Monthly Archives: September 2014

Avast

AVAST invites you to the WebExpo 2014 in Prague!

Leave a comment

WebExpo_EN

WebExpo is the largest Central European conference focused on topics related to the digital world. Among many topics, this year’s focus is security and big data. AVAST Software is not only a proud general sponsor of this event, but also an active participant.

One weekend, over 1,400 online professionals, presentations, workshops, and lots of fun.

WebExpo is a great networking and knowledge exchanging opportunity, and those here in Prague will get a chance to meet AVAST experts from various areas. You can meet the AVAST team at our booth, as well as on the stage. The AVAST booth is located at CEVRO Institut. 

Our team plans some fun for you at the booth, including testing new revolutionary glasses Oculus Rift – virtual reality headset for 3D gaming, and Android Wear. UX experts can try Card Sorting. For the most active expo-goers we will have prizes, so stop by to play and say Ahoy! :)

For the less technically-oriented, we also offer some fun and prizes. If you spot someone wearing an AVAST T-shirt, grab a selfie with this person and post it on Twitter or Instagram with the hashtag #AVASTselfie.  Come to our booth and show us the tweet or instagram post and you will receive a 1-year free license of avast! Premium Mobile Security!

The best part of WebExpo is all the knowledge sharing from AVAST specialists. Here is a list of our colleagues and the topics they will be presenting:

If you can’t attend personally, we have good news for you. Our team will be commenting during the event on social media, so you can join the conversation by following our accounts and special hashtags. Follow us at Twitter and Instagram at

or follow comments with hashes:

  • #AVASTdevs
  • #AVASTbooth
  • #webExpo
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
ESET

Week in security: Home Depot speaks, Gmail and Android ‘leak’

Leave a comment

American home-improvers haven’t had a great week, with Home Depot once again dominating the security news – and this week, Android and Gmail users have had things to fret over, too. On the home improvement front, not only has Home Depot confirmed that there was a large-scale data breach at the world’s largest home improvement chain, the indefatigable security reporter Brian Krebs uncovered evidence of PIN-protected debit card information stolen in the breach being used for large-scale fraud, due to weak protection against criminals changing PIN codes by phone using basic information such as ZIP codes.

Meanwhile, University of New Haven researchers tormented Android chat app users all week, with a series of videos showing just how leaky chat apps on the platform could be: a dozen apps were shown to have serious privacy issues, including big names such as Instagram, OoVoo, OKCupid and Grindr.

Many Gmail passwords were changed in a hurry, too, as a dump of five million usernames and passwords appeared online. Things turned out not to be QUITE as bad as they seemed, but it might be time to change that dusty old password anyway…

Security news: Home Depot tops the bill, again

The news for anyone who’s shopped in Home Depot’s American stores, and used plastic, started bad, and is just getting worse and worse.

This week, the world’s largest home improvement chain store, Home Depot, confirmed a data breach affecting Home Depot credit cards and debit cards used in stores on the American mainland, which may have continued since April.

Reports by security reporter Brian Krebs broke the even more unwelcome news that large-scale fraud is being perpetrated with stolen debit cards, with $300,000 withdrawn from one bank in under two hours, using what appeared to be debit card numbers used in Home Depot.

In an official release, the company said that anyone who used a payment card at a Home Depot store since April 2014 may have been affected, and the chain is to offer free identity protection and credit monitoring to such customers. Customers who shopped online or in Mexico have not been affected, the chain said in an official release.

ESET senior security researcher Stephen Cobb offers an important reminder about who the real villains are in such hacks: it’s not the beleaguered corporations themselves, but the criminals who install malware in shop POS terminals to steal from the innocent. In a thoughtful blog post, Cobb analyzes where guilt REALLY lies in both the recent leak of celebrity photos and the Home Depot hack.

Gmail: Passwords leaked online, but service ‘not hacked’

Users of Google Mail got a fright earlier this week when a dump of what appeared to be five million username-password combinations for the site appeared online on a Russian Bitcoin security forum.

The truth, however, wasn’t quite as bad as it appeared: although if you haven’t changed your Gmail password in years, it might be worth a quick refresh.

Google pointed out in an official statement that less than 2% of the leaked passwords actually worked – although, as Forbes points out, that’s still 100,000 passwords which do, and that there was speculation that the list had simply been cobbled together from hacks on other sites where Google was used as a login.

ESET senior security researcher Stephen Cobb wrote, “The assumption is that this compromised data is a collection of credentials obtained by phishing campaigns or malware attacks over recent years.”

“A website called isleaked.com appeared during the day purporting to allow people to check if their Gmail address had been compromised. However, as of right now, it does not appear to be functioning correctly and frankly I would not go there. Instead, you can check your email address at this site —Have I been pwned — which is run by Troy Hunt, a trusted Microsoft MVP.”

Chat apps fingered for leaking data

Chat apps on Android are not a particularly good way to have a genuinely private conversation, it seems – University of New Haven researchers spent the week drip-feeding a series of videos showing serious security flaws in everything from Instagram to OoVoo and from OKCupid to Grindr.

With many of the most popular chat apps on Android affected, tech news site CNET calculates that nearly a billion(968 million) users could be putting highly private data in the hands of apps that transmit and store it unencrypted.

Many of the Android apps (the researchers focused on Android rather than iOS, although there is no evidence the iOS apps behave differently), send text wirelessly unencrypted, and store images on servers for weeks without encryption or authentication.

The researchers used PC ‘sniffer’ software such as Wireshark and Network Miner to monitor the data transmitted by the apps, and found images and text transmitted and stored unencrypted – and potentially at risk from snoopers.

Facebook freaks out world… again

A simple case of mistaken identity? Or a dark hint at what Facebook’s algorithms might be able to do? The answer might well be both, after a young data scientist was mistakenly ‘tagged’ in a series of photos he’d posted – of his mother as a young woman.

The case raised several intriguing questions: for instance, if genetic similarities are enough to trigger mistaken identity, could Facebook’s algorithms identify someone who had never used the site?

And could the biometric identification systems in use by law enforcement mistake someoone for a relative?

Fred Benenson, who was mistaken for his (very similar-looking) mother, said that the “oddly compelling” incident “opens the door to larger and more difficult questions,” according to a report in The Verge.

Clearly in this case, they made an error, Fred Benenson, a data scientist at KickStarter, says, but he said the case raises serious questions: “What about the cases where this algorithm isn’t used for fun photo tagging?”

“What if another false positive leads to someone being implicated for something they didn’t do? Facebook is a publicly traded company that uses petabytes of our personal data as their business model — data that we offer to them, but at what cost?”

NEC’s Neoface biometric software is already being used by police forces in the U.S. and the UK to identify people from video footage, as reported by We Live Security.

The post Week in security: Home Depot speaks, Gmail and Android ‘leak’ appeared first on We Live Security.

AVG

Apple Pay and The New World of Mobile Digital Credit Cards

Leave a comment

Amid the extravaganza of the Apple Watch and iPhone product launch this week, Apple also unveiled Apple Pay – a new mobile digital payment system, which is being touted by some as death for the “plastic” credit card.

By registering your MasterCard, Visa, and American Express cards to your Apple Pay wallet through iTunes, you will be able to use your Apple devices (the newly announced iPhone 6 and forthcoming iWatch) to make easy and secure mobile payments to merchants.

The payment system uses a one-time transaction-specific dynamic security code –meaning your actual credit card number never gets transferred to the merchant and reduces the chance of fraud. You can hear immediate analysis from our Tony Anscombe on Bloomberg TV here.

Lots of information around implementation remains to be seen. However, the Apple pay system does boast early support by major credit card companies and banks.

Apple is using short-range radio waves technology known as NFC (near-field communication), in both its smartwatch and the new iPhones in support of the application. NFC has been a feature in many other smartphones (including by Google) but has failed to take hold to date. Market researcher Gartner estimated NFC was used for just 2% of total mobile payments last year, though expected to nearly double to $8.2 billion this year. Up until now, analysts say banks couldn’t see a business case for NFC instead of simply issuing their own smart cards.

Smart cards aka EMV cards (an acronym for Europay MasterCard and Visa) are revamped credit cards with microchips that store your data on the card. This approach also limits the retailer from holding your data; data resides on your card and the embedded microprocessor chip encrypts transaction data differently for each purchase.

The catch with the chip cards, until now, is that most retailers don’t have the technology for them yet…But that is also expected to change quickly. Walmart is already there.  Major retailers like Target and Home Depot have announced plans to roll out the EMV payment systems. I just received replacement Amex card with the EMV technology.

(BTW, in other related news, Home Depot revealed this week that its payment systems had been hacked, possibly compromising customer data over its 2,000+ outlets in the U.S and Canada. This is potentially a bigger data breach than the one that unfortunately befell Target last December.)

There is also added incentive for EMV adoption: in October 2015, new standards will go into effect, changing how liability falls between credit-card issuers and retailers. While EMV compliance won’t be mandatory, liability for fraud will fall on the party that hasn’t upgraded their systems. You can read more about EMV and the upcoming so-called “liability shift” here.

In the meantime, what can you as a consumer do to keep your credit data safe?

Here are a few recommendations:

  • Report lost cards or discrepancies immediately.
  • Review your account often.
  • Keep your receipts, and match them against your credit card statement.
  • Shred your statements.

 

And what if you are a business owner? You should familiarize yourself with EMV, and the upcoming standards, and if possible, look to upgrading to a credit-card machine that is EMV capable.  (You can also take AVG’s data security Health Check to make sure you are on top of your responsibilities in the case of any data compromises.)

We in the industry are working to evolve data security and make it better.  In the meantime, as a consumer, an owner or an operator, stay alert and protect yourself.

One thing is for certain, we are on the verge of a whole new era of credit card security risks.

 

****

On a separate note: Congratulations to Megan Smith on her appointment as the US  CTO. Bravo!

Panda Security

How Twitter aims to prevent your timeline from filling up with spam

Leave a comment

As with so many of today’s technological tools, while many people use them to make their lives easier, or to keep in touch with friends and family, there are some that take advantage of them simply to annoy others.

So while most of us use social networks to chat with friends, meet new people and keep abreast of what’s happening in the world, there are those that saturate our accounts with messages that are not just of no interest, they are downright annoying: the infamous ‘spam’.

Now, tired of users having to endure this continuous bombardment of unwanted advertising, those responsible for several social networks have decided to go on the offensive. One of these is Twitter, which has taken action as spammers have been increasing their unhindered presence on users’ timelines and direct message inboxes. Finally, those in charge of the social network have said enough is enough.

twitter spam

As the company has revealed on its blog, over the last six months its developers have been working on the design of a system that can detect and block the actions of these annoying spammers. They have called it ‘BotMaker’ and its objective is to counter the actions of those who, whether for commercial reasons or otherwise, are dedicated to annoying other users of the social network.

The plan that Twitter has come up with to prevent these unwelcome users from doing whatever they please has three objectives.

  1. Firstly, it aims to reduce the options for spammers to create content.
  2. Secondly, it wants to restrict the visibility of spam messages launched on the social network.
  3. Finally, the most difficult objective is to reduce reaction times between spam attacks and the system’s ability to detect and stop them.

To achieve its aims, BotMaker has been designed to apply a series of rules that allow it to determine who is annoying other users with spam. When there is a suspicion that a tweet breaks the rules on spam, Twitter’s new platform will activate a protocol to ensure that either the message is deleted immediately or the user that sent it is vetoed to prevent them from further annoying users.

twitter no interest messages

Moreover, to prevent any unwanted messages from bothering other tweeters by trying to sell something, Twitter’s newly devised anti-spam system includes different bots that act at different stages of the hunt for spammers. The first to come into play is Scarecrow, which intervenes immediately in real time. Sniper comes next, eliminating any spam messages that have slipped past the previous filter. It also carries out a second appraisal and makes a record of suspicious users. If this weren’t enough, BotMaker also sets certain controls on users over long periods of time to prevent them from getting around the rules.

Nevertheless, the main advantage of Twitter’s new system is that it can detect spam even before the account in question can send junk mail to other users. This was the biggest challenge that the team at the social network faced because, whereas with email the delivery is delayed for a few seconds while Google or Microsoft robots check it to ensure it is not spam, with tweets this isn’t the case. These messages are sent and, theoretically, should arrive on your timeline immediately.

Users are also involved in the successful operation of BotMaker as they have the chance to identify those accounts that are flooding their timelines with spam. In this regard, the cookies that users have to accept to use Twitter also play an important role, by analyzing the traces left by tweeters. Despite this, BotMaker has no negative effects on users whatsoever. In fact, the system has been configured not to interfere with the bots that users install to automatically tweet on those topics that they have previously selected.

twitter unwanted messages

Trails carried out by the company with BotMaker have shown it to work efficiently. In the six months that Twitter tested its own invention, it managed to reduce by 40 percent the billions of unwanted messages aimed at selling or promoting products to other users of the social network.

Yet although these results may seem encouraging for those who regularly use Twitter, the truth is that all is not what it seems. Beyond its firm desire to counter the intentions of spammers, the social network is also striving to improve its own targeting of advertising.

As the epicenter of thousands upon thousands of comments about all types of events taking place around the world, the filters that BotMaker uses can also be used to select users who may be interested in advertising of one product or another.

More | How to protect your Twitter account

The post How Twitter aims to prevent your timeline from filling up with spam appeared first on MediaCenter Panda Security.