Tag Archives: Internet Security

Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence

girl-with-computer

Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission.

Since last September, more than 100 celebrities have been victims of this type of invasion of privacy. After having uploaded compromising photos to the Apple iCloud, they discovered these images posted on the Web. Someone had accessed and leaked the pictures.

All eyes then turned to Apple. The attack was caused by a security flaw on its mobile devices. A cyber-criminal claimed to have hacked the company’s services to get hold of the images, although the company has rejected this claim on several occasions.

Nevertheless, here we offer six tips to help protect your photos… just in case!

IMAGEN 1C

1. Be careful about what you store in the cloud

If these actresses and models hadn’t uploaded compromising images, it would have been considerably harder for the hackers to get hold of them. Even if you are not a public figure, it’s always a good idea to think about what kind of things you want to store on your phone.

2. Don’t share your account user names or passwords with others

Even though a friend or colleague may have your complete trust, the fewer people who know your credentials, the less chance there is of others finding out. Most online platforms (Facebook, Apple, Google and Yahoo) allow you to boost security with two-factor authentication. If available, it is always a good idea to use it. It basically involves another step in the verification of the user’s identity. This could involve generating a code that the page sends to your phone or another means of contact to verify your identity.

3. Strengthen your passwords to make sure they can’t be guessed by cyber-criminals

One useful tip is for them to contain a mix of numbers, special characters and upper and lower case letters, i.e. make them has complex and varied as possible. The same goes for your Wi-Fi password. It’s also a good idea to change them frequently.

apple-id

4.  With email, it’s wise to have different addresses for different purposes

Use different accounts for professional, personal or financial affairs. If somebody manages to gain access to one, at least all your data won’t be at risk.

5. Take care with your profile on social networks

Check the privacy options from time to time as sometimes they can be changed or the default settings are re-established without notice. And be careful with what you post online.

6. Use a good antivirus

It will not only keep your computer virus-free but will also identity and help keep Internet fraudsters at bay when, for example, you’re shopping online. Find the antivirus that best meets your needs from out 2015 product lineup.

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.

iPhone 6. The fingerprint reader security

Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in the new devices.

In the end, vulnerabilities emerge and obviously their impact is far greater than with other brands (especially if it is a new device). Apple has already suffered a few embarrassing errors discovered by users. You don’t have to go too far back to see: the aluminum case of the iPhone 6 Plus was said to be too flexible, meaning that the phone can even bend under certain conditions.

A secure iPhone?

While the tech world looked on in amazement at this problem in the new Apple device, a second rather more difficult issue emerged: Apple’s ‘Touch ID’ fingerprint identification system is not entirely secure.

Apple-security

This technology has already been used in iPhone 5s and as with iPhone 6, a few days after the launch an error was discovered: there was a relatively simple way to get past Apple’s fingerprint ID system.

“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” claimed the European hacker group, Chaos Computer Club, a year ago. This was something that could be performed by anyone with a bit of skill and patience.

So despite the company’s claims that with the new biometric system your fingerprint is one of the strongest passwords in the world, once again such claims might be premature.

History has repeated itself, and this time surprisingly, it has done so quite literally. Even though the Touch ID flaw was discovered a year ago, Apple has launched two new iPhones with the same problem.

This is confirmed by security expert Marc Rogers. “Sadly there has been little in the way of measurable improvement in the sensor between these two devices,” he claims. Although he underlines that the same fake prints that could deceive the Touch ID in iPhone 5s are no longer viable in the latest Apple device.

iPhone-fingerprint

According to Rogers, the difference is that the company has improved the scan resolution to improve the reliability of the system. However, this doesn’t mean that the same technique used to unlock the iPhone 5s couldn’t be used for iPhone 6. The difference is that the fake print would need to be a better quality.

This new flaw in Apple’s security system is serious, and even more so given the launch of Apple Pay, the company’s new mobile device payment system.

Thanks to NFC technology, users of this service can pay for things simply by waving their iPhone at the point of sale (POS) terminal. Indeed, the tool used by Apple to secure the payment service is none other than the Touch ID technology which, as Rogers explains, is easily hacked.

Nevertheless, Rogers does point out that using fingerprints is an effective form of user authentication, though Apple should include two-factor verification to give users complete peace of mind.

What do you think? Would you activate this type of payment?

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

200,000 Snapchat images leaked

snapchat

After Celebgate, the leaking of private photos and videos of Hollywood actresses and models such as Jennifer Lawrence, now users of Snapchat have seen the security of their files compromised.

Snapchat is a mobile app for sending images and messages that are automatically deleted between one and ten seconds after being read.

Although Snapchat does not store users’ images, another app, Snapsave, which is available for Android and iOS, does store them. This is what has enabled 200,000 photos to be stolen, according to Snapchat.

According to The Guardian (UK), these include some 100 MB of nude images. It is as yet unknown whether these might include images of children, and it is important to point out that downloading of nude images of children under 16 is a jailable offense under child pornography legislation.

Images from ‘The Snappening’, as this leak has been dubbed, are already available on some Internet portals.

The post 200,000 Snapchat images leaked appeared first on MediaCenter Panda Security.

How cookies work?

Cookies

We all know the ‘Allow cookies?’ message. This option now appears in practically all websites. In fact, nowadays more people associate the term ‘cookies’ with its Internet use rather than with its edible origin.

Cookies are small data packets which Web pages load on to browsers for a whole range of reasons. Every time you return to the same URL, the computer sends back this little package of information to the server, which detects that you have returned to the page.

When you access your email account or Facebook profile, it is cookies that allow your user name and password to be saved, so the next time you won’t have to enter them again.

But apart from storing strings of digits and letters, webmasters can use these tools for monitoring the activity of Internet users.

These virtual spies collect information about your Internet habits: the pages you visit frequently and the topics that interest you. The problem is that they usually share this information with data analysis firms or those that design targeted marketing campaigns.

If, say, an ad for a food product appears on your screen after you visit a restaurant page, don’t be too surprised. Thanks to cookies, advertising can be tailored to consumers’ preferences.

Even though cookies are safe and won’t usually infect your computer with malware, it is not always clear in whose hands the collected data ends up or where it is stored.

A team of researchers from Queen Mary University, London, has managed to shed some light on this in one of its studies. They have basically been spying on the spies. They analyzed where the data of Internet users from around the world ended up in order to draw up a data circulation map.

The experts have focused on who is running cookies on user’s browsers. External companies (such as those marketing and data analysis firms mentioned above) send these data packets from a domain different to the site so they can be detected when they do this. With this methodology they were able to analyze the 500 most popular pages in 28 countries.

The results have shown that this practice extends across the world. You can also see in the image the areas of the planet where Internet user privacy is most compromised.

cookies map

While in Europe, South America and Oceania the amount of local companies accessing user data is quite similar, the number is greater in Turkey and Israel. The origin of the snoopers is also interesting: most come from Russia or Germany. Those based in the USA often end up on browsers in the Middle East.

Scientists believe that this distribution reflects Internet privacy legislation in different countries. In most European countries, where there are laws regulating third-party access to user data, there aren’t so many ‘spies’ as in China or Turkey, where such rules are scarce. But spies are everywhere, so experts continue to call for tougher measures to combat the trafficking of personal information.

 

The post How cookies work? appeared first on MediaCenter Panda Security.

Hacker Experience. The game about IT security caused a sensation on the Internet

A developer created a game that became an Internet sensation in just a few hours. Overwhelmed by the success of his work, he decided to sell it.

This is similar to what happened with Flappy Bird. Vietnamese game developer Dong Nguyen, decided to sell the famous app as soon as it became successful.

Yet in this case the game is not about birds and tubes, rather viruses and IT security. The game is called Hacker Experience and its creator, a computer science student at the University of Winnipeg, has been saturated by the response to this simulator.

hacker experience

I’m tired. So I’m selling my game that just went viral “. With these words, Renato Massaro, who is just 21 years old, has terminated his relation with ‘Hacker Experience’, the game he was working on for two-and-a-half years.

The game is a hacking simulator, where players can play the role of a cyber-criminal trying to become rich and powerful working for an evil corporation. In this game, you can hack virtual servers, develop new software, mine bitcoins, work on missions, hack banks, etc.

But it’s only a game; everything that happens is just a simulation, so players are not really handling viruses that could damage their computers or destroying the hardware on other people’s systems. It’s all a work of fiction, a simulator that you can play online and which became an incredible success within just a few hours.

“It went viral in a matter of minutes,” says Massaro, who goes on to explain how he launched ‘Hacker Experience‘ at 4pm on September 13 and, “…by the end of the day, it had 2000 registered users and 1000 online.”

This instant success was largely down to two news aggregators: Hacker News and Reddit who made the name of this game spread like wildfire and the number of users rocket in no time at all.

What this Brazilian student had been working on for so long, suddenly became a sensation. “Now, about 30 hours later, there are 6000 registered users and 1500+ online,” said Massaro, as he realized that the situation was simply too much for him.

hacker experience success

In just a few hours the situation had become unbearable for the young student having received thousands of emails and messages. Overwhelmed by the situation, the creator of the simulator decided to put ‘Hacker Experience’ up for sale.

What was the asking price? There wasn’t one. Massaro waited for offers via email. He was selling the game, the code and the NeoArt Labs brand, under which he had launched the game, but as he had never before sold software, he had no idea what price to put on his game.

He did however tell potential buyers that this was the result of more than two and a half years work and that ‘Hacker Experience’ was already a lucrative source of income.

hacker experience game

 

According to his calculations, revenue from Google AdSense and Premium account users (‘Hacker Experience’ is based around the ‘freemium’ model, where players pay for certain features that give them an advantage or make the game quicker) would offer a minimum return of $1000 (about 800 euros) a month. However, Massaro also claims that with a few adjustments and offering more advantages to Premium users, ‘Hacker Experience’ could soon be offering returns of up to $5000 (almost 4000 euros) per month.

Nevertheless, any potential buyer should also be aware the game’s users have already found flaws and have been sending them via email to the creator as well as publishing them on the Hacker Experience wikipedia page and forum.

The game is still operating, though probably it is now under new ownership. In exchange, the creator will have received a decent sum (according to his own calculations, Massaro suggests that a price of some 60,000 dollars for the game would be easily recovered within the space of one year) and above all he can now enjoy the peaceful life that was so rudely interrupted by ‘Hacker Experience‘, the virus game that went viral.

The post Hacker Experience. The game about IT security caused a sensation on the Internet appeared first on MediaCenter Panda Security.

The Craigslist scams

craigslist

Craigslist is a website hosting classified ads for jobs, houses, cars… To give you an idea, there are around 10 million new Craigslist ads every month.

As sometimes happens with these kinds of pages, Craigslist has become a hunting ground for fraudsters trying to scam the people who read these ads.

In fact, there’s even an “Avoid scams & fraud” section on the website offering advice on how to improve security in transactions. 

avoid craigslist scams

How to recognize scams on Craigslist

  • If the reply sent by the person you have contacted comes from another country, be wary.
  • They often ask for payment via platforms such as Western Union or Money Gram or a check or money order as surety on the transaction.
  • The other party can’t meet you in person to make the transaction.
  • There is a ‘third-party’ who will make the transaction.

Example of fraud on Craigslist

  • Companies offering work but who ask for an advance payment from the employee.
  • Rental of apartments that don’t exist.
  • Sale of cars that ask for payment in advance without you having seen the vehicle.

Tips for avoiding fraud on Craigslist

  • Read the ad carefully.
  • Don’t buy or rent anything without having physically seen it.
  • Take payment in cash. PayPal is also a secure way of receiving payment. Don’t accept checks or money orders.
  • Don’t give any type of personal or financial information.
  • Be wary of incredible bargains. If you find a low-priced apartment in an up-market area, it’s probably a scam.
  • Have a good look at photos. Many scams include photos of things that look too good for the asking price.

We know that criminals are becoming increasingly devious in disguising their scams, so, with your Internet security in mind, please take great care when buying online.

Have you ever fallen victim to a similar scam?

The post The Craigslist scams appeared first on MediaCenter Panda Security.

Twitter has joined the Bounty Programs. Now only Apple remains.

In the technology world, it is now quite common for companies to reward the efforts of those advanced users who dedicate some of their time to uncovering security holes in their programs or platforms.

Although there are still some who are yet to be convinced of the effectiveness of such ‘bounty programs’, many firms apparently see them as being extremely useful, not just to discover new bugs that have gone undetected, but also to get these expert users on their side.

bounty programs - hackers

Such is the value of what is at stake, that most technology companies now have bounty programs in place. A while back, we described the world of bounty programs, and how rewards can fluctuate depending on the company and the importance of the security hole.

Twitter was still among those that had yet to take up the idea. The social network seemed reluctant to put its hand in its pocket to encourage experts to find bugs in its service. Now the company has announced that it’s offering a minimum reward of $140 (get it?) for those who find security holes in Twitter.com, ads.twitter, mobile Twitter, TweetDeck, apps.twitter, as well as in the apps for iOS and Android.

This sum is still way off what others are offering. Bounty programs at firms like Facebook or Google reward users that uncover vulnerabilities with amounts upwards of $500 and$1000 respectively.

bounty programs - facebook

And it’s not only the money that’s different, Twitter’s bounty program also uses a new platform which offers information to anyone who wants to see what each company is offering.

This platform, called HackerOne, is a kind of notice board on which companies announce new features of their bounty programs and where those looking to profit from their ability to sniff out vulnerabilities can easily discover whether it’s worth their while, depending on the money on offer.

This platform was set up in 2012 by several experts who had previously worked in IT security for companies like Facebook, Google or Microsoft. In their previous jobs they had been responsible for coordinating the implementation of bounty programs, so they had first-hand knowledge of the issue. They decided to offer different technology companies, no matter how big or small, the option to delegate the coordination of their bounty programs.

Companies that have taken up the offer include Yahoo!, Square, Automattic and 4chan. So even without offering the same amounts as other firms, there are many companies who, while saving on the costs of running bounty programs, are also addressing the concerns of users who want reassurance that there are no holes in the security of the companies’ platforms. Something that users have been demanding of Twitter for some time.

bounty programs - reward

Apple, still reluctant

The only leading technology company still to launch its own bounty program is none other than Apple. The company has so far taken no steps in this direction, despite the scandals that threatened to tarnish its image in early September when users, including celebrities, had leaked photos, which were hosted in iCloud, published on the Internet. Had there been a program for rewarding hackers that find security holes, perhaps one of those that did find the vulnerability might have warned security officials of the problem and enabled them to act in time. 

They say money can’t buy happiness, but it helps. That’s why, perhaps as a lesson to Apple, the Russian hacker who discovered such a hole in the company’s iCloud was quick to boast of his discovery. As Alexey Troshichev admitted, he would have warned the company about the flaw in the platform if there was a reward. But as there wasn’t, he decided to share the information on Github, where many other experts were able to exploit the hole maliciously, thereby highlighting the importance of bounty programs.

The post Twitter has joined the Bounty Programs. Now only Apple remains. appeared first on MediaCenter Panda Security.

New Initiative Simply Secure Aims to Make Security Tools Easier to Use

The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of interest to technophiles and activists. But many of those tools are difficult to use […]

4 steps to avoid viruses

security

Protecting your computer is, very often, much easier than you might think. If you follow these four steps to prevent viruses, your computer won’t become infected again.

Take care with Java, Adobe Flash and Acrobat Reader

As we have seen in practically all the PandaLabs reports, these programs are a key target for cyber-criminals. That’s why it’s best to ensure they are always up-to-date or, if you don’t use them, uninstalled.

Viruses and malware can slip past antivirus programs and infect PCs by exploiting programs that haven’t been kept up-to-date.

Take care which programs you install

It is essential to be aware of what you’re installing or running on your computer. Virus creators earn a lot of money from programs or applications which, at first glance, seem harmless but can infect your computer when they are run. That’s why you should:

  • Never open messages from unknown sources.
  • Avoid non-secure web pages. You can recognize secure pages as the address begins with ‘https://’ and they display a padlock icon.
  • Use secure passwords.
  • Not provide confidential information via email.

Keep your Windows operating system up-to-date

Malware and viruses exploit security holes in outdated versions of Windows. To prevent this, you must install the latest security patches.

Windows makes this easy for you, so you can enable automatic updates so you don’t have to worry about it.

Use a good antivirus

A good antivirus can do much more than keep your computer virus-free. It can protect your identity and that of your business and can also prevent fraud when you shop online.

Find out what is the best antivirus for your needs from our new 2014 product range.

What’s more, if you have an antivirus with parental control, you can protect your children from danger on the Internet.

The post 4 steps to avoid viruses appeared first on MediaCenter Panda Security.

5 million Gmail passwords leaked

gmail

Do you have a Gmail account? This may interest you! A Russian cybersecurity forum has published a file containing more than 5 million Gmail accounts.

According to several experts, more than 60% of the username and password combinations were valid. However, Google says that the information is “outdated“, that is, these accounts have been suspended or the users no longer access them.

In a statement, Google said that it has no evidence that its systems have been compromised, but explains that “whenever we become aware that accounts may have been compromised, we take steps to help those users secure their accounts.“

The file published mainly contains British, Spanish and Russian accounts. If you want to know whether your account is on the list of those affected, you can do so here.

Panda Security recommends you increase the security of your passwords and use two-step verification of your Gmail account.

More | How to increase the privacy of your Gmail account

The post 5 million Gmail passwords leaked appeared first on MediaCenter Panda Security.