Spyware, Viruses, & Security forum


NEWS - August 09, 2013

by Carol~ Moderator / August 9, 2013 3:52 AM PDT
Secure webmail service Lavabit suspends operation, citing legal issues

If you're interested in webmail security, you've probably heard of Lavabit.

It's a boutique webmail provider based in Texas, USA.

Lavabit differs from the big cloud email players, such as outlook.com and Gmail, by using encryption a bit differently.

It uses public key cryptography not only when you view your messages in your browser (that's the https:// part in the URL), but also when it stores your messages on its servers.

Public key cryptography, secretly invented by the British in the early 1970s under the mildly confusing moniker of NSE (non-secret encryption), uses two keys, not one, to secure your data. Anyone can lock a file for you to read later, using your public key. You may publish this key openly. But only you can unlock the file, using your private key. As the name implies, this is the one you keep to yourself.

What that means is that the contents of your messages aren't just encrypted on Lavabit's disks so that they are protected from abuse if someone steals the servers.

Continued : http://nakedsecurity.sophos.com/2013/08/09/lavabit-suspends-operation-citing-legal-issues/

Encrypted Communications Service Goes Silent
Snowden's email provider, Lavabit, shutters citing legal pressure
Snowden's secure email provider Lavabit shuts down under gag order

After Lavabit shutdown, another encrypted e-mail service closes
Lavabit And Silent Circle Shut Down Email Services Over US Surveillance Fears
After Lavabit, Silent Circle also shuts down email service
Discussion is locked
You are posting a reply to: NEWS - August 09, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 09, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Android "Master Key" vulnerability - more malware exploits..
by Carol~ Moderator / August 9, 2013 5:11 AM PDT
In reply to: NEWS - August 09, 2013
... code verification bypass

Researchers at SophosLabs have come across yet more samples of Android malware exploiting the so-called "Master Key" vulnerability.

These samples are different from the ones announced about two weeks ago by our comrades-in-arms over at Symantec.

So, although this vulnerability is not being widely used yet, there does seem to be more than just a passing interest from the cybercrooks in exploiting it.

As we discussed last month, the exploit doesn't actually crack any cryptographic keys, despite its name.

The "MasterKey" hole

The way it works is annoyingly simple.

Android apps are delivered in ZIP-format files with the extension APK (Android Package).

Continued: http://nakedsecurity.sophos.com/2013/08/09/android-master-key-vulnerability-more-malware-found-exploiting-code-verification-bypass/
Collapse -
Mozilla links Gmail w/ Persona for email-based single signon
by Carol~ Moderator / August 9, 2013 5:11 AM PDT
In reply to: NEWS - August 09, 2013

The Mozilla Foundation has unveiled a new Identity Bridge that links its Persona single sign-on technology with Gmail, allowing all Gmail users to log in to Persona-enabled sites without entering a username or password.

Persona works by having users register their email addresses with a server called a Persona Identity Provider (IdP), which will then authenticate their identities for other websites using a system based on public-key cryptography, rather than traditional usernames and passwords.

Because most internet users haven't registered with a Persona IdP, however - and many don't even know such things exist - Mozilla has developed Identity Bridging as a stopgap measure until Persona is more widely supported.

A Persona Identity Bridge authenticates users using either the OpenID or OAuth protocols - most major email providers offer one or the other - and then translates the results into the Persona protocol for use with Persona-enabled websites.

Continued : http://www.theregister.co.uk/2013/08/09/persona_identity_bridge_for_gmail/

Mozilla launches Persona Identity Bridge for Gmail, lets users sign in with their existing account credentials
Mozilla bridges Gmail to Persona log-in

Collapse -
Is it Adware? Antivirus Vendors Say Yes, Google Says No
by Carol~ Moderator / August 9, 2013 5:11 AM PDT
In reply to: NEWS - August 09, 2013

[Screenshot: VirusTotal AV results for apps flagged with adware]

It's totally true that we'd have a lot fewer free games and other apps if developers couldn't recoup some of their costs by displaying advertisements. It's equally true that some ad-supported programs and ad networks go way, way beyond what's reasonable in pushing ads and harvesting personal information. Some will even change your wallpaper, or tweak your ringtone so you hear an ad when you get a call. Mobile security vendor Lookout threw down the gauntlet a couple months ago, calling out ad networks with bad behavior. A new study by Zscaler shows that quite a few other vendors agree. The one holdout? Google.

Researchers at Zscaler took the top 300 apps in each Google Play category and ran them through the VirusTotal service. When you submit a file, VIrusTotal runs the file past over 40 antivirus scanners and reports how many (and which) identified it as some kind of malware. On this basis, the researchers determined that 22 percent of the apps were flagged as adware by at least one vendor.

Many Voices

Continued : http://securitywatch.pcmag.com/mobile-apps/314603-is-it-adware-antivirus-vendors-say-yes-google-says-no

Collapse -
Compromised Accounts Tweeting Links to Malware
by Carol~ Moderator / August 9, 2013 5:34 AM PDT
In reply to: NEWS - August 09, 2013

The Symantec Security Response Blog:

It is not uncommon to see social media accounts, specifically Twitter accounts, directing users to malicious sites such as the ones hosting Android.Opfake, an issue we blogged about last year. Recently, we discovered that the accounts of innocent users were being compromised to tweet these types of malicious links to their followers. [Screenshot]

The series of compromised accounts appears to have started around the beginning of July and has affected users globally. A broad range of accounts have been compromised for weeks and many users have yet to notice that their accounts are sending out malicious tweets, even though hundreds of tweets may have already been sent. [Screenshot]

If you are worried about accidently clicking on malicious links coming from accounts you follow, you might be safe if you do not understand Russian. This is because the tweets are in Russian and you might ignore them if you see them on a friend's account. If you understand Russian and are following users who regularly tweet in Russian, you should be wary.

Continued : http://www.symantec.com/connect/blogs/compromised-accounts-tweeting-links-malware

Collapse -
Amazing Xerox scanner flaw can mangle numbers in your ..
by Carol~ Moderator / August 9, 2013 6:12 AM PDT
In reply to: NEWS - August 09, 2013
... documents. Patch being developed

Can you spot the difference between these two images?

Original image: [Screenshot: Before]

Scanned image: [Screenshot: After]

Of course, they're not supposed to be pixel-for-pixel identical. The second is supposed to be a scan of the original done by a Xerox WorkCentre 7535, and the quality and resolution is far from perfect.

But what is surprising is that the scanner has changed some of the numbers.

Yup. Do you see how 21.11 m2 has become 14.13 m2... and 17.42m2 has become 14.13m2?

This problem was discovered by German computer scientist David Kriesel.

Continued : http://grahamcluley.com/2013/08/xerox-scanner-flaw-numbers/
Collapse -
Stop TVs spying on us! U.S. Senator calls for safer ..
by Carol~ Moderator / August 9, 2013 7:52 AM PDT
In reply to: NEWS - August 09, 2013
..."Smart" devices

From the ESET "We Live Security" Blog:

A U.S. Senator has called on the manufacturers of Smart TVs to make their devices safer - after a demonstration of an attack which showed off how hackers could "spy" on users through a television's built-in webcam.

"You expect to watch TV, but you don't want the TV watching you," said Senator Charles E Schumer, a Democrat from New York. "Many of these smart televisions are vulnerable to hackers who can spy on you while you're watching tv in your living room. Manufacturers should do everything possible to create a standard of security in their internet-connected products."

His comments come in the wake of a demonstration at the Black Hat security conference in Las Vegas, where a researcher showed off how to remotely activate the microphones and cameras in a Samsung Smart TV, as reported by NBC.

"Smart TVs sold over 80,000,000 units around the world in 2012," SeungJin 'Beist' Lee wrote of his Black Hat briefing. "This next generation "smart" platform is becoming more and more popular. Expensive Smart TVs have many hardware devices like a Camera or Mic which, if remotely controlled, means bad guys can spy remotely without you knowing. Even more, it is possible to make Smart TVs monitor you 24/7 even though users turn off their TV."

Continued : http://www.welivesecurity.com/2013/08/09/stop-tvs-spying-on-us-u-s-senator-calls-for-safer-smart-devices/
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.