Hacking, Security & Privacy News - Page 98
The Netherlands becomes the first country to pass net neutrality law
Well, the government of the Netherlands have become the first European country to pass a net neutrality law. What this does is prevents internet service providers (ISPs) from traffic management except in the cases of congestion and network security, it also includes restrictions on ISPs performing deep packet inspection and other similar wiretapping techniques.
June 2011 was when the law was formed, where the Netherland's parliament passed a motion to stop mobile operators from blocking VoiP calls over their networks, with the bill only re cently passing the Dutch senate. The provisions in the law extend to anyone providing Internet access services, forbidding the use of traffic-shaping based on application usage, unless they hinder access for other users by causing congestion.
This means that equal types of traffic will be treated equally, with an example like video streaming services owned by a provider cannot have unrestricted access, where Hulu may be restricted. If a user chews up too much bandwidth, before the ISP can take any action, the user must be alerted so that they have the time to remedy the situation.
Continue reading: The Netherlands becomes the first country to pass net neutrality law (full post)
New type of malware, "ransomware," locks up computers unless ransom is paid
Once again, I get to be the bearer of bad news in order to keep you, our reader, safe. This time I bring news of a new malware that is going around dubbed "ransomware" due to the fact it locks up your computer until you pay the ransom amount demanded. This isn't a completely new idea, but this is a new strain and variation.
This latest campaign is mainly targeting the UK and a few other European countries and claims that illegally downloaded music has been found on the computer. Due to this illegal material, the malware claims that "to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds."
The malware was spotted by security watch blog abuse.ch. According to them, the malware is delivered through an exploit known as "Blackhole." The ransomware also carries a payload of Aldi Bot which steals banking information. The message to take away here is to keep all your browsers and their add-ons up to date, as this is how Blackhole functions. Anti-virus isn't a bad idea either.
Another Mac security issue exposes Lion login passwords in plaintext
This year, so far, has not exactly been a stunning display for Macs. Between the Flashback malware and now this, it really shows just how weak the security of Mac OSX is. The latest blunder by Apple and its security team is that they turned on a debug log file which stores the user's password outside of the encrypted area.
If you were using FileVault prior to upgrading to Lion, it may be time to think about changing your passwords as this would affect you. FileValut 2 users (whole drive encryption) are not affected by this accident. Additionally, if you have Time Machine backups, the plaintext log file has stored your password for the long term.
Security researcher David Emery explains:
Continue reading: Another Mac security issue exposes Lion login passwords in plaintext (full post)
Kaspersky says Apple is 10 years behind Microsoft in terms of security
I'm sure there will be plenty of people who get up in arms over this, but I tend to agree. Apple is years behind Microsoft in terms of security because they have never had to worry about it since no one ever bothered to write malware or viruses for Macs due to their small market share. As it has increased, Macs has become a more attractive target.
Eugene Kaspersky, CEO of the influential Kaspersky security firm said:
For many years I've been saying that from a security point of view there is no big difference between Mac and Windows. It's always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.
Continue reading: Kaspersky says Apple is 10 years behind Microsoft in terms of security (full post)
20% of Macs house Windows malware
Most people think Macs are safe, and it's definitely a decision that sways some people when purchasing their latest kit. But, according to Sophos, one in five Macs actually harbors some kind of Windows-orientated malware.
The company looked at results over seven days from 100,000 Apple machines using its free anti-virus program, with 20-percent having one or more instances of Windows-based malware. Sophos have warned of this before, where last year they tested 50 USB drives lost in public. To their surprise, as well as mine, two thirds of these were infected. That's 33-percent! Seven of these owners of lost USB flash drives owned a Mac.
In their latest study, Sophos found that just 2.7-percent of the infected Macs actually contained harmful malware, with 75-percent of it being Flashback variants. Of the 20-percent harboring Windows malware, 12.2-percent carried Bredo, a three-year-old Trojan. Sophos does note that some machines contain malware samples that go back to 2007. Sophos have said the following:
Continue reading: 20% of Macs house Windows malware (full post)
A new Mac OSX Trojan exploits Word, not Java
A second Mac OSX Trojan has been discovered, but is likely not to be as widespread as the Flashback Trojan due to the process by which it infects the computer. As opposed to the Flashback Trojan which could be caught simply by surfing the internet, this new Trojan requires users to download a malformed Word doc.
Similar to the Flashback Trojan, this new Trojan requires no entering of a username and password so it could catch Mac users off guard. This Trojan should be less widespread due to the fact that users have to download a malformed Word document file. Once opened, it exploits Word and opens a backdoor for hackers to steal information or install further code.
The security vulnerability is actually pretty old. It comes from June 2009, so as long as you keep your Microsoft software up to date, you should be safe from this Trojan. With all of the recent outbreaks of Trojans, it won't surprise me if they start coming more frequently with more capabilities to do destructive things.
Continue reading: A new Mac OSX Trojan exploits Word, not Java (full post)
WARNING: Facebook Mobile for iOS and Android allows easy access to your login information
Once again, I get to be the bearer of bad news just to keep you, our reader, safe. Facebook's Mobile app for iOS and Android store your login information in a plaintext file that doesn't expire until the year 4001. The Facebook .plist file where your login data is stored could easily be swiped by a USB connection or via malicious apps.
Gareth Wright, a U.K.-based app developer for Android and iOS, is the discoverer of this bug. He discovered it after poking around in the application directories using the free tool iexplorer. He first found a plaintext Facebook Access token that was stored by DrawSomething and was able to query all of his data.
He then took a look at Facebook's directory where he found the .plist in question. He passed this file over to his friend and fellow blogger who, in the next few minutes, started posting status updates, sending private messages, and even liking websites. In other words, he had full control over the account.
Anonymous is up to no good: hacks Chinese government sites in protest
The group that everyone has secretly been cheering for has a new branch in China. An Anonymous China Twitter account was created late last month and endorsed by the official Anonymous account. Shortly after all of this, they went to work. Now hundreds of Chinese government, corporation, and other websites have been hacked.
A Pastebin post explains why they are doing this:
Hello, we are Anonymous.
Continue reading: Anonymous is up to no good: hacks Chinese government sites in protest (full post)
Anonymous at it again, this time threaten Operation: BLACKOUT, where they'll take the Internet down on March 31
Collective hacking group Anonymous are at it again, this time threatening more than just SOPA, PIPA or Facebook. This time they're threatening to take down the entire Internet. This is said to be as a protest to SOPA, Wall Street, the world's irresponsible leaders, and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun.
While I agree with most of those points, why threaten if you can't go through with it? I shouldn't laugh, but I'd cry if the Internet went down on March 31st. So, Anonymous are now saying they "will shut the Internet down" on March 31st. They go into detail, where "in order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet, those servers are as follows:"
A 198.41.0.4
iPhone password cracking easier than you think
A report was released last fall that claimed using a single repeating digit was a stronger pin code for your iPhone than using unique digits. All bets are off, however, when you are dealing with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.
Just last week, the company released a video showing just how simple it is to crack an iPhone or Android device that is password protected. The video, which you can see below, documents a process where the company spokesperson uses an application called XRY and accesses the contents of the mobile phone in less than two minutes.
Immediately, all user information becomes available. This information includes GPS location, call history, contacts, and messages. The software doesn't use a flaw put there by the manufacturer. Instead it uses a brute-force method to try all of the combinations to guess the correct password. It's more akin to jailbreaking than hacking.
Continue reading: iPhone password cracking easier than you think (full post)