Category Archives: Security

NETRA , the Indian PRISM.

The Indian Government has launched a system to monitor every citizen’s online habit. If you happen to post anything in the internet say your FB status, or Twitter or email with words like “bomb”, “attack” ,”blast” ,”kill” then you will be marked as a potential terrorist! Yes you read it write you will be marked as potential terrorist just for posting a status update in the internet which contains certain keywords.
I wonder what will happen if I post a status update like say: “I had a blasting my friends party!”

computer-monitor

The NETRA as per I have knowledge is a hardware device which has a 300 GB capacity and is installed in the ISP’s end to capture the traffic. It is installed now in more than 1000 locations.What the Government is trying to do is just invade privacy of all the internet users of the country. A thought that also arises in my mind is that how much of personal data is stored by NETRA? and how much secure is it? If this device stores personal data of a large number of people, then what will happen if some one hacks into NETRA? Who will then be answerable?

Sources: The Economic Times

Microsoft Security Essentials misses 39% of Malware.

Microsoft Security Essentials which is a free product from Microsoft , now given to every Windows 8 and 8.1 users in name of Windows Defender. Has failed to detect 39% of the Malware in Dennis Test.
Microsoft_Security_Essentials_icon
Norton Internet Security received the strongest protection rating online casinos in DTL”s tests, detecting 99% of malware(result includes false positives),while Kaspersky Internet Security 2014 provided the best overall level of protection.

Full Scores and Details of individual antivirus programs can be downloaded from here

.

iMessage gets hacked.

Is iMessages really secured? This question has been in mind of the many people who uses iMessages , after the NSA PRISM incident. Well sometime back Apple published a statement on their website that iMessages are protected by end to end encryption and there could not be any man in the middle attack , and even Apple could not decrypt the iMessages. You can view the statement by Apple here.

But this is not the case, iMessages can be intercepted by man in the middle attack and even Apple can decrypt the iMessages.

Here is a video that show a security researcher group doing a man in the middle attack on iMessage.

 

 

 

DoS attack on iOS and OSX for WebKit engine.

A new exploit in Apple iOS and OSX has been found which crashes any application which contains certain characters of Arabic text.It crashes applications running on iOS and OSX that uses WebKit engine. But I have seen that same character set does not crash WebKit application on different platform. So we can be assured that the bug is of Apple not WebKit engine as a whole. (I tested Google Chrome on Linux)

Versions effected are, iOS 6 , 7 beta and iOS< 6 ,Mac OS X 10.8

Version not effected Mac OSX 10.9 beta and OSX<10.8

This fatal error can be reproduced if

  • You send text message to your iPhone with the set of characters.
  • You sen iMessage to Mac of iPhone.
  • Those set of characters are displayed on applications like browser.
    On Mac,I tested on Safari which crashed the whole Safari browser, but while on Google Chrome it only crashed the tab where the link was opened. In case you were wondering Firefox did not crash.If you are feeling adventurous and want to test which applications will crash the you can head to this link. Note this may crash your browser, if it does not then you will see the set of arabic characters.

Google Chrome crash

Exploit Link: http://zhovner.com/tmp/killwebkit.html (Warning it may crash your WebKit browser) , copy paste the link I have deliberately not hyperlinked as to stop people from accidentally clicking it.

 

Area 51 exists !

Since childhood many of us were fascinated by the existence of Aliens , UFOs and Area 51. Well I cant be sure of the first two but I can surely tell you that Area 51 does exists in real world.Recently in a declassified document by CIA they acknowledges that Area 51 does exists.But it makes me sad that they said the area is not for research and study about UFO but it is for testing of the U-2 and other spy planes.

Well don’t be dishearten , who knows they may be lying to hide the real truth ! Aliens and UFO may still exist. Like after the NSA PRISM, who will trust the Government, right? So all the fans of Aliens and UFOs enjoy the photos below.

 

Area 51 Satellite Image
Area 51 Satellite Image

 

Recently declassified map of Area 51
Recently declassified map of Area 51

Go to source link for more info.

News Source: AP

Death To Privacy.

One after another secure email services are going down.

After the PRISM incident where it was told that big corporates like Gmail, Yahoo and Hotmail were allowing the NSA and US Government to have access of innocent people’s private data. The secure email services are getting shut down in fear of NSA.

Recently a secure email service Lavabit used by the NSA whistle blower Edward Snowden got shutdown in fear of NSA takedown. Soon after that another secure email service Silent Circle also shuts itself down.

Lavabit shutsdown
Lavabit shutsdown

Yes when an email service gets shut down it does create a lot of problems but I will say the decision was good keep in mid its better that no one have access to your data(as the company is shutdown all the files are deleted from the server) then some official to have access to without proper reasons.

Silent Circle secure email shutsdown
Silent Circle secure email shutsdown

But a new secure email service is on its way. It is to be released in 2014 by the famous Kim Dotcom. Yes the creator of Megaupload and MEGA.

Hope more and more secure email service will come along in years to come then we can finally have a secure communication with our friends and family without the fear of someone spying on us.

Yahoo is planning to give your old email address away to anyone who wants it.

If you still haven’t heard Yahoo has made a new decision that it is going to reuse old emails. Yes you heard it right if you have not logged in your email address then it will be given to a new user if that new user wants to register that name). Well this is the worst decision move taken by any tech industries in the history. A huge security problem is bound to happen. It would be easy as a pie to impersonate some one. Well some of you have already got the idea what I am talking about, to those who don’t, let me explain it to you.

Yahoo Email

In present time in the cyber world, email has become a person’s identity. If the email address is accessed by some one else then that can cause identity theft. You may argue that how an email address that has not been used over 12 months is important to any person. Well let me tell you it can be very important. Let me give you one example. Suppose Mr. B had an email in Yahoo, but then he moved to say Gmail when it become popular. (A lot of people including me and people I know moved to Gmail from Yahoo)
And them Mr. B continued to use Gmail. And did not pay much attention to old email from Yahoo. All he did was use the email address of Yahoo while registering in Gmail. (When asked to enter a secondary email address) Now if Mr. B dod not know about this news of Yahoo and does not login to his account in Yahoo it will be released. And someone can claim it, and may reset the password of Mr. B’s Gmail account. (provided that person knows Mr. B’s Gmail address) and then lock out Mr. B from other services like Facebook, Twitter etc, where Mr. B used is Gmail address. So think what level of problems can be caused by this move by Yahoo.

Well there are many more possibilities to cause harm and loss to the original user of the email through social engineering, which I wont discuss here, but you did get the general idea.

Yahoo made the decision on June 12, users have 30 days to claim their inactive accounts before they are released. So get login in Yahoo email address to stop Yahoo giving away your email.

A charger that can install malware on your iOS device,including non-Jailbroken devices.

iphone5-black

 

Yes, you read it correct. A modified charger that can install malwares onto your iOS devices like iPhones and iPads, even though its not jailbroken, it does not even needs your interaction. And it takes less than a minutes of charging to get it infected.

Recently researchers will show a prototype of this charger in BlackHat Security Conference in late July. The prototype of the charge is named “Mactans” which is build on open-source single-board computer called the BeagleBoard,availavle at $45 from Texas Instruments.

Brief description by the researchers Billy Lau,Yeongjin Jang,Chengyu Song.

Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

 

 

Targeted Attacks, now using Android Malware.

In the past we have seen many targeted attacks on platforms line windows and Mac OS X. Now the cyber criminals who are making a targeted attack are using Android Malware. Generally in an email attachment we have seen that there is an infected doc, docx, xls, pdf file. But not there is an apk file (apk file is the extension of all Android apps)

March 24th, 2013, the e-mail account of a high-profile Tibetan activist was hacked and used to send spear phishing e-mails to their contact list. This is what the spear phishing e-mail looked like:

 

 

spear phishing email

 

The malicious APK is 334326 bytes file, MD5: 0b8806b38b52bebfe39ff585639e2ea2 and is detected by Kaspersky Lab products as “Backdoor.AndroidOS.Chuli.a”.

mal android

 

After you launch the Android app you will see.

 

launched mal app

 

The full text reads follows. Notice notice the use of the mistaken “Word” instead of “World”:

“On behalf of all at the Word Uyghur Congress (WUC), the Unrepresented Nations and Peoples Organization (UNPO) and the Society for Threatened Peoples (STP), Human Rights in China: Implications for East Turkestan, Tibet and Southern Mongolia

In what was an unprecedented coming-together of leading Uyghur, Mongolian, Tibetan and Chinese activists, as well as other leading international experts, we were greatly humbled by the great enthusiasm, contribution and desire from all in attendance to make this occasion something meaningful, the outcome of which produced some concrete, action-orientated solutions to our shared grievances. We are especially delighted about the platform and programme of work established in the declaration of the conference, upon which we sincerely hope will be built a strong and resolute working relationship on our shared goals for the future. With this in mind,we thoroughly look forward to working with you on these matters.

Dolkun lsa

Chairman of the Executive Committee

Word Uyghur Congress”

 

While the victim reads the message the malware collects the following informations:

  • Contacts (stored both on the phone and the SIM card).
  • Call logs.
  • SMS messages.
  • Geo-location.
  • Phone data (phone number, OS version, phone model, SDK version).

The data does not gets automatically uploaded to C&C server. The Trojan waits for incoming SMS messages (the “alarmReceiver.class”) and checks whether these messages contain one of the following commands: “sms”, “contact”, “location”, “other”. If one these commands is found, then the malware will encode the stolen data with Base64 and upload it to the command and control server. The C2 URL is:

hxxp://64.78.161.133/*victims”s_cell_phone_number*/process.php

 The remote C&C server is running a Windows Server 2003

remote C&C

 

It looks like the attacker speaks Chinese as the Windows Server is running in Chinese language.