Monthly Archives: February 2015

AVG

Toy drones continue to cause problems

The latest incident involving a drone has more serious implications than buzzing a neighbor’s yard. In January, a drone crashed into a tree on the South Lawn of the White House.  Apparently, the drone was small enough to avoid detection by the White House security radar.

The man who was operating the drone is an employee of the National Geospatial-Intelligence Agency. After seeing the story on the news the following day, he contacted officials to confess. He later admitted that he had been drinking.

The point is that drone adventures are getting increasingly (and literally) out of control.

The White House incident comes just days after the Department of Homeland Security held a conference in Arlington, Va., on the dangers that such drones pose to the nation’s critical infrastructure and government facilities.

The New York Times reported that the conference exhibited a DJI Phantom drone — the same type of drone that reportedly crashed at the White House.

Image courtesy of gizmag

 

However, the drone on display at Homeland Security’s conference had three pounds of fake explosives attached to demonstrate how easy it would be to weaponize. Frightening.

The President said in an interview with CNN that he has instructed federal agencies to examine and address the broader problem and the need for regulations on drone technology.

As the President wisely noted, regarding drones, “We don’t yet have the legal structures and the architecture both globally and within individual countries to manage them the way that we need to.”

Part of the idea for legislation or enforcement, the President said, “is seeing if we can start providing some sort of framework that ensures that we get the good and minimize the bad.”

Legislation and regulation needs to happen soon. Even though it is illegal to fly drones in Washington DC, that appears to be a small deterrent.

Let’s see how this unfolds. There are privacy and security hazards with drones that everyone needs to be aware of, and this incident might spur some real action.

 

Security

Debian Security Advisory 3149-1

Debian Linux Security Advisory 3149-1 – Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute arbitrary code with the privileges of the condor user.

Security

Red Hat Security Advisory 2015-0112-01

Red Hat Security Advisory 2015-0112-01 – YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

Security

Red Hat Security Advisory 2015-0113-01

Red Hat Security Advisory 2015-0113-01 – LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.

Security

Ubuntu Security Notice USN-2488-1

Ubuntu Security Notice 2488-1 – Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

Avast

Come meet Avast at Mobile World Congress

Mobile World Congress 2014

Avast will participate in the 2015 Mobile World Congress

The Avast Mobile Security Team will be introducing its latest suite of apps and solutions at this year’s Mobile World Congress in Barcelona, March 2 – 5.

The team, including Jude McColgan, President of Mobile, and Daniel Chang, Head of Worldwide Mobile Sales and Marketing, will be participating in this must-attend conference for mobile industry leaders, visionaries, and innovators.

The Avast team are leaders in securing the mobile ecosystem as it expands into the retail, banking, and health services industries. Along with interesting discussions about the latest security threats and vulnerabilities for Android and iOS devices and how users can protect themselves from those threats, our team will show users how they can free their phone from unnecessary files to gain valuable storage space on their mobile devices.

New threats and trends

Mr. McColgan and Mr. Chang will introduce a solution that addresses Wi-Fi security issues. Most people know that connecting to Wi-Fi networks on-the-go at cafes, airports, or hotels can make them vulnerable to hackers. Without the protection of a virtual private network (VPN), hackers can gain access to people’s emails, browsing history, and personal data. Now, routers are increasingly becoming targets for hackers, harboring new risks for iOS and Android smartphones and tablets. Avast will be revealing new research data, then introducing a solution for this threat at Mobile World Congress.

Storage on your smartphone and tablet can be a challenge especially when social media, video, music streaming, and news reader apps pile up data that eats up valuable storage space. Avast will showcase a new solution that addresses this problem.

If you are attending Mobile World Congress, please stop by and visit the Avast team at stand 5K29 in Hall 5.

For the rest of us not lucky enough to travel to Barcelona during the Mobile World Congress, visit the Avast blog and Facebook page where we will keep you updated on all the announcements and happenings. Take a look at some of the fun from last year’s event.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Post by avast! antivirus.
NVD

CVE-2015-0313

Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in February 2015.

Avast

14 easy tips to protect your smartphones and tablets – Part I

A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.

Protect your smartphone

Follow our tips to secure your phone and the data on it.

We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.

1. Set your lockscreen

You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.

2. Hide your passwords from nosy people

You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.

3. Protect your apps with a PIN

Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.

4. Disable installation of apps from unknown sources

If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page.  Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.

5. Set Avast Mobile Security to scan any app before installing

If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.

6. Disable USB Debugging

This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.

7. Install and set Avast Anti-Theft

This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.

We’ll talk about the other 7 tips in next days, so come back to the Avast blog.