Monthly Archives: January 2015

Avira

3 social media dangers to avoid

Leave a comment

Included below are three different social media dangers that can become a problem from time to time.

Fake Influence – That Twitter account with tens of thousands of followers must be legitimate and interesting, right? Not always. While follower counts can sometimes indicate influence, they’re not a perfect measuring stick. Scammers or companies trying to promote their products in deceptive ways can create fake accounts and then buy followers in a way that’s just about as easy as buying something from Amazon. Try to look beyond the follower count to see if someone or something is really worth following. For example, who follows them, and what are they posting about? Also, how long has the account been active?

Trolling – An online troll can basically be described as someone who’s trying to cause problems online. This can sometimes just prove to be an inconvenience, but in many cases, the activity crosses over into harassment that can be very hurtful. We’ve all seen comments on social media that demonstrate this behavior. Many times they come from people who are deliberately trying to hide their real identity. It can be tempting to respond to these posts, but there’s a saying that says that you shouldn’t feed the trolls, which means that you shouldn’t fall into their trap by responding because it only gives them more to work with.

Catfishing – This refers to the practice of creating a fake identity online in order to try and trick someone into a a romantic relationship. People who do this could be seeking revenge, they might have no self-confidence, or they might just enjoy the entertainment value of it. Either way, if you’re starting to form a romantic relationship online, it’s important to get proof that the person you’re talking to is actually who they say they are.

Those are just three of the problems that can be lurking on social media, but if you know what to watch out for, then you can have a better experience with social media.

The post 3 social media dangers to avoid appeared first on Avira Blog.

Panda Security

#XMASPANDA contest winners!

Leave a comment

Christmas contest

We finally can communicate our #XMASPANDA contest winners.

If you are one of our Twitter winners, send us a Direct Message. Then if you are the one from Facebook , you can send us a Private Message too.

We need the following details:

  1. Name
  2. Address
  3. Mobile Phone
  4. Email Address

Panda Mobile Security License

  • Ramon Jarque Anton
  • Diana de Felipe Tenorio
  • Adrian Aguilera Quesada
  • Robert Mcdonald
  • Liz Schneider
  • Carol Foxx
  • Rob Diggle
  • Aleksey Apasov
  • Tomas Domingo Catalan
  • Francisco Dominguez Moreno
  • @javiermargarit
  • @nabil_freedom
  • @markes5d
  • @glenhilts
  • @p_sandhal
  • @_utdfan
  • @mnvikes40
  • @cathleen_ming
  • @avenue25
  • @hilbournetony

Panda Security Cup

  • Jesús Montes
  • Oscar Luis Maiso Pavia
  • David Escobar
  • Gayle L Johnson
  • Paulo Bispo
  • Iñaky Aion
  • Conceiçäo Carvalho
  • Victor Jiménez Rodríguez
  • Jamie RollerGirl Garland
  • Lisa Middleton
  • Joey Harden
  • @mariasedeo1
  • @travellermind1
  • @tannis91
  • @novairt
  • @ilorcisoft
  • @fabin_ferreira
  • @fer_cantillo
  • @iwantyourstuff
  • @dlrcorn

Panda Security Headphones

  • Ele Velasco Sastre
  • Carlos Martinez Rivero
  • Tina Loucks
  • Christine Gordon
  • Brad Belden
  • @carlosdefuentes
  • @elgrangeniofamy
  • @ybarralde
  • @aprilhaddock
  • @gasteiztarrabat

Thanks for taking part of our Christmas contest! :)

The post #XMASPANDA contest winners! appeared first on MediaCenter Panda Security.

Full Disclosure

SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi

Leave a comment

Posted by SEC Consult Vulnerability Lab on Jan 13

SEC Consult Vulnerability Lab Security Advisory < 20150113-2 >
=======================================================================
title: Cross-Site Request Forgery
product: Kodi/XBMC
vulnerable version: XBMC/Kodi <=14
fixed version: no fixed version available
impact: medium
homepage: http://kodi.tv/
found: 2014-10-29
by: W. Ettlinger…

Full Disclosure

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower

Leave a comment

Posted by SEC Consult Vulnerability Lab on Jan 13

SEC Consult Vulnerability Lab Security Advisory < 20150113-1 >
=======================================================================
title: Privilege Escalation & XSS & Missing Authentication
product: Ansible Tower
vulnerable version: <=2.0.2
fixed version: >=2.0.5
impact: high
homepage: http://www.ansible.com/tower
found: 2014-10-15
by:…

AVG

The web gets ready for voice recognition

Leave a comment

News broke earlier in January that Facebook has acquired Wit.ai, an 18 month old startup that specializes in voice recognition technology. At first, this might seem like a strange move but upon closer inspection, the rationale is clear.

Millions of users are turning to mobile as their preferred platform, where typing long messages and interacting with friends is far more challenging than on a PC keyboard.

It’s clear that companies like Facebook face a challenge to make mobile interaction easier and more engaging.

Using Wit.ai’s expertise, Facebook can build a mobile-first platform with a voice activated interface and text-to-speech messaging some obvious steps.

The Facebook acquisition highlights the excitement and potential behind voice recognition technology. We are potentially witnessing a fundamental shift in the way we interact with our technology forever.

As we start integrating voice activated functionality into new smart devices and services we use on a daily basis, my primary concern isn’t one of convenience but of security.

As I wrote in this blog in September 2014, there is much work to be done in securing our digital devices from voice commands.

Most voice recognition technologies scan commands for meaning and then execute them. I believe there is a need for an additional step, one of authentication.

Does the person issuing the command have the authority to do so? When I ask the device to execute a command, does it validate that it is really me and not someone else?

As I demonstrate in the below video, it is quite simple to have a device act upon a voice command issued by a synthetic voice or by a 3rd party that has an access to the device – even remotely:

Video

Voice hacking a device

 

As Facebook and other leading companies add more voice activation technologies to their roadmap, it’s important to realize that we are also increasing the number of services and devices that are potentially vulnerable to voice attacks. So considering this, , let’s build it with safety in mind.