Category Archives: Avira

Avira

Avira

WordPress 4.2.1 Patches Zero-Day exploit

Leave a comment

This vulnerability is affecting all previous versions and can be leveraged via the comment section of a website running WordPress, by hiding malicious code that is executed on the server.

An attacker exploiting the flaw can execute arbitrary code on the server, create new administrator accounts, or make changes with the same privileges as the currently logged-in admin.

The bug is very similar to the one patched in 4.1.2.

The problem with this bug resides in the way WordPress stores the large comments (more than 64k): such comments are truncated when stored in the database, resulting in malformed HTML being generated.

Now one might ask why someone would allow a 64K comment in the first place. But, since it is allowed to comment in HTML, the full HTML is stored in the database.

If you add some formatting to the comment, the 64K can be consumed rather quickly.

By setting up special attributes of the supported HTML tags, the attacker can hide a short malicious JavaScript code in the comment and execute it without any visible sign when the administrator viewed it in the Dashboard before approving it.

As an immediate reaction to this exploit, WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

You can also download WordPress 4.2.1 manually or update over to Dashboard → Updates and simply click “Update Now”.

For more information, see the release notes.

The post WordPress 4.2.1 Patches Zero-Day exploit appeared first on Avira Blog.

Avira

Hackers Could Exploit Phones With an Implanted NFC Chip

Leave a comment

Biohacking or wetware hacking is the practice of engaging biology with the hacker ethic. It encompasses a wide spectrum of practices and movements one of which are the “grinders” who design and install do-it-yourself body-enhancements such as magnetic implants.

It sounds rather “out there”, right? But it apparently isn’t, as Wahle decided to demonstrate. You only need a good stomach. In order to show that an implanted NFC chip can be sneaked passed scanners at the airport and other high-security locations, he had to not only acquire a chip designed to normally be injected into cattle but also needed to use a needle that was rather big and made him want to vomit.

Said chip has a NFC (Near Field Communications) antenna which pings Android phones that are in close vicinity and then asks them to open a link. If followed, the link will lead to a malicious file which, once installed, will establish a connection to a remote computer from which the owner can carry out further exploits. With the right amount of social engineering this could become a real danger.

“In Miami, Wahle and Soto are planning to detail the steps hackers will need to go through to add implants to their arsenal, including how to acquire the hardware and program the chip. Could this be the beginnings of the democratisation of malevolent biohacking?” writes the Forbes magazine in its article. And security consultant Rod Soto adds: “This is just the tip of the iceberg … anyone can do this.”

The post Hackers Could Exploit Phones With an Implanted NFC Chip appeared first on Avira Blog.

Avira

Banned From the Internet: The Life of an Ex-Hacker

Leave a comment

Higinio Ochoa, a former hacker who went by the name “wOrmer” when online, talks about it on Reply All. He recounts how he got the ultimate punishment for his crime: “I’m not to touch any computer, smartphone or device that has internet connectivity. That would be against my rules.”

Just imagine how hard it would be for you to not be allowed and use the internet. It’s everywhere nowadays – you shop online, you chat with your friends and family online, you sometimes even have a job that requires you to be online all the time!

Ochoa is a programmer, which means he still works with computers. Not being allowed on the internet makes this job pretty weird though: He codes from his home in Austin, but in order to get whatever he did to his boss, he has to actually print and mail it because he is – of course – not allowed to use an email program.

Find out more about how Ochoa lives without the net in the digital age in this article on Digg or listen to the Reply All podcast over here. He also talks about what he did to get arrested and his first computer experience.

The post Banned From the Internet: The Life of an Ex-Hacker appeared first on Avira Blog.

Avira

Surgical robots and the remote surgery hacking threat

Leave a comment

This sounds horrible but it could never happen in real life anyway, right? Wrong! Telesurgery is something that is already happening today, and while it is not all that common yet it’s likely that it will become more and more popular in the near future. The tech allows a doctor to perform surgery on a patient even though they are not physically in the same location. All in all a great thing, considering how many lives can be saved that way.

But how secure are those lifesaving robots when it comes to cyber threats? The answer to this question, presented in a recent research paper called „To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots”, is shocking. A team from the University of Washington identified a slew of possible cyber security threats.  They were also able to “maliciously control a wide range of robots functions, and even to completely ignore or override command inputs from the surgeon.” Just imagine a denial of service attack which is launched during a crucial point during surgery! It could be fatal to the patient.

Luckily a scenario like this has not happened yet – but would you feel comfortable being under the knife knowing some hacker could end your life just because he feels like starting a DDoS attack?

Read the rest of the article over here to find out what the team concluded and gain a deeper insight into the research paper.

The post Surgical robots and the remote surgery hacking threat appeared first on Avira Blog.

Avira

Mobile apps: The privacy insanity

Leave a comment

Security expert Troy Hunt took a look at three apps (one of them being the Paypal one) and the results are shocking: While they were all way too invasive most of the tested apps had serious security issues as well.

When it comes to your privacy especially Paypal seems to want far more information from you than necessary. Hunt took the time to point out the extra personal requests on his blog:

  1. BSSID: This is the unique device ID of my home router which is the same as the MAC address. Google got themselves into hot water for siphoning this up via their mapping vehicles a little while back because that one unique ID ties back to my precise device.
  2. Device model and name: You could argue that comparable information is sent via your browser courtesy of the user agent, but that would only apply to the model and not the name of the device which is explicitly not passed in requests. This is private – it’s my device name.
  3. Internal IP address: The internal address assigned to my iPhone via the router when it associated to the network. This can give a sense of how many devices are on the network.
  4. Location: There’s my lat and long again and for all the same reasons I don’t really want to share it with Aussie Farmers, I also don’t really want to share it with PayPal.
  5. SSID: We’re talking about the name of my internal network here. I name mine in a non-identifying fashion because frankly, I want to keep it somewhat private and that’s from those in my immediate vicinity, let alone those on the other side of the world.
  6. Storage space: Ok, so it’s a 128GB iPhone, do they really need to know that? Back to the user agent comparison, this is not the sort of stuff that’s typically “leaked” by generic requests to the web because it’s an internal metric of no external consequence.”

In addition to that the security of two of the tested apps was so bad that he concluded: “Perhaps I should just stick to the browser that doesn’t leak this class of data yet one would assume is still sufficiently secure.”

Do you want to find out more? Then take a look at the whole in-depth article.

The post Mobile apps: The privacy insanity appeared first on Avira Blog.

Avira

Student wanted to improve grades, got jailed instead

Leave a comment

Nowadays, with all the technological advances and everything being stored on a PC or even online, committing such a crime is actually easier than ever if the school isn’t prepared for it and has no security measures in place to prevent incidents as this one. But crime doesn’t pay even if it is “only” in order to change one’s grades, as Imran Uddin had to discover.

According to The Independent, the 25 year old student hid four logging devices into computers at the University of Birmingham. He apparently wanted to steal staff logins and then use the information to access the grading system to improve his own grades.

Fortunately the students trick was discovered, the police got involved, and – after pleading guilty to six offences under the Computer Misuse Act – he has been jailed for four months. While this might sound harsh to some let’s not forget that he actually committed a real crime that would have provided him with false qualifications would he have been successfull.

Detective Constable Mark Bird, from the Regional Cyber Crime Unit, said: “The audacity of Uddin to install not just one but four of these devices showed how determined he was to cheat his way to a better degree.”

You can read the whole article over here.

The post Student wanted to improve grades, got jailed instead appeared first on Avira Blog.

Avira

Unlock your phone with your ears & knuckles, says Yahoo

Leave a comment

The cool thing: It doesn’t need the comparatively expensive fingerprint sensors to unlock your device, but can easily be used with any phone that sports a capacitive touchscreen.

With an app called Bodyprint, the users’ ears, knuckles, palms and fingers can be scanned. The only thing one needs to do is press the chosen body part against the touchscreen and voilà, it will unlock. The system, which was tested in a small study with 12 participants, was able to identify the users correctly 99,52% of the time.

“Unlocking your smartphone is something you do 150 times per day,” said Christian Holz, a research scientist at Yahoo Labs in Sunnyvale, California. “You want to make unlocking it convenient but also secure. That’s why fingerprint scanners are so successful.”

This sure sounds interesting! If you want to find out more just read the in-depth article over here.

The post Unlock your phone with your ears & knuckles, says Yahoo appeared first on Avira Blog.

Avira

Avira Antivirus Security for Android: they’re loving it!

Leave a comment

Your device’s mobility makes it easier for crooks to hack it or simply steal it together with all the information you store on it. When choosing a certain mobile security provider, you might need to take into consideration more than just classical protection parameters that used to apply for your old computer. Take a look at all the amazing features offering you complete protection in our free Antivirus Security for Android.

Avira’s Mobile Development team has done an outstanding job in the last couple of months, updating our Android Security Solution on a regular basis. Besides the traditional bug fixes, some really useful features have been added to the menu, making sure that our users get full protection on all levels.

Here’s a complete list of the cool features in Avira’s Antivirus Security for Android:

  • Complete device scan: no corrupted apps, files or malware can escape our radar
  • Anti-theft feature: locate your device, wipe any data from it or simply lock it.
  • Identity safeguard: scan your email address and your contacts to identify any association with potential account breaches at other companies.
  • AppLock: lock your applications by using PIN code identification to allow access.
  • Blacklist: keep away unwanted conversations
  • Premium Secure Browsing: available only for users who upgrade, this feature scans the websites you visit on your mobile device to make sure they are safe and to prevent any potential phishing attack.

With all these features and powerful technology involved, it’s no wonder Avira’s Antivirus Security for Android is receiving so many awards. 83% of the users who rated us on Google Play awarded our product 4 and 5 stars. Want to know why everybody is loving it? See it for yourself, download it now!

The post Avira Antivirus Security for Android: they’re loving it! appeared first on Avira Blog.

Avira

System Speedup for Windows: the whole story

Leave a comment

System Speedup is one of the most appreciated Avira products, as it has improved the speed and performance of millions of devices all around the world. Its ever growing popularity among users is one of the reasons why we decided to add some new cool features for you to enjoy in our product.

What’s new in the latest version of System Speedup for Windows?

Starting this week, users will be able to free up more disk space on their computers but also improve the battery lifespan. Here are the two main updates that our team is happy to announce to all System Speedup users:

  • Power profiles that enable users to select between performance mode, battery saving mode and balanced mode
  • An improved junk cleaner that will help users dispose of even more free disk space on their computers

Today, battery powered devices account for more than 60% of the total number of PCs sold in the world. The new Battery Booster feature in Avira’s System Speedup is there to make sure our users never run out of battery on their portables. Besides making your device run faster, our product now stops your battery draining on things that you don’t need, so that you can use your computer longer, on things that really matter.

Rediscover what a fast PC feels like

The one-click tune-up suite is able to analyze, clean and optimize your system’s performance in just 5 minutes. The results are even more impressive than System Speedup’s efficiency. To name only a few, you’ll get rid of all the junk files and obtain more space for your important data, all the while enjoying the improved battery life of your device. We guarantee you’ll be happy to rediscover what a fast PC feels like even if it’s been several months or years since you purchased your device.

Want to enjoy the System Speedup functionality on your Android device as well? We recommend you try out Android Optimizer, the equivalent app you can download for free in Google Play.

The post System Speedup for Windows: the whole story appeared first on Avira Blog.

Avira

The positive side of security threats

Leave a comment

For years, experts have been telling the public to take these things seriously, but oftentimes, their advice and suggestions are ignored. That’s not because people necessarily disagree with the importance of security and privacy, but it’s just that developing new habits can be hard, especially when they’re preventative.

The good news is that those security habits appear to be improving, and we partially have Edward Snowden to thank for that. As reported by Computerworld at the end of last year, an international survey of Internet users revealed that more than 39% have done things to protect their online privacy and security because of what he revealed about the NSA. When you dig deeper into the numbers, that means that somewhere around 700 million people actively made changes to their security habits that they might not have made otherwise. By any standard, that’s a whole lot of people.

This survey primarily focused on reactions to the news about the NSA’s practices, but you don’t have to stop there. When you add the growing list of high-profile data breaches by hackers to the spying activity by governments, then things really start to snowball. More than ever before, people are starting to understand security threats in a very real way, and the resulting changes by 700 million people are only the beginning.

When talking about security issues, it can sometimes be easy to just focus on them in a negative way, but these numbers show us that there can actually be somewhat of a positive side to the story, too. Without the publicity of surveillance and hacking efforts, many Internet users would probably continue to stick with their bad security habits, but now that they see what’s possible, they can better protect themselves from the next big security story that starts to circulate.

The post The positive side of security threats appeared first on Avira Blog.