Archive for the IT Security Category

iPhone Security Bug Lets Innocent-Looking Apps Go Bad

Posted in IT Security on November 8, 2011 by cobra

Apple’s iPhones and iPads have remained malware-free thanks mostly to the company’s puritanical attitude toward its App Store: Nothing even vaguely sinful gets in, and nothing from outside the App Store gets downloaded to an iOS gadget. Now serial Mac hacker Charlie Miller has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.

Click here to the full article on this subject and watch the video clip shown in the article demonstrating the technique.

Warning!! Another critical online banking trojan for Android

Posted in IT Security on September 20, 2011 by cobra

First, Android mobiles were found to be infected with the ZeuS trojan, and now there are reports that SpyEye has also made the jump to this smartphone platform. Online crime prevention vendor Trusteer says that the malware masquerades as a security app and can intercept incoming SMS text messages. This apparently allows it to bypass the mobile TAN system.

ZeuS uses a similar approach when infecting smartphones; previous variants of ZeuS and SpyEye were able to infect systems running Symbian or Windows Mobile. However, there is still no need for users to panic – the malicious programs don’t exploit a vulnerability in the device, they target the person holding the phone, the phone user, who must manually download and install the app. Reasonably careful users are unlikely to fall for the trick.

Please click here to read about SyeEye’s threat to Android.

Android trojan records phone calls

Posted in IT Security on August 6, 2011 by cobra

Security experts have discovered a new piece of malware for Google’s Android mobile operating system which secretly records phone conversations. If a user installs the application, which, in a crude attempt at camouflage, calls itself “Android System Message”, it saves recordings of all outgoing phone conversations in a subdirectory on the SD card.

Although the application does inform the user that it requires privileges which include audio recording, with so many applications requesting privileges which they clearly don’t need, most Android users are unlikely to notice this.

Please click here to find out how this Trojan works in detail.

Storing passwords in uncrackable form

Posted in IT Security on July 23, 2011 by cobra

News about intrusions into the servers of online stores, games vendors and other internet services can now be read on an almost daily basis. Often, the intruders obtain customers’ login data including their passwords. As many people use the same password in multiple places, criminals can use the passwords to obtain unauthorised access to further services.

To prevent passwords from being extracted, web site operators usually protect their users’ passwords through such cryptographic techniques as one-way hashing. For this purpose, a character string that doesn’t allow any conclusions to be drawn about the actual password is derived from the password. The only way of finding out whether a password matches a hash is to rehash the password and compare the results. This method is used by the authentication systems of operating systems and web applications – and also by password crackers.

MD5 hashing was long considered sufficiently resilient for this purpose, because the time that is required to try out all possible combinations made it difficult for attackers to reconstruct a password from a hash. With a strong password, trying out all password combinations (brute force attack) using a cracker such as John the Ripper on conventional hardware used to take months, if not years. But times have changed.

Cloud, CUDA and multi-core computer technologies are both a blessing and a curse: they can greatly accelerate the processing of data and make even complex simulations available to end users. Unfortunately, crackers use the same high-speed computing power to reconstruct plain-text data from an encrypted password, and then they use the password to log into a system as administrators. In this context, password crackers can take advantage of the fact that the harvested hashes were probably created using the MD5 algorithm, which is optimised for fast processing.

Commercial password crackers such as those by vendor Elcomsoft, and such free tools as Hashcat and BarsWF, can try out several million hashes per second to find out whether one of them matches a specific password. This means that a password of eight characters can be cracked in four days. However, there are even faster ways. As hard disk storage is getting cheaper and cheaper, attackers often use giant tables (rainbow tables) containing billions of pre-calculated hashes to find a password. These tables potentially allow them to determine a password within minutes. The lists required for dictionary attacks are also becoming longer and longer and, with very weak passwords, often enable cracking programs to succeed within hours.

Click here to read the complete article on this critical subject, it is a MUST read for all the individuals out there who are seeking password protection.

Google: Hundreds of Gmail accounts in U.S., Asia hacked

Posted in IT Security on June 2, 2011 by cobra

Hackers around the world are gaining more attention than usual in the last few months. Now Google has added another announcement to the pile that hundreds of Gmail accounts have been hacked recently.

Now, Google affirms that the problem doesn’t rest with Gmail security but rather this scheme was a result of phishing and malware.

Click Here to read the full article on this problem.

Six new and rising hacker threats

Posted in IT Security on May 24, 2011 by cobra

Hackers never sleep, it seems. Just when you think you’ve battened down the hatches and fully protected yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. It might be an SMS text message with a malevolent payload or a stalker who dogs your every step online. Or maybe it’s an emerging technology like in-car Wi-Fi that suddenly creates a whole new attack vector.

Whether you’re an IT manager protecting employees and corporate systems or you’re simply trying to keep your own personal data safe, these threats, some rapidly growing and others still emerging, pose a potential risk.

Fortunately, there are some security procedures and tools available to help you win the fight against the bad guys.

Please click here to read the complete article at Techworld.com

SMS Trojan found in several Google Android Applications

Posted in IT Security on May 13, 2011 by cobra

Google has removed a group of mobile phone applications from its Android Market after it was discovered that the applications contained code that could be used to send SMS (Short Message Service) spam.

Google’s action came after a security firm in Taiwan published a security alert about the apps on Wednesday, saying that there were a total of 11 apps found to have the suspicious code in them. The advisory warns users that the apps send messages to three numbers that can cause users to be subscribed to paid services without their knowledge.The SMS functionality would only work when the user is located in China, according to the advisory.

Click here to read the full article