Jump to content

Search the Community

Showing results for tags 'data'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed. Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable. It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together. The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts. Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated. The revelation comes as Google and other internet companies are under fire from lawmakers and regulators, including for the extent to which they vacuum up data about users. Such personal data, ranging from users’ political views to their purchase histories to their locations, are foundational to the business successes of companies like Facebook and Alphabet, built on targeted advertising and personalization and together valued at over $1.2 trillion by investors. The location-sharing practice does not appear to be limited to any particular type of Android phone or tablet; Google was apparently collecting cell tower data from all modern Android devices before being contacted by Quartz. A source familiar with the matter said the cell tower addresses were being sent to Google after a change in early 2017 to the Firebase Cloud Messaging service, which is owned by Google and runs on Android phones by default. Even devices that had been reset to factory default settings and apps, with location services disabled, were observed by Quartz sending nearby cell-tower addresses to Google. Devices with a cellular data or WiFi connection appear to send the data to Google each time they come within range of a new cell tower. When Android devices are connected to a WiFi network, they will send the tower addresses to Google even if they don’t have SIM cards installed. “It has pretty concerning implications,” said Bill Budington, a software engineer who works for the Electronic Frontier Foundation, a nonprofit organization that advocates for digital privacy. “You can kind of envision any number of circumstances where that could be extremely sensitive information that puts a person at risk.” The section of Google’s privacy policy that covers location sharing says the company will collect location information from devices that use its services, but does not indicate whether it will collect data from Android devices when location services are disabled: According to the Google spokesperson, the company’s system that controls its push notifications and messages is “distinctly separate from Location Services, which provide a device’s location to apps.” Android devices never offered consumers a way to opt out of the collection of cell tower data. “It is really a mystery as to why this is not optional,” said Matthew Hickey, a security expert and researcher at Hacker House, a security firm based in London. “It seems quite intrusive for Google to be collecting such information that is only relevant to carrier networks when there are no SIM card or enabled services.” While Google says it doesn’t use the location data it collects using this service, its does allow advertisers to target consumers using location data, an approach that has obvious commercial value. The company can tell using precise location tracking, for example, whether an individual with an Android phone or running Google apps has set foot in a specific store, and use that to target the advertising a user subsequently sees. Via qz.com
  2. Hi guys, i know the title must sound obsolete for ya, but i've seen in the past romanian managed to "hack" a previous version of this game. https://world.triviador.net the security has changed since then, i'm wondering if there's anyone that can still make an xml grabber for it. from what i know, if you search "sharedkey" or "rsapublickey" with a memory viewer through firefox for ex, you can see a huge key. i believe that rsa key is used to encrypt the key used for decrypting the xml. anyway, i have managed to write the actual decryption algorithm for decoding the xml, and maybe for decoding the key too, but i can't get the encrypted key out from the memory of any browser. i'm curious if anyone could do that. =] ~ Cheers ~
  3. Salut, am si eu o problema care ma tine pe loc de cateva zile. Ideea este ca am o tema de facut pentru facultate... este vorba de o aplicatie C# (WPF) in care trebuie folosit standardul MVVM. Pe langa asta, mai trebuie folosit si data binding, subiect care din punctul meu de vedere este destul de complex. Astazi este a treia zi in care ma documentez despre MVVM si DataBinding si totodata a doua zi in care nu am reusit sa avansez cu nimic concret. Link repo: https://bitbucket.org/WiseMarius/mediivizuale/overview Mai sus am lasat link catre repo-ul proiectului. Ce incerc sa fac ? Am in aplicatie un obiect ListBox si un obiect Image. Aceste doua obiecte trebuie legate de: o clasa ce implementeaza ObservableCollection si o clasa simpla ce contine o proprietate formata dintr-un vector de string-uri (care reprezinta calea catre niste imagini). Daca rulati proiectul o sa vedeti ca am reusit sa leg obiectul Image de clasa ce contine calea catre imagini, dar nu stiu cat de bine e facuta treaba asta. Practic eu in main am spus this.DataContext = obiectulMeu... asta inseamna ca pentru toata fereastra eu am setat un DataContext, deci tot ce pot lega de fereastra este strict legat de obiectulMeu... asta nu ma ajuta, in sensul in care eu am nevoie sa fac legaturi si catre alt obiect. Intrebarea mea este: de ce nu apar userii in listbox si cum as putea sa scap de chestia aia cu this.DataContext = obiectulMeu astfel incat sa nu am setat un singur DataContext pe tot MainWindow ? P.S: Nu stiu daca am organizat proiectul in cel mai bun mod... nu ma consider un arhitect foarte bun. Orice sfat e bine venit, cat timp are legatura cu intrebarile mele sau macar cu subiectul. Multumesc anticipat !
  4. As propune ca in index sa se faca un buton 'Afiseaza mai mult' pentru a afisa mai multe rply uri recent postate, gen 10, si daca mai dai o data, mai afiseaza 10 si tot asa. Eu cred ca nu e nimic de pierdut...Astept parerile voastre.
  5. A new social network has been launched, vowing more transparency, security, and privacy than Facebook and other social media giants. Backed by the hacktivist group Anonymous, it will encrypt all messages, shielding data from governments and advertisers. At first glance, Minds.com appears similar to any other social network. It provides a person's followers with the latest updates, allowing their friends to comment and promote posts. But the major difference exists behind the scenes. Minds.com doesn't aim to profit from gathering data. In fact, its goal is the opposite – to encrypt all messages so they can't be read by governments or advertisers. The social network will also reward users for interacting with posts. This can be done by voting, commenting or uploading. The rewards will come in the form of points, which can be exchanged for “views” of your posts. Simply put, the more active you are, the more your posts will be promoted by the social network. Mai mult aici:Anonymous backs new encrypted social network to rival Facebook — RT News https://www.minds.com/
  6. Want to find out all the things Google knows about you? Here are 6 links that will show you some of the data Google has about you. 1. Find out what Google thinks about you In order to serve relevant ads, Google collects data about you and creates a profile. You can control and review the information Google has on you here: Ads Settings Google also has a tool called Google Analytics, that helps publishers see what pages you have viewed on their website, how many times you have visited it, how long did you stay etc. You can opt out if you don’t want this type of data to be collected: Google Analytics Opt-out Browser Add-on Download Page 2. Find out your location history If you use Android, your mobile device may be sending your location to Google. You can see your entire location history here: https://maps.google.com/locationhistory 3. Find out your entire Google Search history Google saves every single search you have ever done. On top of that, they record every Google ad you have clicked on. This log is available in Google web history controls: https://www.google.com/history/ 4. Get a monthly security and privacy report from Google Google offers an Account activity page that tells you about all the Google services you are using. You can even enable a monthly report that will be sent to your email: https://www.google.com/settings/dashboard 5. Find out all the apps and extensions that are accessing your Google data The Account activity page also offers a list of all the apps that have any type of access to your data. You can see the exact type of permissions granted to the app and revoke access to your data here: https://security.google.com/settings/security/permissions 6. Export all of your data out of Google Google lets you export all your data: bookmarks, emails, contacts, drive files, profile info, your youtube videos, photos and more here: https://www.google.com/takeout Google also keeps a history of your YouTube searches. You can find it here: https://www.youtube.com/feed/history/search_history Source: http://www.google.com/goodtoknow/online-safety/security-tools/
  7. Deleting your browser history could land you up in prison for 20 years in United States Clearing your browsing history is a crime in United States according to the Sarbanes-Oxley Act of 2002 In a recent article published in The Nation, it revealed the improper use of a law meant for completely different purposes by by federal prosecutors. The Sarbanes-Oxley Act of 2002 was meant to provide authorities with tools to prevent criminal behavior by corporations. It was put into practice after the Enron meltdown when it was found out that executives or their servants following orders torn into shreds every document they could think of which may prove them guilty. The legislation’s goal was to stop companies from committing large fraud and then damaging the evidence of their conspiratorial criminality while investigations were under way. The appropriate section of Sarbanes-Oxley reads as follows: Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both. Khairullozhon Matanov, a friend of the Tsarnaev brothers, the Boston Marathon bombers was interviewed by the Federal authorities about his association with them. However, the federal authorities never accused him for any activity linked to the bombing nor have they said that he was having knowledge of their plans or felt for them. During the interviews, he did however perpetrate a few small lies, of which none had any actual relation to the case. For instance, he lied that he had last time prayed with Tamerlan Tsarnaev together. On that grounds, … they charged him with four counts of obstruction of justice. There were three counts for making false statements based on the aforementioned lies and—remarkably—one count for destroying “any record, document or tangible object” with intent to obstruct a federal investigation. This last charge was for deleting videos on his computer that may have demonstrated his own terrorist sympathies and for clearing his browser history. Based on the records section of Sarbanes-Oxley mentioned above, the last charge was applied. The law meant to stop and punish corporate wrongdoing is instead used as a hammer against a private citizen to a great extent. Some people may feel that any possible application of a law is tolerable, especially in the continual war on terror. However, if that law is ever used against them, they might end up feeling differently about it. The most unpleasant or offensive part of this is that it is being used to punish “pre-crimes.” When Matanov deleted his browser history, he had not been accused of anything and was not aware that he was under a formal inquiry. His crime was not predictable that federal agents may someday make a decision to examine him and thus failing to maintain any self-incriminating potential evidence. As Hanni Fakhoury of the Electronic Frontiers Foundation put it, the government is saying: “Don’t even think about deleting anything that may be harmful to you, because we may come after you at some point in the future for some unforeseen reason and we want to be able to have access to that data. And if we don’t have access to that data, we’re going to slap an obstruction charge that has as 20-year maximum on you.” The article in The Nation shows that this is not an remote and unfair use of Sarbanes-Oxley, discussing many other similar cases. Traders and bankers danced away with multi-million dollar bonuses after their criminally reckless maneuvering almost put an end to the global economy. Their companies paid fines that are not worth to be considered for market manipulations and criminal money laundering. Until now, none of them have go to jail and none of them have been sued under Sarbanes-Oxley. However, it is a different rule of law for an undistinguished or average citizen. As more and more data are stored online, the government wants and believes it has the rights to access that data for policing purposes. But Fakhoury disagrees. “The idea that you have to create a record of where you’ve gone or open all your cupboards all the time and leave your front door unlocked and available for law enforcement inspection at any time is not the country we have established for ourselves more than 200 years ago.” This law has been in the books for thirteen years now. It has not managed to control the corporate wrongdoing, but it is proving to be having a negative effect on citizens who have never swindled a shareholder in their lives. Combined with federal investigations through our online communications and their efforts to break secure encryption in our data storage, they want us to completely give up our personal freedom of thought and privacy. Sursa: Deleting your browser history could land you up in prison for 20 years in United States
  8. We live in the social mobile era, where we all collect and share vast amounts of data about ourselves and others. By handing over that data to corporations and governments we are promised great benefits in everything from our health and our wealth to our safety from criminals. But of course there are dangers too and I've been hearing some horror stories about when Big Data becomes Big Brother. The first was from one of the technology industry's more colourful figures. John McAfee, who is in London this week for the Infosecurity Europe conference, is the man who virtually invented the anti-virus industry. He sold his stake in McAfee more than 20 years ago and has since had numerous adventures, culminating in his flight from Belize in 2012 after police in the Central American state tried to question him about a murder. He was described by Belize's prime minister at the time as "extremely paranoid, even bonkers". So, perhaps not surprising, that the Infosecurity crowd who gathered to hear him speak were treated to dire warnings about the threat to their security from two sources - their mobile phones and their governments. But of course just because you are paranoid it does not mean they are not out to get you, and when I meet John McAfee after his speech he gives a perfectly coherent account of why we should be worried. We are now all carrying around smartphones, he explains, but security has not caught up with the fact that they are very advanced computers which can be used to spy on us if we install any number of untested apps that may have been created by people with criminal intent. But it's government spying on those phones that really worries him. He cheers the brake which the Senate applied to the US government's surveillance powers at the weekend, but fears that in Britain no such limits are in place. In particular, he rails against any attempt to try to crack the encryption that protects many personal messages. When I suggest that there might be a need to know what criminals and terrorists are planning, he bats that away: "We have lived with criminals for ever - does that mean we should all have to suffer?" He compares encryption with whispering a message in your wife's ear and asks whether we would have thought it justified years ago to ban whispering. "If it sounds insane for govenment to say you are not allowed to whisper to your wife - it is insane." And he says the big technology companies should have the courage to stand up to governments on this issue: "If enough people stand up the government will back down." When I suggest delicately that his colourful past might make people disinclined to take him seriously, he bats that straight back at me. "My colourful life implies that I've done some serious things," he says, explaining that his experiences in Belize have shown him just how dangerous a rogue government can be. You can hear my interview with John McAfee on Tech Tent, which this week comes live from the Cheltenham Science Festival. Here too, the question of what we are doing with our data has been a major theme. Last night I was the moderator at an event called Big Data, Big Brother, where the panel expressed their worries about the uses to which our data could be put, in front of an audience which shared their fears. The lawyer Marion Oswald mentioned the Samaritans' Radar Twitter app as an example of where public data posted by people who might or might not have been suicidal could have been used in a questionable way without their consent. A software engineer Martyn Thomas advised us to be wary of claims that data was anonymised, explaining how easy it was to identify someone once you had pieced together just a few data points. Here in the home of GCHQ, the audience seemed more concerned about corporate surveillance than government spies, and many were enthusiastic about ad-blocking software and other means of throwing the likes of Google off your trail. But afterwards in the more relaxed setting of the Festival's Ideas Cafe, data scientists from Warwick University reminded us of the positive aspects of their work. I sat at a table where a computer scientist explained how he was mapping London to spot which areas should be targeted for diabetes prevention measures. He was using data from a variety of sources, including a credit rating agency, to examine lifestyles and hence vulnerability to Type 2 diabetes. While some will be concerned about how medical and financial data are combined in this way, many will see the benefits of applying data science to this kind of task. As the Big Data gold rush continues, lawyers, ethicists and consumer groups are all going to have their work cut out to help us get a good balance between the risks and rewards of crunching the numbers. Source
  9. Researchers at Wandera, a mobile security company, have alerted Apple to a potential security vulnerability in iOS that could be used by attackers to fool users into giving up their credit card data and personal information. The vulnerability, based on the default behavior of iOS devices with Wi-Fi turned on, could be used to inject a fake "captive portal" page that imitates the Apple Pay interface. The attack leverages a well-known issue Ars has reported on in the past: iOS devices with Wi-Fi turned on will attempt by default to connect to any access point with a known SSID. Those SSIDs are broadcast by "probe" messages from the device whenever it's not connected to a network. A rogue access point could use a probe request capture to masquerade as a known network, and then throw up a pop-up screen masquerading as any web page or app. The Wandera attack uses this behavior to get a mobile device to connect and then presents a pop-up portal page—the type usually used when connecting to a public WiFi service to present a Web-based login screen—that is designed to resemble an Apple Pay screen for entering credit card data. The attack could be launched by someone nearby a customer who has just completed or is conducting an Apple Pay transaction so that the user is fooled into believing Apple Pay itself is requesting that credit card data is reentered. An attacker could loiter near a point-of-sale system with an Apple Pay terminal and continuously launch the attack. Considering that the fake captive portal page is displayed beneath a "Log In" title bar, this attack may not fool many people. “In high footfall locations, even a very small ratio of success will yield a large number of valuable credit card numbers," said Eldar Tuvey, CEO of Wandera, in a statement e-mailed to Ars. "It’s all so easy for them. Using readily available technology, which they may be discretely carrying about their person, hackers can for the first time focus their efforts where their victims are at their most susceptible—at the checkout.” The real vulnerability exploited here is iOS' automatic WiFi connection and the format in which iOS displays captive portal pages. There are some very simple ways to prevent this sort of attack—such as turning Wi-Fi off when not deliberately connecting to a network. The Wandera researchers reccommended that Apple and Google should "consider adopting a secure warning when displaying captive portal pages to users, so that users exercise caution." Additionally, they suggest that users close and re-open payment applications to enter credit card data and use the camera capture capability of the apps to input credit card data whenever possible. Ars spoke with an Apple spokesperson, and is awaiting an official response. However, as the screenshots show, this spoof looks considerably different from Apple Pay's actual interface, and a card registration screen popping up after a transaction is hardly expected behavior for the service. Apple Pay never asks for credit card data during a transaction. Ars will update this story as more information becomes available. Source
  10. So many hacks, so few days in the week to write alarming stories about every one. Every weekend, WIRED Security rounds up the security vulnerabilities and privacy updates that didn’t quite rise to our level for in-depth reporting this week, but deserve your attention nonetheless. First the big stories: The FBI has a secret fleet of planes spying on you, and they are not alone. United Airlines grounded all its planes on Monday because false flight plans were being uploaded to the flight decks. The US Senate finally passed some NSA surveillance reform in the form of the USA Freedom Act–the first of its kind since Edward Snowden revealed the extent of the Big Brother nightmare that is domestic counter-terrorism in the 21st century. Facebook decided that revealing your location in Messenger isn’t a bug; it’s a feature! A feature you can now, thankfully, opt out of. And our own Andy Greenberg demonstrated that the front lines of the gun control debate are moving closer to home, as it’s now incredibly easily to build your own untraceable guns. But there was a lot of other news this week, summarized below. To read the full story linked in each post, click on the headlines. And be safe out there! —Emily Dreyfuss Chinese Hackers Access Four Million Federal Workers’ Payroll Data Another month, another massive breach of a federal agency revealed. Hackers based in China accessed the records of four million federal workers when they hacked the Office of Payroll Management (OPM) in an attack first discovered in April. Despite the agency’s focus on payroll, it’s not clear if any data was stolen that could lead to financial fraud; no direct deposit information was accessed, according to the Washington Post. Instead, the attackers may have been seeking data useful for identifying government staffers with security clearances, potentially to target them in future “spear phishing” attacks. The Department of Homeland Security has taken credit for identifying the attack with its EINSTEIN intrusion detection system. But critics are questioning why that years-in-development system couldn’t have caught the attack earlier. The Chinese government, per usual, has denied any involvement. The OPM intrusion marks the second major federal breach revealed this year, following news that Russian hackers accessed unclassified White House networks as well as those of the State Department. — Andy Greenberg California Senate Passes Bill Requiring Warrants To Search Electronic Devices Another small victory for opponents of the all-pervasive morass of electronic surveillance, at least in one state: the California senate unanimously passed the California Electronic Communications Privacy Act, a bill requiring law enforcement to obtain a search warrant or wiretap order prior to searching smartphones, laptops, or electronic devices, or accessing information stored on remote servers. The bill will be heard by the State Assembly this summer. — Yael Grauer Skype Bug Broke App on Android, iOS and Windows It only took Skype 24 hours to fix the bug, but for a moment, messaging “http://:” (without the quotes) in chat not only made Skype crash in Windows, Android, and iOS, but would immediately crash it again after restarting when Skype downloaded chat history for the server, meaning that clearing the chat history didn’t resolve the issue. This bug trailed on the heels of the iOS glitch discovered last week that caused iPhones to crash when sent a string of characters, though users are far more likely to type in http://: by accident than they are to text the complicated string of Arabic and English characters required to crash iOS devices. Before the fix was in, Skype users could get around the bug by installing an older version of Skype, or having the sender delete the offending message. — Yael Grauer Most Macs Vulnerable to Permanent Backdooring Macs shipped prior to mid-2014 are vulnerable to an exploit that would allow an attacker to permanently control the machine, even if you reinstall OS X or reformat the drive. The vulnerability, discovered by security researcher Pedro Vilaca, allows attackers to install malicious firmware that essentially overwrites the firmware that boots up the machine right after older Macs awake from sleep. The code is installed via one of the many security vulnerabilities found in web browsers such as Safari. One way to avoid this hack is to change your computer’s default setting to deactivate sleep mode. You can also download software to detect whether an attack has taken place, though the software won’t prevent it from happening. — Yael Grauer Twitter Just Killed Politwoops The greatest Twitter account you’ve never heard of is now dead. Politwoops, an online archive of public statements made–and deleted–by U.S. politicians on Twitter, was an online transparency project started in 2012 by the Sunlight Foundation. It was created to provide a record of ways that elected officials sometimes quietly reverse their messaging. Originally, Sunlight had permission to use Twitter’s API for the project, which used a human curation workflow to analyze the tweets. But the social networking service has now reneged, citing the expectation of privacy for all accounts. Sunlight Foundation points out that elected officials shouldn’t share the same expectations of privacy as private citizens do, and that transparency leads to accountability. Now it has one fewer tool to use on that mission. — Yael Grauer Now You, Too, Can Track FBI Spy Planes As you’ve probably heard by now, the FBI is flying spy planes over American cities, and they’re registered to at least 13 fictitious companies. The specific capabilities of these planes is unclear, but they may have high-tech cameras and perhaps even cell-site simulators to scoop up massive amounts of data. Luckily, tracking the planes themselves has proven to be a bit easier than determining their capabilities. L.A.-based technologist John Wiseman used public records request for flight routes and programmed a radio receiver to intercept airplane transmissions, allowing him to identify planes flying in L.A. in real time. You can do the same, by tapping into a database of 115 spy planes that engineer Brian Abelson created by looking up registration numbers associated with planes owned by FBI front companies, as revealed by the AP. Flight information and history is available on that link, and users can analyze the data set by registering for a free account at Enigma, the data search and discovery platform where Wiseman works. — Yael Grauer Source
  11. Apple chief Tim Cook has made a thinly veiled attack on Facebook and Google for "gobbling up" users' personal data. In a speech, he said people should not have to "make trade-offs between privacy and security". While not naming Facebook and Google explicitly, he attacked companies that "built their businesses by lulling their customers into complacency". Rights activists Privacy International told the BBC it had some scepticism about Mr Cook's comments. "It is encouraging to see Apple making the claim that they collect less information on us than their competitors," Privacy International's technologist Dr Richard Tynan said. "However, we have yet to see verifiable evidence of the implementation of these claims with regard to their hardware, firmware, software or online services. "It is crucial that our devices do not betray us." 'We think that's wrong' Addressing an audience in Washington DC, Mr Cook said: "I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. "They're gobbling up everything they can learn about you and trying to monetise it. We think that's wrong. And it's not the kind of company that Apple wants to be." Mr Cook had been given a corporate leadership award by the Electronic Privacy Information Centre, a US-based research group. According to TechCrunch, he later added that Apple "doesn't want your data". Google has not commented on Mr Cook's comments specifically, but a spokeswoman referred the BBC to the privacy section of its website, which the company has recently updated. "Ads are what enable us to make our services like Search, Gmail, and Maps free for everyone," one page reads. "We do not share information with advertisers in a way that personally identifies you, unless you gave us permission." Facebook suggested this page outlining how it collects user data. While Apple does not hold the same wealth of data looked after by Google and Facebook, it does use personal information to target advertising. A page for marketers on Apple's website offers "400 targeting options" for reaching users. It reads: "Whether you're looking for moms or business travellers or groups of your own customers, we've got you covered." Apple's lack of data, when compared with some of its rivals, could be a disadvantage for future devices. Services such as Google Now, which use stored data to predict what information users may need, require vast amounts of personal data to be effective. Advertising Mr Cook also spoke at length about encryption. His company introduced encryption measures by default to its devices late last year, a move heralded by privacy campaigners but heavily criticised by several governments. Mr Cook hit out at governments that had pressured technology companies to allow for so-called "backdoors" to aid with counter-terrorism and other enforcement. "There's another attack on our civil liberties that we see heating up every day," Mr Cook said. "It's the battle over encryption. Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data." He added: "If you put a key under the mat for the cops, a burglar can find it too." Source
  12. Researchers have revealed that Android's 'factory reset' feature doesn't remove all data from devices, leaving up to 500 million users open to attack. The University of Cambridge has revealed that, even with full-disk encryption in play, performing a factory reset on Android smartphones leaves sensitive information up for grabs on the majority of devices. The university examined 21 phones, running Android versions 2.3 to 4.3, and found could up to 500 million Android devices might be at risk of leaving personal data available to attackers after being 'reset.' For example, the researchers found that they were easily able to access the previous owners Gmail account on 80 percent of the devices it tested. "We were able to retrieve the Google master cookie from the great majority of phones, which means that we could have logged on to the previous owner’s gmail account," the researchers said. All of the 21 phones left some sensitive data behind, including information generated by Facebook and WhatsApp, images, videos and text messages. They researchers noted Google's own-brand Nexus firms fared better than those from the likes of HTC and Samsung, but said that all vendors need to do more to protect user data. "The reasons for failure are complex; new phones are generally better than old ones, and Google’s own brand phones are better than the OEM offerings. However the vendors need to do a fair bit of work, and users need to take a fair amount of care." This research follows an investigation carried out back in 2014 which revealed that CEX and Cash Converters have been selling second-hand mobile phones containing sensitive information from their previous owners, despite promising these customers that the phones would be fully wiped before being sold on. In a seperate report, the Cambridge researchers note that such companies could carry out large-scale attacks given the sensitive data they are able to access, made easier by third-party remote wiping service that also fail to clear information from devices. "Antivirus software that relies on a faulty factory reset can only go so far, and there’s only so much you can do with a user process," the researchers said. "These failings mean that staff at firms which handle lots of second-hand phones (whether lost, stolen, sold or given to charity) could launch some truly industrial-scale attacks." These findings could spell bad news for businesses, with Good Technology revealing earlier this month that Android accounted for 26 percent of enterprise smartphone activiations in the first quarter of 2015. Source
  13. The recently discovered Logjam encryption flaw proves that governments need to aid, not hinder, businesses' efforts to encrypt data, according to experts in the white hat community. Logjam is an encryption flaw that was uncovered on Wednesday by researchers at Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft Research and the Johns Hopkins, Michigan and Pennsylvania universities. Its discovery sent ripples through the security community as in theory it leaves tens of thousands of web and mail servers open to man-in-the-middle attacks. CipherCloud chief trust officer Bob West said that Logjam should act as a cautionary tale to legislators considering weakening companies' ability to encrypt data. "Logjam is a cautionary tale for our lawmakers and leaders who are under pressure by government groups to weaken encryption," he said. "Diluting the strength of encryption for one group creates a vulnerability that can be exploited by any group. Human rights, privacy and the resilience of our economy will be the casualties if back doors are created in encryption solutions." Venafi vice president of security strategy Kevin Bocek agreed, arguing that Logjam proves that weakening encryption will aid cyber criminals. "With more sites using SSL/TLS keys and certificates, the target is getting bigger for the bad guys," he said. "The [bad guys'] interest in intercepting encrypted traffic, spoofing trusted sites, or hiding in encryption is only growing, and many out there predict that a crypto-apocalypse is on the horizon." Logjam's discovery follows widespread concerns about the UK government's intentions concerning encryption. The government indicated plans to force firms to make encrypted data accessible to law enforcement in its election manifesto. At a technical level, Logjam is a flaw in the Diffie-Hellman key exchange cryptographic algorithm used while creating encrypted HTTPS, SSH, IPsec, SMTPS and TLS connections. "We have uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed," read the researchers' threat advisory. "The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection." The researchers added that the vulnerability is similar to the Freak and Poodle flaws and "affects any server that supports DHE_EXPORT ciphers and all modern web browsers". The advisory said that Logjam renders 8.4 percent of the top one million web domains open to exploitation, but warned that the flaw's reach is significantly higher. Freak is a cross-platform flaw in SSL/TLS protocols that could be exploited to intercept and decrypt HTTPS connections between vulnerable clients and servers. It was uncovered in March. Poodle is a flaw in SSL version 3.0 which could leave users' web data open to attack. It was uncovered by researchers at Google in October 2014. The researchers said that the flaw could be used to intercept data passing between VPN servers, and is consistent with the NSA-led attacks described in leaked PRISM documents. "We carried out this computation against the most common 512-bit prime used for TLS and demonstrated that the Logjam attack can be used to downgrade connections to 80 percent of TLS servers supporting DHE_EXPORT," read the paper. "We further estimate that an academic team can break a 768-bit prime, and that a nation-state can break a 1,024-bit prime. Breaking the most common 1,024-bit prime used by web servers would allow passive eavesdropping on connections to 18 percent of the top one million HTTPS domains. "A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break," the researchers said. News that the NSA's specialist Office of Target Pursuit maintains a team of engineers dedicated to cracking the encrypted traffic of VPNs broke in December 2014. However, despite the seriousness of the Logjam flaw, experts have pointed out Logjam is more significant as a cautionary tale than game changing vulnerability. Rapid7 engineering manager Tod Beardsley explained that the high degree of sophistication required to mount a Logjam attack makes it unlikely that it will be widely targeted. "The only two groups really in a position to take advantage of this vulnerability are criminals on coffee shop WiFi networks, and state actors who already control a huge chunk of the local internet," he said. LogRhythm vice president Ross Brewer agreed, pointing out that patches for the flaw are already being rolled out. "The fact that Logjam can only be exploited when hackers and targets are on the same network, as well as patches being imminent, means that hype around it is likely to be a bit of a storm in a teacup," he said. "Organisations should, however, use flaws like this as an excuse to give themselves a security health check." The white hat community is one of many calling for an end to governments rethink their surveillance strategies. Over 140 big name companies sent a letter to US president Barack Obama on Tuesday urging him to cease the government's war on encryption. Source
  14. era un Php cu care te logai la Textnow.com si trimiteai mai multe sms o data aveti ideie unde il mai gasesc si eu?
  15. Cu câte minute suntem înainte de ora 13, dac? acum 30 minute erau de 4 ori mai multe minute fa?? de ora 9? Poate cineva sa rezolve ? Am rezolvat si am obtinut o data 42 si o data 18..
  16. NEXT TIME YOU’RE about to toss a cigarette butt on the ground, consider this freaky fact: It takes less than a nanogram (or less than one billionth of the mass of a penny) of your dried saliva for scientists to construct a digital portrait that bears an uncanny resemblance to your very own face. For proof look to Hong Kong, where a recent ad campaign takes advantage of phenotyping, the prediction of physical appearance based on bits of DNA, to publicly shame people who have littered. If you walk around the city, you’ll notice portraits of people who look both scarily realistic and yet totally fake. These techno-futuristic most-wanted signs are the work of ad agency Ogilvy for nonprofit Hong Kong Cleanup, which is attempting to curb Hong Kong’s trash problem with the threat of high-tech scarlet lettering. It’s an awful lot like the Stranger Visions project from artist Heather Dewey-Hagborg, who used a similar technique a couple years back to construct sculptural faces as a way to provoke conversation around what we should be using these biological tools for. In the case of Hong Kong’s Face Of Litter campaign, the creative team teamed up with Parabon Nanolabs, a company out of Virginia that has developed a method to construct digital portraits from small traces of DNA. Parabon began developing this technology more than five years ago in tandem with the Department of Defense, mostly to use as a tool in criminal investigations. Parabon’s technique draws on the growing wealth of information we have about the human genome. By analyzing saliva or blood, the company is able to make an educated prediction of what you might look like. Most forensic work uses DNA to create a fingerprint, or a series of data points that will give a two-dimensional look at an individual that can be matched to pre-existing DNA samples. “We’re interested in using DNA as a blueprint,” explains Steven Armentrout, founder of Parabon. “We read the genetic code.” The DNA found on the Hong Kong trash is taken to a genotyping lab, where a massive data set on the litterbug is produced. This data, when processed with Parabon’s machine-learning algorithms, begins to form a rough snapshot of certain phenotypes, or traits. Parabon focuses on what it describes as highly heritable traits—or traits that have the least amount of environmental variability involved. Things like eye color, hair color, skin color, freckling, and face shape are far easier to determine than height, age, and even hair morphology (straight, wavy, or curly). The Ogilvy team says it accounted for age by studying market research on the types of litter it processed. For example, people ages 18-34 are more likely to chew gum, so any gum samples were automatically given an average age in that range. Whereas the portraits of cigarette litterers, more common among the 45-plus group, were depicted as slightly older. It’s an imperfect science in some regards, and yet, the capabilities are astounding—and more than a little scary. Ogilvy says it received permission from every person whose trash they picked up, so in that way, it’s not a true case of unsolicited public shaming. And Parabon itself says its services are only available for criminal investigations (and, apparently, ad campaigns). But the message is still chilling. A project like The Face of Litter should serve as a provocation to talk critically about privacy, consent, and ethics surrounding the unsanctioned appropriation of someone’s DNA. So for now, the next time you drop that empty bag of Doritos onto the ground, you’re in the clear. But in the future? Just know it’s totally possible that you might be seeing your likeness plastered onto the subway walls. Source
  17. In a previous article of mine, I discussed Cross Domain Messaging in HTML5. This article walks you through another feature, called local storage, and its security. Local Storage Local storage is one of the new features added in HTML5. It was first introduced in Mozilla 1.5 and eventually embraced by the HTML5 specification. We can use the local storage feature in HTML5 by using the JavaScript objects localStorage and sessionStorage. These objects allow us to store, retrieve and delete data based on name value pairs. The data processed using the localStorage object persists through browser shutdowns, while data created using the sessionStorage object will be cleared after the current browsing session. One important point to note is, this storage is origin-specific. This means that a site from a different origin cannot access the data stored in an application’s local database. Let me make it clear with a simple example. Below is a sample HTML5 application, which is capable of storing data using the local storage feature. We can also retrieve the data stored in the database using the “Show Data” button. Let us first observe the origin of this site. Let us assume that this is “Application A”. http://localhost:8383/ So here are the details: Name: Application A Origin: http://localhost:8383/ Let us click the Show Data button. We are able to access the data stored by this application in the database. That is expected. Now, let us try to access this data stored by application A from a different origin. Let us assume that this is Application B Here are the details: Name: Application B Origin: http://localhost/ Please note that the port number is different from Application A. Let us click the “Show Data” button. When I clicked “Show Data”, there seems to be nothing displayed on the web page. This is because this application is running on a different origin. Just to confirm, let us run a different application named “Application C” from the same origin as “Application A”. Here are the details. Name: Application C Origin: http://localhost:8383/ Let us click “Show Data” and observe the result. Nice! We are able to access the data from this application, since it is from the same origin as Application A. To conclude, I have used the same code in all the above examples but with different origins. We inserted data into the database using Application A. When we tried accessing it from Application B, it failed due to the same origin policy. Let us now see some attacks possible with HTML5 local storage. Storing Sensitive Data Developers may store sensitive information in these databases. It is possible to find API keys or similar sensitive data when working with APIs due to their statelessness. We can exploit them using an XSS vulnerability if there is no physical access to the device. Below is an example of how JavaScript’s localStorage object stores data. We can use the function setItem with some name-value pairs as parameters. localStorage.setItem(“data”, “mydata”); As we can see in the figure below, Chrome stores this data in the following path. We can programmatically read this data using JavaScript as shown below. localStorage.getItem(“data”); We can now go ahead and read this data from the SQLite database as shown below. Script Injection SQLite data, when not properly sanitized, may lead to script injection attacks. Let us see a simple example. Below is the same form we saw in the beginning of the article. Let us store some sample data and retrieve it back as shown below. If this data is not properly sanitized, it will lead to stored XSS Vulnerability as shown below. This time, let us enter the below piece of code into the message box. <img src=’X’ onerror=alert(1);> et us click the “Show Data” button and see the result. As we can see, it has popped up an alertbox due to the JavaScript we injected. Conclusion This article has discussed how the HTML5 local storage feature works and how Same Origin Policy restrictions are applied on the data being stored. Finally, we have had a look at some possible attacks on the HTML5 local storage feature. We will see other HTML5 features and possible attacks in later articles. Source
  18. Defense in depth is dead. The way you’re thinking about data center security is outdated. Security started changing long before Sony, Target and the others got hacked. The problem starts with your perimeter. During a conversation with Pete Lindstrom of IDC, we paused to consider the state of defense in depth. “Circling wagons is just impossible,”Pete said. “With apps strewn across the internet, if a corporation thinks they can build perimeter around all their apps then they are nuts.” By expanding the definition of cloud computing to include cloud-based accounting, CRM, email services, and development tools, people discover that their organizations have been using cloud for years, without fully realizing it. In 2014, IDC reported that 69% of enterprises worldwide have at least one application or a portion of their computing infrastructure in the cloud. In Europe, adoption is also growing but at a slightly slower rate, with 19% of EU enterprises using cloud computing in 2014, according to the European Union‘s Eurostat. Bottom line: more enterprise data is living outside of the protected data center. When your definition of defense in depth is adding layers of security to the data center perimeter and physical data segmentation, modern cloud applications are indeed insecure. Instead, the enterprise should focus on the application, data, and user as the important security layers. In a 2015 report from Accenture and the Ponemon Institute, the authors note that proactive organizations are prioritizing network traffic anomalies, identifying vulnerabilities and limiting unauthorized data sharing, while the “static” companies focus on employees’ device security and data backup. Let’s examine the Sony Pictures hack. The Sony hackers gained access through former employees’ accounts, and easily cracked the perimeter. The real damage occurred once they exploited the weak internal network security. All the critical applications – email servers, accounting data, and copyrighted motion pictures – were all connected “on a wire” inside the corporate network. The perimeter-heavy, fortify-the-exterior approach to security is indeed dead. In fact, when it fails to stop cybercrime, this strategy can cost you upwards of $100M. Each enterprise application should be considered critical and deserves its own perimeter inside any network environment. With Sony, or any organization, critical data means all data. For a manufacturer, critical data might be product designs as well as the obvious accounting and customer data. Plus, nearly 85% of insider attacks or “privilege misuse” attacks used the target enterprises’ corporate local area network (LAN), according to a 2014 Verizon security report. To truly guard and protect an application, enterprises need to control all data and network traffic via secure, encrypted switches at every layer within a network. Defense shouldn’t end at the data center pediment, but extend down to each individual application. Monitored access, encryption, and application-specific firewall rules can all but eliminate malicious “east/west” movement inside a network. This approach to application-specific defense in depth continues the concept of physical segmentation into “application segmentation.” Each application owner within an organization can dictate how traffic flows to each application server through an encrypted network switch. When data passes through a secure application perimeter, application owners can easily monitor and isolate traffic and prevent unauthorized access. Even with only basic interior firewall rules, this enterprise can protect themselves from a Sony-style data exploit. Source
  19. 1. Introduction The process of IP fragmentation occurs when the data of the network layer is too large to be transmitted over the data link layer in one piece. Then the data of the network layer is split into several pieces (fragments), and this process is called IP fragmentation. The intention of this article is to present how IP fragmentation could be used by the attacker to bypass packet filters (IP fragmentation overlapping attack). Finally, it is shown how this attack can be prevented by stateful inspection. 2. Understanding IP fragmentation Two layers of the OSI model are specially interesting when IP fragmentation is discussed – layer 3 (network) and layer 2 (data link). Data of the network layer is called a datagram and data of the data link layer is called a frame. From the data flow perspective – the datagram becomes included in the frame (encapsulation) and is sent to the receiver via the physical medium in the form of ones and zeros (physical layer – layer 1 of the OSI model). It may occur that the data of the network layer might be too large to be sent over the data link layer in one piece. Then it needs to be fragmented. How much data can be sent in one frame? It is defined by the MTU (Maximum Transmission Unit) – for example MTU is 1500 bytes for the Ethernet, which is commonly used at the data link layer. Let’s describe now how IP fragmentation actually works. We need some indication that the fragments belong to the specified datagram (please keep in mind that these fragments need to be reassembled later by the receiver). For this purpose the identification number is used – the same value is used for all fragments that are created as a result of the datagram’s fragmentation. These fragments need to be reassembled to the original datagram, but how should they be reassembled (order of fragments)? Offset is used for this purpose. How does the receiver know the number of fragments? Here the flag MF (More Fragments) is used. When MF flag is set, the system knows that the next fragment is expected. The last fragment is the one without MF flag. To summarize: the sender chooses the size of datagram that is not greater than the MTU of attached network medium and then the process of IP fragmentation is delegated to the routers, which connect different network media with different MTUs. There is also another approach to IP fragmentation – Path MTU Discovery. The idea is that the sender sends a probe datagram with DF (Don’t Fragment) flag set. If the router gets this probe datagram and sees that it is larger than the MTU of the attached network medium, then the problem occurs – the router has to fragment it, but the probe datagram is said not to be fragmented. Then the message about this problem is sent to the sender who interprets the answer and knows that the datagram needs to be smaller to avoid fragmentation on the way to the receiver. The sender wants to find out how large the datagram can be to avoid fragmentation by the routers. That’s why this process is called Path MTU Discovery and fragmentation in this approach is delegated to the sender. The problem with this approach is that the probe datagram might have been sent via different route than the next datagrams. As a consequence, it may turn out that the smallest MTU discovered by the sender is actually not the smallest one for the next datagrams, and the fragmentation done by routers will still be needed. What happens when the fragment is lost? The retransmission occurs when TCP is used at the layer 4 of the OSI model (transport layer). 3. IP Fragmentation Overlapping Let’s assume that the packet filter allows only the connections to port 80, but the attacker wants to connect to port 23. Although the packet filter is configured to block the connections to port 23, the attacker might try to use IP fragmentation overlapping to bypass the packet filter and finally connect to this port. This attack works as follows. The packet filter might be implemented in the way that the first fragment is checked according to the implemented rules – when the connection to port 80 is seen, the packet filter accepts this fragment and forwards it to the receiver. Moreover, the packet filter may assume that the next fragments just include the data, and this is not interesting from its point of view. As a consequence, the packet filter forwards the next fragments to the receiver. Recall at this point that the reassembling occurs when the fragments arrive to the receiver. The next fragment (as it has been said – forwarded by the packer filter) might have been specially prepared by the attacker – the carefully chosen offset has been used to overwrite the value of the destination port from the first fragment. The receiver waits for all fragments, reassembles them, and finally the connection to port of the attacker’s choice is established. The assumption here is that the packet filter looks at the first fragment that has all the necessary information to make a decision about forwarding or denying the fragment – the other fragments are assumed not to have interesting data (from packet filter’s point of view) and are just forwarded. How could we solve this problem? If the packet filter reassembled the fragments before making a decision (forward or deny), then the attacker would be stopped. As we can see this approach is about understanding the state or context of the traffic and is called stateful inspection (in contrast to the previously described packet filter that is stateless). 4. Summary IP fragmentation occurs when the data of the network layer is too large to be sent over the data link layer in one piece. It was presented how IP fragmentation can be used to bypass packet filter (IP fragmentation overlapping attack) and how stateful inspection can prevent this attack. Source
  20. Introduction to POS malware In September 2014, experts at Trustwave firm published an interesting report on the evolution of the point-of-sale (PoS) malware in recent months. The attention of the media on PoS malware was raised after the numerous data breaches suffered by retail giants Target, Home Depot and Neiman Marcus. Experts at Trustwave investigated a number of incidents involving payment card data, and researchers examined a large amount of malicious code used by criminal crews to target point-of-sale devices. PoS malware is specifically designed to steal sensitive information stored in the magnetic stripe of a payment card, yet techniques implemented by the malware authors are different and are becoming even more sophisticated. Point-of-sale malware are able to steal data by scraping the memory of the machine or accessing its disk. Since 2013, POS malware is rapidly evolving, and numerous actors in the underground have offered customization for malicious codes widely used worldwide. The most interesting evolutions for PoS malware are related to evasion techniques and exfiltration methods. Cyber criminals are exploiting new solutions to avoid detection of defensive software. Malware authors are also looking with great interest to PoS malware botnets that rely on command and control (C&C) servers hidden in the TOR networks. “We also saw evidence of more authors automating the installation and control of their malware in 2013. While Trustwave discovered a number of new POS malware families exhibiting botnet-like tendencies, a number of well-known, older families also made an appearance,” states the post published by Trustwave. Which are the most popular PoS malware? Experts at Trustwave revealed that the Alina (19,1) malware family was the most prevalent malware used by threat actors behind the cases investigated by Trustwave. Other malware detected by the investigators were Baggage (16,5%) and Triforce (11,2%), meanwhile the popular BlackPos malware, Dexter and ChewBacca were used in a limited number of attacks, despite that they are considered very sophisticated. A detailed look to several PoS malware revealed that the Dexter malware is appreciated for the memory dumping ability it implements. Dexter implements process-injection mechanisms and logs keystrokes. Chewbacca is another powerful malware characterized by a sophisticated exfiltration mechanism that relays over the TOR network to host C&C servers. Debuting in late 2012, Alina surprised many, because it was one of a small number of POS malware families that included a C&C structure, encrypted the data it exfiltrated, blacklisted common Windows processes and installed itself to a randomly chosen name.” In many cases, criminal crews also used commercial keyloggers to infect the POS systems. A common characteristic for all the malware detected since 2014 is the lack of encryption for exfiltrated data. The “exclusive OR” (XOR) operation is the encryption technique most used by the malware authors (32%), followed by Blowfish (3.7%). Analyzing the exfiltration methods used by point-of-sale malware, the experts discovered that in the majority of cases (41%) the attackers don’t adopt a botnet infrastructure with a classic C&C infrastructure, instead they prefer to leave the stolen data on disk to be extracted manually later. HTTP is the second exfiltration technique (29%), followed by SMTP (22%). By analyzing the POS malware persistence mechanisms, the experts noticed that they did not change significantly from the past years. The point-of-sale malware use maintained persistence in one of the following ways: Run Registry Modification (53.2%) Installed as a Service (30.9%) AppInitDLLs Registry Modification (0.5%) None (14.9%) The evolution of point-of sale malware – what’s new? The authors of point-of-sale malware are improving their code. Let’s analyze together the most interesting code discovered since the report published by Trustwave in 2014. Name Abilities PoSeidon malware Sophisticated method to find card data. Self-update ability to execute new code. Effective measures to protect its code from analysis. The malware belongs to the “scrapers” family. Implementation of the Luhn formula to verify card validity. Uses a keylogger module. NewPosThings malware Efficient memory scraping process. Custom packer and new anti-debugging mechanisms. Implements ability to harvest user input. To obtain persistence it uses registry entry with the name “Java. Update Manager”. Disables the warning messages used by the OS. Implementation of the Luhn formula to verify card validity. d4re|dev1| malware Infects Mass Transit Systems. Allows remote control of victims. Implements functionalities of RAM scrapping and keylogging features. Allows loading of additional payloads through “File Upload” option for lateral movement inside the local network. The PoSeidon malware Recently, experts at Cisco have discovered a new strain of PoS malware dubbed PoSeidon. The new variant of malware presents many similarities with the popular Zeus trojan and implements sophisticated methods to find card data on the infected machine with respect to other PoS malicious code like BlackPoS, which is the malware that was used to steal data from the US giant retailers Target and Home Depot. “PoSeidon was professionally written to be quick and evasive with new capabilities not seen in other PoS malware,” states the blog post from Cisco’s Security Solutions team. “It can communicate directly with C&C servers, self-update to execute new code and has self-protection mechanisms guarding against reverse engineering.” The following image shows the architecture of the PoSeidon malware used by criminal crews to steal credit/debit card data from PoS systems. The malicious code belongs to the family of malicious code dubbed “scrapers”, which are malware that “scrape” the memory of point-of-sale systems searching for card numbers of principal card issuers (i.e. Visa, MasterCard, AMEX and Discover). PoSeidon has the ability to verify the validity of card numbers by using the Luhn formula. Once in execution, PoSeidon starts with a loader binary that operates to ensure the persistence on the infected PoS machine, then it receives other components from the C&C servers. Among the binaries downloaded by the loader, there is also a keylogger component used to steal passwords and could have been the initial infection vector, Cisco said. “The Loader then contacts a command and control server, retrieving a URL which contains another binary to download and execute. The downloaded binary, FindStr, installs a keylogger and scans the memory of the PoS device for number sequences that could be credit card numbers. Upon verifying that the numbers are in fact credit card numbers, keystrokes and credit card numbers are encoded and sent to an exfiltration server,” continues Cisco. The loader contacts one of the hardcoded servers in the following list provided by CISCO experts, the majority of them belonging to Russian domains: linturefa.com xablopefgr.com tabidzuwek.com lacdileftre.ru tabidzuwek.com xablopefgr.com lacdileftre.ru weksrubaz.ru linturefa.ru mifastubiv.ru xablopefgr.ru tabidzuwek.ru PoSeidon protects exfiltrated data with encryption. The data stolen from the memory of the machine and collected by the keylogger are sent to the C&C in XOR and base64 encoding. The majority of command and control servers identified by the experts are currently hosted on “.ru” domains. PoSeidon demonstrates the great interest in the criminal underground in PoS systems. Criminal crews are developing sophisticated techniques to compromise these systems. “Attackers will continue to target PoS systems and employ various obfuscation techniques in an attempt to avoid detection. As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families. Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats,” explained Cisco’s Security Solutions team. NewPosThings malware Another insidious point-of-sale malware recently improved is NewPosThings. Researchers at Trend Micro in fact have detected a new strain of the malicious code. The new variant of NewPosThings, also known as NewPosThings 3.0, is a 64-bit version of the known agent discovered in 2014 by the experts at Arbor Networks. The researchers at Trend Micro confirmed that the malware had been in development since October 2013, and since then many variants were detected in the wild, including the last version that was specifically designed to compromise 64-bit architectures. The NewPosThings PoS malware implements an efficient memory scraping process to steal payment card data directly from the memory of the PoS machine. Malware authors implemented a custom packer and new anti-debugging mechanisms and a module to harvest user input. The NewPosThings variant, coded as TSPY_POSNEWT. SM, installs itself on the victim’s machine using different names that appear familiar to the users, including javaj.exe, vchost.exe, dwm.exe, ism.exe and isasss.exe. As explained by malware experts from Trend Micro, the choice of the name is not casual, but it is the result of an algorithm that calculates based on information related to the infected machine like its name and the volume serial number. NewPosThings uses a registry entry with the name “Java Update Manager” to obtain persistence on the PoS machine. Figure 3 -NewPosThings uses a registry entry with the name “Java Update Manager” to obtain persistence on the PoS machine. Once it has infected the target, NewPosThings starts gathering sensitive data, including passwords for virtual network computing (VNC) software such as UltraVNC, RealVNC, WinVNC, and TightVNC. Then the malware disables the warning messages used by the OS for certain file extensions, including .exe,.bat,.reg and .vbs. .exe,.bat,.reg and .vbs. “Disabling the Open File Security Warning of Microsoft Windows reduces the overall security posture of the Microsoft Windows host operating system. This is because the system no longer prompts the user for validation when opening up files that could have been downloaded from malicious sources,” states the blog post published by Trend Micro. NewPosThings checks the presence of financial software on the target machine, and when it recognizes the associated process it searches for patterns that could be associated with credit/debit card numbers, and like other malware, uses the Luhn algorithm to validate the data. The same algorithm was used for card number validation by recently discovered PoSeidon and Soraya malicious codes. NewPosThings transfers data to the command and control (C&C) server every 10 minutes. The collected data is sent to the server via HTTP. Among the C&C servers used by the malware authors there are also IP addresses associated with two US airports. “While analyzing the C&C servers used by the PoS Trojan, experts identified IP addresses associated with two airports in the United States. Trend Micro PoS Trojan, experts identified IP addresses associated with two airports in the United States. Trend Micro warned that travelers will be increasingly targeted and that airports are a target-rich environment.” Security Experts at Voidsec security firm published an interesting analysis of the malware and its command and control infrastructure. The experts used data provided by Arbor Networks to locate the Command & Control servers that are still up and running. The experts exploited some vulnerabilities in the C&C servers to analyze their contents. By analyzing the server, experts from Voidsec discovered the following vulnerabilities: Ability to run bruteforce attacks on administrative credentials. Presence of the phpMyAdmin application implementing web login. Authentication bypass, which gives the attacker the ability to view a protected page on the C2 server without being logged. By accessing data hosted on the compromised Command & Control servers, the researcher profiled the botnet used by the criminal crews: The two servers C&C servers analyzed managed a total of 80 bots. At the moment the experts logged C2 servers, there were 50 bots active, 10 did not have a status, and 20 bots were “dead.” The total number of archived log is 5240, an average of 65.5 log / bot. 79% of the bots were based on 32-bit architecture, the remaining on 64-bit architecture. The majority of compromised bots (57%) were XP machines, followed by Windows 7 (34%). The greatest number of infections was observed in Canada (29%), Australia (21%) and UK (13%). Figure 5 – PoS machine OS (Analysis Voidsec) The “d4re|dev1|” PoS malware The last case I want to discuss is a PoS malware that was detected by security experts at the IntelCrawler cyber threat intelligence firm at the end of 2014. Researchers detected a new point-of-Sale malware called “d4re|dev1|” (read dareldevil), which was used by criminal crews to infect ticket vending machines and electronic kiosks. In this case, the malware was used to infect Mass Transit Systems. The malicious code appeared as a sophisticated backdoor, which allows remote control of victims. d4re|dev1| implements RAM scraping and keylogging features exactly like any other PoS malware. The experts at IntelCrawler explained that d4re|dev1| is able to steal data from several PoS systems, including QuickBooks Point of Sale Multi-Store, OSIPOS Retail Management System, Harmony WinPOS and Figure Gemini POS. IntelCrawler discovered that cyber criminals managing the d4re|dev1| botnet also compromised ticket vending machines used by mass transportation systems and electronic kiosks installed in public areas. One of the infected ticket vending machines was identified in August 2014 in Sardinia, Italy, and attackers obtained the access exploiting credentials for a VNC (Virtual Network Computing). “These kiosks and ticket machines don’t usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infectious payloads and the exfiltration of payment data in an ongoing and undetected scheme,” states IntelCrawler. igure 7 – d4re|dev1| Control panel In a classic attack scenario, threat actors used to compromise the targeted PoS by discovering the remote administrative credentials, for example through a brute force attack. Researchers at IntelCrawler believe that attackers use this tactic to compromise the POS systems. Anyway, the d4re|dev1| malware also allows operators to remotely upload files to the victim’s machine, and in this way the attacker can provide updates to code or to serve additional payloads for lateral movement inside the local network. “The malware has a “File Upload” option, which can be used for remote payload updating. The process of malware was masked under “PGTerm.exe” or “hkcmd.exe”, as well as legitimate names of software such as Google Chrome. Adversaries use this option for the installation of additional backdoors and tools, which allows them to avoid infrastructure limitations and security policies designed for detection,” said InterCrawler. The “upload feature” is particularly important for cyber criminals. Experts speculate that attackers are interested to compromise systems inside enterprise wide networks to capitalize their efforts with multiple activities inside the targeted infrastructure (i.e. data stealing, botnet recruiting). “Serious cybercriminals are not interested in just one particular Point-of-Sale terminal—they are looking for enterprise wide network environments, having tens of connected devices accepting payments and returning larger sets of spoils to their C2 [command-and-control] servers,” states the blog post published by IntelCrawler. Conclusions The number of data breaches is growing at a fast pace, and the retail industry is among the most affected sectors. Security experts sustain that measures to prevent cyber attacks against systems in the retail industry are not adequate, and PoS systems are a privileged target of cyber criminals that are developing new malicious code that presents sophisticated techniques. In this post, we have analyzed three of the most effective samples of PoS malware recently detected by security firms. They implement a similar feature that makes these malicious codes perfect hacking weapons that in some cases are used to breach the overall infrastructure of the victims. The experts highlight that the employees of breached companies commonly violated security policies, for example, it is very common that they used the terminals to navigate on the web, check their email, to access social network accounts and play online games. This dangerous behavior must be banned, and it is necessary to instruct personnel on the principal threats and the techniques, tactics, and procedures of the attackers. It is recommended to use a secure connection for administrative activities and limit the software environment for operators “by using proper access control lists and updated security polices”. References http://securityaffairs.co/wordpress/28160/malware/point-of-sale-malware.html https://gsr.trustwave.com/topics/placeholder-topic/point-of-sale-malware/ http://securityaffairs.co/wordpress/35181/cyber-crime/poseidon-pos-malware.html http://www.arbornetworks.com/asert/2014/09/lets-talk-about-newposthings/ http://securityaffairs.co/wordpress/30570/cyber-crime/pos-malware-dareldevil.html http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ http://voidsec.com/newposthings-hacked-exposed/#server http://securityaffairs.co/wordpress/30570/cyber-crime/pos-malware-dareldevil.html https://www.intelcrawler.com/news-24 http://securityaffairs.co/wordpress/30570/cyber-crime/pos-malware-dareldevil.html Source
  21. Twitter dau prin pm! proof http://tinypic.com/r/29qfedh/8 http://tinypic.com/r/vsc2tw/8 uploaded.to combo:LittleAmok - 123456 Duration: 1 Week 1 day and 12 hours Points: 7.500 Balance: 0,00 € eMail: LittleAmok@web.d Starter VPN Data Protection: 2325MB / month Devices: 4 of 5 available devices Renewal Date: May 25, 2015 Use On: Windows, OSX, iOS, Android https://masterhunt@hotmail.co.uk:petcorrector@accounts.surfeasy.com/login ..................................... https://karsten1998@live.com:07876363724k@accounts.surfeasy.com/login Starter VPN Data Protection: 1625MB / month Devices: 3 of 5 available devices Renewal Date: June 5, 2015 Use On: Windows, OSX, iOS, Android ................................. https://smeelonig@gmail.com:mysandwich@accounts.surfeasy.com/login Starter VPN Data Protection: 1625MB / month Devices: 1 of 5 available devices Renewal Date: May 11, 2015 Use On: Windows, OSX, iOS, Android ................................... https://www.premiumize.me/account ellyn.fanthome : ellyn.fanthome1 Your account data E-Mail ellyn.fanthome@vsimcard.com Customer ID 276253134 PIN Show PIN Renew Fair use status Green 0% (learn more) Premium status Inactive ............................... Expire_date: 7/7/2015, traffic_left: 3128367965964 http://massimo.bracci@tin.it:massimo58@rapidgator.net/api/user/login? ptidav86 (Déconnexion)|0|? 151.48 GB / ? 198.56 GB |Ratio: 0,76 |Menu http://www.t411.io/ Cam atat pentru azi..
  22. Yes it's slow, but it's enough to leak data to another Android The better your Android smartphone's audio, the worse its security – the audio channel is the latest path for “low and slow” data leak attacks. A research group at the Rochester Institute of Technology (RIT) has demonstrated that you could create a covert data channel using a smartphone's voice channel. While it only runs at 13 bits per second, the researchers reckon that's enough to exfiltrate data (if you're patient), or the channel could be used to spread malware that opens up more attack possibilities. And, of course, because your average Android security product watches out for suspicious data interactions, the voice-carrying hardware might go completely unnoticed. What Bushra Aloraini, Daryl Johnson, Bill Stackpole, and Sumita Mishra of the RIT's Golisano College of Computing and Information Science did was create a software modem (remember Winmodem?) that encodes data on the voice stream, but doesn't take up enough of that stream so that the user will notice. Therein lies the importance of high-quality voice: in an older Android mobe with just a baseband processor (BP) and an application processor (AP), “end users and applications are not able to access the cellular voice stream”. Newer mobes designed to slake our thirst for high-quality multimedia are different – they have dedicated A/V processors, with the application processor doing audio routing. As the paper states, the “audio path to the cellular voice channel could be reached and controlled from the AP and potentially the end user.” he researchers' audio modem works just like an old-school dial-up modem, using frequency-shift keying to encode digital states (in their case, Morse code, with 600 Hz representing a dot and 1,000 Hz representing a dash). The audio modem is accompanied with a rootkit that hides the modem in Android, and gives it continuous privileged access to the system. Source
  23. FITA is a most preferred Hadoop Course in Chennai.Hadoop Training in Chennai from Big Data Training.IN is a leading Global Talent Development Corporation, building skilled manpower pool for global industry requirements. BigData Training.in has today grown to be amongst world’s leading talent development companies offering learning solutions to Individuals, Institutions & Corporate Clients.
  24. Product Description Weather Underground has challenged the conventions around how weather information is shared with the public since 1993. They’re immensely proud of the unique products that the community and meteorologists have created to improve people’s access to meaningful weather data from around the globe. As the Internet’s 1st weather service, they consider themselves pioneers within their field and they ‘re constantly seeking new data sets and the next technologies that will help them share more data with more people. Their brand mission is to make quality weather information available to every person on this planet. No matter where you live in the world or how obscure an activity you require weather information for – they will provide you with as much relevant, local weather data as they can uncover. they promise to provide weather data for those that are underserved by other weather providers. The beating heart of their brand is the generous and passionate community of weather enthusiasts that share weather data and content across their products. With 37,000+ members sending real-time data from their own personal weather stations, they provide them with the extensive data that makes their forecasts and products so unique. The vast amount of weather data they collect only becomes meaningful when combined with the scientific expertise that the team of meteorologists provide. Their proprietary forecast model leverages the personal weather station community to provide the most reliable and localized forecasts available. Their meteorologists and climatologists also provide valuable insight into the science behind the data and the relationship between weather and climate change. -> Download <-Deal Expires in:
×
×
  • Create New...