Click here to the full article on this subject and watch the video clip shown in the article demonstrating the technique.

ZeuS uses a similar approach when infecting smartphones; previous variants of ZeuS and SpyEye were able to infect systems running Symbian or Windows Mobile. However, there is still no need for users to panic – the malicious programs don’t exploit a vulnerability in the device, they target the person holding the phone, the phone user, who must manually download and install the app. Reasonably careful users are unlikely to fall for the trick.

Please click here to read about SyeEye’s threat to Android.

Although the application does inform the user that it requires privileges which include audio recording, with so many applications requesting privileges which they clearly don’t need, most Android users are unlikely to notice this.

Please click here to find out how this Trojan works in detail.

To prevent passwords from being extracted, web site operators usually protect their users’ passwords through such cryptographic techniques as one-way hashing. For this purpose, a character string that doesn’t allow any conclusions to be drawn about the actual password is derived from the password. The only way of finding out whether a password matches a hash is to rehash the password and compare the results. This method is used by the authentication systems of operating systems and web applications – and also by password crackers.

MD5 hashing was long considered sufficiently resilient for this purpose, because the time that is required to try out all possible combinations made it difficult for attackers to reconstruct a password from a hash. With a strong password, trying out all password combinations (brute force attack) using a cracker such as John the Ripper on conventional hardware used to take months, if not years. But times have changed.

Cloud, CUDA and multi-core computer technologies are both a blessing and a curse: they can greatly accelerate the processing of data and make even complex simulations available to end users. Unfortunately, crackers use the same high-speed computing power to reconstruct plain-text data from an encrypted password, and then they use the password to log into a system as administrators. In this context, password crackers can take advantage of the fact that the harvested hashes were probably created using the MD5 algorithm, which is optimised for fast processing.

Commercial password crackers such as those by vendor Elcomsoft, and such free tools as Hashcat and BarsWF, can try out several million hashes per second to find out whether one of them matches a specific password. This means that a password of eight characters can be cracked in four days. However, there are even faster ways. As hard disk storage is getting cheaper and cheaper, attackers often use giant tables (rainbow tables) containing billions of pre-calculated hashes to find a password. These tables potentially allow them to determine a password within minutes. The lists required for dictionary attacks are also becoming longer and longer and, with very weak passwords, often enable cracking programs to succeed within hours.

Click here to read the complete article on this critical subject, it is a MUST read for all the individuals out there who are seeking password protection.

Now, Google affirms that the problem doesn’t rest with Gmail security but rather this scheme was a result of phishing and malware.

Click Here to read the full article on this problem.

Whether you’re an IT manager protecting employees and corporate systems or you’re simply trying to keep your own personal data safe, these threats, some rapidly growing and others still emerging, pose a potential risk.

Fortunately, there are some security procedures and tools available to help you win the fight against the bad guys.

Please click here to read the complete article at Techworld.com

Google’s action came after a security firm in Taiwan published a security alert about the apps on Wednesday, saying that there were a total of 11 apps found to have the suspicious code in them. The advisory warns users that the apps send messages to three numbers that can cause users to be subscribed to paid services without their knowledge.The SMS functionality would only work when the user is located in China, according to the advisory.

Click here to read the full article

Google has been compiling the publicly accessible database of router locations in its quest to build a service, a la Skyhook, that pinpoints the exact location of internet users who use its sites. Now, hobbyist hacker Samy Kamkar has developed a site that demonstrates just how comprehensive Google’s catalog is.

Plug the MAC address of your router into Kamkar’s website, and chances are it will pull up its precise location, courtesy of Google Maps.

In October, Google pledged to stop using its world-roving Street View vehicles to collect Wi-Fi data and said it instead would rely on Android handsets to get the information. When phones running the Google OS detect any wireless network, they beam its MAC address, signal strength and GPS coordinates to Google servers, along with the unique ID of the handset.

Google has long given assurances that it will use the geolocation database only when users give their explicit consent, such as when they want to be spared the hassle of typing in their current address when getting driving directions. But Kamkar has demonstrated at least two hacks that allow operators of unscrupulous websites to pilfer the information from Google’s database anyway, allowing them to know the precise whereabouts of vulnerable visitors.

Click here to read the full article on this matter.

Rogelio Hackett of Lithonia, Georgia, admitted to stealing 676,443 credit card accounts and selling that information online. Credit card companies say that stolen accounts were linked to tens of thousands of fraudulent charges that total close to $37 million. Hackett could face ten years in prison and fines of $500,000 when he is sentenced and be asked to make restitution to credit card companies for the tens of millions of dollars in losses, according to a signed statement from the U.S. Attorney.

According to a statement of facts, signed by Hackett, his crime spree began in the late 1990s. A talented hacker, Hackett searched out vulnerable SQL databases online and exploited security vulnerabilities in them to gain access to credit card data.

Click here to read the full article.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

Please click here to continue reading this full article.