jueves, 26 de noviembre de 2015
Ron Paul Asks: Who Is Protecting ISIS And Why?
The US and its allies have allowed their desire for regime change in
Syria to outweigh their stated desire to get rid of ISIS. What does that
result in? Implicit or explicit protection for ISIS and related
extremist groups inside Syria. Turkey was enjoying big business in
Syrian underground oil shipments…until the Russians bombed ISIS’s oil
infrastructure. Then Turkey attacked a Russian plane.
miércoles, 29 de julio de 2015
Fake Android app can launch DDoS attacks from your phone
Android.DDoS.1.origin, as it’s called, is Russian
and disguises itself as the Google Play icon once downloaded. When opened, the
app takes its victims to the actual Google Play store so as to distract the
user. In the background, however, it searches for its command and control
server — and if a connection is made, the app sends the infected phone’s number
to the criminals. These hackers then administer commands to the app via text
messages.
Commands include launching a DDoS attack or
sending other text messages. Doctor Web suggests that the text message function
could be used to spam others in the phone’s contact list, prompting them to
either download the app or something else the hackers are pushing.
Nowadays when we think of DDoS attacks, we
often are reminded of Anonymous, the hacker collective that launches a number
of these attacks in the name of political protest. We’ve seen DDoS attacks take
down a number of important websites including the CIA’s, financial
institutions, and others. These attacks send large amounts of traffic toward a
certain website’s servers in an attempt to overload the system and shut it
down.
With this app, however, hackers with DDoS
intentions are roping in innocent bystanders to do the dirty work. This isn’t
the first time we’ve seen a campaign like this. In the case of the CIA
website’s take down, Anonymous was accused of distributing links on Twitter to
low-orbit-ion-canons (LOIC). These “cannons” send thousands of packets of
information to a targeted server per second. When the Twitter links were
clicked on, unsuspecting visitors would suddenly be roped into the attack.
Doctor Web goes on to say that the app can
cause the phone to perform poorly, and can actually run up the owner’s bill by
texting premium numbers.
Free Cryptography Course
Often associated with privacy, Cryptography
offers four basic services: Confidentiality, Integrity, Authenticity /
Availability, and Non-Repudiation. This
course offers practical examples for everyday use, to provide better
understanding of these concepts.
In our brief online Cryptography course, you’ll
learn about the difference between clear text and cypher text, compare
different encryption types, how encryption works, and how to secure and compare
data through the use of hashing.
Stagefright Attack : It takes only a single text message to hack an Android Smartphone
Over 95 percent of Android smartphones in circulation or roughly 950
million smartphones may be vulnerable to a unique but critical hack
attack called Stagefright.
Joshua Drake from Zimperium Mobile Security discovered six + one critical vulnerabilities in the native media playback engine called Stagefright. He calls this weaknesses ‘Mother of all Android Vulnerabilities’.
Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.
Stagefright is a native media playback tool used by Android and all these weaknesses reside in it. Drake states that they are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data.
According to Drake, all that the potential hacker needs to do is to
send out the exploits to the would be mobile phone numbers. From there,
they could send an exploit packaged in a Stagefright multimedia message
(MMS), which would let them write code to the device and steal data from
sections of the phone that can be reached with Stagefright’s
permissions.
Once the vulnerability is exploited, the hackers can access almost anything including recording of audio and video, snooping on photos stored in SD cards. Even the humble Bluetooth radio can also be hacked via Stagefright.
Depending on the MMS application in use, the victim might never know they had even received a message.
The vulnerabilities are so critical that sending an exploit code to to the victim’s Google Hangouts would “instantaneously trigger the exploit even before the user can even look at the smartphone or before you even get the notification”.
Another interesting aspect of the exploit is that once the it has been delivered, the hacker can delete the message before the user had been alerted about it, making attacks completely silent.
Drake will give the full disclosure along with Proof of Concept at Def Con on 6th August. He stated to Forbes that he had reported about the bugs in April this year and Google has sent out the patches to its smartphone manufacturing partners.
Drake stated that a total of seven vulnerabilities had been sent to Google by 9th April, 2015 and Google had reported back to him that it had scheduled patches on May 8th 2015. Further, Google assured Drake that all future Android versions will be released pre-patched against these vulnerabilities.
However as is the case with any Android smartphone update, the smartphone manufacturers rarely pass on the patches to the end users of the smartphone. Particularly the smaller manufacturers who make localised Android smartphones. As such, it can safely be assumed that almost 950 million Android smartphones and tablets in circulation may be exploitable using the Stagefright vulnerability.
“All devices should be assumed to be vulnerable,” Drake told Forbes. Drake says that only Android phones below version 2.2 are not affected by this particular vulnerability.
Joshua Drake from Zimperium Mobile Security discovered six + one critical vulnerabilities in the native media playback engine called Stagefright. He calls this weaknesses ‘Mother of all Android Vulnerabilities’.
Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.
Stagefright is a native media playback tool used by Android and all these weaknesses reside in it. Drake states that they are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data.
The following design chart explains the working of Stagefright
Once the vulnerability is exploited, the hackers can access almost anything including recording of audio and video, snooping on photos stored in SD cards. Even the humble Bluetooth radio can also be hacked via Stagefright.
Depending on the MMS application in use, the victim might never know they had even received a message.
The vulnerabilities are so critical that sending an exploit code to to the victim’s Google Hangouts would “instantaneously trigger the exploit even before the user can even look at the smartphone or before you even get the notification”.
Another interesting aspect of the exploit is that once the it has been delivered, the hacker can delete the message before the user had been alerted about it, making attacks completely silent.
Drake will give the full disclosure along with Proof of Concept at Def Con on 6th August. He stated to Forbes that he had reported about the bugs in April this year and Google has sent out the patches to its smartphone manufacturing partners.
Drake stated that a total of seven vulnerabilities had been sent to Google by 9th April, 2015 and Google had reported back to him that it had scheduled patches on May 8th 2015. Further, Google assured Drake that all future Android versions will be released pre-patched against these vulnerabilities.
However as is the case with any Android smartphone update, the smartphone manufacturers rarely pass on the patches to the end users of the smartphone. Particularly the smaller manufacturers who make localised Android smartphones. As such, it can safely be assumed that almost 950 million Android smartphones and tablets in circulation may be exploitable using the Stagefright vulnerability.
“All devices should be assumed to be vulnerable,” Drake told Forbes. Drake says that only Android phones below version 2.2 are not affected by this particular vulnerability.
“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus… where the default MMS is the messaging application Messenger. That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it,” Drake added.In an emailed statement sent to Forbes, Google thanked Drake for reporting the issues and supplying patches, noting its manufacturer partners should deploy in the coming weeks and months.
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,” a spokesperson said.
Google Want To Record Your Entire Life And Make It Searchable
Google have patented a “wearable
computing device” that will allow them to record, categorise and store people’s
lives.
Google hope to be able to record a
persons day-to-day life and store the footage in a central searchable database.
Using technology similar to Google
Glass, users would permanently wear a discreet recording device, and Google
would then upload and index the footage to a database.
Express.co.uk reports:
The patent explains that the online
database of footage would be searchable, allowing the user to ask questions
like “Who were the people at the business lunch this afternoon?”, or “How many
books did I read in May?”.
Google also details how its slightly
creepy database could be shared with multiple users.
This would allow people to query
friends’ or families’ video database with questions such as “What did my
friends do last night?”, “where was my sister on Friday?”.
Google-Tag-Memories-Google-Glass-Searchable-Photos-Database-Online-Free-Google-Glass-II-Video-Footage-322970
Although the technology could be
invaluable for some people, for example those suffering with Alzheimer’s
disease, it does carry a number of privacy concerns.
With the recent hacking of Ashley
Madison – potentially exposing the adulterous fantasies of some 37 million
people across the globe – Google may struggle to convince people to upload
point-of-view footage of their every waking moment.
Its also important to remember that
patents do not always indicate what a firm is working on, but simply shows a certain
level of interest.
However with Google adamant that its
Glass program is not dead, it is easy to see how this technology could be
implemented in a next-generation product.
Google Maps Tool Now Keeps Track Of Everywhere You Go
Both extremely marvelous and insanely creepy,
Your Timeline maps out the places you’ve been, the route you took to them, and
the photos you snapped along the way (for those also using Google Photos).
Available on the desktop and Android versions
of Google Maps, Your Timeline can give you info about any store or
establishment you may have visited, just as it would if it came up on a Google
Maps search. Your Timeline can be edited at will, too, so users can remove
records of the places they don’t need to remember, or wish to forget (or wish
to destroy evidence of having visited). Frequent spots and routes can be given
a name like “jogging route” or “favorite taco joint.”
It only works if you’ve opted-in to store your
location history with the all-seeing-all-knowing Internet giant. Literally
having your every movement and location automatically mapped out and stored
might be a little too much tracking for most to feel comfortable with, but for
those who don’t mind, this could be a handy reference tool for urban explorers
who like to wander around cities.
Another application could be for older folks
who whether or not they are under care, nonetheless sometimes wander off or
have difficulty remembering their day-to-day whereabouts. Either way, it’s a
handy tool if you’re willing to trade off some of your privacy.
Suscribirse a:
Entradas (Atom)