Monthly Archives: February 2016

Hackers News

Latest Windows 10 May Have a Linux Subsystem Hidden Inside

Leave a comment
windows10-linux-subsystem
A Few Months Back, Microsoft impressed the world with ‘Microsoft loves Linux‘ announcements, including, development of a custom Linux-based OS for running Azure Cloud Switch and selecting Ubuntu as the operating system for its Cloud-based Big Data services.

Also Read: Microsoft Drops a Cloud Data Center Under the Ocean.

Now, a renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.
According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251, which are suspected to be part of Microsoft’s Project Astoria.
windows-10-linux-subsystem
Project Astoria, also known as Windows Bridge for Android, is a toolkit that allows running Android apps on Windows 10 Mobile devices.
The naming convention for latest discovered files is very similar to the Android Subsystem files from Project Astoria, i.e. ADss.sys.
So, the “LX” in these name, however, can only be taken for one thing, and that is LINUX, which suggests the Windows 10 will have access to a Linux subsystem also.

Why a Linux Subsystem?

Since Windows 10 has been introduced as a Universal Operating system for all devices, so it might be possible that Microsoft wants to expand Project Astoria from mobile devices to desktop users.
If this comes to be true, adding a Linux subsystem will be beneficial in case Microsoft has plans to offer support for Linux applications, especially servers related technology and software.

Isn’t this exciting?

Stay tuned to The Hacker News Facebook page for further developments on this topic.

Hackers News

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

Leave a comment
comodo-web-browser-security

Beware Comodo Users!

Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns.
First of all, make sure whether your default browser had been changed to “Chromodo” — a free browser offered by Comodo Antivirus.
If your head nod is “Yes,” then you could be at risk!
Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as ‘Private Internet Browser’ for better security and privacy, automatically overrides system settings to set itself as your ‘Default Browser.’
And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has ‘Same Origin Policy’ (SOP) disabled by default.
Google’s security researcher Tavis Ormandy, recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy.

Ormandy notes that “all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.”

Moreover, this is a total unethical movement to change default browser settings without users’ knowledge.
Same Origin Policy (SOP) is one of the browser security policies that permits scripts running in a web browser to only make requests to pages on the same domain.
If enabled, Same Origin Policy will prevent malicious scripts on one page from obtaining access to sensitive data on another web page.

What If, Same Origin Policy is Disabled

chromodo-browser

To understand this, assume you are logged into Facebook and somehow visits a malicious website in another tab.

With SOP disabled, various malicious script files on that website could take over the control of your Facebook profile, allowing malicious actors to compromise your account with access to your private messages, post status updates, etc.
The same thing Comodo is doing with its users, by default disabling SOP in Chromodo that could allow attackers to:
  • Steal session authentication cookies.
  • Perform malicious actions through script code.
  • Even Replace trusted websites with attacker-created HTML design.

How to Check, If your Browser has SOP Enabled/Disabled

If you are still unsure whether your browser is SOP disabled, then visit this link.
If you are getting a prompt as “Browser appears to be fine,” then you are out of danger.
But, if you are getting a negative approach such as “Your browser is not enforcing the SOP,” you are advised to migrate to other browsers such as Chrome or Firefox for your self-defense against any malicious attack.
Stay Safe! Safe Tuned!

Panda Security

Employees’ selfies and the dangers of cybercrime for critical infrastructures

Leave a comment

selfie kitchen

When one works in a power plant, a water treatment facility, a gas plant, a recycling center, or any other critical infrastructure for a country, it’s essential to be extra careful about what you post on social media.

It might seem to be common sense, but IT security experts have raised worries over the amount of selfies taken by employees in these centers, which have started to appear across different sites such as Facebook, Twitter, and Instagram.

With the recent blackout which affected more than 80,000 people in Ukraine still fresh in the memory, the proliferation of selfies that could reveal security secrets in these installations could become a problem that needs to be stamped out immediately.

IT systems that could be compromised as a result of worker indiscretion are named SCADA – the initials are taken from Supervision, Control and Acquisition of Data – and they are continually used to manage all types of industrial processes, which means that their security is extremely important.

dangerous selfie

They allow you to obtain information from anywhere, in real-time, about the automated operations in a factory (or a gas station, for example), in such a way that the decision making and remote management of these installations is easy and economically sensible.

On the other hand, however, if a cybercriminal manages to enter the systems, especially if he manages to take control or alter the function of the machines, it could result in unrepairable damage.

Businesses, governments, and professionals from the sector are growing more and more aware of the risk that these infrastructures are exposed to. This is usually because they fear that the weakest link in the chain, which is always a person, could commit a silly mistake with their smartphone.

Just as has been discussed dedicated forums, IT security experts in the industrial sector have been able to locate these selfies, and other things, on Facebook and Instagram in which it is possible to see valuable information on the SCADA systems.

Furthermore, they have also discovered panoramic photos and virtual tours of the control rooms and the critical infrastructures, which are available for anyone to view, on the companies’ websites. This could allow someone with malicious intentions to extract information relating to employees, shift patterns, etc.

In fact, the German security expert Ralph Langner discovered that an image of the Natanz nuclear plant in Iran, distributed by president Ahmadinejad’s own press office, had been used by the creators of Stuxnet malware to attack the country’s nuclear program.

The image, which was happily shared by the Islamic regime, showed a control monitor for the SCADA system that was controlling its new uranium centrifuges. A real treat for their western enemies!

The post Employees’ selfies and the dangers of cybercrime for critical infrastructures appeared first on MediaCenter Panda Security.