Posts tagged security

Beware of Philippines typhoon scams on social media, email

typhoon_scamSecurity experts are warning people to avoid scams linked to the deadly typhoon that swept the Philippines.

With thousands feared dead, many aid organizations and NGOs have been appealing for people to donate to rescue and relief efforts.

While there are several legitimate campaigns, security experts at Symantec warn that some scams are circulating online – scams that might not be apparent as such.

Emails have been sent out containing fake donation requests, along with social media pages that have been set up to direct people to make donations on compromised pages.

One email chain Symantec has tracked appears to come from a news anchor/reporter from a major news organization.

We’ve seen similar scams from “reputable” sources before, such as when someone sent out a fake breaking news email newsletter from CNN claiming to contain exclusive Snowden details.

To avoid becoming a victim, always be extra careful with opening unwanted emails, make sure the organization or sender is authentic and never send your personal details to someone over email.

Have you seen any online scams related to Typhoon Haiyan?

Android KitKat ‘not really’ more secure: expert

Android - still has security risks..

Android – still has security risks..

When Google released the latest version of its Android operating system last week, KitKat, the company touted the OS was the most secure ever.

In several ways, it is.

The chocolate-bar-named mobile OS contains a new safeguard called OS hardening.

This security feature is designed to make it more difficult for a hacker or malicious app to get root access to your phone or tablet. That being said, it will also make it more difficult for people who want to “root” their hone with different operating systems.

Another security feature is called “digital certificates,” designed to prevent so-called “Man-in-the-Middle” attacks.

Such a hack is when someone on the same wireless network you’re on, say – at a coffee shop, intercepts the data travelling between your phone and the Internet at large.

What could happen is that a website may appear to be the one you’re looking to pull up on your device, but it’s actually a fake that is pulling in your login details, for example.

But Kaspersky Lab researcher Stefan Tenase says these changes don’t really do much to address key Android security concerns.

On the Securelist blog, he writes that Android market fragmentation is still a big issue. That is, very few people are on the latest, most secure version of Google’s mobile OS. About 25 per cent of users are still on Android 2.3 – released ages ago.

And it’s up to carriers to release the update operating systems to users – which doesn’t always happen quickly.

Another big problem, Tenase says, is that people can still download and install apps from third-party app stores, which are often more vulnerable to malicious apps.

Are you worried about security on your Android device?

Maurice Cacho

Major password security flaw exposed in Chrome

Look out - your passwords are easily accessible in Google Chrome. Photo: Elliott Kember

Look out – your passwords are easily accessible in Google Chrome. Photo: Elliott Kember

People who use Google Chrome – and save their passwords in the browser – should be aware of a feature that critics are slamming as a major security flaw.

Security experts have found that the web browser stores passwords (saved by users) in an unencrypted format.

All someone needs to do is go into Chrome’s password settings page, accessible by typing this into the address bar: chrome://settings/passwords
The browser will show a list of websites requiring usernames that you’ve saved in Chrome and the hidden passwords beside each login. Just click the ‘Show’ button beside a blocked out password to reveal the actual password.

So if anyone got access to the computer, or if the right virus wound its way on to your laptop, the password can be easily exposed and then used maliciously.

While you may have created the most challenging password containing upper and lower-case characters, numbers and symbols, it could be useless.

The flaw was exposed by software developer Elliott Kember on his blog (see photo attached).

Since the “bug” got attention, it’s prompted a response from Justin Schuh, who works on Chrome’s security.

In a response written on Hacker News, he points out that saved passwords are only as secure as the password attached to the operating system of the computer in question.

So if you don’t have a password to log into your Windows or Mac computer, you probably should start locking things down. Also, you should avoid lending your computer out to “friends,” and don’t leave your laptop open – even if you’re just stepping away for a quick moment.

He goes on to write:

Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.

Microsoft enables Windows 8 Flash support in IE 10

Windows 8 users who often encountered broken websites due to Flash content being blocked in Internet Explorer 10 are in for some relief.

Microsoft says the latest version of IE 10, now available, will display Flash videos and games by default.

Flash content was always available for anyone who used the browser in Windows’ ‘Desktop mode’ however that meant many of us – myself included – would just use the operating system in the traditional view rather than the “immersive” live-tile view.

The update will also enable Flash for IE 10 on the watered-down version of Windows 8, better known as Windows RT.

In a blog post, IE group program manager Rob Mauceri said they believe that when sites “just work” in the latest web browser, the experience is better for everyone involved. Fantastic move – finally.

So why did they limit Flash content to sites on a special list in the first place? Apparently, that move was to improve performance.

Flash wasn’t completely banned on Windows 8. Websites could get themselves on a so-called ‘Compatibility View’ list which enabled site-specific content. To get on the list, developers had to prove their site didn’t hurt a computer’s responsiveness, performance and battery life.

At the same time, Flash is problematic when it comes to web security, with anti-virus firms like Kaspersky often finding bugs and exploitable holes.

Then again, is any web browser ever secure? Apparently not.

Chrome, Firefox and Internet Explorer were compromised at the annual Pwn2Own hacker conference. According to a blog post from Sophos, all three browsers were cracked.

Which web browser do you prefer to use?

 

Malicious Android app can copy photos, listen to conversations

This Android app claims to speed up your phone and remove any apps slowing it down - not so!

This Android app claims to speed up your phone and remove any apps slowing it down – not so!

Security experts are warning of a new Android app that claims to clean and protect your phone, but will actually share your phone’s photos and record your conversations.

The app, going by the names of DroidCleaner and SuperClean in the Google Play store, have raised red flags over at Kaspersky Lab.

In the app store, the app even has a fairly high rating of 4.5/5, along with several five-star ratings. For those users out there running older or slower (cheap) Android phones, this malicious app could seem like an easy way to speed things up.

In fact, Kaspersky Lab said in a release that this piece of malware has the most “extensive feature set” they’ve ever found.

They say that this isn’t the usual flavour of malicious Android apps, which are known for sending texts to your contacts and hijacking your mobile web browser.

These two apps get a little deeper into your digital life because they don’t just infect your phone, but your computer too.

Read more

Student expelled after hacking into school system lands IT security job

A Montreal Dawson College student who was booted from class after he found a bug in the school’s web portal has received a job offer from the very company that made the vulnerable software.

The school accused Hamad Al-Khabaz of launching a cyber attack after he found a vulnerability that could expose the personal information of students, such as their grades, student IDs and social insurance numbers.

Being a good student, the 20-year-old told the school about the glitch. Then, he found other problems and was eventually expelled back on Nov. 14.

Now, reports say the expelled student has been offered a job doing what he did best while in school – exposing security holes in software.

Read more

Spam hits five-year low while phishing scams target Facebook

fake_groupon_message_scamNoticing fewer emails in your inbox trying to sell Viagra, low-interest loans and payda

The Spam Evolution 2012 report from Kaspersky suggests the drop in spam is due to the widespread use of spam filters by pretty much everyone, whether it’s built in to Gmail or running on software on someone’s computer.y advances? The Internet security experts at Kaspersky Lab say the amount of spam landing in our mailbox has hit a five-year low.

But while the volume of unwanted junk mail is down, spammers are getting more creative to get you to read their messages. And they’re also using sites like Facebook.

While spammers used to send emails pretending to be from your web host or IT department asking for your login details, they’re finding new ways to grab your attention.

Read more

 

Musician poses as girl, offers a date to recover stolen iPhone

A screenshot from Nadav's OKCupid conversation. Photo via his website.

A screenshot from Nadav’s OKCupid conversation. Photo via his website.

A musician in New York City is reunited with his stolen Apple iPhone after using a dating app and posing as a girl looking for a hot date.

Nadav Nirenberg is a Jazz trombonist who lost his phone in the backseat of a cab on New Year’s Eve, while enroute to a gig.

Then the next morning, he found out that the thief was using a dating app – OKCupid – to send messages to potential dates.

At the same time, Nadav had been sending several emails and voicemails (because nobody answered) offering a “large reward” for the phone’s return.

Nadav also points out that it seems as though the thief never hacked into his Facebook account, nor did he crack through his own private email. The only activity the bad guy performed was message girls on OKCupid.

So the 27-year-old musician had an idea of his own to get the phone back by exploiting the thief’s weakness – girls.

Read more

Apple cracks top 10 computer vulnerability list, Microsoft off

Security experts at Kaspersky Labs have released their latest malware threat report, which suggests an interesting role reversal between major players Apple and Microsoft – along with major concerns surrounding Android.

In the Q3 “IT Threat Evolution” report, Kaspersky researchers released a top ten list of vulnerabilities for computer users.

For the first time ever, Microsoft was absent from this top ten list of vulnerabilities, while Apple wound up on it.

Read more

Phishing campaign spreading on Twitter via direct messages

If you received a vague direct message from someone on Twitter lately, you might want to ignore the link they’re sharing.

According to the security folks over at Kaspersky, a new version of an old phishing campaign is making the rounds on Twitter lately by encouraging users to click on links in direct messages.

The private messages sent just to you from a follower will say something like: “hey, someone is spreading nasty rumours about you” and include a shortened link.

I’ve probably received one a day this past week, so it’s no surprise that Kaspersky Lab Expert David Jacoby decided to look into this, as detailed in a blog post.

Read more

Go to Top