Privacy, Security Archive

5 Ways To Fight Mobile Malware

David Adams 2011-08-02 Privacy, Security 9 Comments

A new Trojan horse app has emerged to target Android devices, and this one's particularly creepy. The app records a user's phone calls and then uploads them to a remote server. The app was revealed Tuesday by security researcher Dinesh Venkatesan on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense. While this particular Trojan doesn't appear to be a threat in the wild--at least not for North American users--it's a good reminder of the growing threat of mobile malware.

How to Lock Down and Remote Kill a Lost Laptop

Submitted by estherschindler 2011-08-02 Privacy, Security 2 Comments

The cost of a data breach per year is on the rise, and a significant percentage of data loss is from stolen or lost company laptops. It’s time to act. Sandro Villinger describes how to determine if you’re doing enough to prevent such a disaster in your IT department by locking down or even remote wiping laptops, with details specific to most popular OSes.

Critical Vulnerability in Sun Java

Submitted by HAL2001 2011-07-12 Privacy, Security 20 Comments

ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.

Security Vendor Applauds LulzSec Attacks

Submitted by HAL2001 2011-06-28 Privacy, Security 29 Comments

In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. The company's CTO Andy Kemshall said: "I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blase attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"

LulzSec Calls it Quits

Thom Holwerda 2011-06-26 Privacy, Security 85 Comments

Well, after 50 days of causing amok on the web, the guys and/or girls behind LulzSec have called it quits last night. After hacking into the systems of various Arizona law enforcement agencies and releasing countless internal documents, they published a statement on Pastebin yesterday, dumping yet another boatload of data on The Pirate Bay, and announcing their disbanding.

LulzSec: ‘Just Because We Find it Entertaining’

Thom Holwerda 2011-06-17 Privacy, Security 116 Comments

Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.

RSA Admits SecureID Tokens Have Been Compromised

Guest post by anonymous 2011-06-07 Privacy, Security 9 Comments

RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman - one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process.

Sony Compromised, Again

Submitted by twitterfire 2011-06-03 Privacy, Security 31 Comments

"The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group's site. A release posted on LulzSec's page said the group has more, but can't copy all of the information it stole. The group also said none of the information it took from Sony was encrypted."

Sniff and Intercept Web Session Profiles on Android

Submitted by HAL2001 2011-06-02 Privacy, Security 8 Comments

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for Android and it works on WPA2.

Mac Protector: Fake AV Targets Mac OS X Users

Guest post by HAL2001 2011-05-19 Privacy, Security 26 Comments

"A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it. This time, the name of the rogue AV is Mac Protector, and the downloaded Trojan contains two additional packages. As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password."

New Exploit in PSN, Sony Takes Change-password Sites Offline

Submitted by sawboss 2011-05-18 Privacy, Security 28 Comments

Sony just restarted its Playstation Network, after the massive security fail dismissed as a 'hiccup' by Sony CEO Howard Stringer. Well, the PSN has barely been up two days, and a massive security oversight has already been discovered. Yes, Sony just got Sony'd. Again. Unbelievable.

Microsoft Investigates Current Threat Landscape

Submitted by HAL2001 2011-05-18 Privacy, Security 6 Comments

Microsoft published volume 10 of the its Security Intelligence Report which provides perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software. Microsoft found out that vulnerabilities in applications versus operating systems or web browsers continued to account for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities declined 22.2 percent from 2009. The exploitation of Java vulnerabilities sharply increased in the second quarter of 2010 and surpassed every other exploitation category that the MMPC tracks, including generic HTML/scripting exploits, operating system exploits, and document exploits.

Sony Suffers Another Major Security Breach

Thom Holwerda 2011-05-02 Privacy, Security 41 Comments

"Nikkei.com on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to Nikkei.com, Sony discovered the possible attack on Sunday."

Honeypot Android App Wreaks Vigilante Justice

David Adams 2011-03-31 Privacy, Security 41 Comments

If you download and use what appears to be a version of the commercial "Walk and Text" Android app from a file sharing site, you're in for a surprise. When you run it, it shows you that it's being "cracked" but it's really gathering information from your device, in preparation for an e-smackdown. It sends a bunch of personal information (name, phone number, IMEI) off to a server, and, just for lulz, text messages everyone on your contact list:

Samsung: Keylogger Claim Is Bogus, and We Can Prove it

Thom Holwerda 2011-03-31 Privacy, Security 36 Comments

Well, this clearly needs to get its own item. Yesterday we linked to a story about how Samsung is supposedly installing keyloggers onto its laptops to track user behaviour. Samsung immediately launched an investigation into the matter, and has come to a rather humbling conclusion: the guy coming up with the story is incompetent, and Samsung has the evidence to prove it.

Samsung Installing Keyloggers on its Laptops?

David Adams 2011-03-30 Privacy, Security 36 Comments

Hearkening back to the Sony Rootkit brouhaha from a few years ago, a security researcher is claiming in a Network World article that he detected factory-installed keyloggers in two brand new Samsung Laptops. Samsung has made no official response, but a tech support supervisor contacted by the author said that the keystroke logging software was installed by Samsung to "monitor the performance of the machine and to find out how it is being used."

RSA Breach: Reactions from the Security Community

Guest post by HAL2001 2011-03-20 Privacy, Security 16 Comments

RSA suffered a breach and data loss following an "extremely sophisticated cyber attack." Their investigation revealed that the information extracted from the company systems is related to its SecurID two-factor authentication products. The news of the incident spread through the community like wildfire and information security professionals are offering their take on this incident. We still don't know the technical details, but it's certain that RSA's brand has taken a big hit.

Pwn2Own Day 2: iPhone, BlackBerry Beaten

Submitted by gogothebee 2011-03-11 Privacy, Security 5 Comments

"After successful attacks on Safari and Internet Explorer 8 on Wednesday, the second day of Pwn2Own saw the iPhone 4 and then the BlackBerry Torch 9800 successfully exploited. The annual security competition allows researchers to win any systems that they successfully compromise, and also awards them cash rewards if those security flaws are still present in the latest version of the software."

pwn2own Day One: Safari, IE8 Fall, Chrome Unchallenged

Submitted by gogothebee 2011-03-10 Privacy, Security 20 Comments

"Fully patched versions of Safari and Internet Explorer 8 were both successfully hacked today at pwn2own, the annual hacking competition held as part of the CanSecWest security conference. If a researcher can pwn the browser - that is, make it run arbitrary code - then they get to own the hardware the browser runs on. This year, not only did they have to run arbitrary code, they also had to escape any sandboxes - restricted environments with reduced access to data and the operating system - that are imposed."

Spyware Compromises 150000+ Symbian Devices

Guest post by HAL2001 2011-02-23 Privacy, Security 10 Comments

A new variant of spyware "Spy.Felxispy" on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Centre of China. According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices. Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.