Google+ AllLeakedNews: helmikuuta 2014

perjantai 14. helmikuuta 2014

Hackers exploiting Router vulnerabilities to hack Bank accounts through DNS Hijacking

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys, TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide.

Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users.
Cyber criminals are using known router vulnerability which allow attackers to change the router's DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack.

'After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all.' CERT Polska researchers said.

That DNS Hijacking trick is not new, neither most of the router vulnerabilities are, but still millions of routers are not patched or upgraded to the latest firmware version.

The Domain Name System, or DNS, the Internet’s method of converting Web page names into IP address numbers can be hijacked just by changing the server address to a malicious DNS server from router's settings; and that which malicious DNS server should be in control of the hacker to facilitate interception, inspection and modification of the traffic between users and the online banking websites they wanted to target.

"It looks like criminals are primarily targeting e-banking users as they modify DNS responses for several banking domains, while resolving other domain names normally." they said.

Most of the Banking and E-commerce sites are using HTTPS with SSL encryption, making it impossible to impersonate them without a valid digital certificate issued by a Certificate Authority (CA), but to bypass such limitation cyber criminals are also using the SSL strip technique to spoof digital certificates. 

While criminals intercept the unencrypted request, they simply modify links to clear HTTP, adding “ssl-“ String to a hostname, apparently in an attempt to fool casual users (Note that the nonexistent ssl-. hostnames would only be resolved by malicious DNS servers) While the connection is proxied through malicious servers, SSL is terminated before it reaches the user. Decrypted content is then modified and sent unencrypted to the customer.
"In cases we have seen, they produced a self-signed certificate for domain, which causes a browser to complain about both domain name mismatch and lack of a trusted CA in the certificate chain. This should be a clear indicator of the fraud for most users."

Demonstration of Exploitation:
Penetration tester and Computer Science Student, ABDELLI Nassereddine from Algerian, who reported previously about critical unauthorized access and password disclosure vulnerability in the TP-LINK Routers provided by Algerie Telecom, has also published the practical demonstration on 'How to Hack Victim's computer and accounts by hijacking Router's DNS server'.
To perform this, he used DNS Proxy tool 'Dnschef' and exploitation tools including Metasploit, webmitm and Burp Suite. Steps to follow:
  • Install these tools and run following command:
./ –interface –fakeip 
(where interface is the original IP address and fakeip is the resolution of the DNS query)
  • Run 'webmitm tool' that will handle the HTTP requests and responses and also forward the traffic to Burp Suite Proxy to inject an iframe of the Metasploit's Browser AUTOPWN Server.
  • Launch the Bowser AUTOPWN module on Metasploit and get access.
Our readers can get detailed explanations of exploitation technique on the Nassereddine's blog.
How to Protect?
Now that you know how hackers can target routers to mess up the internet connection or even steal banking, Facebook, Google passwords, the next best thing to do is to secure your own routers:
  • Change the default username and password.
  • Update the Router's firmware to latest patched version.
  • Users can spot fake sites by pay attention to the browser’s address bar and HTTPS indicators.
  • Disable Remote Administration feature, especially from WAN. The router should be configurable only from the local network or LAN. 

Source: THN

Unseen 4096-Bit Encrypted Email, Chat and File Sharing Service to counter NSA Spying

With the beginning of a new week, we always came across a new revelation of surveillance programs run by the U.S. Government. A Recent NYT Report disclosed that how whistleblower Edward Snowden downloaded 1.7 million classified files which are revealing a number of secret spying projects that are being executed by NSA. The only lesson we have learned, is about taking our PRIVACY very seriously. 

To Communicate using electronic media, we need to explore something which can make the conversation more secure and private. The only point where my search ends is to 'Encrypt the message' to be sent with a robust encryption technique which might provide at least a handy balance of security and convenience.

Recently, it was reported that most widely adopted encryption technique RSA had a backdoor for the NSA. So ‘Privacy’ becomes a question to all of us and what technology we should trust upon.

We have various sets of options to choose encryption e.g. Advanced Encryption Standard (AES) or the Elliptic Curve Cryptography (ECC), but the question still persists after an un-proved leak that NSA has developed a quantum computer which can collide with any secure key being used by an algorithm in a cost effective manner. So at this point, these types of encryption might get fails.
The accuracy of the data has been yet a question but if it's true; one can easily confirm that NSA and GCHQ won’t get any detail from UNSEEN by enforcing any law.

User can also use PGP (Pretty Good Privacy) to encrypt emails. You are much better protected than if you communicate in the clear. Now that we have enough details about how the NSA eavesdrops on the internet, and can finally start to figure out how to protect ourselves.
Source: THN

Largest Ever 400Gbps DDoS attack hits Europe uses NTP Amplification

The Distributed Denial of Service (DDoS) attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack.

Since 2013, Hackers have adopted new tactics to boost Distributed Denial of Service attack sizes, which is known as ‘Amplification Attack’, that provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack.

Just yesterday, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare, reaching more than 400Gbps at its peak of traffic, striking at the company’s data servers in Europe.
Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating,” CloudFlare CEO Matthew Price said in a tweet. “Someone’s got a big, new cannon. Start of ugly things to come,”
This massive DDoS attack was greater than ever in history of the Internet, and larger than previous DDoS record-holder Spamhaus DDoS attack i.e. 300Gbps, that almost broke the Internet.

Attackers leveraged weaknesses in the Network Time Protocol (NTP), which is used to synchronize computer clocks, but hackers are abusing the NTP servers by sending small spoofed 8-byte UDP packets to the vulnerable server that requests a large amount of data (megabytes worth of traffic) to be sent to the DDoS's target IP Address.

The frequency of NTP reflection attacks has grown in recent months. While researchers have long-predicted that NTP might someday become a great vector for DDoS attacks and ideal DDoS tool, and the trend has recently become popular, causing an issue for some gaming websites and service provider.

Recently, The US-CERT issued an alert warning, listed certain UDP protocols identified as potential attack vectors for Amplification Attack, including DNS, NTP, SNMPv2, NetBIOS, SSDP ,CharGEN, QOTD, BitTorrent, Kad, Quake Network and Protocol Steam Protocol.

As all versions of ntpd prior to 4.2.7 are vulnerable by default, the simplest recommended course of action is to upgrade all versions of ntpd that are publicly accessible to at least 4.2.7. Until all the misconfigured NTP servers are cleaned up, attacks of this nature will continue.
Update: The CloudFlare team has released more technical details on the above 400Gbps NTP amplification DDoS Attack. Hackers abused 4295 vulnerable NTP server, running on 1,298 different networks.
The Spoofed UDP packet was amplified 206-times larger than the request by exploiting MONLIST command  vulnerability on open ntpd servers. "An attacker with a 1Gbps connection can theoretically generate more than 200Gbps of DDoS traffic."
Source: THN

Hackers targeting non-browser applications with Fake SSL Certificates

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites.

But today hackers and cyber criminals are using every tantrum to steal your credentials by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and even bank website.

Netcraft Security Researchers have discovered dozens of fake SSL Certificates being used to enact financial institutions, e-commerce site vendors, Internet Service Providers and social networking sites, which allegedly allows an attacker to carry out man-in-the-middle attacks.

When you will visit a bogus website from any popular web browser; having self signed fake SSL Certificate, you will see a foreboding warning in the web browser, but the traffic originates from apps and other non-browser software fail to adequately check the validity of SSL certificates.

The SSL Certificates are not digitally signed by a trusted certificate authority, so if you are accessing a sensitive website from your Smartphone apps or any other non-browser software, then you may be at a great risk.
"Online banking apps for mobile devices are tempting targets for man-in-the-middle attacks, as SSL certificate validation is far from trivial, and mobile applications often fall short of the standard of validation performed by web browsers. 40% of iOS-based banking apps tested by IO Active are vulnerable to such attacks because they fail to validate the authenticity of SSL certificates presented by the server. 41% of selected Android apps were found to be vulnerable in manual tests by the Leibniz University of Hannover and Philipps University of Marburg in Germany. Both apps and browsers may also be vulnerable if a user can be tricked into installing rogue root certificates through social engineering or malware attacks, although this kind of attack is far from trivial on an iPhone." Netcraft researchers said.

Source: THN

Magento vulnerability allows an attacker to create administrative user

It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites.

The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them.

Recently security researchers at Securatary have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any 'Gostorego' online store.

The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request.

They dubbed it as "Stealth mode", allow the attacker to steal store credits and gift coupons, change the price of products and also can manipulate a number of other things in more than 20,000 web stores. "All these requests however “impersonate” the store owner account so action are logged as this user and does not look so suspicious." they said.
To demonstrate the vulnerability security researcher has used Burp Suite, which easily allows an attacker to capture the login request, change the host entry in the header, and all other facilities for adding a new user in targeted store.
The Security Company has reported the vulnerability to eBay, who own the Magento project and hence patched.
Source: THN

Edward Snowden obtained classified NSA documents by stealing Coworker’s Password

We are quite aware of the leaks that the Whistleblower Edward Snowden carried out against the US National Security Agency (NSA) and after reading every related update, watching every document that he provided to various news websites, you all are left with a question in mind that, How he could carry out this whole operation without any helping hand?

Yes, you are right! The former NSA contractor Edward Snowden allegedly managed to access thousands of the classified documents by stealing one of his coworker's passwords, according to an unclassified NSA memorandum obtained by the NBC News.

Three Members, one NSA's civilian employee, an active duty member of the U.S. Military and a contractor were found involved in the actions that may have aided Snowden's operation; from which NSA's civilian employee has been stripped of his security clearance and has resigned.

Other two has been obstructed from accessing National Security Agency (NSA) facilities, the memo states indicating that their status is under review currently.

The coworker said that he allowed Snowden to use his Public Key Infrastructure (PKI) certificate to access the classified information on ‘NSANet’ that was officially denied to access by Snowden.

The memo’s account doesn’t provide much detail, according to NBC, but going through the whole memo, Snowden’s somehow got one of his civilian NSA employees and coworkers to enter his password “onto Snowden’s computer terminal,” the memo states. “Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information”

The memo also states that the civilian coworker was not aware of Mr. Snowden’s intentions that he “intended to unlawfully disclose classified information,” and shared his PKI certificate, a system of highly secure credentials that provided greater access to NSA’s internal computer system, and “failed to comply with security obligations,” that made him resign.

This was not the first time we heard about the involvement of the coworker of NSA in the matter of so called nation’s pride. Bake in the month of November, the memo appears to be the first official confirmation of a Reuters report in November; Reuters reported that some of the employees, as many as 20 to 25 workers who shared their passwords had been identified, questioned, and removed from their assignments, but the NSA never publicly commented on that report and Snowden appeared to deny it during a public Google chat just last month.

Now this is what NSA must quite aware of the discipline maintained by the workers who work at NSA to carry out the most sophisticated project to spy on each individual, while their inbuilt threat may blow their head off.
Source: THN

Underground Marketplace 'Utopia' Seized by Dutch Police, 5 suspects arrested

After Silk Road, another underground online marketplace 'Utopia' has been seized by Dutch National Policewhere users could buy illegal drugs and guns for home delivery.

The police started their investigation under Codename 'Operation Commodore' in 2013,  and finally seized Utopia's Germany-based servers and arrested total 5 suspects for running this marketplace. One arrested in Germany and other four suspects, aged 29 to 46, were detained in The Netherlands. Two of them had also been involved in another similar underground website 'Black Market Reloaded', which was closed in December 2013.

Utopia reportedly launched only last week (http://ggvow6fj3sehlm45.onion/), intended to become a direct competitor of the Silk Road, was a 'dark web' website, which is accessible only by using Tor anonymity software.

The website is now displaying a message: "This hidden service has been seized by the Dutch National police."
Many illegal Drugs, including ecstasy and cocaine as well as guns and stolen credit cards were available through the Utopia marketplace, and also were offering hacking tools and gambling services.
Dutch Police have seized 900 Bitcoin, currently worth between $540,000-$815,000 and 21-year-old Germany man could be extradited The Netherlands soon.

Dutch police declined to reveal details of how Utopia was closed, instead promising to release more information later this week.
On the other hand, the moderators of the site are calling the seizure of Utopia "a serious blow to the darkweb maketplace community" and trying to regroup with other members to launch a new website.

Source: THN

Forbes Hacked by Syrian Electronic Army; Website and Twitter accounts Compromised

Forbes is the latest victim in a long line of high-profile attacks by the Syrian Electronic Army (SEA), sending a reminder to the international community that cyber warfare is alive and well.

The pro-Assad group also took responsibility for hacking multiple Forbes websites and hijacked three Twitter accounts related to the website.

According to the screenshots published by the team, it appears the hackers gained the access to the Wordpress administration panel of Forbes website and edited several articles posted earlier on Forbes by authors Travis Bradberry, Matthew Herper, Andy Greenberg, John Dobosz, Steve Forbes and titled then as "Hacked by Syrian Electronic Army".
Hackers tweeted, "Syrian Electronic Army was here" from the compromised Twitter accounts, including accounts of Social media editor Alex Knapp @TheAlexKnapp and Personal finance report Samantha Sharf @Samsharf, and @ForbesTech account.
The Syrian Electronic Army attacked Forbes because, "Many articles against the SEA were posted on Forbes, also their hate for Syria is very clear and flagrant in their articles.".
The Syrian Electronic Army group is notorious for hacking Western media. They have targeted media sites, including the New York Times, the Washington Post, the Financial Times, the AP, The Guardian, and Twitter over the past year.
Source: THN

tiistai 11. helmikuuta 2014

Sony sells their waterproof "Walkman" mp3 players inside a water bottle

  Sony sells their waterproof mp3 players inside a water bottle
                                                      Video: Sony 'The Bottled Walkman' by DraftFCB via StopPress  
Sony sells their waterproof "Walkman" mp3 players inside a water bottle. You can buy these mp3 players like everywhere, because sony sells these trough internet and vending machines. That's just great, I like this idea of advertising. Very clever and for me it sounds/looks great (At least in that video). Currently only vending machines in New Zealand are providing Sony's products. I am sure that you can find "Walkman" mp3 players still online and even from your local electronic store.

Likes Or Lies? How perfectly honest businesses can be overrun by Facebook spammers

Many of us are trusting. We like to believe the best in people – in their honesty, integrity, and good intentions. For society to function, this is an inherently necessity of the majority.
But after writing an article describing the loss of organic Facebook reach, I was tuned in to an even more shocking situation that completely explains the massive growth in likes some readers reported on their Pages.
One of the reasons I love writing, and often still love reading comments, is that through my articles, I learn more about the world from others with experiences that run parallel to mine.
After my plunging Facebook organic reach piece ran, a reader who wishes to remain anonymous (for reasons that will hopefully become clear as I continue) pointed me to a baffling Facebook situation that, over the past couple of years, has spiraled out of control.
Let’s start at the beginning.

Monitoring your likes and interests

In September of 2013, my anonymous source (who we will call “Bob” for the sake of simplicity), seemed to have his popular Facebook Page, along with friends whose pages share the same general interest, added to the international Page Suggestions list.
What are Page Suggestions? In 2013, Facebook started to push its “Suggested Posts” or “Suggested Pages” ads and links to news feeds with the attempt to allow users to follow other brands that followed their similar interests.
Let’s say you, a Facebook user, is a noted fan of cakes and baking. Page Suggestions look at those interests, and you and anyone who has “cakes” or “baking” in their likes or is following a group along those topics is going to see pages that match the topic. For Bob, his Page was almost guaranteed to show up in his particular interest set.
On the surface, this is a cool concept, but like a lot of cool Internet ideas, it was exploited.

An unprecedented growth

Almost immediately following their addition to these “International Page Suggestions” lists, Bob and his friends noticed their pages taking off at a ridiculous rate.
“[At first it was] 500 or 1,000 likes per day, then eventually up to 15,000 likes per day,” Bob said. “The growth was awesome at first and it seemed like we were connecting with a whole new audience.”
On the surface, Page Suggestions was working exactly as they were intended. Thousands of people who could and should like a brand if they knew it existed were finally being exposed to it! This granted access to a massive new audience, and a chance to really grow a business beyond expectations.
But it wasn’t all roses and sunshine. “After a couple of months I started to see a noticeable downturn in audience quality,” Bob said. “Despite good engagement numbers.”
If you read my article on Facebook Engagement, I briefly touch on our promoted posts getting likes and comments that appeared to be out of left field. This is much the same situation that Bob noticed on his pages, but on a much larger and slightly different scale.

Too good to be true

Bob decided to do some digging. It didn’t make sense that his engagement levels had not changed despite thousands of additional fans.

I started looking at some of these profiles, [and] the folks who were commenting [were doing so in] total gibberish. 99 percent of these commenters (and about 70 percent of the overall population [of the] increase on my page) are from India, Thailand, Pakistan, and Egypt.
In fact doing some more analysis, I realized a huge component of the fan increase was coming from those places, comments or no. If you check out their profiles you’ll realize they usually use some fake component of a name, a photo that isn’t theirs, and they have a massive volume of page likes by comparison to any other account activity.
What Bob was experiencing here has been reported before, but it has been normally linked to purchasing post promotion. In an article on Search Engine Journal from 2012 (back when promoted posts were young), Jake Filan noticed “profiles hadn’t had updates in more than a month, and a handful actually had no profile info at all, but these same accounts were extremely active, on a daily basis in some cases, at Liking Facebook pages.
“A pervasive red flag was that these profiles did not seem to have any discernible connection or affinity for the Facebook pages being advertised.”
When you do a little research on something called “like farming,” you’ll see what’s going on.
“What I discovered is that an increasing number of underpaid, downtrodden denizens in these developing tech nations get micropayments to do it, usually a dollar per thousand likes,” Bob said.
But you’re now probably wondering… why? What is there to gain? Bob did not pay anything, so why are these thousands of random profiles liking his page?

Slipping under the spam radar

On the surface, it makes more sense to see this behavior when money is involved, but that isn’t the case here. To explain what is happening, let’s bounce back to the aforementioned Page Suggestions.
In an attempt to avoid Facebook’s bot/spam detection, these “like farmers” diversify likes into Pages they have not been paid to target, or who aren’t paying to reach more eyes. It’s a much more clever way to slip under the Facebook spam radar, as the behavior appears natural and organic.
The simplest way to do this diversification of Page likes is to use Facebook’s own “Page Suggestions” feature.
“While this is probably more frustrating for me than for people whose Pages aren’t in the good graces of Facebook’s page suggestions, the worst part is that people who actually pay for ads and promotions are still victimized by this same practice,” Bob lamented.
“It means anyone who clicks ‘Boost Post’ and pays for reach, unless they block those countries listed above or intentionally target them out, are getting 80 pecent ripped off.”

What was thought to really only be linked to Facebook ads is actually a much larger problem, filling legitimate and popular Pages with an increasing percentage of spam and bots.

Selling likes or lies?

The business of selling likes and selling contest entries is a seedy, dark one indeed. As reported by the Daily Dot, author Cody Permenter goes into detail on how these sweat-shop like businesses set up and run.
“For a fee, [businesses] would deliver votes for any online competition you can imagine, from Facebook contests (where you’re asked to like a page to enter) or generic sweepstakes that only require you to fill out a form,” Permenter wrote.
There are a range of businesses set up to do this, and their fees range in price per 1,000 likes or contest entries. One of those businesses clearly states the nature of what they do on their on Facebook page, but Facebook doesn’t seem like they have noticed nor care. This particular company, 99 Enterprises, is still up and running.
“It’s a pretty frustrating situation which I’m powerless to stop,” Bob continued. “I could turn off page suggestions to my page, but then I risk losing the legit fans I’ve gained through the page suggestions process – probably totaling about 150,000 people. Certainly nothing to smirk at.”
Bob believes that one day, Facebook will recognize the problem and purge the fake profiles. But by that time, Bob worries that the sudden spam fan decrease will actually end up damaging his page.
“The outward appearance to my real fans will be that I bought a s**tload of fake likes, which isn’t the case and will be severely damaging to the social media aspect of my business,” he said. “And those people who actually paid for the reach, without knowing, actually did buy fake likes!
“In the meantime all I can do is target out those countries in my posts, and try to increase authentic engagement via the comments section.”
Unfortunately, due to Facebook’s limitation on organic reach, this strategy is much hampered compared to just a few months ago. It’s an almost no-win situation.

How does one get added to an international suggested pages list?

It’s not entirely clear. What is for certain is that if you have “Page Suggestions” enabled on your Page’s profile, you are eligible for this treatment.
Facebook will likely look at pages that have good original content and high engagement for the treatment, but there does not appear to be a surefire way to be selected.
Of the group of four friends, including Bob, their pages grew from anywhere between 30,000 likes and, in one extreme case, over a million. But just looking at their page stats tells the story: countries known for this type of “like farming” business are right at the top.

In addition to all this, Bob noted he saw an enormous increase in what is known as “share for share” or “s4s” requests hitting his site.
These bots/spammers can make themselves more difficult to find by continuing to diversify their likes and friends. That appears to be the strategy here. Whatever the case, it’s a headache for page moderators, who will have to spend more time gleaning the spam off their pages.

The marketplace is full of lies, deception and spam, and Facebook could easily find them. Just look at this Facebook Group dedicated to buying, selling and exchanging likes for pages. It’s not even hidden or discreet.
Facebook will need to do something about this by increasing the strictness behind their process for finding bots and spammers. It appears at this point that if a bot/spam page likes a good enough variety of pages and comments occasionally (even if the comments are complete gibberish), it’s enough to slip by unnoticed.
Facebook early on admitted to over 83 million profiles on their site to being likely fake, and those are only the profiles they know about.

Top image credit: Shutterstock/iurii

Article Credit: TheNextWeb
Article link 

Jaron Schneider Facebook Pages’ Updated Organic-Reach-Crushing Algorithm, And What it Means for You

As many of you who have your own photography pages probably already noticed, Facebook drastically changed their Pages organic reach algorithm on December 3, 2013. We have been living with the changes for a month, analyzing the effects on our brand and how it affects you, and the news isn’t good. With dramatic decreases in reach and engagement, our Facebook community is not nearly what it was. So what can you do about your own Pages?
Let’s first take a look at what the changes have done across the board, not just on Fstoppers. In a recent study by Ignite which included 21 brand pages of different sizes and across industries, they found a decline of “44% on average, with some pages seeing declines as high as 88%. Only one page in the analysis had improved reach, which came in at 5.6%.” That’s abysmal.
As we all know, Facebook wants us, and has wanted us, to pay to access the fans that some of us out there, including Fstoppers, have spent years fostering and growing (at Facebook’s continued insistence that fostering growth was pivotal). Though we weren’t happy about having to pay, we did understand it. We were ok with reaching most of our readers and paying to reach them all. That seemed fair.
Back before December 3, on average we organically reached about 42% of the Fstoppers followers. That’s pretty darn good. The ones that did not reach that many were perhaps less interesting articles, and then there were the hugely popular pieces that virally shared over hundreds of thousands of people, unpaid. That was also awesome, especially considering that there has been research that shows that organic content leads to better buying actions than paid reach. That also makes sense. None of us really LOVE being advertised to.
Let’s look at that Ignite study again, and see how bad the reach decline is for other brands:
Huge, huge declines. This is what Fstoppers has seen in the past month:
• 73% average drop in reach since December 3 (with the greatest drop at an astonishing 95%)
• 86% drop in engagement (likes, comments, shares)
• 7.4% average reach to followers, down from 42%

What’s most upsetting about the data from our Fstoppers account is who we are no longer reaching: our most engaged readers. According to a study by Forrester and Google-owned Wildfire, engaged users are a brand’s best customers (kind of a no-brainer if you think about it). They are the most likely to click and purchase. But our data has shown those engaged users no longer see our pages, and instead it appears those who now engage with our brand (the scant few) were not part of that “most engaged” group.
So not only is everything down, and down a considerable amount, but the people we would prefer to reach have almost no chance of seeing what we post.
So we should pay, right, in order to reach those people? Not necessarily. We have been shocked with the kind of interaction our posts have when we pour money into them. A vast number of the likes and comments come from completely left field.

Click through rate takes a dive, and we have lost thousands in what appears to be a Facebook black hole. Not to mention, the cost of paying to play is… well, it’s a lot.

To add salt to the wound, the amount of page moderation now required has dramatically increased. We have seen a large influx of spam on our page wall and in our page posts, increasing the time we need to spend on cleaning and maintaining our Facebook presence, yet receiving nearly no yields for the labor.
So what does this all mean? It means we are forced to diversify. Our Twitter is pretty awesome, and you can chat there directly with both me and Patrick. But also, we will be pouring a more concerted effort into our Google Plus. If you want to get updates from us, and we know many of you do because thousands of you treated your Facebook like a true news feed from us for breaking news and education, I suggest liking us both on Facebook and Google Plus, and trying to check Google Plus more frequently. G+ will only get better if we all contribute, and given that Facebook seems to get worse and worse for business as the months wear on, we’re basically given no choice but to jump ship, or at least share between the sites equally.
So back to my original question on what you can personally do? Help grow Twitter and G+, at least until Facebook realizes how they’re squeezing us here isn’t best for their bottom line. But if they don’t change, it’s really not worth the effort anymore.
As we put more effort into our other social channels, we will track those results and let you know how things look over the next couple months. Hopefully we can work together to find a solution that benefits everyone.

Source: FS (Fstoppers)

Snapchat user accounts vulnerable to Brute-Force Attack

Snapchat user accounts vulnerable to Brute-Force Attack

Snapchat, a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach.

Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws.

Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan, a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password.

"This vulnerability allows anyone who knows your SnapChat email to brute force your account’s password without any protection from snapchat side, there is no lockout. Limited tries or even Captcha." he said in a blog post.

Video Demonstration:

Source: THN

sunnuntai 9. helmikuuta 2014

iOS vulnerability allows to disable 'Find My iPhone' without password

iOS vulnerability allows to disable 'Find My iPhone' without password

Smartphone manufacturers are adding ways for owners to track and manage their phones if they ever get lost or stolen. Find My iPhone is a service that comes with every iOS device that allows you to track your iPhone, whether it was lost or stolen.

Normally, the iPhone requires a password if you want to deactivate “Find My iPhone”, but it isn’t entirely perfect and thieves are now smart enough to disable 'Find My iPhone' on devices running iOS 7.0.4 and lower version, without having to enter a password.

The exploit was discovered and demonstrated security researcher 'Bradley Williams' and performing a successful bypass means you won’t be able to locate, make sound and wipe out.

The vulnerability could put the devices at risk, and the exploitation method involves a few simple steps that involve making changes in the iCloud settings, even if they don’t know the password.

Steps to hack 'Find My iPhone':
  1. Navigate to iCloud in the settings.
  2. Select your account.
  3. Change the password to an incorrect one, then taps Done.
  4. When display 'wrong password' warning, Tap OK and then tap Cancel.
  5. Reselect your account.
  6. Empty the description field and then press Done.
You will notice Find My iPhone is now toggled off.

torstai 6. helmikuuta 2014

Google Chrome added pop-up warning to prevent users from Browser hijacking

GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe.

Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in 'Pwnium' hacking competition for finding critical vulnerability.

Google Chrome, Browser from Google product family, has been added with a new feature that it will warn the user whenever browser’s setting get altered by any malware.

Browser hijacking is the modification of browser's settings, and the term "hijacking" is used when the changes performed without the user's permission. A browser hijacker may replace the existing home page, error page, or search page with its own. These are generally used to force hits to a particular website, increasing its advertising revenue i.e. Click jacking and Adware.

A hijacker uses malicious software to change your internet security and registry settings to gain control over what and how your browser displays web content.
"So, you're trying to download a free screensaver or a game or something else you really want. But later you find out that the game came bundled with a malicious program that's trying to hijack your browser settings. You're not the only one having this problem, in fact, it's an issue that's continuing to grow at an alarming rate," Google said on its official blog.

Browser Hijacking is one of the top issues reported on browser forum. But from now, Windows chrome users will be prompted to reset the browser setting to factory default if the browser senses any sort of hijacking.
Users are free to opt whether to choose Reset and skip the option prompted based on their settings. The feature of the resetting chrome browser is not new, you can manually reset all the settings, plugins, and extensions to the default factory setting just by:
chrome://settings > Show Advanced Settings > 'Reset browser Setting'

Source: THN

Gameover Malware, variant of ZeuS Trojan uses Encryption to Bypass Detection

The year begins with the number of new variants of malware that were discovered by various security researchers. The new variants are more complex, sophisticated and mostly undetectable.

Two years back in 2012, the FBI warned us about the ‘GameOver’ banking Trojan, a variant of Zeus financial malware that spreads via phishing emails. GameOver makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.

But that wasn't the end; a new variant of the same family of banking Trojan has been discovered by researchers that are being delivered by cyber criminals to users’ machines, making it easier for the banking malware to evade detection and steal victim’s banking credentials.

Malcovery's Gary Warner explains the behavior of the new variant of GameOver Zeus malware that uses Encryption to bypass perimeter security, in a blog post.

Gary Warner warned that, to get this job done the malware has been working along with other malware called 'UPATRE' via Social Engineering techniques.

New version of GameOver malware has encrypted its ‘.EXE’ file to a non-executable format i.e. ‘.ENC’ file, so that the malware which spreads via spam e-mails and malicious attachments can avoid being spotted by firewalls, IDS, Web filters and other security defenses.

To Spread it at large scale, spam campaign using ‘Cutwail’ botnet, which is designed to look like an official correspondence from banks or some government agencies that trick user to open the attached .zip file.

Gary Warner explains that, “These .zip files contain a small .exe file whose primary job is to go out to the Internet and download larger, more sophisticated malware that would never pass through spam filters without causing alarm, but because of the way our perimeter security works, are often allowed to be downloaded by a logged in user from their workstation.

Boldizsár Bencsáth, from the CrySys Lab in Hungary, has explained the encryption method in his blog post on Sunday, "The droppers sent out through emails are pretty small, around 10-18 KB. These droppers have an obfuscation layer, so hard to directly analyze them."

In the new model, the .zip file attached to the email has a new version of UPATRE malware that first downloads the .ENC file from the Internet, then Decrypt it and relocate it with a new file name, then causing it both to execute and to be scheduled to execute in the future, Warner writes.
Keep your anti virus up to date.
Source: THN

Adobe issues Emergency Flash Player update to patch critical zero-day threat

Adobe is recommending that users update their Flash Players immediately. The company has published an emergency security bulletin today, that addresses vulnerabilities the Flash Player and released a patch to fix a vulnerability which is currently being exploited in a sophisticated cyber espionage campaign.

"Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin."

The vulnerability (CVE-2014-0497), allows an attacker to remotely take control of the targeted system hosting Flash. "These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system" advisory said.

The security hole affects the version and earlier for both Windows and Mac OSs and Adobe Flash Player and earlier versions for Linux.

The vulnerability was discovered by two researchers at Kaspersky Lab, Alexander Polyakov and Anton Ivanov.

The story started some month ago, when the Kaspersky Team discovered a new sophisticated cyber espionage operation which has been going on at least since 2007. The operation dubbed “The Mask” hit systems in 27 countries leveraging high-end exploits, the attackers adopted an extremely sophisticated malware which includes a bootkit and rootkit

The malicious code used is able to infect also Mac and Linux versions and included a customized attack against Kaspersky products.
This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment. Most interesting, the authors appear to be native in yet another language which has been observed very rarely in APT attacks. We will present more details about the “Mask” APT next week at the Kaspersky Security Analyst Summit 2014 (on Twitter, #TheSAS2014). ” Reports a post on SecureList blog.
Kaspersky Lab provides technical analysis of the exploits and payload. They discovered a total of 11 exploits, using same vulnerability and all are unpacked SWF files in  the following versions of Adobe Flash Player:
11.3.372.94 11.3.375.10 11.3.376.12 11.3.377.15 11.3.378.5 11.3.379.14 11.6.602.167 11.6.602.180 11.7.700.169 11.7.700.202 11.7.700.224
These exploits only work with Windows XP, Vista, 2003 R2, 2003, Windows 7, Windows 7x64, Windows 2008 R2, Windows 2008, 8, Windows 8x6, Mac OS 10.6.8.
Researchers discovered that these exploits had been detected on three different user machines, one of which worked under Mac OS 10.6.8 and the other two under Windows 7. They found that .docx document with the 0-day exploit was distributed via a targeted email mailing.
First one is a primitive shellcode that reads an executable named a.exe from an SWF file and drops it to the hard drive. Only one of the 11 exploits in our possession included a payload.
The second type downloads and executes a file from a URL passed in the SWF file’s parameters. The third shellcode type, which is only present in some of the files, is the most interesting.
Adobe was informed of the availability of an exploit in the wild used to hit systems running the Flash Player, it recommends users update product installations to the latest versions:
  1. Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player
  2. Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player
  3. Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player for Windows, Macintosh and Linux.
  4. Adobe Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player for Windows 8.0.
  5. Adobe Flash Player installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player for Windows 8.1.

Source: THN