Monthly Archives: November 2014
Yosemite Infested By Nasty 'Rootpipe' Vulnerability
Appeals Court To Hear NSA Metadata Spying Argument
Are You Too Social For Your Smartphone?
AMSTERDAM and SAN FRANCISCO â November 4, 2014 â Aside from the usual suspects like games and social media, streaming and even pre-installed apps are the most likely to chew your smartphone or tablet battery and storage, according to the latest Android App Performance Report by AVG Technologies N.V. (NYSE: AVG), the online security company⢠for 182 million active users.
The Q3 report, based on AVGâs analysis of anonymous data from over one million AVG Android app users, charts the top apps worldwide that affect smartphone and tablet performance in terms of data plan consumption, storage capacity and battery life. With its constant background notification checks, which run even when the app is not open, the social networking app from Facebook emerged as having the biggest impact on your mobile device when it comes to overall performance.
Performance Impact Rank | App Name | Category | Developer |
1 | Social | ||
2 | Path | Social | Path Inc. |
3 | 9GAG â Funny pics and videos | Entertainment | 9GAG |
4 | Social | ||
5 | Spotify Music | Music & Audio | Spotify Ltd. |
Social apps were well-represented in the Report with two other social apps, Path and Instagram, making the top five most performance drains. With phone and tablet space at more of a premium than ever, the report also found that real-time news apps featured prominently in the charts. Amongst the list of storage eating apps, the New York Times Breaking News app, which caches the articles accessed through it, was most likely to chew up a deviceâs storage, ranking higher than Facebook and Spotify. Peopleâs data plans were also likely to be affected by CNNâs Breaking US & World News app and the UKâs Daily Mail app.
âThe goal of the Android App Performance Report is to analyze anonymized data to give users the important information they need to make informed choices about what they can do to continue to enjoy their favorite apps while reducing their impact on their device,â said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies. âIt might not be obvious what Facebook, Instagram, Spotify, 8 Ball Pool and Farm Heroes Saga have in common. But in our tech-centric world, running out of battery or storage space at the moment you need it most is hugely frustrating, and thatâs why this degree is insight is vital.â
Some other key findings:
- Some handset makers are draining their own devices. For example, AVG identified three pre-installed Samsung apps (AllShare Cast Dongle, ChatON, WatchON) in the top 10 list of battery draining apps, excluding games. The Samsung WatchON for video also topped the list for auto-starting battery eating apps due to the visual content the app delivers.
- Three of the most resource-hungry day-to-day tool apps came from Google, with Google Now/Search, Google Text-to-Speech and Google Translate ranking within the top five. The Chrome Browser for mobile also made the list of top 10 storage eaters.
- Games significantly reduce battery life. Four of the top 10 battery-chewing games came from game producer King, the company behind the âSagaâ series.
###
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG has over 182 million active users, as of June 30, 2014, using AVGâs products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVGâs products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.
All trademarks are the property of their respective owners.
Â
Yuval Ben-Itzhak, CTO, AVG Technologies
Â
Contacts:
US
Katie Han
Waggener Edstrom for AVG
+ 1 (212) 551 4807
UK
Samantha Woodman
Waggener Edstrom for AVG
+ 44 (0)20 7632 3840
Keep in touch with AVG
AVG Technologies Launches 2015 Products
AMSTERDAM and SAN FRANCISCO â November 4, 2014 â AVG® Technologies N.V. (NYSE: AVG), the online security company⢠for 182 million active users, today announced the availability of its 2015 portfolio of protection, performance and privacy products. This includes the new all-in-one AVG Protection and AVG Performance suites for PCs, Android devices and Apple devices, and AVG Ultimate, which includes both protection and performance suites in a single package. These come with the latest version of AVG Zen®, the app for Windows PCs and Android smartphones and tablets that makes it simple for consumers to look after their own and their familyâs devices.
Whatâs new in AVG Zen
AVG Zen can be downloaded from the Google Play store or when installing AVG Protection, AVG Performance, or AVG Ultimate. It shows at a glance the full status of the Protection or Performance settings customers have on the PCs, Android devices, and Mac computers they have added to the AVG Zen network.
AVG Zenâs refreshed look and feel for the 2015 products means users can easily:
- Add an unlimited number of their familyâs devices.
- Run a scan remotely from their mobile device to their PC (and vice versa), other mobile device or Mac computer.
- Run Automatic Maintenance on Windows PCs and laptops remotely or check up on Android devices and Mac computers.
- Easily access individual products, such as AVG AntiVirus or AVG PC TuneUp®, directly from AVG Zen.
Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies said, âAVG Zen is designed to make it easy to manage the necessary maintenance and updating that keeps peopleâs favorite online devices working at their best simple. In the last few months, we have added some key features to AVG Zen, including being able to scan and fix issues on a device remotely, and offering all-in-one packages for full device protection and performance improvement. The Internet of Things is exploding with smart home revenues expected to reach a global market value of $71 billion by 2018. We see great potential for AVG Zen to become a household fixture that simplifies and makes this online experience more meaningful.â
AVG Protection: includes AVG AntiVirus or AVG Internet Security, AVG AntiVirus for Mac®, AVG PrivacyFix⢠and more, all-in-one package
AVG Protection delivers the latest versions and full range of AVGâs Protection products for desktop and mobile in a single suite, without the customer having to purchase the individual products. With AVG Zen, all PCs and mobile devices running AVG Protection products can be monitored for security issues. The new Remote Actions feature also helps users fix security problems, such as remotely enabling security features that have been disabled on one from another device, such as a PC or Android smartphone.
AVG Protection includes:
- AVG Internet Security: now delivers even earlier detection methods with our new outbreak detection and priority updates.
- AVG AntiVirus for Android: customers get the same great experience on their Android tablets as on their mobile devices. This includes locate, lock and remote wipe a smartphone using the Anti-Theft feature if it has been stolen. It also features app lock and backup, privacy settings for social media, call and message blocker and wipe device for improved online privacy.
Customers purchasing the AVG Protection subscription will receive the PRO products including AVG Internet Security. They can also add the devices of family members to their AVG Zen Network to share all the PRO benefits at no extra cost. The PRO subscription for unlimited PCs and mobile devices is $59.99 for one year, with the individual products also available. AVG Protection is also available as a 30-day trial from www.avg.com/protection.
AVG Performance: includes new AVG PC TuneUp®, AVG Cleaner, AVG Cleaner for Mac, AVG Cleaner⢠for iOS® and more, all-in-one package
AVG Performance brings together all of AVGâs hero performance products in one single place, AVG Zen, for ease of use. It includes software and mobile apps to keep PCs or laptops running Windows, smartphones and tablets running Android, Mac computers and now even iPhones and iPads in top shape, an all-in-one performance suite that covers all popular platforms on the market. AVG Zen makes it simple to check the status of all the devices in the home and clean PCs remotely from a smartphone or a secondary PC.
AVG Performance includes:
- AVG PC TuneUp: AVGâs award-winning version includes 39 tools to speed up, fix up, clean up, and enhance battery life of all Windows® PCs and laptops with features like Automatic Maintenance, Program Deactivator and Economy Mode. The all-new AVG Cleaner for iOS feature safely removes leftover files from iPhone and iPads once plugged into any Windows PC and laptop. It also removes redundant files, such as corrupt downloads, temporary files, or invisible crash reports, helping free up space for their personal data or to install the new iOS updates. The Disk Cleaner feature has also been significantly enhanced support has been added to clean up leftover files from popular gaming platforms Steam and Origin, Skype, nVidia/Intel/AMD drivers as well as iTunes and Quicktime.
- AVG Cleaner for Android: with the new âlarge file scannerâ, users can scan their Android phones for storage hogs, such as old downloads or videos in addition to enhancing battery life with âBattery Profilesâ and thorough cache cleaning. AVG Cleaner for Mac scans disks and looks for leftover files from Mac OS X and programs as well as duplicates that users may have forgotten about.
AVG Performance is available as a 30-day trial from www.avg.com/performance. The PRO subscription for unlimited PCs and mobile devices is $39.99 for one year, with the individual products also available.
AVG Ultimate is available as a 30-day trial from www.avg.com/ultimate. The PRO subscription for unlimited PCs and mobile devices comes in at $89.99 for one year. The individual products are also available.
AVG Zen with AVG Protection, AVG Performance and AVG Ultimate are available to customers in Canada, Germany, Ireland, Spain, UK, US.
###
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG has over 182 million active users, as of June 30, 2014, using AVGâs products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVGâs products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.
All third party trademarks are the property of their respective owners. AVG does not claim any affiliation, sponsorship or endorsement by such third parties of AVG products.
Â
Yuval Ben-Itzhak, CTO, AVG Technologies
Â
Contacts:
US
Katie Han
Waggener Edstrom for AVG
+ 1 (212) 551 4807
UK
Samantha Woodman
Waggener Edstrom for AVG
+ 44 (0)20 7632 3840
Â
Keep in touch with AVG
AVG 2015 Protection Update
Reviewers Guide:
Images:
Hacking planes – researchers developing system to stop in-flight malware
City University professor Dr David Stupples and a team of researchers are looking into ways of minimizing the risk of hacking planes in the future.
The post Hacking planes – researchers developing system to stop in-flight malware appeared first on We Live Security.
Want more security? How about the first credit card that reads your thumbprint?
Was it 3798 or 7389? This is the typical doubt we all have when standing in front of the point-of-sale terminal and about to pay: you think thatâs the right number, though when you go to enter it, you still have a feeling that the screen might laugh at you for keying in the wrong PIN.
At some time or another, credit card PINs will give you a headache: First, itâs hard to memorize them and at some point youâll probably make a mistake entering the number. And what if it the number itself gets stolen? Luckily, this is a problem that could soon have a solution, as the most secure password is something that you have with you 24 hours a day, 365 days a year: your fingerprint.
Perhaps even your next credit card wonât ask you to enter a PIN when you go to pay for something, rather just place your finger on the card. MasterCard is already working on it. Along with the Norwegian tech startup Zwipe, the credit card company has come up with the first card with an in-built thumbprint reader to verify the cardholderâs identity.
With this innovation, biometrics have come another step closer to our everyday lives, although this is not the only example. Apple has already introduced biometrics in the Apple Pay digital payment platform, which leverages Touch ID, the fingerprint recognition technology in iPhone 6.
The biometric system used by MasterCard is similar to that employed by Apple: At one end of the card there is the print reader, where the cardholder simply places a thumb to verify their identification. So it could soon be goodbye to all those tedious passwords and PINs.
The cards donât need batteries to run the technology, instead the fingerprint scanner is powered by energy emitted by the payment terminals, as Zwipe CEO, Kim Humborstad, explains: “All standard contactless terminals dispatch a radio frequency (RF) signal, and we use that RF energy to power the card.”
The card is already a reality, and although there is no specific date, they could be in our wallets by 2015. Everything depends on the banks, who will have to decide whether to commit to biometrics as a secure method of identification.
No one can doubt the usefulness of this innovation, but is it completely secure? Itâs probably more secure than having a password that you often forget or that could be stolen if written down on a piece of paper, although itâs still not completely secure.
You donât need to worry about thieves stealing your card and slicing off your thumb to get your thumbprint, as there are far less gruesome ways of compromising the security of the system. Appleâs Touch ID system has already had its vulnerabilities highlighted, both on the latest iPhone and the previous version.
However, biometric systems such as fingerprint readers developed by Apple or MasterCard, or iris pattern identification are options that are not only being considered for credit card authentication, but also as keys for the smart homes of the future.
Biometrics, however, are not perfect. “If an identity thief or criminal has the necessary resources and motivation, they can make a replica of your thumb from a latent print,” explains Julián Fiérrez, Associate Professor at the Universidad Autónoma de Madrid, and an expert in these types of technologies.
Even though the system is not the panacea, it would seem that leading companies now see fingerprint recognition as the future. “Our belief is that we should be able to identify ourselves without having to use passwords or PINs.”, says president of security solutions at Mastercard, Ajay Bhalla. “Biometric authentication can help us achieve this â our challenge is to ensure the technology offers robust security, simplicity of use and convenience for the customer.”
The post Want more security? How about the first credit card that reads your thumbprint? appeared first on MediaCenter Panda Security.
vBulletin 4.2.1 Open Redirect
vBulletin version 4.2.1 suffers from an open redirection vulnerability.
Evolutionary Antivirus
First evolution
The technologies antivirus companies use to detect malware evolve over time to meet the ever-changing threat landscape. The first evolution was signature-based detection, which had a lot of good properties. Signature-based malware detection extracts common byte sequences — also called signatures — from multiple files of the same malware variant. If these sequences also match another file, it is detected as being malicious. One drawback of signatures is that often a small number of differing bytes leads to the signature not matching anymore. As a result, polymorphic malware was created, which always has completely different sequences of bytes, and therefore malicious sequences could not be found any more. In many cases signatures are still very useful and especially the time to release a signature is very short.
Second evolution
The second evolution was generic detection, which was able to easily handle most polymorphic files. By manually researching malicious files in depth, file properties could be identified, which then in combination could be used not only to detect polymorphic files but, in general, are so powerful as to detect whole families of files. Often, generic detection uses a rule-based system. An example of a generic rule with the capability to detect malicious files writing to the Windows folder could be very simplified:
file_size < 5kb & file_writes_to_windows_folder & file_not_signed
Generic detection is in general very powerful and can also incorporate the program’s behavior. While this kind of detection is also old, it is still widely used. The reason why generic detection loses its relevance is not a matter of quality but a matter of quantity. Avira receives hundreds of thousands of potentially malicious files every day. The time to create one rule manually takes from 5 minutes to two hours, and probably thousands of rules have to be created per day. While it was possible in the past to write generic rules for the malware files received each day, it is not possible anymore.
Third (current) evolution
Fully automated learning systems — the third (current) evolution — try to combine the good properties of the first two evolutions, while avoiding their drawbacks. Rather than creating rules, learning systems often learn the difference between good stuff and malware files based on distances. In simple words, this means that if the learning system learned that a specific region only consists of malicious files and an unknown file has a very small distance to the files within that region, it will output that the probability of the unknown file being malicious is very high. This is equal to a human saying: “This file looks very similar to something that I have seen before”.
Five years ago, Avira started more seriously investigating these systems. In March 2010, my colleague Matthias Ollig and I showed in our master’s thesis, with the title “Recognition of malware by applying techniques of machine learning using static and behavior-based features,” that such a system is not just possible but that it can also deliver a high degree of automatism.
In our fight against malware, only one thing really counts. Speed. If a new malicious file is inserted into the learning system and it is well designed, it does not just detect this one file but the whole malware family — within minutes.
Over the last four years, Avira management have made several big investments in the automated learning system with the internal name NightVision. NightVision has ~8TB of RAM, ~750 CPU cores and ~50 CUDA capable GPUs. Due to these investments, NightVision now not only protects our paying customers but also all of our free-version customers around the globe. By having NightVision in place, the antivirus researchers can now put their attention towards the most important thing: Analyzing the most current daily threats.
The post Evolutionary Antivirus appeared first on Avira Blog.