Attention: The forums are currently placed on Read Only.

Thank you for visiting the CNET forums. Our site is currently undergoing some maintenance. During this period (6:30 AM to 8 PM PDT,) you can read the forums content, however posting in the forum will not be available. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

Alert

NEWS - July 18, 2013

by Carol~ Moderator / July 18, 2013 3:41 AM PDT
Does NSA know your Wi-Fi password? Android backups may give it to them

"EFF technologist says "back up my data" exposes users' data to government spies."

[Screenshot] - On by default on most newer Android devices, Google's Android backup stores your personal details in plaintext.

If you're using Google's "back up my data" feature for Android, the passwords to the Wi-Fi networks you access from your smartphone or tablet are available in plaintext to anyone with access to the data. And as a bug report submitted by an employee of the Electronic Frontier Foundation (EFF) on July 12 suggests, that leaves them wide open to harvesting by agencies like the NSA or the FBI.

"The 'Back up my data' option in Android is very convenient," wrote Micah Lee, staff technologist at the EFF. "However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data."

The Backup Manager app stores Android device settings in Google's cloud, associated with the user account paired with the device; the Backup Manager interface is part of the core Android application API as well, so it can be used by other Android apps. Backup is turned on by default for Nexus devices and can push data such as MMS and SMS messages, browser bookmarks, call logs, and system settings—including Wi-Fi passwords—to Google's cloud for retrieval in the event that a device is broken, lost, or stolen.

Continued : http://arstechnica.com/security/2013/07/does-nsa-know-your-wifi-password-android-backups-may-give-it-to-them/

Also:
Android backup sends unencrypted Wi-Fi passwords to Google
Android and its password problems open doors for spies
Discussion is locked
Collapse -
Security Lapse Has Tumblr Asking IPhone, IPad Users To..
by Carol~ Moderator / July 18, 2013 4:02 AM PDT
In reply to: NEWS - July 18, 2013
... Update -Now!

Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application - ASAP - after it was apparently found to be transmitting user names and passwords in the clear.

In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr's mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad.

Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) to manage traffic from the mobile device. That allowed user login information to be viewed "in the clear" on an unprotected wi-fi network.

Continued : https://securityledger.com/2013/07/security-lapse-has-tumblr-asking-iphone-ipad-users-to-update-now/

Related: Tumblr Patches Serious Password Sniffing Bug for iPhone/iPad Users

See Vulnerabilities / Fixes: Tumblr for iOS Password Disclosure Security Issue
Collapse -
Network Solutions Takes Hit From DDoS Attack
by Carol~ Moderator / July 18, 2013 4:37 AM PDT
In reply to: NEWS - July 18, 2013

Network Solutions says it has bounced back from a distributed denial-of-service attack that took down some of the websites it hosts for hours.

"The recent DDOS attack affecting some customers has now been mitigated," the company posted on Facebook Wednesday. "Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357."

"Thanks to everyone for their patience as we resolved this issue," the company added.

About three hours prior to that post, Network Solutions - which is owned by Web.com and offers services ranging from hosting services to SSL certificates and domain name registration - acknowledged in a separate Facebook post that a DDoS attack was impacting its customers. Earlier in the week, Network Solutions also warned customers that some customer sites had been compromised.

Continued : http://www.securityweek.com/network-solutions-takes-hit-ddos-attack

Related: Network Solutions restores service after DDoS attack

Collapse -
KakaoTalk Targeted By Fake and Trojanized Apps
by Carol~ Moderator / July 18, 2013 4:37 AM PDT
In reply to: NEWS - July 18, 2013

From the Trendlabs Security Intelligence Blog:

Instant messaging apps are battling it out and trying to become the next popular means of communication that people will use. For example, in Japan, both Line and KakaoTalk - two popular chat apps - both claim to have more than 100 million users in Japan.

It shouldn't be a surprise that cybercriminals are using the names of these apps for their own attacks; in this post we'll show how KakaoTalk is being targeted by attackers. (However, let's be clear that KakaoTalk is not being the only brand targeted; other brands and apps are also targets as well.) Users need to understand the threats posed by these malicious apps.

First example: Trojanized App

One common way to create malicious apps is to take a legitimate version of the app and add malicious code to it. This creates a Trojanized app which, to the user, can appear to be normal. However, it actually contains malicious code.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/kakaotalk-targeted-by-fake-and-trojanized-apps/

Collapse -
Botcoin: Bitcoin Mining by Botnet
by Carol~ Moderator / July 18, 2013 4:37 AM PDT
In reply to: NEWS - July 18, 2013

An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I'll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots.

Bitcoin is a decentralized, virtual currency, and bitcoins are created by large numbers of CPU-intensive cryptographic calculations. As Wikipedia explains, the processing of Bitcoin transactions is secured by servers called bitcoin miners. These servers communicate over an internet-based network and confirm transactions by adding them to a ledger which is updated and archived periodically using peer-to-peer filesharing technology. In addition to archiving transactions, each new ledger update creates some newly minted bitcoins.

Earlier this week, I learned of a Russian-language affiliate program called FeodalCash which pays its members to distribute a bitcoin mining bot that forces host PCs to process bitcoin transactions (hat tip to security researcher Xylitol). FeodalCash opened its doors in May 2013, and has been recruiting new members who can demonstrate that they have control over enough Internet traffic to guarantee at least several hundred installs of the bitcoin mining malware each day.

Continued : http://krebsonsecurity.com/2013/07/botcoin-bitcoin-mining-by-botnet/

Collapse -
Getting Skimpy With ATM Skimmers
by Carol~ Moderator / July 18, 2013 5:33 AM PDT
In reply to: NEWS - July 18, 2013

Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I'm reminded of this when I occasionally stumble upon underground forum members trying to sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum of its parts.

Such was the fate of an audio-based ATM skimmer put up for sale recently on a private crime forum. The seller, a Ukrainian, was trying to offload a relatively pro-grade skimmer powered by parts cannibalized from an MP3 player and a small spy camera. The seller set the price at $2,450, but made the mistake of describing the device's various parts, all of which can be purchased inexpensively from a variety of online retailers.

For example, he told forum members that the main component in the card skimmer as an MSR-605, which is a handheld magnetic stripe reader of the sort that you might find attached to a cash register/point-of-sale machine at a retail clothing store, for example.

Continued : http://krebsonsecurity.com/2013/07/getting-skimpy-with-atm-skimmers/

Collapse -
Don't Look Now! Google Glass Pwned By Lowly QR Code
by Carol~ Moderator / July 18, 2013 5:33 AM PDT
In reply to: NEWS - July 18, 2013

Earlier this week, we wrote about how some features of Google Glass could be used as attack vectors. Well gentle reader, it has already come to pass: Lookout has announced that they have discovered a critical vulnerability in Google Glass. Thankfully, Google has already patched the issue.

Lookout's principal security analyst Marc Rogers told SecurityWatch that discovered a vulnerability in how the wearable computer processed QR codes. Because of Glass's limited user interface, Google set up the device's camera to automatically process any QR code in a photograph.

"On the face of it, it's a really exciting development," said Rogers. "But the issue is the moment Glass sees a command code it recognizes, it executes it." With this knowledge, Lookout was able to produce malicious QR codes that forced Glass to perform actions without the user's knowledge.

Continued : http://securitywatch.pcmag.com/security/313767-don-t-look-now-google-glass-pwned-by-lowly-qr-code

Also: Researchers find, Google fixes Glass hijack flaw

Collapse -
Q&A About The Latest Ransomware Affecting Mac OS X users
by Carol~ Moderator / July 18, 2013 9:21 AM PDT
In reply to: NEWS - July 18, 2013
Q&A About The Latest HTML Ransomware Affecting Mac OS X users

From the "Malwarebytes Unpacked" Blog:

The post I wrote about the FBI Ransomware Now Targeting Apple's Mac OS X users has received a lot of attention. Perhaps it did because we seldom hear about Mac users having to deal with malware - not that it does not happen, because it certainly does - but when it occurs, everyone wants to know about it.

The funny thing here is that this attack does not actually use malware per se, but rather a sneaky little piece of JavaScript (which is absolutely benign but yet annoying) and social engineering tricks.

At the end of the day, it still manages to appear as though it did in fact block your computer and will unfortunately be convincing enough to have people fork over several hundred dollars.

Now, let's answer your questions.

Q. Why did you call it ransomware for the Mac? It also works on Windows...

Continued : http://blog.malwarebytes.org/intelligence/2013/07/qa-about-the-latest-html-ransomware-affecting-mac-os-x-users/
Collapse -
Ransomware Abusing Norton Logo
by Carol~ Moderator / July 18, 2013 9:22 AM PDT
In reply to: NEWS - July 18, 2013

From the Symantec Security Response Blog:

There are reports in the media of a particular ransomware, a type of malware, using the official Symantec Norton logo to dupe victims into believing the ransomware is verified by Symantec. This is a common social engineering technique used by malware authors to deceive victims. It is not the first time that a security company's logo has being abused by ransomware.

Symantec detects this ransomware as Trojan.Ransomlock.Q and our IPS protection System Infected: Trojan.Ransomlock.Q will also detect its network activities. [Screenshot]

As always, for those affected by these scams—DO NOT PAY THE RANSOM. Instead, follow our removal steps and watch our removal instruction video.

Continued : http://www.symantec.com/connect/blogs/ransomware-abusing-norton-logo

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!