Category Archives: Avira

Avira

Avira

The dummies guide to hacking Whatsapp

Leave a comment

WhatsApp – the super popular messaging app (800 million users), acquired by Facebook for $20 billion, has done it again… After a bug that exposed restricted profile pictures, data encryption that can be breached in 3 minutes, and the use of IMEI (International Mobile Equipment Identity) as a cryptographic key (it’s like using your Social Security Number as a password), WhatsApp is yet again in the headlines for privacy concerns…

The latest story – hacking Whatsapp. As reported by The Hacker News, anyone can hack your WhatsApp account with just your number and 2 minutes alone with your phone…

This video, posted on YouTube, shows how a hacker answers an authenticating call, intercepts a secret PIN, and uses that to access a WhatsApp account he just created on another phone.

This is not tied to a bug or loophole – it is the way that WhatsApp was built.

Bottom line? Please be very careful whom you lend your phone to, and make sure you don’t leave it lying around. Even locked, a garden-variety hacker can access your WhatsApp account in 2 minutes.

The post The dummies guide to hacking Whatsapp appeared first on Avira Blog.

Avira

Opt-out from Potentially Unwanted Applications

Leave a comment

This new Avira video will bring back the memories and will show you why it’s important to pay close attention all throughout the installation process of every new program on your device.

Do you know what’s in the bundle?

Potentially Unwanted Applications are usually more or less hidden in software bundles. In other words, while you are under the impression of installing only one program on your computer, you agree in fact to install additional services that might completely damage the regular activities you lead on your device.

Your computer will be slower than ever, unfamiliar programs will appear on your desktop and your browser will make you feel like it’s Christmas every day: pop-ups, ads… not to mention a collection of useless toolbars. Not exactly the kind of surprises that would be welcomed in the most wonderful time of the year but just as colored, noisy and cheerful.

Whenever you are planning to install new programs on your computer, make sure to read carefully through the terms and conditions of the agreement and opt-out from any action that leads to installing potentially unwanted applications in the process.

Sometimes, protecting your computer is a simple as that: unchecking the right boxes at the right time.

Tweet

As a security company, many of our efforts have been directed towards stopping potentially unwanted applications from spreading. Earlier this year we released a new set of ethical guidelines for all vendors and distribution partners to respect little time after our CEO, Travis Witteveen, wrote on our blog about the dangers associated to PUAs. We’re doing everything possible to protect you from any kind a digital threat so make sure you are fully aware of all digital risks associated to software downloads and stay safe.

The post Opt-out from Potentially Unwanted Applications appeared first on Avira Blog.

Avira

OPM Data Breach: Data of 4 Million Federal Workers Exposed

Leave a comment

According to the official news release, hackers managed to breach the Office of Personnel Management (OPM). With the information of 4 million federal government workers exposed, it is one of the biggest in the federal government’s history. The hack was discovered because “within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks”.

In order to determine the full impact the OPM is now investigating the issue together with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI).

In their statement the agency wrote: “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”

Sounds all good, but who is to blame? According to The Washington Post and the Wall Street Journal the hackers might have been Chinese, a link that China’s Foreign Ministry Spokesman calls “irresponsible”.

The post OPM Data Breach: Data of 4 Million Federal Workers Exposed appeared first on Avira Blog.

Avira

Give your PC some superpowers

Leave a comment

So now that I got this out of the way, here are two important observations by Captain Obvious:

#1: This blog post is about shameless self-promotion.

#2: You’ll be safer (and perhaps mildly amused) after having read it.

So here’s the newsflash: we’ve just launched a superhero campaign that’ll unleash your PC’s superpowers: www.avira.com/en/try-superpowers

The campaign offers our free Antivirus software, as well as free trials to premium software. Take a look at the short descriptions for your PC’s new superpowers:

STRENGTH

Wield superior PC protection, forged deep within the A.V.I.R.A. labs. The process of forging summons otherworldly code, to withstand attacks from any breed of alien forces

SPEED

Be one with an accurate, effective weapon – able to navigate and propel you with supersonic speed through cyberspace. Your PC will be faster, your boot up time—shorter, your streaming—smoother, your PC—cleaner and you’ll even free up space on your hard drive.

STABILITY

Control and stabilize your PC’s elements, with a driver updater tool that’s forged from the remnants of a star. Your hardware will run smoother, your gaming will be faster and it will help prevent system freezes and crashes.

And of course, the page gives you the option at the bottom to share it with your friends and family – just in case you don’t begrudge them your new-found superpowers….

The post Give your PC some superpowers appeared first on Avira Blog.

Avira

Are SOHO Routers A Hopeless Case?

Leave a comment

I sure have one! It’s a nice little TP-Link, that’s doing what it’s supposed to do. Until now I felt pretty good and also kind of secure. Recently my feeling have changed though.

The Hungarian company Seach-Lab and some Spanish students, who are working at their master thesis, disclosed that there are quite a few SOHO routers (Small Office, Home Office routers) out there which are basically inviting cybercriminals to drop by and take a look at your data due to their vulnerabilities.

Search-Lab discovered 53 unique vulnerabilities on only 4 different D-Link devices, all running the latest firmware. According to their report “several vulnerabilities can be used by a remote attacker to execute arbitrary code and gain full control over the device”. They listed a few of the most critical findings’ problem areas in it as well so take a look at their paper if you want to know more.

The students published their findings on Full Disclosure and they lost more than 40 vulnerabilities in 22 different SOHO router models. The issues range from persistent and unauthenticated cross site scripting vulnerabilities and information leaks to Universal Plug and Play related vulnerabilities.

Routers which made it on the list are: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.

Really, it doesn’t look good for SOHO router vendors. They either do not care or (even worse) do not know that their firmware is that insecure.

The post Are SOHO Routers A Hopeless Case? appeared first on Avira Blog.

Avira

Facebook Is Getting More Secure Thanks to OpenPGP

Leave a comment

In order to achieve this goal Facebook just announced in a blog post that is now offering you the ability to encrypt e-mails via OpenPGP, an email encryption system.

“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications”, says Facebook

So basically the social network will allow you to give it your public key so that mails you might receive from Facebook (for example password resets) will be encrypted.  You can also enable encrypted notifications: Facebook will then sign outbound messages using your key so that you can be sure the emails are genuine.

The encryption system Facebook is using is OpenPGP where the PGP stands for “Pretty Good Privacy”. It’s one of the most popular standards when it comes to protecting email and should really serve its purpose well. Read this article if you want to find out more about Public Key Cryptography and PGP – it really will make the whole technique easier to understand.

The post Facebook Is Getting More Secure Thanks to OpenPGP appeared first on Avira Blog.

Avira

10 Made Up Words That Every Online User Should Know

Leave a comment

As civilization progresses, and technological advances make their way into our everyday lives, certain character traits induced by the technology arise – unique, time-stamped peccadillos if you will, for which there are simply no adequate words – yet. We’ve selected 10 words that really ought to exit, and shared them with you. For the full list, see this website.

And as usual, if you read to the end of the post, there’s a little bonus: a sentence that uses all new words… Enjoy!

Passfusion

(n) When you experience password confusion, especially when you have many accounts

Cellfish

(n) An individual who continues talking on their phone so as to be rude or inconsiderate of other people.

Sloading

(v) Loading so slowly that it puts you to sleep

Internest

(n) The coccoon of blankets and pillows you gather around yourself while spending long periods of time on the internet.

Textpectation

(n) The anticipation felt when waiting for a response to a text.

Unkeyboardinated

(adj) When you’re unable to type without repeatedly making mistakes.

Nerdjacking

(n) Filling a conversation with unnecessary detail about one’s passion to an otherwise uninitiated, uninterested layperson.

Onlineness

(n) Maintaining a constant online presence, in order to be able to instantly react to any new Internet developments, no matter how insignificant. Onlineness is a gateway to loneliness.

Typerventilating

(adj) Sending messages through instant messaging in a rapid sequence.

Paddict

(n) Person who spends an inordinate amount of time on their tablet

 

And as a reward for reading this far (and hopefully sharing), here is a sentence that includes all the new words:

While at home in his Internest, typerventilating away in his typical unkeyboardinated fashion while waiting for House of Cards to sload, Neal – the cellfish paddict, was careful to nerdjack the conversation away from babies, and steer it carefully towards his latest pet topic: the positive long terms of effects of brussel sprouts in combatting passfusion and onlineness.

The post 10 Made Up Words That Every Online User Should Know appeared first on Avira Blog.

Avira

What Can Siri Help You With Today?

Leave a comment

This post is about cool things you can do with Siri, and some you might wish it didn’t do. Stick with me to the end of this post, and I’ll even share with you a funny video of what Siri “really” looks like…

“Siri, please save my iPhone from the messages of death”

This somewhat melodramatic title was posted on TheRegister and reports incoming messages that trigger a bug in the iOS, inducing applications to crash…

The solution?

Apple suggests Siri as a temporary fix (full instructions here). One of the options includes asking Siri to “reply to the malicious message”. That’s right – if you’re being picked on by a big bad hacker who is sending you “messages of death”, get big sister Siri to reply with a digital tongue-lashing – sweet!

“Siri, please turn on the light, switch on the stero and start my car”

Back in 2014, there was excitement surrounding the application called GoogolPLex, which hooked up a hacked version of Siri to the Internet of things. Suddenly you could use Siri for all sorts of applications, as seen in this video:

What’s particularly clever, is the name: “GoogolPlex, turn on the lights” is actually understood by Siri as “Google, please turn on the lights”. Then, instead of running a Google search, GoogolPlex redirects the requests to its servers and uses API’s that interact with your hardware to process your requests.

GoogolPlex, beam me up!

Siri, stop recording our conversations…

You love using Siri? She is a great listener (granted, with dubious hearing). However, if you’re also a staunch believe in privacy, you might want to reconsider what it is exactly you tell your beloved assistant. As reported in this post, all voice recordings are stored for 6 months, after which time they keep the recording for another 18 months but delete the number associated with it… In case you’re now thinking of switching to Microsoft’s equally friendly Cortana, the policy is very similar…

.
And now, for a look at what Siri looks like, as seen in Raj’s vivid imagination (from the Big Bang Theory):

The post What Can Siri Help You With Today? appeared first on Avira Blog.

Avira

Don’t Let Your Mac Fall Asleep: It Might Dream Up A Rootkit

Leave a comment

Just last month we talked about how the “Unicode of Death” crashes your iPhones and Apple Watches, how easily Apple Safari can be manipulated via URL-Spoofing and the Ex-NSA guy who pointed to Mac security flaws.

Now Pedro Vilaca, a security expert who is deep into Mac OS X and iOS security, found another not so great looking vulnerability. Take a look at what he wrote on his blog: “Well, Apple’s S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle. !?#$&#%&!#%&!#.

And you ask, what the hell does this mean? It means that you can overwrite the contents of your BIOS from userland and rootkit EFI without any other trick other than a suspend-resume cycle, a kernel extension, flashrom, and root access.”

Wow. So basically it is possible to install a rootkit on a Mac without much of an effort. Just wait until the machine enters sleep mode for at least 30 seconds or more so the Flash locks are removed. Once gone the device is yours. With the Flash locks gone you can play around with the UEFI code and well … for example install a rootkit. The only way to protect yourself from it is to never let your Apple device go into sleep mode.

Luckily not all devices seem to be affected. Vilaca tested the issue against a MacBook Pro Retina, a MacBook Pro 8,2, and a MacBook Air, all running the latest EFI firmware available. All of them were vulnerable. There is a shimmer of hope though: The latest MacBooks might have been silently fixed by Apple, since the security expert was not able to replicate the vulnerability there.

The post Don’t Let Your Mac Fall Asleep: It Might Dream Up A Rootkit appeared first on Avira Blog.