developers whose applications were entered into its verified apps scheme.
The system gave a green tick of approval to apps that passed what Facebook described as its "test for trustworthy user experiences".
An investigation by the US Federal Trade Commission (FTC) revealed that Facebook took no steps to review the applications in its now-closed scheme. Facebook awarded the verified badge to 254 applications, according to the FTC.
Developers paid Facebook $375, or $175 for a student or non-profit organisation, to be given the green tick. Verified apps were given other benefits including prominence in its search results and a higher ranking on the directory of apps.
Facebook had said it would subject the apps to a "detailed review process", and then give the verified badge to apps that the social network decided were "secure, respectful and transparent".
However, the FTC described the programme as "deceptive" in a 19-page list of wider privacy charges against Facebook.
"Contrary to the statements set forth in paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a verified application's website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application," the FTC said.
Consumers could also have been deceived by the "verified" tickmarks, the FTC suggested, as the site said that the programme "is designed to offer extra assurances to help users identify applications they can trust… that are secure, respectful and transparent, and have demonstrated commitment to compliance with platform policies".
But instead, Facebook "took no steps to verify either the security of a verified application's website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other platform application," the FTC said.
Facebook accepted a settlement with the FTC on Friday. Under its terms Facebook must allow an independent watchdog to make regular privacy inspections for the next 20 years. It came just a day after Google was fined a record $22.5m (£14.4m) by the FTC for circumventing privacy protections on Apple's Safari web browser.
Facebook closed the verified apps program after just six months in December 2009, saying that it would extend "the idea of verification to apply to all of the applications on the Facebook platform". Facebook agreed to undergo privacy vetting for 20 years.
Scam: Cheap iPads advertised and used to lure buyers who are then robbed.
Scam: Cheap iPads advertised and used to lure buyers who are then robbed., sometimes at gun point. The latest scam comes from Uniontown, Fayette County and WTAE has the full story.
Police said two people who tried to buy iPads listed for sale on Craigslist were robbed in Uniontown, Fayette County. In each case, an iPad was being offered at a low price, and the interested buyers were lured for an in-person meeting. "However, when they arrived in Uniontown, they were instead met by armed men who, at that point, robbed them," Police Chief Jason Cox said. The incidents happened on Dunlap and Hickle streets.
Police told Channel 4 Action News investigator Paul Van Osdol that each victim was robbed of several hundred dollars. One was forced at gunpoint to withdraw money from an ATM. "The victims were pretty shaken up, and it was very clear they were totally unaware of what they were walking into," Cox said.
These types of scams appear to be happening all over the U.S. and all over the world too; we have heard reports of similar types of scams, not that long ago in the UK. That particular scam involved iPhone and iPads in sealed boxes which when opened were filled with water bottles or potatoes.
Deals like these are always a tempting way to grab yourself an iPad, iPhone or iPod touch at a knock down price but you must use a bit of common sense; if it sounds too good to be true, it usually is too good to be true so stay well away. If you can’t pass up on a deal, make sure you at least arrange to meet any potential sellers in a very public place, not in a car lot, late at night.
Police said two people who tried to buy iPads listed for sale on Craigslist were robbed in Uniontown, Fayette County. In each case, an iPad was being offered at a low price, and the interested buyers were lured for an in-person meeting. "However, when they arrived in Uniontown, they were instead met by armed men who, at that point, robbed them," Police Chief Jason Cox said. The incidents happened on Dunlap and Hickle streets.
Police told Channel 4 Action News investigator Paul Van Osdol that each victim was robbed of several hundred dollars. One was forced at gunpoint to withdraw money from an ATM. "The victims were pretty shaken up, and it was very clear they were totally unaware of what they were walking into," Cox said.
These types of scams appear to be happening all over the U.S. and all over the world too; we have heard reports of similar types of scams, not that long ago in the UK. That particular scam involved iPhone and iPads in sealed boxes which when opened were filled with water bottles or potatoes.
Deals like these are always a tempting way to grab yourself an iPad, iPhone or iPod touch at a knock down price but you must use a bit of common sense; if it sounds too good to be true, it usually is too good to be true so stay well away. If you can’t pass up on a deal, make sure you at least arrange to meet any potential sellers in a very public place, not in a car lot, late at night.
Chrome Browser Tightens Security With Flash Player
www.tech-sanity.com
Google’s latest version of the Chrome web browser offers an even more secure, tightly sandboxed version of the browser’s Flash Player plugin.
If you haven’t already updated you can download Chrome 21 from Google. Existing users may need to restart their browser for any updates to apply.
At the moment the Flash Player improvements are only available to Windows users, but the change does apply to the entire Windows spectrum, covering everything from Windows XP (where Chrome is the only option if you want to keep Flash sandboxed) to the coming Windows 8.
As Chrome Software Engineer Justin Schuh writes on the Chromium blog, “Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available.”
The Flash update sees Chrome dropping the older Netscape Plugin API — which browsers have long relied on for plugin security — in favor of Google’s own Pepper Plugin API (PPAPI). Since PPAPI has a tighter sandbox it makes it harder to exploit Flash, but Schuh says the new architecture will make Flash more stable as well. “By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.”
There are also performance gains since the PPAPI offloads some of the display work to your PC’s GPU, which makes for faster rendering and smooth scrolling. The new Pepper API also means Flash will work in Windows 8′s don’t-call-it-Metro mode.
Google says that it’s working on bring the same Pepper-based sandboxing to Chrome for Mac OS X and hopes to “ship it soon” (Linux users have enjoyed PPAPI-based Flash Player since Chrome 20).
Google’s latest version of the Chrome web browser offers an even more secure, tightly sandboxed version of the browser’s Flash Player plugin.
If you haven’t already updated you can download Chrome 21 from Google. Existing users may need to restart their browser for any updates to apply.
At the moment the Flash Player improvements are only available to Windows users, but the change does apply to the entire Windows spectrum, covering everything from Windows XP (where Chrome is the only option if you want to keep Flash sandboxed) to the coming Windows 8.
As Chrome Software Engineer Justin Schuh writes on the Chromium blog, “Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available.”
The Flash update sees Chrome dropping the older Netscape Plugin API — which browsers have long relied on for plugin security — in favor of Google’s own Pepper Plugin API (PPAPI). Since PPAPI has a tighter sandbox it makes it harder to exploit Flash, but Schuh says the new architecture will make Flash more stable as well. “By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.”
There are also performance gains since the PPAPI offloads some of the display work to your PC’s GPU, which makes for faster rendering and smooth scrolling. The new Pepper API also means Flash will work in Windows 8′s don’t-call-it-Metro mode.
Google says that it’s working on bring the same Pepper-based sandboxing to Chrome for Mac OS X and hopes to “ship it soon” (Linux users have enjoyed PPAPI-based Flash Player since Chrome 20).
Facebook asks it users for help so they can combat phishing scams.
www.tech-sanity.com
Facebook wants to fight back against phishing attacks targeting its users, so it is asking users to begin forwarding any suspicious emails they receive.
Facebook has set up an email account to collect info on phishing attacks. If you receive a suspicious email message, Facebook asks you to forward it to [email protected]
“This new reporting channel will complement internal systems we have in place to detect phishing sites attempting to steal Facebook user login information,” Facebook wrote in a post describing the effort. “The internal systems notify our team, so we can gather information on the attack, take the phishing sites offline, and notify users.”
Security has become a big deal for Facebook in recent months. In July, the site was updated to automatically alert users whose computers were infected with malware, and to lock their Facebook accounts until the infected computers were properly cleaned.
Back in April, Facebook partnered with security and antivirus companies to offer free six-month trial downloads of antivirus software.
Facebook wants to protect its users as well as itself. Attackers spread malware via social networking sites, and there is evidence that the number of attacks targeting Facebook and other social networking sites is increasing.
A recent study by the Anti-Phishing Working Group found that six percent of all phishing attacks in the first quarter of this year targeted social networking sites. Adding to this, Facebook itself has admitted that 83 million of its nearly one billion accounts are fake, some of which may be used for suspicious activity.
“Together we can help keep these sites off the web and hold the bad guys responsible,” Facebook says
The latest cyber-espionage tool is called Gauss and its nasty.
Fri, Aug 10 2012 03:16
| Security
www.tech-sanity.com
A new "cyber-espionage toolkit called Gauss has surfaced recently in the Middle East and is capable of stealing sensitive data such as browser passwords, online banking accounts, cookies and system configurations, according to Kaspersky Lab. Gauss appears to have come from the same nation-state factories that produced Stuxnet.
According to Kaspersky, Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.
In a nutshell, Gauss launched around September 2011 and was discovered in June. Gauss, which resembles Flame, had its command and control infrastructure shut down in July, but the malware is dormant waiting for servers to become active. Kaspersky noted in an FAQ:
There is enough evidence that this is closely related to Flame and Stuxnet, which are nation-state sponsored attacks. We have evidence that Gauss was created by the same "factory" (or factories) that produced Stuxnet, Duqu and Flame.
Among Gauss' key features:
A new "cyber-espionage toolkit called Gauss has surfaced recently in the Middle East and is capable of stealing sensitive data such as browser passwords, online banking accounts, cookies and system configurations, according to Kaspersky Lab. Gauss appears to have come from the same nation-state factories that produced Stuxnet.
According to Kaspersky, Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.
In a nutshell, Gauss launched around September 2011 and was discovered in June. Gauss, which resembles Flame, had its command and control infrastructure shut down in July, but the malware is dormant waiting for servers to become active. Kaspersky noted in an FAQ:
There is enough evidence that this is closely related to Flame and Stuxnet, which are nation-state sponsored attacks. We have evidence that Gauss was created by the same "factory" (or factories) that produced Stuxnet, Duqu and Flame.
Among Gauss' key features:
Here Comes More Android Malware so be Aware.
www.tech-sanity.com
Googles Android OS is the mobile operating system most plagued by malware. It might not come as a surprise then that cyber criminals are taking advantage of the 2012 Summer Olympics as an opportunity and a cover-up for more malware.
Anti-malware and anti-virus solutions provider Webroot has issued a warning that because there are so many events happening at one time during the Olympics, it might be all the more tempting when viewers find an app available that focuses on one or just a few.
This goes hand-in-hand with some other cyber threats attached to the Olympic Games that can really affect even just the casual viewer. RSA recently published some tips on dealing with Olympic-themed phishing emails as well as social media alerts that are disguised in order to steal personal information.
Webroot researchers cited an app app called "London Olympics Widget," which is described as an app that displays aggregated Olympic news coverage.
In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too.
Webroot goes into the nitty gritty details about permissions hidden in the underlying code as well as the digital certificate, but the bigger lesson here is to be extremely careful when it comes to downloading apps.
Despite some disputes about this, Android is still an open source platform at heart, which is what makes the mobile OS quite vulnerable in the first place.
Furthermore, Google Play and the Amazon Appstore don't screen every app available in these digital app stores for malicious code until they are reported. You don't really want to become the test case.
Webroot advises that consumers should take a close look at the author of the app and then search the name to see if it is in fact a reputable company and/or developer, as seen in the photo above.
During a session at Google I/O in June, Android security engineers also stressed several tips for the developer side of things that could instore more confidence for consumers as well, including offering a transparent privacy policy.
Googles Android OS is the mobile operating system most plagued by malware. It might not come as a surprise then that cyber criminals are taking advantage of the 2012 Summer Olympics as an opportunity and a cover-up for more malware.
Anti-malware and anti-virus solutions provider Webroot has issued a warning that because there are so many events happening at one time during the Olympics, it might be all the more tempting when viewers find an app available that focuses on one or just a few.
This goes hand-in-hand with some other cyber threats attached to the Olympic Games that can really affect even just the casual viewer. RSA recently published some tips on dealing with Olympic-themed phishing emails as well as social media alerts that are disguised in order to steal personal information.
Webroot researchers cited an app app called "London Olympics Widget," which is described as an app that displays aggregated Olympic news coverage.
In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too.
Webroot goes into the nitty gritty details about permissions hidden in the underlying code as well as the digital certificate, but the bigger lesson here is to be extremely careful when it comes to downloading apps.
Despite some disputes about this, Android is still an open source platform at heart, which is what makes the mobile OS quite vulnerable in the first place.
Furthermore, Google Play and the Amazon Appstore don't screen every app available in these digital app stores for malicious code until they are reported. You don't really want to become the test case.
Webroot advises that consumers should take a close look at the author of the app and then search the name to see if it is in fact a reputable company and/or developer, as seen in the photo above.
During a session at Google I/O in June, Android security engineers also stressed several tips for the developer side of things that could instore more confidence for consumers as well, including offering a transparent privacy policy.
Warning: New Android malware tricks users with real Opera Mini
www.tech-sanity.com
A new piece of malware is trying to take advantage of Opera's popularity as a mobile browser alternative on Android smartphones.
read on ……
A new piece of malware is trying to take advantage of Opera's popularity as a mobile browser alternative on Android smartphones.
read on ……
Security flaws signal early death of Windows Gadgets
www.tech-sanity.comMicrosoft is speeding up plans to kill off the Windows Gadget platform after receiving word that serious security vulnerabilities will be disclosed at the upcoming Black Hat security conference.According to a brief abstract from the Black Hat site, researchers Mickey Shkatov and Toby Kohlenberg plan to discuss weaknesses associated with Windows Sidebar and Gadgets and demonstrate
Microsoft patches 23 Windows flaws, warns of risk of code execution attacks
www.tech-sanity.com
Microsoft released more security patches today to fix multiple dangerous security flaws that expose billions of Windows users to remote code execution attacks.
The Patch Tuesday batch for May 2012 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.
The company is urging Windows users to pay special attention to MS12-034, a “critical” bulletin that patches 10 distinct security holes. Three of these vulnerabilities have already been publicly disclosed and Microsoft expects to see working exploit code released within 30 days.
The vulnerable code in the MS12-034 bulletin is linked to the Duqu malware that was used to spy on high-profile targets in Iran.
Microsoft released more security patches today to fix multiple dangerous security flaws that expose billions of Windows users to remote code execution attacks.
The Patch Tuesday batch for May 2012 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.
The company is urging Windows users to pay special attention to MS12-034, a “critical” bulletin that patches 10 distinct security holes. Three of these vulnerabilities have already been publicly disclosed and Microsoft expects to see working exploit code released within 30 days.
The vulnerable code in the MS12-034 bulletin is linked to the Duqu malware that was used to spy on high-profile targets in Iran.
Apple asking for ID security questions to increase security in IOS
www.tech-sanity.com
Apple is now prompting iOS users to create three security questions to improve account security in IOS. The additional measure is now a standard practice, and further protect your credit card information which is associated with your iTunes account We got asked for them yesterday when setting up a new account in iTunes desktop, and The Next Web has seen them pop-up on the iPhone as well.
Apple is now prompting iOS users to create three security questions to improve account security in IOS. The additional measure is now a standard practice, and further protect your credit card information which is associated with your iTunes account We got asked for them yesterday when setting up a new account in iTunes desktop, and The Next Web has seen them pop-up on the iPhone as well.
Apple updates OS X Java to remove Flashback malware
www.tech-sanity.com
Apple has issued an update to Java for OS X that removes the Flashback malware which infected some 600,000 Macs worldwide. The number of Macs infected with the Flashback malware has plummeted in the last few days, antivirus vendor Symantec said today. As of Wednesday, Symantec estimated that approximately 270,000 Macs were infected with Flashback, down from a peak of more than 600,000 systems on April 6 and with this release from Apple no doubt this will be all but dead in a few days. Apple's recommending that OS X 10.6 users turn off Java in browsers entirely if they don't need it, but it's a little smarter in Lion: the update turns off support for automatically executing Java applets in Safari by default, and is pretty aggressive about it — if you turn automatic execution back on and don't use any applets for an "extended" period of time, the system will turn the permissions back off again. The update is available now in Software Update .
Apple has issued an update to Java for OS X that removes the Flashback malware which infected some 600,000 Macs worldwide. The number of Macs infected with the Flashback malware has plummeted in the last few days, antivirus vendor Symantec said today. As of Wednesday, Symantec estimated that approximately 270,000 Macs were infected with Flashback, down from a peak of more than 600,000 systems on April 6 and with this release from Apple no doubt this will be all but dead in a few days. Apple's recommending that OS X 10.6 users turn off Java in browsers entirely if they don't need it, but it's a little smarter in Lion: the update turns off support for automatically executing Java applets in Safari by default, and is pretty aggressive about it — if you turn automatic execution back on and don't use any applets for an "extended" period of time, the system will turn the permissions back off again. The update is available now in Software Update .
Botnet Kelihos is active, but Kelihos is dead.
Sat, Feb 4 2012 05:25
| Security
Microsoft currently testing its own smartphone, says WSJBy Sam Byford on November 2, 2012 12:51 am Email @345triangle98COMMENTS34LikeTweet140This page has been shared 140 times. View these Tweets.85inShareMicrosoft surprised the world earlier this year when it moved into producing its own computer hardware with the Surface, but the company's plans may not stop there. According to the Wall Street