This archive contains all of the 146 exploits added to Packet Storm in February, 2015.
Monthly Archives: March 2015
New Avast SecureMe app protects iOS and Android users from Wi-Fi Hacking
Avast mobile security experts launched a new app today at the Mobile World Congress in Barcelona.
Avast launches SecureMe app for iOS and Android at Mobile World Congress 2015
Avast SecureMe is the world’s first application that gives iPhone and iPad users a tool to protect their devices and personal data when they connect to Wi-Fi networks. The free app automatically locates Wi-Fi networks and tells users which of them are safe. Since many users connect without knowing the status of the Wi-Fi network – whether it’s protected or not – Avast SecureMe will create a secure connection in order to keep them safe.
“Public Wi-Fi and unsecured routers have become prime targets for hackers, which presents new risks for smartphones and tablets – even iOS devices aren’t immune,” said Jude McColgan, President of Mobile at Avast.
Avast SecureMe will be available in a invitation-only public beta test within the next few weeks. Check back on our blog, Facebook, and Google+ for more information on signing up coming soon.
The app notifies you if it finds security issues
Avast SecureMe includes a feature called Wi-Fi Security. (This feature is also available for Android users within the Avast Mobile Security app available on Google Play.) People who use open Wi-Fi in public areas such as airports, hotels, or cafes will find this helpful. This feature’s job is to scan Wi-Fi connections and notify you if it finds any security issues including routers with weak passwords, unsecured wireless networks, and routers with vulnerabilities that could be exploited by hackers.
“Avast SecureMe and Avast Mobile Security offer users a simple, one-touch solution to find and choose safe networks to protect themselves from the threat of stolen personal data,” said McColgan.
What’s the risk that my personal data will be stolen?
If you use unsecured Wi-Fi when you log in to a banking site, for example, thieves can capture your log in credentials which can lead to identify theft. On unprotected Wi-Fi networks, thieves can also easily see emails, browsing history, and personal data if you do not use a secure or encrypted connection like a virtual private network (VPN). See our global Wi-Fi hacking experiment to see how widespread the threat really is.
The SecureMe app includes a VPN to protect your privacy
Avast SecureMe features a VPN to secure your connections while you conduct online tasks you want to remain private, especially checking emails, doing your online banking, and even visiting your favorite social network sites. Avast SecureMe automatically connects to the secure VPN when it detects that you have connected to a public Wi-Fi making all transferred data invisible to prying eyes. For convenience, you can disable the protection for Wi-Fi connections you trust, like your home network.
Avast SecureMe for iOS will be available soon in the iTunes Store. Before it’s widespread release, we will conduct an invitation-only public beta test, so check back on our blog, Facebook, and Google+ for more information on signing up.
The Wi-Fi Security feature is now also included in the Avast Mobile Security app for Android, available on Google Play.
Russian Cyber Menace Threatens Industrial Systems
Twitter Triples Abuse Team, Knocks Dox
ASML Plays Down Mystery Hack
Feds Admit Stingrays Can Disrupt Cell Service Of Bystanders
What happens to my Facebook account when I die?
Photos, videos, status updates… Social networking sites store lots of information about you. Just take a look at your Facebook page’s wall. What do you see? Birthday pictures, your ‘Year in Review’ video, and hundreds of other things that give an idea of your life. What will happen to all these things when you’re gone?
If you are worried about what will happen to your digital life when you are dead, you’ll be happy to learn that Facebook has decided to grant users more control over how their online identities will be handled after death. The social network now lets users give someone they trust the keys to their profile page in case they die.
Until now, when someone passed away, Facebook turned the deceased person’s account into a memorialized account, for friends and family to share and celebrate the memories of their loved one. For this to be possible, a user had to report the deceased person or the account that needed to be memorialized through a link.
Now, Facebook goes one step further and lets users appoint an heir for their accounts. The new feature, called “Legacy Contact“, allows users to choose someone from their contacts to manage their account after they pass away.
This feature allows the Legacy Contact to write a memorial post on their friend’s profile page, respond to new friend requests, and change the friend’s profile picture. However, they won’t be able to access certain confidential information such as private messages.
As published by Facebook on its blog, the ‘Legacy Contact’ feature is available only in the United States for now, although it will roll out to other countries soon.
How to choose a ‘Legacy Contact’ on Facebook
Now, how do you choose a ‘Legacy Contact’? The steps to take are really simple:
- Go to ‘Settings’
- Select ‘Security’
- Choose ‘Legacy Contact’. There, select the person who will manage your memorialized account and specify the actions that they will be able to take.
- Finally, send them a message to let them know you have selected them as your digital heir
In any case, Facebook also gives you the chance to take more drastic measures: you can choose to have your account permanently shut down when you die.
Until the time arrives when this new feature is implemented in your country, it is time for you to think: who will you entrust with the task of managing your account?
The post What happens to my Facebook account when I die? appeared first on MediaCenter Panda Security.
Avast study exposes global Wi-Fi browsing activity
The use of open, unprotected Wi-Fi networks has become increasingly popular across the globe. Whether you’re traveling around a new city and rely on public Wi-Fi networks to get around or you’re at your favorite coffee shop and connect to its Wi-Fi, you’re left in a vulnerable situation when it comes to protecting your data. Just as you lock the door of your house when you leave, you should also use a security app if using public Wi-Fi.
Using unsecured Wi-Fi can easily expose photos and other personal information to hackers.
Avast’s hack experiment examines browsing habits of people across the globe
The Avast team recently undertook a global hacking experiment, where our mobile security experts traveled to cities in the United States, Europe, and Asia to observe the public Wi-Fi activity in nine major metropolitan areas. Our experiment revealed that most mobile users aren’t taking adequate steps to protect their data and privacy from cybercriminals. In the U.S., the Avast mobile experts visited Chicago, New York, and San Francisco; in Europe, they visited Barcelona, Berlin, and London; and in Asia, they traveled to Hong Kong, Seoul, and Taipei. Each of our experts was equipped with a laptop and a Wi-Fi adapter with the ability to monitor the Wi-Fi traffic in the area. For this purpose, we developed a proprietary app, monitoring the wireless traffic at 2.4 GHz frequency. It’s important to mention that there are commercial Wi-Fi monitoring apps like this available in the market that are easy-to-use, and available for free.
In front of the German Bundestag, Berlin: On public Wi-Fi, log in details can easily be monitored.
The study revealed that users in Asia are the most prone to attacks. Users in San Francisco and Barcelona were most likely to take steps to protect their browsing, and users in Europe were also conscious about using secure connections. While mobile users in Asia were most likely to join open networks, Europeans and Americans were slightly less so; in Seoul, 99 out of 100 users joined unsecured networks, compared with just 80 out of 100 in Barcelona.
1) Seoul: 99 out of 100
2) Hong Kong: 98 out of 100
3) Taipei: 97 out of 100
4) Chicago: 96 out of 100
5) New York: 91 out of 100
6) Berlin: 88 out of 100
7) London: 83 out of 100
8) Barcelona: 80 out of 100
9) San Francisco: 80 out of 100
Our experiment shed light on the fact that a significant portion of mobile users browse primarily on unsecured HTTP sites. Ninety-seven percent of users in Asia connect to open, unprotected Wi-Fi networks. Seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Nearly one half of the web traffic in Asia takes place on unprotected HTTP sites, compared with one third U.S. traffic and roughly one quarter of European traffic. This can most likely be attributed to the fact that there are more websites in Europe and the U.S. that use the HTTPS protocol than in Asia.
So, how much of your browsing activity can actually be monitored?
Because HTTP traffic is unprotected, our team was able to view all of the users’ browsing activity, including domain and page history, searches, personal log in information, videos, emails, and comments. Before the start of any communication, there is always a communication with the domain name server (DNS). This communication is not encrypted in most cases, so on open Wi-Fi it is possible for anybody to see which domains a user visits. This means, for example, that somebody who browses products on eBay or Amazon and is not logged in can be followed around. Also, it is visible if people read articles on nytimes.com or CNN.com, and users who perform searches on Bing.com, or who visit certain adult video streaming sites can be monitored.
Beware of weak encryption
The majority of Wi-Fi hotspots were protected, but we found that often their encryption methods were weak and could be easily hacked. Using WEP encryption can be nearly as risky as forgoing password-protection altogether, as users tend to feel safer entering their personal information, but their data can still be accessed.
San Francisco and Berlin had the lowest percentage of weakly encrypted hotspots, while more than half of password-protected hotspots in London and New York and nearly three quarter of the Asian hotspots were vulnerable to attack.
1) Seoul: 70.1%
2) Taipei: 70.0%
3) Hong Kong: 68.5%
4) London: 54.5%
5) New York: 54.4%
6) Chicago: 45.9%
7) Barcelona: 39.5%
8) Berlin: 35.1%
9) San Francisco: 30.1%
Our goal is not to discourage you from visiting HTTP sites, but instead, encourage you to protect yourself on public Wi-Fi. If you install protection that allows a secure Internet connection while accessing public networks, public Wi-Fi is harmless. But when you go unprotected, hackers can follow your way around the Internet. Even if the user accesses a HTTPS site, the domain visited is still visible to hackers.
RV4sec 2015 CFP Open!
Posted by Sullo on Mar 02
The RV4sec 2015 conference will be held on June 4-5th, 2015, in Richmond,
Virginia.
RVAsec is a Richmond, VA based security convention that brings top industry
speakers to the mid-atlantic region. Last year, RVAsec 2014 attracted 350
security professionals from across the country. For 2015, the conference is
a two day and dual-track format, with a mixed focus on technical and
management/business presentations.
All talks must be 55 minutes in…
Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]