Security

One unique security feature of Android is the permission check when installing 3rd party apps. The system lists all permissions that an app requires and asks the user to check if that’s alright. Such permissions are the ability to receive your location, send or receive text messages, internet access, phone calls and many more. The user can be sure that the app is not doing any of such activities without the appropriate permission. In case the developer forgets to add a particular permission then the operating system will simply block the corresponding function which leads to a “Force Close”, which means the app will be terminated. ...

We have started to see again a large increase in the amount of emails pretending to come from Facebook. There are two types of emails which are being sent in large amounts currently. Both of them use classical types of social engineering techniques. The first type is using the old trick with “the photos”. The final target is a website where SMSes can be sent for “free” (note the quotes). I would like to emphasize again that there is nothing out there for free. Even if you don’t pay for it, those who offer the service (or whatever is given for “free”) do get something in exchange. It might be your telephone number, your email address or something similar which is worth a lot on the Internet. ...

The Anti-Botnet Initiative has now been started. The initiative is a cooperation of eco and The German Federal Bureau for Information Security (BSI) and has created a telephone hotline for persons which may have their computers infected and seem to be a part of a botnet. In order to be able to detect this, the major ISPs in Germany are also cooperating (1und1, Telekom, Kabel BW, NetCologne, QSC and Versatel). The ISPs monitor suspicious activity on all IP addresses in their pool. As suspicious activity is considered, for example, the sending of huge amounts of data on certain ports like 25 for SMTP (used to send spam emails), incoming HTTP connections (used to serve HTTP connections) and so on. Once the ISP detects this, the customer gets an email notification with information about the suspicious activity and various other information (like the telephone number of the hotline). The user is also instructed to have a look on the www.botfrei.de website. ...

A worm collectively dubbed by the security industry as the “Here you have worm” has been making its way onto corporate networks over the past 24 hours. The worm arrives via e-mail using the subject line “Here you have” or “Just For you“ along with an executable disguised as a PDF file. It first appeared last month sending spam e-mails from [email protected]. The worm creates the following files: (Note: See the full report in our sandbox -> http://x.maldb.com/?p=44309#more-44309) ...

A malicious PDF file has turned up which exploits a new security vulnerability in Adobe Reader and Acrobat – even in the most current version 9.3.4 and 8.2.4, on all supported platforms. There is currently no update available from Adobe which fixes the vulnerability. The company is aware of the problem though. The weakness is a buffer overflow within the CoolType.dll of the Adobe Reader and Acrobat installation. While parsing a PDF document with specially prepared SING (Smart INdependent Glyphlets) fonts it is possible to abuse the vulnerability to execute malware. ...

The following internet advice which may have a subject title such as above could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her and many other people, she forwarded it to me first:- Just in case!!! Let’s say it’s 6.15pm and you’re going home (alone of course), after an unusually hard day on the job. ...

Like a lot of seedy stuff, this started with a Twitter post:. The current working version of Mozilla’s Firefox browser is 3.6.8. Version 4 is in beta testing. You get them FREE from Mozilla.. Why would you need a crack (program with its password broken) or a keygen (application that generates a password for a password-protected program) for something that is FREE? Well, there’s a sucker born every minute and the folks at this warez (pirated software) site are betting there are a lot of them using Twitter. ...

File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering. We found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay.” ...

Microsoft has posted an advisory that explains the “DLL preloading attacks” and offers a work-around tool that “allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.” When an application loads a .dll file, but doesn’t name a full path name,Windows searches a pre-defined set of directories for it. Exploiting this, an intruder could social engineer a victim into loading a malicious .dll from a USB drive or from a network and execute arbitrary code. ...

One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook. As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.” However, Facebook is one of the most trolled social networks by cyber criminals. They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account. ...