Category Archives: (J) Security Focus

You Cannot Take Your Picture Back From the Internet

Here are the biggest dangers of posting photos online

1. You lose control over your images

As soon as pictures of your kids appear online, anyone may view them, copy, save, tag or spread them – and you will never get to know. Besides, most of the people skip reading terms and conditions of social media sites like Facebook. Well, having read attentively enough you can find a clause that states that you give up all copyrights, ownership and your consent of any media you share on the platform. This means that popular sites like Facebook are not obliged to ask your consent and may use any content you put on their platform in any way they want.

2. You can’t take a photo back from the Internet

pictures of your kids

Source: popsugar.com

Once your photo is uploaded to the Web, you can’t take it back. Any images, as well as any messages, will stay in the worldwide network forever, stored on the servers. If you delete them from the timeline on your FB profile or the message history on Whatsapp, they still won’t disappear from the Internet.

Even changing picture privacy settings in your profile to keep all photos available only for the people on your friends list doesn’t guarantee that someone won’t see it else. Even your friends or relatives may appear to be a “weak link,” having saved a photo or a video of your kid and passing it on through other resources.

Moreover, if you change your mind and delete a photo quickly from your timeline, it can already be viewed and saved by someone.

3. Digital kidnapping

A growing crime called ‘digital kidnapping’ means that individuals or companies steal children’s photos without their parents’ permission and repost these images across the Internet for advertising purposes, frauds or things even worse.

4. Collecting data and targeted advertising

Things you post online have valuable information for data collectors and advertisers. They collect data about you to show targeted advertising to you as their potential customer. As a person who posts photos of a kid, you might be interested in kids toys or clothes – and voila! – you see dozens of related ads on your screen.

Moreover, any time you take your child’s images and post pictures online it leaves his/her digital footprints. Social networking sites like Facebook collect information about your kid and form their identity in the worldwide web years before children decide to sign up for a network.

5. Avoid sharing important information about your kid

By giving too many details, you may as well reveal vital information about your children to online fraudsters and predators. Therefore:

  • Turn off GPS tags when posting images of your child in order not to show places where he/she spends much time;
  • Try not to post too many photos concerning your kid’s hobbies – sports groups, extracurricular activities, etc.;
  • Do not post pictures of any documents containing official information about your child;
  • Some experts even advise using a nickname instead of your kid’s real name in any posts online.

6. Don’t post half-naked photos of your children

post pictures online

Source: news.yahoo.com

Avoid showing up online photos where your little ones are half-naked (at the seaside, etc.) no matter how cute and innocent these images seem to be. You never know who and with what purposes may look through them.

7. Think of possible consequences before sharing photos of your children without their consent

Statistics say that:

  • Over 1/3 of admissions officers of academic institutions learn more about prospective students on Facebook and Google+. In over 35% of such checks, the discovered information had negatively impacted prospective students’ applications.
  • Recruiters in 75% of companies examine applicants’ online reputation. 84% of recruiters think that online reputation impacts hireability.

Obviously, any information that creates your kid’s online identity – even childhood photos – may potentially compromise not only his/her school life but also education and career in future. Moreover, photos that often seem to be cute and funny to parents may appear to be embarrassing for the kids, especially in their teen years, sometimes even with their peers mocking and making fun.

In some cases, children can even sue their parents for posting their childhood photos online without their consent, and therefore violating their right to a personal life, just like an 18-year-old girl Rami from Austria did. Cases of children suing their parents have happened across the US and other countries.

For the same reasons, you’d better always ask the consent of other parents whose children are in the same photo with your child before posting such an image online.

The good thing you can do is involve your children in the process as they grow. Always let them decide which of their photos are OK to share online and which are not.

Make sure you don’t overshare online and monitor what your kids post, too!

Android Devices Phoning Home To China

One of the phones seems to be Blu R1 HD, which is ‘Currently unavailable’ on Amazon.com and customers that bought it have received security update e-mails.

Security researchers have uncovered a secret backdoor in Android phones that sends almost all personally identifiable information to servers based in China.

The firmware is managed by Shanghai Adups Technology, and according to the company, is contained on over 700 million phones worldwide, including phones available in the United States.

Adups says that the firmware provides companies with data for customer support, but an analysis by Kryptowire revealed that the software sends the full bodies of text messages, contact lists, call history with full telephone numbers, and unique device identifiers including the International Mobile Subscriber Identity and the International Mobile Station Equipment Identity.

Or, in other words, everything that you would need to keep someone under surveillance.

Although Shanghai Adups is not affiliated with the Chinese government, the discovery of the firmware is being taken very seriously by US government officials: not least because the firmware does not disclose what it is doing and the firmware – spyware – comes pre-installed on new phones.

It looks like the CIA/FBI/Homeland will be looking into this as it could potentially be framed as a Nation state attack (even though it’s most likely not) – it’s just some unethical businessman. Also the fact that Kryptowire was established by DARPA (Defense Advanced Research Projects Agency) and Homeland – so yeah.

 

On its website, Adups says its firmware is used by 400 mobile operators, semiconductor vendors, and device manufacturers, covering everything from smartphones to wearables to cars and televisions.

The company has admitted that the specific software under examination was written following a request by a Chinese manufacturer, but has refused to name the company.

Phones with the firmware are available for purchase online in the US, including through major retailers like Amazon and BestBuy. Kryptowire said it only discovered its existence by accident when one of its researchers bought a phone to travel with and noticed some irregular network traffic when he turned it on.

Adups has not published a list of the phones its software is included in, although it is known to provide its software to the two large Chinese phone manufacturers Huawei and ZTE. Google has apparently told the company to also remove its software from any Android phones that run its app store, Google Play.

As mentioned in the first sentence, this is not surprising, it’s happened before and it will happen again. China is not best known for it’s ethical business practises or its respect for user privacy and sensitive data handling.

So be careful what you buy, and perhaps spend a few bucks more for something you can trust.

 

How your connected home or office is a gift for hackers, criminals, and cyber spies

techrepublic-iot-security-holes-webcam.jpg
Who is on the other side of the webcam — and what do they want?

Image: Ken Seet, © Ken Seet/Corbis

Internet-connected fridges which order your food, virtual assistants which react to your every voice command, and applications which allow you to remotely control almost every aspect of your home: today’s technologies increasingly make The Jetsons look like a prophetic message about the future.

That cartoon offers an idealised view at the world of tomorrow and didn’t anticipate some of the problems a space-age society might face: George Jetson was never locked out because the home got hacked, and Rosie the Robot was never out of service after being infected by ransomware.

Installing the latest technology can provide you with many conveniences, but it also opens up additional entry points for attackers, especially as more and more everyday devices become connected to the internet — and are more and more capable of storing and recording information on almost every event in your life.

“Phones, since they’re such a personal extension of your lives, have a lot more security mechanisms than your television, but there’s not much difference between your television and your phone,” says Dan Wiley, head of incident response at Check Point Software.

“[Your television] may not be mobile, but my God, can you imagine what the television would say about you if the camera was on? About what you’re watching, or what you’re saying? There’s a hell of a lot of information you could gleam off someone in that way.”

The idea of your television spying on you might sound far-fetched, but it isn’t: manufacturers and advertisers already monitoring viewers and collecting data about them.

“The more technology we bring into our lives, the more opportunities we create for cybercriminals,” says James Lyne, global head of security research at Sophos. “The baby monitor might not be interesting to a cybercriminal, but the fact that the baby monitor is connected to the network where you do your internet banking is.”

Internet-connected devices which have poor security — or no security at all — can provide multiple avenues for hackers to gain access to your network for malicious activity.

 

“People don’t necessarily think about the invasiveness of these devices. People think about malware as going after credit cards, but as we build-in GPS, cameras, and microphones to connect devices which help manage our shopping… cybercriminals will find new and creative ways to monetize it. It’s what they do best,” says Lyne.

The reason they haven’t already done so, he says, is “because it’s taken them time to find ways these devices could benefit their political or monetary goals”.

For example, although our homes are full of cameras, it still takes effort for hackers to make money out of those images.

“It won’t be a [situation] where everyone’s microphone or video camera is turned on, but if there’s something that’s going on that [criminals are] particularly interested in, then there’s absolutely reason to go after this kit.”

Like any form of cybercrime, hacking a bigger target, even if it means playing a long game, can prove to be much more lucrative. So if internet-connected devices like CCTV cameras, video conferencing systems, and phones enable outsiders easy access to a network, what’s to stop hackers conducting corporate espionage against a significant target?

We had a case where we went into a law firm in London to do a trial with them, and found that someone outside of their business had been live streaming audio and video from the boardroom — and it had been going on for a fortnight before being detected,” says Dave Palmer, director of technology at Darktrace.

And the number of potential attack vectors is only going to grow as more and more devices, such as Amazon Echo and Google Home, watch and listen in to our lives. People are enthusiastically bringing these into their homes and workplaces, but aren’t considering — or worse, are unaware of — the implications of what information a device which is always listening could hear and transfer to another party, be it the product manufacturers, government, or criminals.

“The funny thing is we’re just accepting it and letting it in. If you look at Amazon Echo or Google Home, the amount of information they’re already gleaning about your habits and thought processes is pretty incredible,” says Check Point Software’s Wiley.

Like every other activity, be it malicious or not, technology and internet connectivity are making the ability to spy on people far easier than it ever has been. This is true not just for the likes of the NSA and GCHQ, but for anyone who can remotely break into the infrastructure of one of these ever more pervasive devices.

“[George Orwell’s] book 1984 has taught us a lot. I’m not sure how far away we are from that sort of reality, but it doesn’t feel like it’s too far away,” Wiley says.

There’s still time to build security into internet-connected devices — but it must happen soon, or hackers will gain an advantage over us.

“The whole IoT industry mustn’t underestimate that they will be in [cybercriminals’] sights and that they haven’t been so far by virtue more of lack of interest, not that it isn’t possible. Wouldn’t we rather as an industry learn all those lessons while they’re still toys before they’re in the wall and you can’t rip them out?”

Tab Napping

Tabnapping

Tabnapping is a type of phishing scam that fraudsters use to get people’s personal information.

Tabnapping targets people who keep multiple tabs open in their browser, often for long periods of time. The fraudsters then use JavaScript to change the contents and label of an open, but not active, tab to resemble the log-in screen of a bank, email provider or online shopping store.

When a user clicks back onto the tab to find the fake log-in screen, they assume that they have been logged out and re-enter their user information and password to log back in. When they enter these details, the personal information provided is sent straight to the fraudsters.

Fraudsters can then use this personal information to commit fraud.

The url in the browser’s address bar is not necessarily altered by tabnappers, so checking the url is the legitimate url of the service provider is not a sufficient precautionary measure.

The fraudsters may even put an additional message on the fake log-in screen, saying that the session has timed out and the user needs to re-enter their log-in details. This is a message that appears on legitimate websites, particularly on banks, increasing the likelihood that the user thinks the log-in screen is trustworthy.

How can tabnapping be prevented?

  • Ensure anti-virus and anti-spyware software is up-to-date on your computer and make sure your browser’s filter is switched-on and up-to-date. These measures should block malicious sites and legitimate sites that are infected with a phishing attack code.
  • If you’re unsure about whether or not a log-in screen is legitimate, close the tab down, open a new one and type in the legitimate url of the website you want to log-in to.
  • Follow identity theft crime prevention advice to stay alert to unrecognisable transactions in your name.

Why ransomware is exploding, and how your company can protect itself

cybsercurity-ransomware.jpg
Image: kaptnali, Getty Images/iStockphoto

Ransomware represents a growing threat for the enterprise, as 40 percent of businesses worldwide were attacked with their data held ransom in the past year.

This particular brand of malware is not new: The first recorded case of ransomware, known as the AIDS trojan, appeared in 1989. The attack is relatively easy to deploy and cash in on, said Michael Canavan, vice president of presales systems engineering at Kaspersky Lab.

In the past, cybercriminals targeted a wide range of consumers, and would ask for around $300 to release their personal photos and information. Between April 2015 and March 2016, more than 718,500 users were hit with encryption ransomware — an increase of 550 percent compared to the same period in 2014-2015, according to Kaspersky Lab research.

“The way it’s going, we don’t see any indication that the growth rate is slowing,” Canavan said.

Once businesses started getting infected, hackers realized payoffs could get higher, Canavan said. “Business targets are at a higher premium because they have a bigger resource pool and more capabilities in terms of data — it’s not just photos of your kids, it’s patient files in hospitals and financial records in banking organizations,” Canavan said. “Asking for a couple hundred bucks might not justify the value of the data encrypted.”

Ransom costs are rising along with the attacks: The average ransom amount for 2015 was about $680 — nearly twice that for 2014, according to a Symantec report. It will likely double again in 2016, said Kevin Haley, Symantec’s director of security response.

The majority of ransomware attacks are not targeted toward one particular end user or business — rather, they cast a wide net via a phishing email, and then infect a user’s home or work device, Haley said. Still, about 43 percent of spear phishing attacks (malware hidden in messages that appear to be from a trustworthy source) include ransomware targeted at small businesses in 2015, up from 34 percent in 2014, another Symantec report found.

Ransomware is a phishing email telling the user they have an invoice that requires payment, Haley said. Another common way is to infect a website, or redirect one website to another hosting the malware.

Haley expects to see more targeted attacks against businesses over the next year, and for other devices to come into play. Strikes on computers and smartphones are the norm, but they could also occur on any IoT device, from smart TVs to refrigerators to watches.

“Ransomware is real, and it’s going to affect your organization,” Haley said. “Most of the steps to protect yourself are not unique — in the end, protecting yourself against ransomware will protect you against other security issues as well.”

Best practices for your company

IT leaders should continuously seek out innovative technologies to add to their customized, layered defense, said James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology. “Look at where your valuable data is, who is trying to exploit it, and what vulnerabilities are there in protecting it,” he added.

To prevent a ransomware attack on your company, experts say IT leaders should do the following:

  • Use a layered security approach, with all endpoints protected, as well as protection at the mail server and gateway. “If you can stop these things from ever showing up in an end user’s mailbox, you’re ahead of the game,” Haley said.
  • Educate your employees. “The human element is always going to be the weakest element,” Scott said. “The organization’s infosec team has to continuously update their education for other staff with relevant threats.”
  • Run risk analyses, and patch vulnerabilities, especially on browsers, browser plugins, and operating systems. “Infosec teams should be savvy enough to continuously pen test the organization to hunt for vulnerabilities,” Scott said. “It’s important that they do that with the same vigor as the adversary would.”
  • Build a comprehensive backup solution, and backup often. “If your files get encrypted, you don’t have to pay the ransom–you just restore the files,” Haley said. Most businesses back up, but some have not tested whether or not these backups work in an emergency.
  • Track behavior analytics to detect abnormalities among users.
  • Limit access to file shares to only those who absolutely need access.

Some organizations are using AI products to predict threats, Scott added. “A year ago, the technology to detect and respond to threats was what everyone was talking about,” he said. “Now, it’s detect, respond, and predict.”

Eliminate Ransomware Infections from your PC using these free tools

Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

 

The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC using this step-by-step guide. Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.

Below, in alphabetical order, you can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection.

How to avoid being one of the “80%” of WordPress sites vulnerable to attack

10 ways to keep your WordPress site secure

If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 80% (or whatever large number it is) of vulnerable sites.

  • Always run the very latest version of WordPress
  • Always run the very latest versions of your plugins and themes
  • Be conservative in your selection of plugins and themes
  • Delete the admin user and remove unused plugins, themes and users
  • Make sure every user has their own strong password
  • Enable two factor authentication for all your users
  • Force both logins and admin access to use HTTPS
  • Generate complex secret keys for your wp-config.php file
  • Consider hosting with a dedicated WordPress hosting company
  • Put a Web Application Firewall in front of your website

Detect Sudden Increase In Your Network Traffic : Prevent Attack

Be it a Ping Flood or SYN Flood or any other DoS attack, the first step towards detecting a DoS attack is detecting an anomaly in network traffic in your system. That is the first ever sign that can indicate your system may be having a DoS attack.

If you can monitor the network traffic in your system, and get informed about an anomaly well in advance, you can take action and probably, you still can prevent the attack.

In this article, I will show you, how to make your own tool of monitoring network traffic in your system that can alert you when there is a sudden increase in abnormal traffic.

Again, my system is a Ubuntu one, and here I will use, a simple utility called tcpstat along with shell script. Please note that, my intention is to show you a basic tool, based on which you can make your own IDS or IPS.

Firstly, you need to install tcpstat in your system.

# sudo apt-get install tcpstat

Now, run this simple command in your terminal :

# sudo tcpstat -i eth1

You may have to select appropriate network interface for your system.

You will see, in every 5 second tcpstat will give you few information like, number of network packets, bps etc.

This tcpstat has an option ‘-o’ through which you can specify the output formatting.

Here, I will use the format “%n” which will give me number of packets in each 5 seconds.

Next, I will redirect the output in a file and in a while loop I will see the last line in the file, which gives, number of packets in last 5 seconds. And then, I will compare the number with a threshold.

I have experimented with few attacks, and determined the threshold to be 20,000 in my system.

Next, the job is simple. If the traffic goes beyond the threshold, set a flag. And if the increased traffic continues for a time, say, 15 seconds, I know, it is time for action to be taken. The action may be, setting a temporary new iptables rules or analyzing the traffic further.

So, how does the script look like? Please find it below.

#!/bin/bash

INTERVAL=0
sudo tcpstat -i eth1 -o “%n\n” > ofile &
while :
do
    sleep 5;
    THRESHOLD=`tail -1 ofile`
#echo “THRESHOLD is: $THRESHOLD”
    if [ $THRESHOLD -gt 20000 ]
    then
         flag=1
         ((INTERVAL=INTERVAL+1))
        if [ $INTERVAL -gt 3 ]
        then
            echo -e “Take Action!\n”
        else
            echo “Excess traffic”
        fi
    else
        flag=0
        INTERVAL=0
    fi

 

done

This was a very simple script, but you can use it for further improvement.
Hope you found it useful!

Why hackers hack: Is it all about the money?

You get what you pay for in the cybersecurity industry, but bug bounty programs are not just about the money, according to new research.

In today’s world, where data breaches and information leaks have come close to a daily occurrence, it is too easy to merge the terms “cybercriminal” and “hacker.” However, they are not one and the same — someone who breaks into networks without consent, for example, is a criminal, while hackers tackle problems, may work with companies to shore up their defenses, investigate malware and find product vulnerabilities so vendors can improve the security of their products.

This is why bug bounties are becoming more and more popular. By offering security researchers financial incentives, companies ranging from Apple to United Airlines are able to tap into a pool of external experts rather than rely purely on in-house staff to find every security flaw in networks and software which could place the corporation — and customers — at risk.

However, is it all about the money? The answer is a resounding no, according to platform HackerOne’s 2016 Bug Bounty hacker report.

The bug bounty program says that out of 617 researchers surveyed, all of which have submitted valid security flaws to various programs, 72 percent say they do it purely for the money — but 70 percent said they also hacked for the fun of it, and 66 percent enjoy the challenge bug bounty programs offer.

In addition, 51 percent said they hack “to do good in the world.”

screen-shot-2016-09-14-at-08-27-52.jpg
HackerOne

While bug bounty schemes can be lucrative, with almost 11 percent of respondents making over $50,000 per year and six percent making more than $100,000 per year, over half of hackers — 57 percent — have participated in programs in the last six months which offer no financial reward at all.

In total, 17 percent of respondents said they rely solely on bug bounty program to stay afloat, and 26 percent said that between 76 percent and 100 percent of their income comes from bug bounty rewards. (However, it is worth noting that 27 percent of respondents were not willing to share their income levels.)

screen-shot-2016-09-14-at-08-28-21.jpg
HackerOne

It also seems that company loyalty comes into play. In total, over 30 percent of respondents claims they participate in particular bug bounty programs because they like a company and want to help out.

Hackers can be found worldwide. On the HackerOne platform, contributors come from over 100 countries, with the majority in India — 21 percent — followed by the US at 19 percent. The majority of hackers report themselves to be under 34 years old.

Cyberthreats are not going away anytime soon. For as long as cybercriminals ranging from script kiddies to state-sponsored threat actors exist, security experts are going to be needed — and while you get what you pay for, it is also good to know that many researchers do it for the love of the job.

Linux kernel.org Hacker Arrested After Traffic Stop

Linux kernel.org Hacker Arrested After Traffic Stop
So it seems the alleged kernel.org hacker has finally been caught, kinda by accident after being stopped for a traffic violation. It was quite a high profile hack, especially in the open source community as anyone downloading kernel files during that period could have theoretically been compromised. It’s unlikely the kernel code was actually…

Read the full post at darknet.org.uk


New feed