F-Secure and David Hasselhoff

We first blogged about David Hasselhoff in 2011 (see: Don’t hassle the Hoff on F-Secure’s watch).

The case from 2011 involved a remote access trojan which had a feature called “David Hasselhoff Atach”.

David Hasselhoff

And now, in 2014, David Hasselhoff is becoming the Freedome Ambassador for F-Secure.

David Hasselhoff

We will be launching our Digital Freedom Manifesto at the re:publica conference in Berlin together with David. For real.

For more information, se our Digital Freedom site.

On 22/04/14 At 02:04 PM

More here

Posted in Uncategorized | Leave a comment

Worth a read…


This article explains the behavior of Microsoft Security Essentials on Windows XP now that XP is no longer supported.

IMPORTANT NOTE: Users of MSE will continue to receive **antivirus updates** until 14 July 2015; that will protect you from malware such as viruses and trojans.  It will NOT, however, protect you from security vulnerabilities inherent to the operating system itself.

More here

Posted in Uncategorized | Leave a comment

New threat: Trojan-SMS.AndroidOS.Stealer.a

The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend. Over the last year, Trojan-SMS.AndroidOS.Stealer.a, a mobile Trojan, has become a leader in terms of the number of attempted infections on KL user devices, and now continually occupies the leading positions among active threats. For example, in Q1 2014 it accounted for almost a quarter of all detected attacks.

Geographic distribution

This SMS Trojan has actively been pushed by cybercriminals in Russia, and there have also been continual attempts to attack users in Europe and Asia. Infections with this Trojan have occurred virtually everywhere across the globe:

More here

Posted in Uncategorized | Leave a comment

Would you like some Zeus with your coffee?

Cybercriminals often like to use a bogus letter to trick people into opening malicious attachments. There are two tricks that make this work: a message from a familiar name (a bank, social network, service provider or other organization that might interest the recipient) and an intriguing or alarming subject. An attack based on fake messages supposedly from coffee chain Starbucks combined the two.

More here

Posted in Uncategorized | Leave a comment

SyScan 2014

In the first week of April 2014 we were at “The Symposium on Security for Asia Network” (SyScan), a “geeky” single-track conference located in Singapore.

I liked the friendly atmosphere from the very first slides of the event (as is seen above).

The program covered hardware and software attacks like “Car Hacking”, “Defeating SecureBoot”, “Point-of-Sale”-hacks (“Flappy Bird” injected on a mobile POS device was my favorite), “RFID”-hacks, “Anti-Virus Software” flaws, “Phone hacks”, “OS-Hacks” and a “Linux Memory Forensic” case study amongst others. All of the presentations were of quite high quality in content and most of the speakers did a nice job presenting their content.

Much beer did flow at the “BarCon” at the end of day one …

More here

Posted in Uncategorized | Leave a comment

xkcd: Heartbleed Explanation

Heartbleed Explanation
xkcd: Heartbleed Explanation

On 11/04/14 At 09:53 AM

More here

Posted in Uncategorized | Leave a comment

Lame “SEO” Android Apps Claim To Be Antivirus

On Sunday, Android Police (a popular news and review site) published a post on “Virus Shield“— an app which reached top ranking in Play, and yet, was a complete fraud. In a follow up, DailyTech did some digging and believes the app was written by a 17 year-old Texan. Apparently he’s good at SEO.

Whether he’s the guy or not… it fits the typical profile. A young person with good SEO skills pushing a rather useless app.

Virus Shield

Lame “SEO apps” are prevalant on Google Play. They’re easy to find if you look.

For example:

  •  Best Antivirus Lite
  •  SAFE antivirus Limited
  •  Skulls Antivirus
  •  Shnarped Hockey antivirus lite

Best and SAFE link to one “developer”— while Skulls and Shnarped Hockey link to another.

Though there are two different developers… the apps are identical apart from their name. The apps appear to be based on a template (there are markets for app templates) and all the so-called developers have done is to add their own graphics.

Android apps: no developer skills required.

So what do the apps do?

Well, the “antivirus” open sa screen label “anti spyware”.

Shnarped Hockey antivirus lite

Hmm, the terms changed. That ought to be a warning sign.

Click “Start Scan” and the app does a basic scan of permissions for installed apps. Apps with a large number of permissions are categorized as a risk and those with a low number of permissions are called safe. And if you want to see the details? Well, then you need to buy the “full” version of the app for about a buck. In our humble opinion, the folks who bought the full versions (more than one thousand) completely wasted their money.

Google Play: caveat emptor.

P.S. If you want an app that does an advanced scan of permissions and provides excellent details entirely FREE of charge…

Check out F-Secure App Permissions for Android.

On 10/04/14 At 05:03 PM

More here

Posted in Uncategorized | Leave a comment

Heartbeat vulnerability

I’m sure you’ve seen this all over the web.  Summary here:

There is a test page here that you can use to see if the sites you use are vulnerable (make sure you enter an HTTPS address, not HTTP):

If the site is not vulnerable, then you may or may not be safe (no easy way to know if the site was patched, or never vulnerable).

If the site IS vulnerable, let them know. And wait for them to fix the problem before changing your password on that site.  If you have used that same login and password on ANY other site, change on those other sites immediately (even if those other sites come up as not vulnerable).

It’s going to be a pain in the tush, changing all those passwords, but it needs to be done Sad smile

More here

Posted in Uncategorized | Leave a comment

Admins: why not review config standards as you fix Heartbleed?

As you have to update your SSL anyway, why not make sure your configuration is up to modern standards?

There has been plenty of noise about Heartbleed, so if you’re an admin, you already know what to do.

1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new private keys and SSL certificates as the old ones may have leaked
4. Revoke old certificates

But since you have to touch your server configuration and create new SSL certificates, we would recommend that you also go through certificate generation settings and server configuration. Heartbleed is not the only problem in SSL/TLS implementations, a poorly chosen protocol or weak cipher can be just as dangerous as the Heartbleed bug.

As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet

Bonus points opportunity!

5. Implement Perfect Forward Secrecy (PFS). It’s the “Prefer Ephemeral Key Exchanges” rule in the OWASP cheat sheet.

See this EFF post for details: Why the Web Needs Perfect Forward Secrecy More Than Ever

Edited to add:

And one more thing!

6. Do not rely only on transport layer security. If your data is critical, use additional protection in your implementation.

Example: Younited. See the support question: How do I turn on advanced login authentication?

younited's 2FA

Two factor authentication. PROVIDE IT. Please.


Added note clarifying that private key of course needs to be changed and old certs revoked. Thanks @oherrala.

On 09/04/14 At 09:39 AM

More here

Posted in Uncategorized | Leave a comment

The omnipresent dad

Many websites show different text depending on where the user lives. For instance, home pages of some portals show you the news and weather of your region by default, because you are most likely to be interested in this kind of information first of all.

Of course, spammers and fraudsters also make use of this approach.

The following letter, written in Spanish, advertises an easy way to earn money online:

The attached link directs users to times-financials.com, registered in October 2013, according to the information on whois:

“Moscow City dad makes $14,000 per month” – says the title.

From Moscow? Hmmm.

More here

Posted in Uncategorized | Leave a comment