Tag Archives: Security

Microsoft Security Essentials misses 39% of Malware.

Microsoft Security Essentials which is a free product from Microsoft , now given to every Windows 8 and 8.1 users in name of Windows Defender. Has failed to detect 39% of the Malware in Dennis Test.
Microsoft_Security_Essentials_icon
Norton Internet Security received the strongest protection rating online casinos in DTL”s tests, detecting 99% of malware(result includes false positives),while Kaspersky Internet Security 2014 provided the best overall level of protection.

Full Scores and Details of individual antivirus programs can be downloaded from here

.

iMessage gets hacked.

Is iMessages really secured? This question has been in mind of the many people who uses iMessages , after the NSA PRISM incident. Well sometime back Apple published a statement on their website that iMessages are protected by end to end encryption and there could not be any man in the middle attack , and even Apple could not decrypt the iMessages. You can view the statement by Apple here.

But this is not the case, iMessages can be intercepted by man in the middle attack and even Apple can decrypt the iMessages.

Here is a video that show a security researcher group doing a man in the middle attack on iMessage.

 

 

 

A charger that can install malware on your iOS device,including non-Jailbroken devices.

iphone5-black

 

Yes, you read it correct. A modified charger that can install malwares onto your iOS devices like iPhones and iPads, even though its not jailbroken, it does not even needs your interaction. And it takes less than a minutes of charging to get it infected.

Recently researchers will show a prototype of this charger in BlackHat Security Conference in late July. The prototype of the charge is named “Mactans” which is build on open-source single-board computer called the BeagleBoard,availavle at $45 from Texas Instruments.

Brief description by the researchers Billy Lau,Yeongjin Jang,Chengyu Song.

Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

 

 

“Win 8 Security System” has nothing to do with Windows8 ,its just a Fake Antivirus , rouge software.

There has been a lot of Fake Antivirus, it has been a trend that , the name of these softwares were always named in such a way that it can be confused with a Windows or Microsoft software. The latest one is “Win 8 Security System” it can be very easily confused with a software program or some software related to the upcoming Windows 8, by general computer users.

The Win 8 Security System works by installing a rootkit driver that takes the control of all the process of the operating system.

Win 8 Security
Win 8 Security, the Fake Antivirus software.

 

The rootkit is installed in the C:\Windows\system32\drivers\51991c15f7a6834.sys (note the numbers are random, your may be a different filename but the location is the same) The rootkit is of two  variant the 64bit , the rootkit disables the Windows 64bit kernel-mode driver signing. The cyber criminals also went ahead and slef signed the rootkit driver, note that the certificate date starts from 30th August (yesterday) !

Note the date of the certificate on the Fake Antivirus it starts on 30th August thats yesterday.

The virus also creates a Fake Action Center which shows the user that the computer is not fully protected.

Fake Windows Action Center

Browser Hijack, the proxy settings gets changed it happens both IE and Chrome , so whatever you type in the address bar it gives a fake  warning.

The main purpose of these fake antivirus is to scare the user and ask them to pay money and says that if you pay money the will get it out of your system and you should know this they wont! even if you have submitted your credit card (which is taken by the cyber criminals) I have seen many people who have regretted submitting their credit card. So, my request is that please do not submit your credit card, they will steal your money and not fix your computer.

They say to buy the software and they will fix your PC, but they wont trust me.

 

Clicking the shortcut icon to buy the software will add this to your computer registry   Target: C:\WINDOWS\system32\reg.exe add “HKCU\SOFTWARE\Microsoft\Windows NT” /v FrameworkBuild /t REG_DWORD /d 0 /f that will open the shopping cart

Shopping cart designed to steal your credit card information.

 

 

How to remove it?
You must be wonderring how to remove this from your PC. You can use the Hitman Pro software (you will get a free licence with the download)
 
Hitman Pro running on 64 bit machine.

 

Its Time You Disable Java On Your Browser. New Java exploit , included in the Blackhole exploit kit , Oracle was told about this exploit in April.

Recently there has been lot of malwares and virus designed with help of Java, to make the malicious code run anywhere, be it Windows , Linux or Mac. But a flaw in the Java itself which was informed to Oracle , in the month of April, has still not being patched. And thus the exploit has been public which is now included in Blackhole exploit kit, to spread virus to Windows machine.

Brain Krebs was first to find out the that  CVE 2012-4681 was being added casino to the Blackhole exploit kit,security company SophosLabs also confirmed it. As of now its only known to be spreading virus on Windows computers, if Mac or Linux are effected is not confirmed yet. The version which is effected in Java 7 , as Mac”s Java version is updated by Apple that version is not yet known to be effected. But as Java 7 has been made available for Mac OS X by Oracle , if user has updated to the new version, they are at risk.

Its is wise to keep Java disabled for the time, till patches are being applied.

Update

Go to http://isjavaexploitable.com/ to check if you Java is vulnerable to exploit.

 

Is Windows 8 Spying On You?

Recently there has been reports that the Microsoft”s Windows 8 is spying via SmartScreen. Analysis by security researcher Nadim Kobeissi have found out that there is potential privacy threat to Windows 8 users due to ScreenSmart system. The ScreenSmart is built to check if the application that the user wants to install contains malicious code.

“The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install,” Kobeissi wrote. “This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users.”

The SmartScreen keeps a note of all the applications you install and researchers have also claimed that the install logs from your computer hard drive are also sent to Microsoft. And this data can be snooped by third-parties. As because the data is sent over from your computer to Microsoft over casino online SSLv2 protocol which is breakable.

Although as you might know SmartScreen can be turned off, but the system automatically gives you reminder to turn it of. And yes Microsoft have denied the fact. I am sharing a screenshot of captured packet from a Windows 8 system which clearly shows that the data is being sent to Microsoft and the data can be received by third party.

 

So what do you think? do comment below.

Skype message bug got fixed.

Recently Skype has been pushing updates for all the platforms Windows, Linux, Mac to fix the message leak bug. The effected Skype clients were as follows:

  • Skype 5.10 for Windows
  • Skype 5.8 for Mac
  • Skype 4.0 for Linux
  • Skype 1.2 for Windows Phone
ruletin . title=”skype small logo” src=”http://www.ahitagni.com/wp-content/uploads/2012/07/skype-small-logo1.jpg” alt=”skype message bug fix” width=”225″ height=”225″ />

Although its advisable for the users to manually check for update if somehow you did not receive the update that was pushed from Skype.

NVIDIA Forum gets hacked, 390,000 username and password

Just the day after Yahoo Voice password leaks , NVIDIA Forum gets hacked, leaving the 390,000 username and password information in hackers hand, along with the email used to register and “About Me” page of the users profile.NVIDIA Forum Password Hack

Fortunately the password hashes were randomly salted by NVIDIA unlike the previous LinkedIn password hack incident. Still its advisable to change the password of ever other account that are liked with casino online the email which was used by the user to register in the NVIDIA Forum.

NVIDIA says “Three Nvidia sites were affected — Nvidia Forums, which has about 290,000 registered users; Nvidia Developers Zone, with about 100,000; and the Nvidia Research site with about 1,200.”

 

453,000 Yahoo Voice , Username and Password Leaked

It seems that the leaking of password of popular websites is be coming common day by day. After LinkdeIn, eHarmony , LastFM….now its Yahoo Voice. 453,00 user names and passwords were leaked and uploaded to publicly accessible site it plain text, by a hacking group  D33Ds Company .Reports from TrustedSec is that the information was optiaoned by SQL injection.

Yahoo Voice

D33Ds Company, says that its more of a wake up call then a threat.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.

“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Yahoo’s comment on the security breach,

“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday,July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”

 


Interestingly this leak of password shows us a pattern of password usage by people.Here are the statistics

Total entries = 442773
Total unique entries = 342478

Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Top 10 base words
password = 1373 (0.31%)
welcome = 534 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
writer = 367 (0.08%)

Password length (length ordered)
1 = 117 (0.03%)
2 = 70 (0.02%)
3 = 302 (0.07%)
4 = 2748 (0.62%)
5 = 5323 (1.2%)
6 = 79610 (17.98%)
7 = 65598 (14.82%)
8 = 119125 (26.9%)
9 = 65955 (14.9%)
10 = 54756 (12.37%)
11 = 21219 (4.79%)
12 = 21728 (4.91%)
13 = 2657 (0.6%)
14 = 1493 (0.34%)
15 = 837 (0.19%)
16 = 570 (0.13%)
17 = 263 (0.06%)
18 = 126 (0.03%)
19 = 89 (0.02%)
20 = 178 (0.04%)
21 = 11 (0.0%)
22 = 8 (0.0%)
23 = 3 (0.0%)
24 = 3 (0.0%)
27 = 2 (0.0%)
28 = 5 (0.0%)
29 = 3 (0.0%)
30 = 2 (0.0%)

Password length (count ordered)
8 = 119125 (26.9%)
6 = 79610 (17.98%)
9 = 65955 (14.9%)
7 = 65598 (14.82%)
10 = 54756 (12.37%)
12 = 21728 (4.91%)
11 = 21219 (4.79%)
5 = 5323 (1.2%)
4 = 2748 (0.62%)
13 = 2657 (0.6%)
14 = 1493 (0.34%)
15 = 837 (0.19%)
16 = 570 (0.13%)
3 = 302 (0.07%)
17 = 263 (0.06%)
20 = 178 (0.04%)
18 = 126 (0.03%)
1 = 117 (0.03%)
19 = 89 (0.02%)
2 = 70 (0.02%)
21 = 11 (0.0%)
22 = 8 (0.0%)
28 = 5 (0.0%)
29 = 3 (0.0%)
24 = 3 (0.0%)
23 = 3 (0.0%)
27 = 2 (0.0%)
30 = 2 (0.0%)

|
|
|
|
|
| |
| |
||||
|||||
|||||
|||||
|||||
|||||
|||||||
|||||||
|||||||||||||||||||||||||||||||
0000000000111111111122222222223
0123456789012345678901234567890

One to six characters = 88164 (19.91%)
One to eight characters = 272885 (61.63%)
More than eight characters = 169888 (38.37%)

Only lowercase alpha = 146486 (33.08%)
Only uppercase alpha = 1778 (0.4%)
Only alpha = 148264 (33.49%)
Only numeric = 26077 (5.89%)

First capital last symbol = 1259 (0.28%)
First capital last number = 17464 (3.94%)

Months
january = 106 (0.02%)
february = 30 (0.01%)
march = 192 (0.04%)
april = 284 (0.06%)
may = 725 (0.16%)
june = 386 (0.09%)
july = 245 (0.06%)
august = 238 (0.05%)
september = 68 (0.02%)
october = 182 (0.04%)
november = 154 (0.03%)
december = 130 (0.03%)

Days
monday = 48 (0.01%)
tuesday = 15 (0.0%)
wednesday = 9 (0.0%)
thursday = 18 (0.0%)
friday = 47 (0.01%)
saturday = 6 (0.0%)
sunday = 30 (0.01%)

Months (Abreviated)
jan = 1007 (0.23%)
feb = 172 (0.04%)
mar = 4718 (1.07%)
apr = 472 (0.11%)
may = 725 (0.16%)
jun = 797 (0.18%)
jul = 656 (0.15%)
aug = 504 (0.11%)
sept = 184 (0.04%)
oct = 425 (0.1%)
nov = 519 (0.12%)
dec = 404 (0.09%)

Days (Abreviated)
mon = 4428 (1.0%)
tues = 16 (0.0%)
wed = 212 (0.05%)
thurs = 29 (0.01%)
fri = 479 (0.11%)
sat = 365 (0.08%)
sun = 1237 (0.28%)

Includes years
1975 = 255 (0.06%)
1976 = 266 (0.06%)
1977 = 278 (0.06%)
1978 = 332 (0.07%)
1979 = 339 (0.08%)
1980 = 353 (0.08%)
1981 = 331 (0.07%)
1982 = 359 (0.08%)
1983 = 338 (0.08%)
1984 = 392 (0.09%)
1985 = 367 (0.08%)
1986 = 361 (0.08%)
1987 = 413 (0.09%)
1988 = 360 (0.08%)
1989 = 401 (0.09%)
1990 = 304 (0.07%)
1991 = 276 (0.06%)
1992 = 251 (0.06%)
1993 = 218 (0.05%)
1994 = 202 (0.05%)
1995 = 147 (0.03%)
1996 = 171 (0.04%)
1997 = 140 (0.03%)
1998 = 155 (0.04%)
1999 = 189 (0.04%)
2000 = 617 (0.14%)
2001 = 404 (0.09%)
2002 = 404 (0.09%)
2003 = 345 (0.08%)
2004 = 424 (0.1%)
2005 = 496 (0.11%)
2006 = 572 (0.13%)
2007 = 765 (0.17%)
2008 = 1145 (0.26%)
2009 = 1052 (0.24%)
2010 = 338 (0.08%)
2011 = 92 (0.02%)
2012 = 130 (0.03%)
2013 = 50 (0.01%)
2014 = 28 (0.01%)
2015 = 24 (0.01%)
2016 = 25 (0.01%)
2017 = 26 (0.01%)
2018 = 33 (0.01%)
2019 = 84 (0.02%)
2020 = 163 (0.04%)

Years (Top 10)
2008 = 1145 (0.26%)
2009 = 1052 (0.24%)
2007 = 765 (0.17%)
2000 = 617 (0.14%)
2006 = 572 (0.13%)
2005 = 496 (0.11%)
2004 = 424 (0.1%)
1987 = 413 (0.09%)
2001 = 404 (0.09%)
2002 = 404 (0.09%)

Single digit on the end = 47383 (10.7%)
Two digits on the end = 73635 (16.63%)
Three digits on the end = 31089 (7.02%)

Last number
0 = 17549 (3.96%)
1 = 46689 (10.54%)
2 = 24621 (5.56%)
3 = 29230 (6.6%)
4 = 17689 (4.0%)
5 = 17401 (3.93%)
6 = 17882 (4.04%)
7 = 20402 (4.61%)
8 = 17845 (4.03%)
9 = 19916 (4.5%)

|
|
|
|
|
| |
| |
|||
|||
||||| ||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
1 = 46689 (10.54%)
3 = 29230 (6.6%)
2 = 24621 (5.56%)
7 = 20402 (4.61%)
9 = 19916 (4.5%)
6 = 17882 (4.04%)
8 = 17845 (4.03%)
4 = 17689 (4.0%)
0 = 17549 (3.96%)
5 = 17401 (3.93%)

Last 2 digits (Top 10)
23 = 12364 (2.79%)
12 = 6414 (1.45%)
11 = 5475 (1.24%)
01 = 5097 (1.15%)
00 = 4098 (0.93%)
21 = 3669 (0.83%)
08 = 3627 (0.82%)
07 = 3598 (0.81%)
22 = 3587 (0.81%)
13 = 3547 (0.8%)

Last 3 digits (Top 10)
123 = 9446 (2.13%)
456 = 2442 (0.55%)
234 = 2160 (0.49%)
007 = 1477 (0.33%)
000 = 1268 (0.29%)
008 = 1150 (0.26%)
009 = 1086 (0.25%)
111 = 1056 (0.24%)
777 = 980 (0.22%)
101 = 895 (0.2%)

Last 4 digits (Top 10)
3456 = 2150 (0.49%)
1234 = 1968 (0.44%)
2008 = 1033 (0.23%)
2009 = 927 (0.21%)
2345 = 750 (0.17%)
2007 = 674 (0.15%)
2000 = 535 (0.12%)
2006 = 502 (0.11%)
1111 = 436 (0.1%)
2005 = 436 (0.1%)

Last 5 digits (Top 10)
23456 = 2120 (0.48%)
12345 = 724 (0.16%)
56789 = 316 (0.07%)
45678 = 305 (0.07%)
11111 = 269 (0.06%)
34567 = 231 (0.05%)
54321 = 197 (0.04%)
00000 = 162 (0.04%)
99999 = 150 (0.03%)
23123 = 132 (0.03%)

Character sets
loweralphanum: 224071 (50.61%)
loweralpha: 146486 (33.08%)
numeric: 26077 (5.89%)
mixedalphanum: 23234 (5.25%)
loweralphaspecialnum: 6067 (1.37%)
mixedalpha: 5121 (1.16%)
upperalphanum: 3416 (0.77%)
mixedalphaspecialnum: 3340 (0.75%)
loweralphaspecial: 2079 (0.47%)
upperalpha: 1778 (0.4%)
mixedalphaspecial: 486 (0.11%)
upperalphaspecialnum: 222 (0.05%)
specialnum: 188 (0.04%)
upperalphaspecial: 46 (0.01%)
special: 16 (0.0%)

Character set ordering
stringdigit: 185299 (41.85%)
allstring: 153385 (34.64%)
alldigit: 26077 (5.89%)
othermask: 25115 (5.67%)
digitstring: 24960 (5.64%)
stringdigitstring: 18676 (4.22%)
digitstringdigit: 4648 (1.05%)
stringspecialdigit: 2359 (0.53%)
stringspecial: 1111 (0.25%)
stringspecialstring: 833 (0.19%)
specialstringspecial: 168 (0.04%)
specialstring: 126 (0.03%)
allspecial: 16 (0.0%)

Hashcat masks (Top 10)
?l?l?l?l?l?l: 40683 (9.19%)
?l?l?l?l?l?l?l?l: 32437 (7.33%)
?l?l?l?l?l?l?l: 29121 (6.58%)
?l?l?l?l?l?l?d?d: 20314 (4.59%)
?l?l?l?l?l?l?l?l?l: 16182 (3.65%)
?l?l?l?l?l?l?l?l?d?d: 12632 (2.85%)
?d?d?d?d?d?d: 12581 (2.84%)
?l?l?l?l?l?l?l?d: 10620 (2.4%)
?l?l?l?l?l?l?l?l?l?l: 10308 (2.33%)
?l?l?l?l?l?l?l?d?d: 10281 (2.32%)

 

For safety I would suggest that you change your Yahoo password, even though you dont use Yahoo Voice.