Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday, December 6, 2016

Microsoft, YouTube, Facebook & Twitter - Working On Anti-Terrorism Database


Four of the biggest social networks, Twitter, Microsoft, YouTube and Facebook are going to be working together to build a database of photos and videos used to recruit people into terrorist organizations.

This shared database will identify images via a unique digital footprint, making it easier for them to identify and remove any imagery related to terrorism. Shared hashes will be used to help identify potential terrorist content on the mentioned social networks.
They said that hopefully this collaboration will lead to greater efficiency of helping to curb the global issue of terrorist content online.
A joint blog post by the 4 companies states:
“There is no place for content that promotes terrorism on our hosted consumer services. When alerted, we take swift action against this kind of content in accordance with our respective policies”.

Not the First Collaboration of Its Kind:

Exactly an year earlier, these big names had collaborated before as well to identify and remove child pornography from the internet using a similar technique. This technique was developed by the UK’s Internet Watch Foundation.
The companies said that the content flagged by the database will not be automatically removed from the platform, but instead it will be reviewed by each company, and by reviewing its policies it will be decided whether if it violates the company’s terms of service.
The companies also said that throughout this collaboration they will do their best to protect the users’ privacy and their ability to express themselves freely and safely on each of the mentioned platforms.
“We also seek to engage with the wider community of interested stakeholders in a transparent, thoughtful and responsible way as we further our shared objective to prevent the spread of terrorist content online while respecting human rights”
via The Verge 

Monday, November 21, 2016

Qualcomm Reveals Snapdragon 835 - collaboration with Samsung


With the year nearing its end, the famous smartphone chip maker Qualcomm just announced their next year’s flagship processor, the Snapdragon 835.
Qualcomm has joined hands with Samsung to bring its next biggest processor that will eventually end up powering the next wave of mobile devices.

Improvements Over Snapdragon 820/821

The company is collaborating with Samsung and utilizing its 10 nm FinFet technology to manufacture the Snapdragon 835. The new chip will perform better than its predecessors and use less power as well.
The new design promises an increase of 27 percent in overall performance and will consume 40 percent less power compared with Snapdragon 821.

Quick Charge 4.0:


You may be wondering that this collaboration with Samsung is not a coincidence. Qualcomm is going to introduce the next version of its Quick Charge technology named Quick Charge 4.0.
The next Quick Charge version will be complying with all the safety measures required for it to be approved by Google and with its partner in chip making, Samsung.
Quick Charge 4.0 will be about 20% faster than Quick Charge 3.o, found in smartphones with Snapdragon 820 and 821 processors. According to Qualcomm, Quick Charge 4.0 will get your device 5 hours of usage time with just 5 minutes of charging.

Better Availability and Better Safety Measures:

Quick Charge compliant cables and power adapters were also less common with smartphone companies often bundling a regular power adapter with their phones instead of Quick Charge compatible adapters. Customers had to buy the charger separately to be able to use the fast charging technology.
Qualcomm is going to remedy this problem by increasing the availability of Quick Charge-compliant adapters and cables next year with the release of Snapdragon 835 in future devices.
These are the safety measures that Qualcomm is looking to employ with Quick Charge 4.0:
"Quick Charge 4 comes with advanced safety features for both the adapter and mobile device. Protection is implemented at multiple levels and throughout the entire charging process to more accurately measure voltage, current, and temperature while protecting the battery, system, cables and connectors. An additional layer of protection is also being added to help prevent battery over-charging and regulate current throughout every charge cycle."
Via TechCrunch 

Wednesday, November 16, 2016

Whatsapp introduces Video Calling, 2 Factor Authentication and other new features



WhatsApp has finaly introduced the most awaited features Video Calling & 2 Factor Authentication (2FA) out of Beta version, we have reported earlier. The world’s most used instant messaging service has been getting new features recently. The updated GIF support, document sharing and different emoji for example. These quality of life changes were not in a particularly high demand, unlike video calling. 

The Most Demanded Feature:  

WhatsApp users have demanded video calling ever since the option to call other WhatsApp users has become available. It had some issues at the beginning but they were eventually resolved or diminished to some extent. The small changes mentioned earlier have been coming to the instant messaging app over the past few weeks. However these changes didn’t warrant as much attention as video calling is getting now.

WhatsApp has introduced a new security feature which is most popular with the security named "2 Factor Authentication" that fixes a loophole in the popular messaging platform.

WhatsApp allows users to sign up to the app using their phone number, so if an attacker wants to hijack your WhatsApp account, they would require an OTP (One time password) send to your phone number.

The attacker can grab this OTP by diverting the SMS containing the passcode to their own computer or phone, using either a malicious app or SS7 vulnerability, and then log into the victim's WhatsApp account. The attack even works in case the phone is locked.

So in order to fix this issue, WhatsApp has now introduced Two-Step Verification (2SV) password feature for its Beta version for Android, which will help you lock down the WhatsApp set-up mechanism.


In other words, to reconfigure the WhatsApp account with two-step verification enabled, one must require not just OTP but also a 6-digit 2SV passcode set by the user.


How to Enable Two-Step Verification:



To enable two-step verification (2SV), you need to sign for the WhatsApp's Beta version, and follow these simple steps:

  1. Go to WhatsApp Settings → Account → Two-step verification.
  2. Click enable, set a 6-digit passcode and re-confirm it.
  3. On next screen, enter your email ID (optional) to enable passcode recovery via email. (It's recommended to use email as backup so that you're not locked out of your account if you forget your passcode.)
  4. Hit "Done, " and you are all set to go.
So, next time when you reconfigure your WhatsApp account on your new phone or want to add a new phone number to your account, the messaging app will require you to enter and confirm this six-digit secret code.

Providing your email address is optional, which if enabled, will help you reset your passcode when you forget it. Here's what WhatsApp explained about email option:

"We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you are not locked out of your account if you forget your passcode. If you receive an email to disable two-step verification but did not request this, do not click on the link. Someone could be attempting to verify your phone number on WhatsApp."


Forget your passcode after setting it months ago?

For helping you remember your 2SV passcode, WhatsApp will periodically ask you to enter your passcode, and there is no option to opt out of this without disabling the 2SV feature.


For now, the feature is available only on WhatsApp beta version, and the company will start rolling out two-step verification with the release of a stable version for both the iOS and Android for over 1 Billion users in the coming weeks.


To enjoy two-step verification, you can sign up to become a beta tester and update to WhatsApp (Beta) version 2.16.346 straight from the Google Play Store.


Once signed up, your smartphone will be automatically updated to the WhatsApp Beta version in the next app update cycle.

Monday, October 24, 2016

Million Hacked IOT Devices broke the internet


A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

But how the attack happened? What's the cause behind the attack?


Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack.

Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH.


According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS.


Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks.


Since the source code of Mirai Botnet has already made available to the public, anyone can wield DDoS attacks against targets.


This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday.


"Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks," Flashpoint says in a blog post.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.


Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks.


An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.


In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.


According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

Most Popular DNS Server 'Dyn' attacked by DDOS - Popular Sites get offline




Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one such attacks that cause a massive damage to any service.


Recently, the Internet witnessed a record-breaking largest DDoS attack of over 1 Tbps against France-based hosting provider OVH, and now the latest victim of the attack is none other than Dyn DNS provider.

A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Ycombinator.


DNS act as the authoritative reference for mapping domain names to IP addresses. In other words, DNS is simply an Internet's phone book that resolves human-readable web addresses, like thehackernews.com, against IP addresses.


Dyn DNS is used by many websites and services as their upstream DNS provider, including Twitter, Spotify, SaneBox, Reddit, Box, Github, Zoho CRM, PayPal, Airbnb, Freshbooks, Wired.com, Pinterest, Heroku and Vox Media properties.


All of these sites and services are reportedly experiencing outages and downtime, either completely or partially.

According to Dyn DNS, the DDOS started at 11:10 UTC and is mostly affecting its customers in the East Coast of the United States, specifically Managed DNS customers.

"We are aware of the ongoing service interruption of our Managed DNS network. For more information visit our status page," Dyn tweeted.
At the time, it's not clear who is behind this DDoS attack, but the company said its engineers are working on "mitigating" the issue.


Here's the statement posted by Dyn on its website:

"This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.


Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.


Customers with questions or concerns are encouraged to reach out to our Technical Support Team."
What websites are down for you? Let us know in the comments below.

Thursday, October 13, 2016

Hackers are spreading Malware through Fake Security Tools


Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services.

But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible.


Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity, which has put a lot of efforts in targeting users of software designed for encrypting data and communications.

The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites.


Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or redirect them to attacker-controlled downloads.


The StrongPity APT group has managed to infect users in Europe, Northern Africa, and the Middle East and targeted two free encryption utilities in different attacks: WinRAR and TrueCrypt.


WinRAR and TrueCrypt are long popular within security and privacy conscious users. WinRAR is best known for its archiving capabilities that encrypting files with AES-256 crypto, while TrueCrypt is a full-disk encryption utility that locks all files on a hard drive.

By setting up fake distribution sites that closely mimic legitimate download sites, StrongPity is able to trick users into downloading malicious versions of these encryption apps in hopes that users encrypt their data using a trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted data before encryption occurred.

"The problem with people depending on tools like this isn’t the strength of the crypto, but more about how it's distributed," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "This is that problem that StrongPity is taking advantage of."

Booby-Trapped WinRAR and TrueCrypt Downloads:


The APT group previously set up TrueCrypt-themed watering holes in late 2015, but their malicious activity surged in end of summer 2016.


Between July and September, dozens of visitors have redirected from tamindir[.]com to true-crypt[.]com with unsurprisingly almost all of the focus on computer systems in Turkey, with some victims in the Netherlands.


However, in WinRAR case, instead of redirecting victims to a website controlled by StrongPity, the group hijacked the legitimate winrar.it website to host a malicious version of the file themselves.


The winrar.it website infected users mostly in Italy, with some victims in countries like Belgium, Algeria, Tunisia, France, Morocco and Cote D'Ivoire, while the attackers controlled site, winrar.be, infected users in Belgium, Algeria, Morocco, the Netherlands, and Canada.

Top Countries infected with StrongPity APT malware:


According to Kaspersky, more than 1,000 systems infected with StrongPity malware this year. The top five countries affected by the group are Italy, Turkey, Belgium, Algeria and France.


The StrongPity APT's dropper malware was signed with "unusual digital certificates," but the group didn't re-use its fake digital certificates. It downloaded components include a backdoor, keyloggers, data stealers and other crypto-related software programs, including the putty SSH client, the filezilla FTP client, the Winscp secure file transfer program and remote desktop clients.


The dropper malware not only provides the hackers control of the system, but also allows them to steal disk contents and download other malware that would steal communication and contact information.


Therefore, users visiting sites and downloading encryption-enabled software are advised to verify both the validity of the distribution website as well as the integrity of the downloaded file itself.


Download sites that not use PGP or any strong digital code signing certificate are required to re-examine the necessity of doing so for the benefits of them as well as their own customers, explained Baumgartner.

Wednesday, October 5, 2016

The Internet Has a New Controlling Authority & It’s Not the U.S


The Government of United States has handed over the control of the Internet Assigned Numbers Authority (the internet’s address book) to ICANN, an independent international body made up of a number of governments, corporations and individual users.


What is Internet Assigned Numbers Authority (IANA)?

The IANA manages the allotment of IP addresses all over the globe. It also delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities.
In simple terms, the IANA is a database that stores all the domain names on the internet. For example, if you type “propakistani.pk”, the IANA is responsible for directing you to our website.

Who owns the IANA now?

Initially, IANA was established as an informal way to reference to various technical functions for the ARPANET by Jon Postel and Joyce K. Reynolds. They alone were responsible for managing the IANA from 1988 to 1998.
In 1998, the Department of Commerce created ICANN, a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases. With participants from all over the globe, the organization’s purpose is to keep the Internet secure, stable and interoperable.
After Postel’s death in 1998, they granted ICANN a contract to manage the IANA. ICANN was to get the full ownership of IANA eventually, but the process was bogged down due to politics. Numerous political leaders from the Republican Party, including Ted Cruz, have opposed this move. However, ICANN finally approved a transition plan this year.
On the 1st of October, a judge ruled in favor of the plan, allowing it to move forward. As of this moment, the ICANN is now the official owner of the IANA.

Thursday, September 29, 2016

Facebook Releases 'OSquery' Security Tool for Windows


OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.


But now the social network has announced that the company has developed a Windows version of its osquery tool, too.


When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.


Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.


In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.


This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.


This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.


So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.


"As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security," reads the earlier version of Facebook's blog post provided to The Hacker News.


"We saw the long-held misconception of 'security by obscurity' fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."


To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.


You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.

Apple Tracks Chatting using iMessage & Shares Data with Police


Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not.


End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that information with law enforcement via court orders.


According to a new document obtained by The Intercept, Apple records a log of which phone numbers you typed into their iPhone for a message conversation, along with the date and time when you entered those numbers as well as your IP address, which could be used to identify your location.

Actually, every time a user type a phone number into their iPhone for a message conversation, iMessage contacts Apple servers to find out whether to route a given message over the iMessage system.

"Apple records each query in which your phone calls home to see who's in the iMessage system and who's not," The Intercept reports.

Moreover, the company is compelled to turn over this information to law enforcement with a valid court order — generally "pen registers" or "tap and trace devices" warrants that are very easy to obtain.


Pen register warrants are routinely being used to compel telephone companies to provide metadata about customers' phone calls to law enforcement.


Apple Logs Your IP Address (Location)


But it’s surprising that Apple, which has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, hands over its users' information on iMessage contacts under such warrants.


The report also points out that keeping logs of users IP address that could be used to reveal one’s actual location is contrary to Apple's 2013 claim that the company "do not store data related to customers' location."


The Intercept obtained the document, titled 'iMessage FAQ for Law Enforcement,' about Apple's iMessage logs as part of a much larger cache originating from within a state police agency, "The Florida Department of Law Enforcement's Electronic Surveillance Support Team."

The team facilitates mass data collection for law enforcement using controversial tools such as Stingrays, along with the help of conventional techniques like pen registers and tap and trace devices warrants.


Although your iMessages are end-to-end encrypted, it doesn’t mean that all Apple users are enjoying the company's so-called privacy benefit.


If you have enabled iCloud Backup on your Apple devices to keep a backup of your data, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by Apple, and not you.


So, Apple can still read your end-to-end encrypted iMessages, if it wants.


Even if you trust the company that it won't provide your decrypted data to law enforcement (just don't forget San Bernardino case in which Apple helped the FBI with the iCloud backup of the Shooter's iPhone), anyone who breaks into your iCloud account could see your personal and confidential data.


Apple deliberately Weakens Backup Encryption


Fortunately, it is possible to store your backups locally through iTunes, though it is not such an obvious choice for an average user.


What's even worse is that a recent issue in the local password-protected iTunes backups affects the encryption strength for backups of devices on iOS 10, allowing attackers to brute-force the password for a user's local backup 2,500 faster than was possible on iOS 9.


Apple has already confirmed that the issue exists and that a fix would be included in an upcoming update.


However, in response to the latest report about iMessage logs, Apple provided the following statement:


"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."


The Florida Department of Law Enforcement still has to comment on the matter.