Apple’s new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday.
For one, if the iPad employs encryption the same way the iPhone does, sensitive personal data, including phone numbers and e-mail addresses, could be retrieved and viewed, says Daniel Hoffman, chief technology officer at SMobile Systems, which sells mobile security software.
“The problem with the iPhone security encryption is it is fundamentally worthless,” he said. “It can be easily bypassed.”
Hoffman is not alone in making that assessment.
Secondly, if iPad users get their apps from the Apps Store, they are at risk of getting the occasional bad apple, Hoffman said, noting that there have been malicious apps found in the store.
In addition, the device is subject to man-in-the-middle attacks like any other device that uses unsecured Wi-Fi networks is, he said. SMobile is developing a tool to protect against such attacks, in which someone is able to intercept Internet traffic mobile devices send over Wi-Fi networks and inject new messages while masquerading as a legitimate party in the communication.
The iPad also should have management capabilities, like the option of using a PIN or passcode, and remote lock or wipe in case of loss or theft, he said. The iPhone offers a service to help locate lost devices and provide remote wipe, but it’s pricey at about $100 per year.
“Until it’s officially released, we just won’t know on some of these things,” Hoffman said. “I would hope it would have remote wipe capabilities. People do mobile banking and store sensitive information and they want it protected.”
An Apple spokesperson did not respond to an e-mail seeking comment on Hoffman’s concerns.
Qualys is set to launch on Monday a free service for Web site operators that will scan their sites for malware.
As part of the service, QualysGuard Malware Detection crawls the pages of customer sites and looks for invisible iFrames, malicious JavaScript code, and other indications of a stealth threat to visitors and provides automated alerts and reports to Web site owners.
The company has profiled Internet Explorer 6 and Adobe’s Acrobat, Reader, and Flash Player to understand exactly what happens under normal conditions so it can quickly detect deviations that occur when malware is present, said Wolfgang Kandek, chief technology officer at Qualys.
Profiles and testing on additional apps will be forthcoming, he said. “We think (those apps) are what attackers typically have in their sights right now, but we will not stop there,” he said.
Google spinoff Dasient offers a free service that alerts Web sites when they appear on malware blacklists and a paid service that detects and quarantines malware on sites.
An invitation to find out about better sex is spreading virally around Twitter – but only leads to identity theft and malware
Thousands of Twitter users have seen their accounts hijacked after a viral phishing attack which sends out messages saying “this you??” or “hey, i’ve been having better sex and longer with this here” and other sex-related “direct” messages.
Among those who fell victim were the Press Complaints Commission and the BBC correspondent Nick Higham - and the Guardian’s head of audio Matt Wells.
Other victims included Ed Miliband, the environment [not transport] minister.
And First Direct, the bank, which hurried to assure people that “Only our Twitter account has been hacked” and that “no personal data has been compromised”.
The purpose of the attack, which began early on Thursday morning, is initially to draw people to the sites that hijack the accounts, and possibly install malware able to steal passwords on the user’s computer. Another purpose may be simple identity theft: because people often use the same passwords and usernames on multiple services, getting access to one service can provide access to others too.
But in the longer term, the purpose may be to put the infected sites into search engine results.
The web security company F-Secure suggests that “We think it could have something to do with some of the recent search engine deals that have been made. Yahoo announced that they’ll begin to include Twitter’s real-time feed into their search results and Facebook is now included in Google’s search results. The bad guys can use social networking trust to enhance their SEO [search engine optimisation] attacks.”
Even results from hot topics may lead to scams and infected sites, F-Secure warns: “Always be careful when searching for hot topics. This “sea world trainer killed” example is currently being used in SEO attacks and many results will lead directly to scamware.” It adds: “We expect to see fresh phishing attacks against Facebook before too long.”
The attack spreads from each compromised account by sending out a “direct message” to people who follow the user, or simply putting the message in their Twitter feed. Anyone who then clicks on the links - whose destination is hidden by the use of a “URL shortener”, which provides a shortened version of the link so that people are unaware of where the link actually takes them - is then at risk of having their account and machine taken over.
Twitter users are advised to follow Twitter safety account, which provides advice when such scams are spreading.
Twitter’s status blog last night warned
“While simply receiving this message does not mean your account is compromised, if you do click through and enter your username and password, you’ll want to change your password. If you’ve received this type of spam from a friend, you may want to alert them to change their password.”
Such “phishing attacks” are increasingly common on both Twitter, where URL shortening - usually required to make standard URLs fit into the 140-character limit of the service - makes it harder to guard against dangerous links.
Account-shortening services such as bit.ly can block dangerous links, but only after they are alerted to them. The other option is to inspect the link before clicking on it - which the Twitter web page and Tweetdeck, a cross-platform program, do allow.
Spam and phishing attacks are a continual problem for Twitter, which is comparatively easy to join.
Graham Cluley of Sophos has posted a video showing how the hack is done to anyone incautious enough to click on the link.
The site hosting the attack that Cluley points to is kevanshome.org, which is hosted in China; and the front page of the site is an exact copy of News Corporation’s MySpace – even down to the copyright notice.
This week’s arrests of three men in connection with one of the world’s largest computer-virus networks may seem like great news — perhaps even a sign authorities are starting to win the war against cyberthieves.
But the real situation is more complicated.
Internet crime is up, but arrests of “mastermind” hackers are rare. And the whole get-the-bad-guys effort, while it makes for good drama, is a futile way to secure the Internet, some computer security experts say.
“The virus writers and the Trojan [horse] writers, they’re still out there,” said Tom Karygiannis, a computer scientist and senior researcher at the National Institute of Standards and Technology. “So I don’t think they’ve deterred anyone by prosecuting these people.”
A Trojan horse is a seemingly innocuous piece of software that, once installed, gives malicious users access to a computer system.
It would be smarter, Karygiannis said, to develop new anti-virus technologies and to teach people how to protect themselves from Internet crime.
On Wednesday, Spanish authorities announced the arrests of three men in connection with a “botnet” network of nearly 13 million infected computers, which is believed to be one of the largest in the world. The infected network, called Mariposa, or “butterfly” in Spanish, was used to steal financial or personal information from people in at least 190 countries.
Botnets are networks of compromised, or “robot” computers controlled by a master for the purpose of stealing data or perpetrating other online crimes.
Some see the arrests as a sign that technologists and law enforcement officials are getting better at tracking large virus networks back to the people who author and propagate them.
Internet thieves use certain software to steal personal data over the internet. When getting access to private data the criminal will be able to use the personal information of a certain victim. The personal data which is commonly stolen is: birth date, address, security number, credit card number, etc.
There is another method used to get personal data. Thieves use web linkages to make sure that people’s private data is gathered. The process consists in typing some sort of Social Security Number; after that they connect to search engines. After everything is done, they will get the information through all possible identification.
Another way used by the criminals is creating fake websites; when subscribing on that site, personal data is gathered by the criminal.
People should know that any public computer has more than one user. If you buy something from a public machine it will leave a cookie on it, so anyone who would be interested could access that cookie and learn your personal information. Also, they could buy things from the same online store in your name.
Criminals also use encryption software which helps them figure out credit card numbers. A victim’s number will be easily found with encryption software so watch out.
Your credit card sending over the internet will not be completely safe until you send it through an online store that has a padlock icon. The padlock icon is located in the lower corner of the web browser.
Internet thieves have the goal of managing people’s personal account, spending their money, and steal their identity to use it in their own benefit.
Sometimes, the credit card used by a certain thief cannot sustain what they are buying so they are left in the situation to find another victim with a credit card that will ensure their transactions.
Unfortunately, internet stealing has improved and become a very profitable job for a lot of people. Hackers and criminals have improved their methods to gain access to information all over the globe.
If you want to prevent any identity stealing you should be very careful when making transactions online. Also, using high-speed broadband is safer when visiting websites because it makes your computer more flexible against hackers.
Researchers at network forensics firm NetWitness Corp., have discovered evidence that the Zeus Trojan continues to evade antivirus and steal thousands of passwords on consumer and corporate network PCs.
Investigators said they discovered a 75GB cache, believed to be a hacker drop site tied to the Zeus infections. The cache contained the stolen data from more than 74,000 Zeus infected systems. The hacker files, a one month dump of data from mid-December to mid-January, were discovered Jan. 26 during a routine evaluation of a corporate network. Alex Cox, a principal analyst at NetWitness and researcher who discovered the cache, said he traced a malware download from the corporate network back to a server in Germany, which was left unprotected by the cybercriminals.
NetWitness named the infected PCs tied to the latest wave of Zeus attacks the Kneber botnet. Zeus collected extensive data from individuals at commercial and government systems, including 68,000 corporate login credentials, 2,000 SSL certificate files, and usernames and passwords for online banking sites and social networks. The most common stolen account credentials were usernames and passwords to Yahoo email and Facebook accounts.
“There was a lot of indication that they had the vacuum cleaner turned on and were sucking up whatever the user was browsing to,” Cox said in an interview with SearchSecurity.com.
In some cases, Cox said the data dumps represented complete victim identities. Zeus is capable of stealing the protected store of a person’s PC. The protected store typically captures data entered into online forms such as names, dates of births, addresses and other sensitive information. There was also an indication that the data cache was still an active drop site for the hackers at the time of the discovery. The cache was taken down by the cybercriminals shortly after they discovered Cox accessing the data.
Sophos has announced a warning that a major attack against Twitter users this last weekend was designed to steal passwords and use hijacked accounts to spread money-making spam campaigns.
Still ongoing, the attack began on Saturday, as Twitter users found that fellow members of the micro-blogging network had posted messages disguised as humorous links, but actually aimed to phish passwords credentials from unsuspecting users.
Messages, which began with phrases such as “Lol. this is me??”, “lol , this is funny.”,”Lol. this you??” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a website based in China.
Sophos has made a YouTube video, which journalists and bloggers are free to embed on their own websites, demonstrating the attack.
“This phishing attack has been causing headaches for Twitter users all weekend, resulting in thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant, Sophos. “The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There’s nothing funny about the LOL attack - you have to be on your guard against clicking on the dangerous messages. if you’ve fallen foul of it, or find direct messages in your Sent box that you didn’t send, you must change your Twitter password immediately.”
Researchers at Sophos have found that the main attack of messages have been kept to direcy private messaging but have public feeds have been recently included.
Malicious code that mysteriously found its way onto an internal virtual print server took out nearly 800 computers used by the city of Norfolk, Virginia.
The code apparently was activated when workers shut down their computers, said Hap Cluff, IT director for the city of Norfolk. “It was triggered by the action of logging off,” he said.
The code nearly wiped out the C drives of the 784 affected computers and essentially deleted the Windows operating system. The contents of the system folders on those machines, normally about 1.5GB in size, shrunk to 500 MB, he said.
Cluff believes the code may have been a “time bomb,” possibly loaded a long time ago but set to activate on a specific date. “Someone could have done it who knows how long ago,” he said.
Cluff’s team noticed that computers were taking longer than normal to shut down around 4:30 p.m. on Feb. 9. Those machines could not then be restarted. After investigating, his team discovered that a virtual print server was pushing out malicious code. The team pulled the virtual server offline, scrubbed it and reverted it to a previous instance of the print server software, he said.
The code did not propagate in any other way, so once the server was offline, the code ceased to spread. “It never propagated by any other device, only that one server pushing out this code, and all it did then was destroyed Windows,” he said.
Attacks that simply destroy computer systems are rare these days, according to Andre DiMino, a co-founder of the malware tracking group Shadowserver Foundation. “Years back, [malware] used to be much more destructive: capable of wiping a hard drive and toying with the boot sector,” he said via instant message. “This hearkens back to those days.”
Ultimately, the only computers affected were those that were shut down during about an hourlong window, after which Cluff’s team noticed the problem and identified and shut down the server.
The code also affected 11 servers. Cluff believes those servers were affected when engineers who happened to be working on them the day of the attack logged off. The code was activated on those servers when the engineers logged off.
Because engineers wiped the virtual print server, they don’t know much about the code or where it might have come from. “Normally, when you see something like that, your mode is to stop it. You’re not worried about taking a picture. Now we’re going to reconsider that response,” he said. Particularly with virtual servers, it’s relatively easy to take a snapshot that can later be analyzed to learn more about the malicious code and potential vulnerabilities, he said.
Security measures such as the use of one-time passwords and phone-based user authentication - considered among the most robust forms of IT defenses — are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns.
Cybercriminals are using increasingly sophisticated tactics to outmaneuver security systems so they can steal customers’ log-in credentials and pillage their bank accounts, according to Gartner analyst Avivah Litan, who wrote the report.
Trojan horse programs lurking inside a customer’s Web browser can steal one-time passwords and immediately transfer funds, or intercept a transaction between a bank and a customer and make changes unbeknownst to the user or the bank, Litan said.
In cases where a bank uses a phone-based, “out of band” authentication system, criminals use call forwarding so that the fraudster, not the legitimate customer, gets the call from the financial institution, Litan said.
Banks need to quickly implement additional layers of security, she advised.
Because any authentication method that relies on a browser can be attacked and defeated, banks should start using server-based fraud detection to monitor transactions for suspicious patterns, Litan said. The goal is to monitor log-in, navigation and transaction activity to spot any abnormalities that suggest an automated program is accessing an application, she said.
For example, a European bank using that kind of monitoring technology discovered that a Trojan completes transactions much faster than a human would; a Trojan can take as little as one second to enter a money transfer amount and press OK, whereas a human would take 20 to 30 seconds.
Litan recommended that fraud monitoring tools be used to check for significant differences between online banking transaction patterns and a customer’s usual behavior.
The FBI’s Internet Crime Complaint Center reports that each week, the FBI sees several new cases opened involving complaints of cyberfraud.
Facebook has given users more control over who gets to see video, virtual cards and other digital content shared using third-party programs at the leading social networking website.
Content sharing tools the site launched for profile pages in December are being extended to applications that outside developers make for the online community, according to Facebook engineer Ray He.
“Maybe you don’t want all of your friends to see the humorous greeting card you just posted from an application,” He said. “Now, you can set that post to be viewable only by certain friends.”
In contrast, someone trying to rally support for a charity using a Causes application will be able to adjust privacy settings to spread posts as widely as possible.
“There are now granular privacy options that enable you to personalize the audience for each piece of content you share through applications,” He said in a blog post.
Drop-down menus near lock icons in a Publisher tool on profile pages let people select sharing options ranging from “everyone” to “only friends” and “custom.”
“These new controls give you the power to determine who sees the content you post to Facebook through any third-party application,” He said.
Content posted through outside applications without specified sharing preferences will default to “Posts by Me” settings designated at the social networking service.
“You may also start to see additional prompts in applications asking if you’d like to set privacy for certain pieces of content that differ from your default setting,” He explained. “The choice is yours.”
Facebook’s more than 400 million members are required to dictate settings with a software tool that lets them specify who gets to be privy to each photo, video, update or other piece of content uploaded to the website.
The tool lets Facebook members determine accessibility to posted content, such as status updates or pictures in categories designated “Friends,” “Friends of Friends,” “Everyone” and “Customized.”
Facebook members can select privacy settings for each post by using lock icons next to “share” buttons on profile pages.
Posts
Loading ...