Access this page and download the pre rooted kernel; save it on your computer and unzip it on your desktop if that’s possible.
Download Odin; also unzip and install the software by following on screen prompts.
The Galaxy S6 Edge Plus USB drivers must be installed on your PC – use Samsung KIES for completing this task.
Next, run Odin on your computer and enter download mode on your S6 Edge.
For reaching download mode: first power off your device and then press and hold (at the same time, for a few moments) Power, Volume Down and Home buttons.
Connect your phone with your computer with the help of the USB cable – the “added” message will be displayed on the program while the ID:COM field will be turned yellow or blue (if that’s not happening, try to reinstall the USB drivers before repeating these steps).
From Odin select the PA option.
Load the custom kernel file.
Don’t check the Re Partition and Auto Reboot options.
Click on Start when ready and wait while the process is being completed.
The “pass” message will be eventually displayed; the ID:COM field will be also turned green – unplug the USB cord and reboot your phone.
If a boot loop is issued, reach recovery mode and select “wipe data factory reset” and “clear app data cache” – making a hard resetand clearing app data cache can troubleshoot different software related issues.
If Odin gets stuck during the root process, close the software, remove the USB connection, force restart your SGS6 Edge Plus and reinstall USB drivers before retrying everything from step 1.
In the end, access Google Play and download the SuperSU utility on your smartphone in order to resume the root process.
There you have it; that’s how you can root your AT&T Samsung Galaxy S6 Edge Plus. Do tell us how things worked for you by using the comments area from down below. Enjoy.
The rotating three-digit security code on the back changes every hour, making it almost impossible for anyone without the card to use it.
Imagine a world without credit card fraud. Impossible, you might say. And you’d probably be right. But any effort to rein it in helps.
Every time your bank card is cloned or skimmed from an ATM or by scammer, or stolen from a website or a phishing attack, your credit card is wide open for a thief to use until you catch on and cancel it.
That might soon be a thing of the past, thanks to one technological advancement: A credit card with a rotating security code.
The credit card, dubbed Motion Code, contains a small display in the reverse of the card across the signature strip which randomly generates the card’s new security code — the card verification value (CVV) — every hour, according to The Memo, which spoke to the company, Oberthur Technologies. This makes the card useless for any thief who has the card’s number without the new CVV.
The downside for the user is that they will have to enter the auto-generated security code every time they make a purchase. Bad news for anyone who’s memorized the numbers on their card.
It’s not the only downside, though. The card will prevent online credit card fraud, but won’t help if a thief steals your physical credit card. (My million-dollar idea? Every credit card should come with the owner’s photo. There, you can have that one for free.)
Two major French financial institutions, Société Générale and Groupe BPCE, are readying the cards for a wider rollout. Poland has already seen some successes with the cards in a separate trial.
If all goes well, a trial may be on the cards with a UK bank soon.
People have been talking about the internet crashing for as long as there has been an internet. The use of the 1980s graphic format “GIF” for the common phrase used to describe “Death of the internet: GIF at 11” tells you that. We’ve always been scared of it, but today it’s a real possibility.
In fact, I’m certain we’ll see such an attack. If I were a betting man, I’d say we’ll see it sometime around November 8th: The US elections date.
An attack then would make a huge impression. And, as noted security expert Bruce Schneier pointed out recently, “over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.”
Schneier continued that major internet companies are telling him they’re seeing an increase in [Distributed Denial of Service] DDoS attacks against them. “Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.”
That’s not just what he’d been told. Internet security firm Verisign is reporting DDoS activity that’s the highest it’s ever seen.
It’s only getting worse.
In late September, prominent security expert Brian Krebs had his security blog, Krebs on Security, blown off the Internet by a DDoS attack that came to a mind-boggling 665Gbps.Akamai, the content delivery network (CDN), counts attacks of over 100Gbps as being “Mega attacks.” This attack, on a single individual’s website, was six times that size.
Akamai and its DDoS prevention division Prolexic was forced to give up trying to handle the attack on Krebs. They couldn’t afford to keep trying to keep his site up against a perfect storm of SYN Floods, GET Floods, ACK Floods, POST Floods, and GRE Protocol Floods bogus email subscriptions and garbage Skype requests. Today, Krebs on Security is back up on Alphabet’s Project Shield, Google’s experimental anti-DDoS service.
Attacks over 100Gbps are becoming commonplace. Massive DDoS attacks can now be done by any script kiddie.
Here’s the worst news. Truly massive attacks are easier than ever to make.
Krebs sourly noted it didn’t require a James Bond villain. “This attack was launched with the help of a botnet that has enslaved a large number of hacked so-called IoT devices — mainly routers, IP cameras, and digital video recorders (DVRs) that are exposed to the internet and protected with weak or hard-coded passwords.”
The botnet code used to make the attack, Mira, has been dumped on the web. That was a few days ago. In a few weeks, script kiddies can start making 500Gbps+ attacks.
BCP-38 was proposed in 2000 when DDoS attacks were first becoming a serious problem. It works by filtering out bogus internet addresses. Another internet proposal, Ingress Filtering for Multihomed Networks, BCP-84, helps to make it possible to use.
They’re not perfect, but they would go a long way to reducing DDoS attacks to manageable sizes.
Their logic is, McConachie explained, “It costs money to install filters, albeit a very small amount, but it is not free. Nor is the labor capable of installing those filters cheap. Therefore it makes economic sense for this network operator to not install filters. No one is DDOSing their network, that’s someone else’s problem.”
It’s not. It hasn’t been someone else’s problem for years now. And now it’s on the brink of becoming everyone’s problem in the worst possible way. Besides, it doesn’t cost that much. McConachie said “any carrier grade [Border Gateway Protocol] BGP router can support many more Access Control Lists (ACLs) than are actually needed to support implementation of BCP 38”.
Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.
Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.
Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.
It is estimated that ransomware attacks cost more than $1 billion per year.
The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.
Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.
However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.
The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC using this step-by-step guide. Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.
Below, in alphabetical order, you can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection.
As of today, all of Facebook’s 900 million Messenger users should be able to choose to have specific chat threads end-to-end encrypted, protecting a message from all eyes except the sender and recipient. Called Secret Conversations, the feature also allows users to set messages to self-destruct anywhere between five seconds to one day.
Once a Secret Conversation is initiated, Facebook’s app says that the conversation has been “encrypted from one device to the other”. Encrypted conversations can be started from the home page by tapping a new message and then tapping the Secret button on the top right corner of the page, followed by the contact you want to start a secret chat with.
The new privacy feature follows the completion of Facebook’s end-to-end encryption rollout for the billion users of its other chat app, WhatsApp, earlier this year.
Facebook has published a support page explaining the new privacy feature in Messenger. In July it also published atechnical paper detailing how it’s encrypting messages.
Like WhatsApp, Messenger Secret Conversations uses the Signal Protocol for end-to-end encryption. The protocol was developed by Open Whisper Systems, the maker of Signal, the go-to messaging app for NSA whistleblower Edward Snowden.
Google also settled on Signal for its Incognito mode in the new Allo chat app, the first app to feature Google’s new AI-powered Assistant. Messenger Secret Conversations is similar to Allo in that end-to-end encryption is not enabled by default, unlike Signal and WhatsApp.
Google was sharply criticized for that decision by privacy advocates and Snowden, even though the company had made encryption extremely simple to use for millions of people.
As Wired reports, having encryption opt-in may help Facebook avoid the legal run-ins that WhatsApp has recently faced in Brazil after contending it was impossible to assist authorities in a criminal case.
One aspect of communications that end-to-end encryption does not shield is metadata, such as subscriber information, location, and the time of communications.
American Civil Liberties Union revealed yesterday it is providing legal counsel to Open Whisper Systems over a US government subpoena demanding metadata from several Signal accounts. It was also served a national security gag order of the type Microsoft is currently fighting in the courts.
Rights group Electronic Frontiers Foundation (EFF) also criticized Google this week for Allo’s opt-in sending the wrong message about the purpose of encryption, since it only draws attention to which messages an attacker should target.
“Allo encourages users to encrypt when they want to send something ‘private’ or ‘secret’, which we fear users will interpret as sensitive, shady, or embarrassing,” EFF wrote. “And if end-to-end encryption is a feature that you only use when you want to hide or protect something, then the simple act of using it functions as a red flag: ‘Look here! Valuable, sensitive information worth hiding over here!'”
EFF suggested Google split Allo into two apps: one that offered secure end-to-end encryption by default, and another that supported its machine intelligence features Smart Reply and Assistant.
At least in Facebook’s case, WhatsApp does fit that model.
Facebook notes that Secret Conversations supports messages, pictures, and stickers, but not group messages, gifs, videos, voice, video calling, or payments.
Hospitals might not be such an obvious target for hackers as banks, but cybercriminals are using an array of attacks — from the simple to the extremely sophisticated — in an attempt to breach the defences of healthcare providers.
While some hackers are using system-locking ransomware to make a quick buck out of hospitals — those who targeted a Hollywood hospital this way walked away with $17,000 in exchange for unecrypting systems — there are other cybercrminals who are highly aware how these institutions means they retain huge amounts of personal data, which can be stolen and exploited to turn a profit.
In the UK around 60 percent of emails from outside the NHS are blocked by filters, because they’re identified as phishing attempts with the likely goal of delivering Trojans, spyware, ransomware, and other malicious software to the network.
But that doesn’t stop every attack. At the recent UK Health Expo, Rob Shaw, chief operating officer and senior information risk owner at NHS Digital, discussed one incident that showed the sophistication of some attacks.
Shaw detailed how one particular employee fell victim to one of these attacks and that nobody knew it had happened until two weeks after the initial intrusion.
Attackers first searched for their intended victim on LinkedIn and were able to see information including where they went to school. From there, the attackers were able to look at the school’s website, which identified the victim as a past captain of the rugby team. Using that extra information, the attacker did some additional research and found out the name of the rugby team’s vice captain.
They then used this in order to build a convincing looking email: one spoofing a genuine-looking email address from the old team-mate, and which referred to the victim by name. The email claimed to come with an old rugby team photo of the two in an attachment.
When the victim clicked on the attachment, a dialogue box popped up and eager to see what’s actually a non-existent photo they selected ‘OK’. In doing so they enabled the attacker to gain control of the PC via the use of Trojan spyware, which then went unnoticed for two weeks while it spied on the network and gathered data.
It might sound like a sophisticated attack method to some, but the fact is phishing attacks of this kind are relatively simple to carry out and anyone with some smarts and time — and the desire to make you a victim — could carry it out.
“That’s not state-sponsored, that’s not the Chinese or Russians, that’s just someone being quite clever and getting hold of credentials,” says Shaw, adding “and the fact it took us two weeks to find out shows how easy it is to get things through”.
Education is a key requirement in fighting this sort of attack, as the threat could be reduced by suggesting employees should be more cautious online and by warning them that they should be wary of strange or unexpected emails.
“Your information has a high intrinsic value. Forget about whether it’s a threat to somebody’s life, forget whether if they bring down the system they could shut down life support systems; that’s not an issue to them. What’s an issue is how they can generate money out of your data, even if it’s just selling it on,” said Steve Mulhearn, director of enhanced technologies at cybersecurity firm Fortinet.
However, there’s another factor which puts hospitals — both within the NHS and around the world — at risk and that’s the reliance on legacy systems.
Mainstream support for Windows XP ended in April 2009 while extended support for it in organisations like hospitals ended in April 2014. That means there are systems inside hospitals running on an operating system which hasn’t received security updates for over two years.
Shaw detailed how 15 percent of NHS systems still run on Windows XP and if those machines could be identified by outsiders, they’re very much a huge security hole within the network. Unfortunately, the bespoke nature of many of these devices means that they’re not easy to update.
“It’s not simple; I can’t go to Microsoft and say, ‘here’s pile of cash, just put everyone on Windows 10’. Because a lot of this software has been specially written and has been used to treat patients, so unless you rewrite the software you can’t migrate it across, so we’ve got to look at how to manage it,” said Shaw.
However, there’s an even bigger issue to contend: one of the reasons some of this hardware is still running Windows XP is because it just can’t support Windows 10, or even Windows 7, which accounts for 83 percent of NHS systems. Budget cuts and strains on finances mean hospitals can’t afford to replace these devices, some of which still perform vital services. So what’s the answer?
“Take it off the network. Lock it down and ensure only the people who need access to it get access to it,” said Shaw.
In recent years we’ve seen malware that targets webcams and microphones in an effort to secretly record what a person says and does.
Even the NSA has developed code that remotely switches on a person’s webcam.
But things are different when it comes to Mac malware, because each Apple laptop has a hard-wired light indicator that tells the user when it’s in use. At least you know you’re being watched.
That could change with a new kind of webcam piggyback attack, according to research by Synack’s Patrick Wardle, which he will present Thursday at the Virus Bulletin conference.
After examining a number of malware samples, Wardle believes that attackers can easily take advantage of the light indicator in most modern Macs to mask the malware from secretly recording your phone calls and video chats.
The “attack” works like this. The malware quietly monitor the system for user-initiated video sessions — like FaceTime or Skype video calls — then piggybacks the webcam or microphone to covertly record the session. Because the light is already on, there’s no visible indications of this malicious activity, which lets the malware record both the audio and video without risk of detection.
After all, it’s the phone and video calls that hackers and nation states want to hear, not the regular ramblings of a person sitting at their desk throughout the day.
Wardle told me in an email that when a person legitimately uses their webcam or microphone, it’s typically for more sensitive things, such as a journalist talking to a source, or an important business meeting with an executive, or even a person’s private FaceTime conversation with their partner — all of which could be invaluable for surveillance.
Enter his new tool, Oversight, which aims to block rogue webcam connections that piggyback off legitimate video calling apps, and alerts you when your microphone is in use.
If malware tries to piggyback off a webcam session, the app will alert the user — allowing them to block it. Wardle said that the tool will log the process, allowing security experts or system administrators to take a closer look.
The good news is that Wardle said he’s not aware of any Mac malware that exists to do this, but he noted it isn’t difficult to implement.
“It’s just a few lines [of code], and it doesn’t require any special privileges,” he said. “Currently, Mac malware such as Eleanor could easily implement this capability with this code.”