Tag: security

Have an Android Phone, this Trojan will record your Phone Calls!

Are you somebody important, do you work in a big corporation, or even for the government? Do you have an Android Phone? You might consider changing devices after reading this article. A new trojan app / bot that installs itself on any Android device via piggybacking over unknown source apps has found its way into the Android architecture. Ca Technologies found that this easily built app lookalike trojan records your conversations and installs like any other app.

There is no solid information weather this trojan has been released into the world, or if devices are already prey to such a menace. It goes to say some developer could easily capture your calls and upload them to a remote server. The brilliant part about it is that while installing you might get a warning stating that the app will record your calls, but who reads the terms page anyway?

Next time you are installing an App on your Android device , especially via an unknown source, or patched apps, make sure you go through the permissions page with vigilance.

[CA Technologies]

August 3, 2011
Mcafee Mobile Security and WaveSecure for Android
McAfee has issued a Press Release regarding its Mobile Security and WaveSecure security softwares for smartphones and tablets on the Android Platform. Read the full PR for more information.

[toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

McAfee today announced the it is extending its mobile device portfolio for consumers with McAfee Mobile Security and McAfee WaveSecure Tablet Edition. These mobile device offerings change the mobile security landscape by offering security safeguards that help consumers secure their mobile devices for personal use, commerce and work.

According to a mobile security report released last week by McAfee and Carnegie Mellon University titled, “Mobility and Security: Dazzling Opportunities, Profound Challenges,” respondents named their top three security concerns to be the loss of personal or work data through the accidental loss of a device, physical theft of the device, or loss of their data due to their device “crashing.” In addition, close to half of all respondents said they were using their smartphones both for personal use and work, demonstrating that consumers want more than just personal device security.

McAfee Mobile Security software, available for both smartphones and tablets, provides a comprehensive mobile security solution by combining three leading McAfee mobile security products: WaveSecure, VirusScan Mobile and SiteAdvisor® for Android. It is ideal for users who want protection for their data and privacy in the event of loss or theft, protection against the growing threats of viruses and spyware targeting mobile devices as well as protection from Web based threats, such as phishing sites that probe for personal and sensitive information.

With McAfee Mobile Security, consumers can now access the following features and functionality in a single download:
- Back-up and restore data to help protect sensitive information and irreplaceable photos. Even if the device is missing, it can be backed up before it is wiped clean of information.
- Protection against misuse (such as excessive phone charges) as well as safeguarding personal data with remote locking capabilities
- An audible alarm to help users find the device or disrupt a thief, and or pop-up a notification with instructions for returning the device
- Remotely remove data from a lost or stolen device via the McAfee Web portal, mobile Web portal or via a SMS message from a buddy device
- 24/7 real-time anti-malware protection against viruses, worms and spyware, Trojan horses and battery sapping malware
  - Protection from malicious Web sites, phishing, identity theft, and credit card fraud when shopping online. SiteAdvisor software for Android provides color coded site ratings appear right next to the search results, allowing Android users to confidently browse and search the mobile Web.
  - Management of mobile device protection allows consumers to quickly execute needed security tasks, backup, locate, wipe, etc. via the McAfee Web portal and simple device interface
  - All backed by McAfee Labs with its 24/7 global presence and dedicated team of threat researchers
The WaveSecure Tablet Edition offers Android users with WiFi the ability to find their missing device with alarm and location tracking, prevent misuse with remote lock and wipe and preserve important memories and personal data with remote backup, even from a lost or misplaced device. Users can also trigger an audible alarm to help them find the device or disrupt a thief, and send a brief SMS message with instructions for returning it.

“With device growth eclipsing PCs, consumers need tools to not only protect their personal information, but also to provide safeguards for business data should they decide to use that device for work,” said Todd Gebhart, senior vice president and general manager of consumer, small business and mobile, McAfee. “It’s far too easy to leave a mobile device in a cab or at the airport, which can mean lost photos, contacts and other important content. Also, the threats to mobile devices are in many ways the same as in the online world. Beyond device lost or theft, users can be hacked, infected or phished on a mobile device just as easily as they can online.”

Availability and Pricing:

McAfee Mobile Security and WaveSecure software are available in the following languages; Chinese (Simplified and Traditional), Dutch, English, French (European and Canadian), German, Indonesian, Italian, Japanese, Korean, Portuguese (European and Brazilian), Swedish, Spanish (European and Mexican) and Russian. McAfee Mobile Security software is available as an annual subscription of $29.99 USD per year from McAfee and the Android Market. McAfee WaveSecure software is available as an annual subscription of $19.99 USD from McAfee and the Android Market.

[/toggle]
July 12, 2011
SENTINEL – The First Women’s Security App

MindHelix Technologies LLP, a Kochi based IT company, has launched an app called SENTINEL which is the first app designed with women’s security in mind. The app can send instant alerts in case of any problems. A forced power-off of the phone or an improper exit of the application will trigger an alert to be sent. Prolonged signal loss will also cause a ‘fail safe’ alert SMS and email to be sent from the company’s server.

Co-Founder & CEO Christin Emmanuel George said

[quote]We want to add a direct emailing or texting to nearest police station as soon as possible. We hope to get their consent in receiving and acting on such information.[/quote]

According to a survey by Assocham Social Development Foundation, more than 53% of women feel unsafe in their workplace, especially at night. With crimes against the fairer sex on the rise, applications like these could provide a sense of security for women. Records show that crime rates against women have increased dramatically in the metros.

Sentinel can send multiple SMS and e-mail alerts to preconfigured numbers and e-mail ids. The alerts would include last known location, direction of travel, mode of transportation and vehicle number (which the user can enter). The app has been designed for smart phones including all devices with Android, Blackberry, Symbian, iOS and Java operating systems. The application was designed with the urban woman in mind and requires a continuous cellphone signal.

The free app can be downloaded from http://sentinel.mindhelix.com/

July 1, 2011
After 50 days of Hacking ; LulzSec Retires

On Saturday, the hacking group LulzSec, aka the Lulz Boat, said that it was ceasing operations. In what the group said was its final act, LulzSec also released a fresh set of stolen documents and files.

[quote]For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. said the group in a statement[/quote]

The group made its name after attacking a number of high visability targets recently, including Sony, the CIA’s website, and the U.S. Senate. It’s unclear if the group’s decision was made after its leader and chat logs were exposed, but the group makes a convincing argument that a 50-day hack-fest was planned the entire time.According to security experts, the group was disbanded due to increasing pressure from the law. Authorities in Britain last week arrested 19-year-old Ryan Cleary, who had been linked to LulzSec.

At least some of the group’s six members already appear to be continuing their work elsewhere.

June 28, 2011
DropBox Security Failure

On Monday, DropBox, the cloud storage giant revealed that for four whole hours on Sunday, its entire storage system was available to the public without providing a password. From 1:54PM to 5:41 PM their entire security system failed. DropBox co-founder and CTO Arash Ferdowsi wrote on the company blog that:

[quote]This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.[/quote]

The site has 25 million members and has emerged as the the leader in the cloud storage market. The company claims that it is dedicated to security and that during the time of the failure, less than 1% of its users were logged in. When they discovered the breach, the company said they ended all logged in sessions immediately. On Tuesday they also notified users who were logged in about the event.

Such events highlight the problems with cloud storage services. Is your data really safe when you hand it over to another company to hold for you? This is the main reason lots of large enterprises have witheld from the move to the cloud.

June 22, 2011
Governments vs Hackers – Cyberwar Continues #AntiSec

The AntiSec Campaign which started a few days ago as a partnership between hacker groups LulzSec and Anonymous, is a cat and mouse game between the hackers and the governments they target. One member of LulzSec, Ryan Cleary, a 19 year old from Wickford, Essex, UK, is suspected by authorities to be a leader of the group as well as being the brains behind the attacks on the FBI, CIA and Sony sites. He was arrested by British Police yesterday in a “pre-planned intelligence raid”. He has allegedly performed these acts from a computer in his mother’s house.

In another part of the world, the Brazilian wing of LulzSec seems to be accomplishing their mission(s) quite well. In a tweet from Lulzsec, the group congratulated their Brazilian unit.

[quote]Our Brazilian unit is making progress. Well done @LulzSecBrazil, brothers![/quote]

Meanwhile, Anonymous has not been sitting idle. In a video released a few hours ago, the group urged anyone from around the world who believed in freedom of speech and anti-censorship of the Internet to stand up for their rights and join them.

This cyber war seems to be heating up, with the hackers targeting governments around the world. We shall keep you updated on the action as it happens. Stay tuned.

June 22, 2011
Anonymous and LulzSec Announce New Campaign

The two most famous hacker groups in recent times have united in a campaign which they call AntiSec. The targets include banks, government organizations, and other high profile targets. They are urging hackers from around the world to unite to steal and leak classified documents, e-mails, and other information. [quote]We hear our #Anonymous brothers are making progress with #AntiSec, we also have reports of many rogue hacker groups joining in. :D[/quote] the group tweeted a few hours ago.

The campaign seems to have hit its first official target target today. The website of UK based Serious Organised Crime Agency was down today. In another tweet, it appears pastebin, the text sharing site appears to be down. LulzSec suspects the UK Government to have perpetrated an attack against the site as the group uses it to distribute materials. They tweeted:[quote]#DearGovernment did you DDoS @Pastebin b/c of this pastebin.com/9KyA0E5v #AntiSec or is that b/c of us reading it?[/quote] When we visited the website, this is what we found:

LulzSec is a group that recently targeted the CIA, the FBI, and Sony among others. The group seems to want to embarrass their targets just for kicks and are speculated to be an offshoot of Anonymous.

Anonymous is a group that targets governments and organizations for political reasons and mostly in the support of freedom of speech. In the past they have targeted the governments of Iran, Turkey and Egypt. They have also targeted Sony for the company’s legal action against PlayStation 3 hacker George Hotz, and Paypal, MasterCard and VISA after they removed their services from the WikiLeaks website which enabled the site to receive donations.

Stay tuned for more news on the on-going cyber war.

June 21, 2011
LulzSec Reveals Motives Behind its Hacks (PR)

LulzSec has been on a hacking rampage for a while now. On reaching a 1000 tweet milestone, they have decided to reveal their motives to friends and foes alike in a Press Release they posted on PasteBin.

[toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]Dear Internets,

This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).

For the past month and a bit, we’ve been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.

While we’ve gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…

Do you think every hacker announces everything they’ve hacked? We certainly haven’t, and we’re damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly. We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach.

Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

Most of you reading this love the idea of wrecking someone else’s online experience anonymously. It’s appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend’s recently stolen MSN account, and there’s certainly no limit to the lulz lizardry that we all partake in on some level.

And that’s all there is to it, that’s what appeals to our Internet generation. We’re attracted to fast-changing scenarios, we can’t stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway…

Nobody is truly causing the Internet to slip one way or the other, it’s an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that’s yummier. We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be. But you know, we just don’t give a living fuck at this point – you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.

This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There’s losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we’re fully aware that every single person that reached this final sentence just wasted a few moments of their time.

Thank you, bitches.

Lulz Security[/toggle]

The press release states that they have been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government and online gaming servers. In their defence they claim that they have publically announced their hacks (not all of them), and that other hacker groups have not been so forthcoming. It appears that they will continue on their hacking rampage until they are brought to justice.

June 18, 2011
360,000 Credit Cards Leaked in Recent Hack-Attack to CitiGroup

In a recent cyber attack by LulzSec, while earlier Citigroup officials claimed that 200,000 creditcards were compromised. This time around they claim that infact 360,000 credit cards have been compromised and the information has been stolen by LulzSec.

[quote]Hackers gained access to a total of “360,083 North America Citi-branded credit cards.Hackers gained access to a total of “360,083 North America Citi-branded credit cards.[/quote]

The bank also claims that more than 70% of the credit cards have already been replaced, and that the maximum Credit Cards were from California.

LulzSec the infamous hacking group behind many recent cyber attacks, including various at Sony, Has not yet mentioned any involvement in the case.

June 17, 2011
Three Members of Anonymous arrested in Spain

Anonymous, the name behind various recent cyber attacks including one in our own home, are finally under the scanner in a major way, Authorities in Spain say they have arrested three members of the organization that claims to be an Activist for morals. They also seized at least one computer used in the attacks on Sony. Those arrested are believed to have been important in coordinating the group’s activities in the country and to have distributed the Loic DDoS tool to others.

The group became infamous for hacking credit card companies, such as MasterCard and Visa, and PayPal in retribution for not allowing donations to be made to Julian Assange’s WikiLeaks. Sony has blamed the attack on its PlayStation Network partially on Anonymous, but the arrest of three of its members is a far cry from retribution for the company which has damages that total more than $172 million.

The arrests serve more as a message to other hacking groups, such as the headline stealing LulzSec, that given time law enforcement will track them down. However, this particular set of arrests will probably do little to discourage hacktivists across the world.

Spanish government are on high alert to make sure they are protected against any attacks from the various legions of Anonymous.

June 11, 2011
13 Year Old Invents the Smart Bell

Laurence Rook, a 13 year old boy from Whyteleafe, Surrey, has invented a bell that uses a SIM card and existing mobile technology to call your phone when someone rings the bell. The device adds a layer of white noise so people think that you are speaking from an intercom system indoors. This is a specially usefull device for people who live alone or people who are out of their houses for most days. It can allow you to speak to the courier or fool a robber into thinking your at home.

Laurence has already sold 20,000 units to telecoms giant Commtel Innovate and is finalising a deal with an unnamed second company for a further 25,000 units. When the deal is signed, he will be £250,000 richer. Each bell will be retailed for £40 and will soon be available.

June 6, 2011
Sony’s woes continue; Sony Pictures hacked by Lulz Security ; Data Stolen

Sony is dealing with a bad year. After several cyber attacks already in the past month, this time around Sony Pictures was attacked by Lulz Security (laughing at your security since 2011) and they claim to have stolen the personal information of over 1,000,000 users. The attackers claim that the information was stored in plain text format in plain sight in and required just an SQL injection.

The group has already revealed 20,000 email / password combos of unfortunate users, along with 20,000 Sony music coupons, and the admin database for BMG Belgium employees.

Sony should soon be opening job positions for Cyber Security experts, get your CV’s ready.

June 3, 2011
CyanogenMod lets you control your App Permissions yourself

The newest nightly builds of the CyanogenMod custom ROM include a clever patch allowing users to grant and revoke permissions individually for apps that request access to features that you wouldn’t necessarily want them to. Check out the video below, that demonstrates how the build lets you control how apps access your information.

[Androinica]

[CyanogenMod]

May 25, 2011
NOW : Sony BMG Greece hacked

Sony is crying foul, with repeated attems at breaking its security have come into light, Several PSN attacks and other subsidiary attacks later. Now, Sony BMG in Greece is the next target. An anonymous poster has uploaded a user database to pastebin.com, including the usernames, real names and email addresses of users registered on SonyMusic.gr.

If you are a user of SonyMusic.gr, it is highly recommended that you reset your password. Expect that any information you entered when creating your account may be in the hands of someone with malicious intent, and keep a close eye out for phishing attacks

[Via][Read]

May 24, 2011
Sony’s Security continues to fail, Subsidiary So-Net Entertainment attacked

According to The Wall Street Journal hackers have accessed the customer accounts of Sony subsidiary So-net Entertainment Corp, an ISP, and have stolen about $1,225 worth of redeemable gift points. This after the massive breach of Sony’s Playstation Network which caused a loss of 12.3 million credit card numbers from the networks database.

Sony said the So-net hacker tried to break into its systems more than 10,000 times before he or she was able to successfully log-in. The intruder was able to access 201 accounts, and he or she stole the redeemable points from 128 customers.

“Although we can’t completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low,” said So-net Entertainment spokesperson Keisuke Watabe, noting that the style of attack was different.

May 21, 2011