Worth a read…


This article explains the behavior of Microsoft Security Essentials on Windows XP now that XP is no longer supported.

IMPORTANT NOTE: Users of MSE will continue to receive **antivirus updates** until 14 July 2015; that will protect you from malware such as viruses and trojans.  It will NOT, however, protect you from security vulnerabilities inherent to the operating system itself.

More here

Posted in Uncategorized | Leave a comment

New threat: Trojan-SMS.AndroidOS.Stealer.a

The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend. Over the last year, Trojan-SMS.AndroidOS.Stealer.a, a mobile Trojan, has become a leader in terms of the number of attempted infections on KL user devices, and now continually occupies the leading positions among active threats. For example, in Q1 2014 it accounted for almost a quarter of all detected attacks.

Geographic distribution

This SMS Trojan has actively been pushed by cybercriminals in Russia, and there have also been continual attempts to attack users in Europe and Asia. Infections with this Trojan have occurred virtually everywhere across the globe:

More here

Posted in Uncategorized | Leave a comment

Would you like some Zeus with your coffee?

Cybercriminals often like to use a bogus letter to trick people into opening malicious attachments. There are two tricks that make this work: a message from a familiar name (a bank, social network, service provider or other organization that might interest the recipient) and an intriguing or alarming subject. An attack based on fake messages supposedly from coffee chain Starbucks combined the two.

More here

Posted in Uncategorized | Leave a comment

SyScan 2014

In the first week of April 2014 we were at “The Symposium on Security for Asia Network” (SyScan), a “geeky” single-track conference located in Singapore.

I liked the friendly atmosphere from the very first slides of the event (as is seen above).

The program covered hardware and software attacks like “Car Hacking”, “Defeating SecureBoot”, “Point-of-Sale”-hacks (“Flappy Bird” injected on a mobile POS device was my favorite), “RFID”-hacks, “Anti-Virus Software” flaws, “Phone hacks”, “OS-Hacks” and a “Linux Memory Forensic” case study amongst others. All of the presentations were of quite high quality in content and most of the speakers did a nice job presenting their content.

Much beer did flow at the “BarCon” at the end of day one …

More here

Posted in Uncategorized | Leave a comment

xkcd: Heartbleed Explanation

Heartbleed Explanation
xkcd: Heartbleed Explanation

On 11/04/14 At 09:53 AM

More here

Posted in Uncategorized | Leave a comment

Lame “SEO” Android Apps Claim To Be Antivirus

On Sunday, Android Police (a popular news and review site) published a post on “Virus Shield“— an app which reached top ranking in Play, and yet, was a complete fraud. In a follow up, DailyTech did some digging and believes the app was written by a 17 year-old Texan. Apparently he’s good at SEO.

Whether he’s the guy or not… it fits the typical profile. A young person with good SEO skills pushing a rather useless app.

Virus Shield

Lame “SEO apps” are prevalant on Google Play. They’re easy to find if you look.

For example:

  •  Best Antivirus Lite
  •  SAFE antivirus Limited
  •  Skulls Antivirus
  •  Shnarped Hockey antivirus lite

Best and SAFE link to one “developer”— while Skulls and Shnarped Hockey link to another.

Though there are two different developers… the apps are identical apart from their name. The apps appear to be based on a template (there are markets for app templates) and all the so-called developers have done is to add their own graphics.

Android apps: no developer skills required.

So what do the apps do?

Well, the “antivirus” open sa screen label “anti spyware”.

Shnarped Hockey antivirus lite

Hmm, the terms changed. That ought to be a warning sign.

Click “Start Scan” and the app does a basic scan of permissions for installed apps. Apps with a large number of permissions are categorized as a risk and those with a low number of permissions are called safe. And if you want to see the details? Well, then you need to buy the “full” version of the app for about a buck. In our humble opinion, the folks who bought the full versions (more than one thousand) completely wasted their money.

Google Play: caveat emptor.

P.S. If you want an app that does an advanced scan of permissions and provides excellent details entirely FREE of charge…

Check out F-Secure App Permissions for Android.

On 10/04/14 At 05:03 PM

More here

Posted in Uncategorized | Leave a comment

Heartbeat vulnerability

I’m sure you’ve seen this all over the web.  Summary here:

There is a test page here that you can use to see if the sites you use are vulnerable (make sure you enter an HTTPS address, not HTTP):

If the site is not vulnerable, then you may or may not be safe (no easy way to know if the site was patched, or never vulnerable).

If the site IS vulnerable, let them know. And wait for them to fix the problem before changing your password on that site.  If you have used that same login and password on ANY other site, change on those other sites immediately (even if those other sites come up as not vulnerable).

It’s going to be a pain in the tush, changing all those passwords, but it needs to be done Sad smile

More here

Posted in Uncategorized | Leave a comment

Admins: why not review config standards as you fix Heartbleed?

As you have to update your SSL anyway, why not make sure your configuration is up to modern standards?

There has been plenty of noise about Heartbleed, so if you’re an admin, you already know what to do.

1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new private keys and SSL certificates as the old ones may have leaked
4. Revoke old certificates

But since you have to touch your server configuration and create new SSL certificates, we would recommend that you also go through certificate generation settings and server configuration. Heartbleed is not the only problem in SSL/TLS implementations, a poorly chosen protocol or weak cipher can be just as dangerous as the Heartbleed bug.

As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet

Bonus points opportunity!

5. Implement Perfect Forward Secrecy (PFS). It’s the “Prefer Ephemeral Key Exchanges” rule in the OWASP cheat sheet.

See this EFF post for details: Why the Web Needs Perfect Forward Secrecy More Than Ever

Edited to add:

And one more thing!

6. Do not rely only on transport layer security. If your data is critical, use additional protection in your implementation.

Example: Younited. See the support question: How do I turn on advanced login authentication?

younited's 2FA

Two factor authentication. PROVIDE IT. Please.


Added note clarifying that private key of course needs to be changed and old certs revoked. Thanks @oherrala.

On 09/04/14 At 09:39 AM

More here

Posted in Uncategorized | Leave a comment

The omnipresent dad

Many websites show different text depending on where the user lives. For instance, home pages of some portals show you the news and weather of your region by default, because you are most likely to be interested in this kind of information first of all.

Of course, spammers and fraudsters also make use of this approach.

The following letter, written in Spanish, advertises an easy way to earn money online:

The attached link directs users to times-financials.com, registered in October 2013, according to the information on whois:

“Moscow City dad makes $14,000 per month” – says the title.

From Moscow? Hmmm.

More here

Posted in Uncategorized | Leave a comment


Heartbleed is a catastrophic bug in OpenSSL:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory — SSL private keys, user keys, anything — is vulnerable. And you have to assume that it is all compromised. All of it.

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

Half a million sites are vulnerable, including my own. Test your vulnerability here.

The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.

At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

This article is worth reading. Hacker News thread is filled with commentary. XKCD cartoon.

More here

Posted in Uncategorized | Leave a comment