Tag Archives: Technology

Avira

Are SOHO Routers A Hopeless Case?

Leave a comment

I sure have one! It’s a nice little TP-Link, that’s doing what it’s supposed to do. Until now I felt pretty good and also kind of secure. Recently my feeling have changed though.

The Hungarian company Seach-Lab and some Spanish students, who are working at their master thesis, disclosed that there are quite a few SOHO routers (Small Office, Home Office routers) out there which are basically inviting cybercriminals to drop by and take a look at your data due to their vulnerabilities.

Search-Lab discovered 53 unique vulnerabilities on only 4 different D-Link devices, all running the latest firmware. According to their report “several vulnerabilities can be used by a remote attacker to execute arbitrary code and gain full control over the device”. They listed a few of the most critical findings’ problem areas in it as well so take a look at their paper if you want to know more.

The students published their findings on Full Disclosure and they lost more than 40 vulnerabilities in 22 different SOHO router models. The issues range from persistent and unauthenticated cross site scripting vulnerabilities and information leaks to Universal Plug and Play related vulnerabilities.

Routers which made it on the list are: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.

Really, it doesn’t look good for SOHO router vendors. They either do not care or (even worse) do not know that their firmware is that insecure.

The post Are SOHO Routers A Hopeless Case? appeared first on Avira Blog.

Avast

Latest versions of Avast compatible with Windows 10

Leave a comment
Image via TechRadar

The future of Windows is just around the corner. (Image via TechRadar)

Earlier this week, Microsoft confirmed that the Windows 10 official launch date will be on July 29 and will be available as a free upgrade to Windows 7 and Windows 8.1 users (for one year). This latest OS will be available to pre-order in the upcoming weeks when it launches in 190 different markets across the globe. In anticipation of Microsoft’s exciting new OS, this Techradar article takes a brief look at the operating system’s past:

With Windows 8 and today Windows 8.1, Microsoft tried – not entirely successfully – to deliver an operating system (OS) that could handle the needs of not only number-crunching workstations and high-end gaming rigs, but touch-controlled systems from all-in-one PCs for the family and thin-and-light notebooks down to slender tablets.

Now, Windows 10 has emerged as an operating system optimized for PCs, tablets and phones in unique ways – a truly innovative move from Microsoft’s side. Its big reveal is now quickly approaching, and tech enthusiasts everywhere are curious to see how this OS will measure up.

Will Avast be compatible with Windows 10?

In short, ensuring that Avast is compatible with Windows 10 is quite simple. Avast version V2015 R2 and newer are already compatible with Windows 10. Users who currently have V2015 R2 or newer installed and plan to update from Windows 7 or 8 to Windows 10 will automatically have Avast transferred to Windows 10 at the same time.

For users currently using older versions of Avast, we highly suggest updating your Avast product prior to updating to Windows 10 to ensure an easy, hassle-free transition.

Avira

Facebook Is Getting More Secure Thanks to OpenPGP

Leave a comment

In order to achieve this goal Facebook just announced in a blog post that is now offering you the ability to encrypt e-mails via OpenPGP, an email encryption system.

“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications”, says Facebook

So basically the social network will allow you to give it your public key so that mails you might receive from Facebook (for example password resets) will be encrypted.  You can also enable encrypted notifications: Facebook will then sign outbound messages using your key so that you can be sure the emails are genuine.

The encryption system Facebook is using is OpenPGP where the PGP stands for “Pretty Good Privacy”. It’s one of the most popular standards when it comes to protecting email and should really serve its purpose well. Read this article if you want to find out more about Public Key Cryptography and PGP – it really will make the whole technique easier to understand.

The post Facebook Is Getting More Secure Thanks to OpenPGP appeared first on Avira Blog.

Avira

10 Made Up Words That Every Online User Should Know

Leave a comment

As civilization progresses, and technological advances make their way into our everyday lives, certain character traits induced by the technology arise – unique, time-stamped peccadillos if you will, for which there are simply no adequate words – yet. We’ve selected 10 words that really ought to exit, and shared them with you. For the full list, see this website.

And as usual, if you read to the end of the post, there’s a little bonus: a sentence that uses all new words… Enjoy!

Passfusion

(n) When you experience password confusion, especially when you have many accounts

Cellfish

(n) An individual who continues talking on their phone so as to be rude or inconsiderate of other people.

Sloading

(v) Loading so slowly that it puts you to sleep

Internest

(n) The coccoon of blankets and pillows you gather around yourself while spending long periods of time on the internet.

Textpectation

(n) The anticipation felt when waiting for a response to a text.

Unkeyboardinated

(adj) When you’re unable to type without repeatedly making mistakes.

Nerdjacking

(n) Filling a conversation with unnecessary detail about one’s passion to an otherwise uninitiated, uninterested layperson.

Onlineness

(n) Maintaining a constant online presence, in order to be able to instantly react to any new Internet developments, no matter how insignificant. Onlineness is a gateway to loneliness.

Typerventilating

(adj) Sending messages through instant messaging in a rapid sequence.

Paddict

(n) Person who spends an inordinate amount of time on their tablet

 

And as a reward for reading this far (and hopefully sharing), here is a sentence that includes all the new words:

While at home in his Internest, typerventilating away in his typical unkeyboardinated fashion while waiting for House of Cards to sload, Neal – the cellfish paddict, was careful to nerdjack the conversation away from babies, and steer it carefully towards his latest pet topic: the positive long terms of effects of brussel sprouts in combatting passfusion and onlineness.

The post 10 Made Up Words That Every Online User Should Know appeared first on Avira Blog.

Avira

What Can Siri Help You With Today?

Leave a comment

This post is about cool things you can do with Siri, and some you might wish it didn’t do. Stick with me to the end of this post, and I’ll even share with you a funny video of what Siri “really” looks like…

“Siri, please save my iPhone from the messages of death”

This somewhat melodramatic title was posted on TheRegister and reports incoming messages that trigger a bug in the iOS, inducing applications to crash…

The solution?

Apple suggests Siri as a temporary fix (full instructions here). One of the options includes asking Siri to “reply to the malicious message”. That’s right – if you’re being picked on by a big bad hacker who is sending you “messages of death”, get big sister Siri to reply with a digital tongue-lashing – sweet!

“Siri, please turn on the light, switch on the stero and start my car”

Back in 2014, there was excitement surrounding the application called GoogolPLex, which hooked up a hacked version of Siri to the Internet of things. Suddenly you could use Siri for all sorts of applications, as seen in this video:

What’s particularly clever, is the name: “GoogolPlex, turn on the lights” is actually understood by Siri as “Google, please turn on the lights”. Then, instead of running a Google search, GoogolPlex redirects the requests to its servers and uses API’s that interact with your hardware to process your requests.

GoogolPlex, beam me up!

Siri, stop recording our conversations…

You love using Siri? She is a great listener (granted, with dubious hearing). However, if you’re also a staunch believe in privacy, you might want to reconsider what it is exactly you tell your beloved assistant. As reported in this post, all voice recordings are stored for 6 months, after which time they keep the recording for another 18 months but delete the number associated with it… In case you’re now thinking of switching to Microsoft’s equally friendly Cortana, the policy is very similar…

.
And now, for a look at what Siri looks like, as seen in Raj’s vivid imagination (from the Big Bang Theory):

The post What Can Siri Help You With Today? appeared first on Avira Blog.

Avira

Do Millennials Suck When It Comes To Security?

Leave a comment

Millennials (or Generation Y) are those who were born from the early 1980s to the early 2000s. A study now looked at the impact which generational attitudes have toward security issues and compared Millennials Generation X/Gen X (those born between 1965 and 1980) and the “baby boomers” (born between 1946 and 1964).

You would normally think that the Millennials know what they are doing when it comes to technology, considering that most of them grew up with it. But while it is a big plus when it comes to handling devices and navigating around the net, the sense of well-being also seems to be their Achilles heel and leads them to being more careless with privacy concerns and a few other security aspects. The study backs this up with some key findings:

  • “Millennials have the worst password reuse habits of all demographics: 85 percent admit to re-using credentials across sites and services.
  • Risky behavior can be found across demographics: 16 percent of millennials and 14 percent of Gen-Xers accept social media invites from strangers “most of the time.”
  • Millennials are most likely to find security workarounds: A combined 56 percent admit they would “very” or “moderately likely” evade restrictive workplace controls. “

On the other hand, the paper also shows that the other included generations show risky behavior as well (though not in the same areas: Baby Boomers for example may pose a rather big BYOD risk; 48% use personal devices to access work related content).

Nonetheless it would seem that Millennials are easy prey for hackers: Reusing passwords and being too trusting on social media (which may or may not lead you to fall victim to social engineering) can lead to unwelcome results.

The post Do Millennials Suck When It Comes To Security? appeared first on Avira Blog.

Avast

The Internet of Things (to be hacked)?

Leave a comment
The Jetsons (via philosophymatters.org)

Soon, we’ll be living like The Jetsons (image via philosophymatters.org)

By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman

As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.

When dealing with the devices that we’ve come to know and love, such as our Android phones or iPads, we already encounter a multitude of shortcomings within privacy policies, unintentional data leakages, and the transmission of tracking and personal data in clear text. Taking this a step further, it’s both intriguing and frightening to think about the challenges we will face as the Internet of Things (IoT) becomes more and more of a reality. In a recent article published by the Guardian, author Marc Goodman paints an evocative picture of a world powered by the IoT:

Because your alarm clock is connected to the internet, it will be able to access and read your calendar. It will know where and when your first appointment of the day is and be able to cross-reference that information against the latest traffic conditions. Light traffic, you get to sleep an extra 10 minutes; heavy traffic, and you might find yourself waking up earlier than you had hoped.

When your alarm does go off, it will gently raise the lights in the house, perhaps turn up the heat or run your bath. The electronic pet door will open to let Fido into the backyard for his morning visit, and the coffeemaker will begin brewing your coffee. You won’t have to ask your kids if they’ve brushed their teeth; the chip in their toothbrush will send a message to your smartphone letting you know the task is done. As you walk out the door, you won’t have to worry about finding your keys; the beacon sensor on the key chain makes them locatable to within two inches. It will be as if the Jetsons era has finally arrived.

So how can we use these space-age technologies to our advantage? Although most software is still in the process of being optimized for wearables and other emerging smart gadgets, there are three main things to be on the lookout for as we move into the IoT’s heyday:

  • Issues on devices that could result in device loss, poorly programmed apps, or attacks driven by social engineering
  • Transmission issues caused by low-level encryption on Wi-Fi or Bluetooth that could result in traffic sniffing, man-in-the-middle and redirection attacks
  • Storage issues in the cloud that could directly result in data breaches

The sure-fire way to defend yourself against these vulnerabilities is to use a VPN when connecting to open, unsecured Wi-Fi networks. Avast SecureLine VPN is available for Windows, Android and iOS.

Avira

“Unicode of Death” Crashes Your iPhone

Leave a comment

The newly discovered security flaw on iOS crashes different messaging apps (like iMessage and your SMS app – basically all apps that use Apple’s CoreText library) on your iPhone and possibly your Apple watch when being sent a specific string of text. In addition to that it causes your mobile to reboot immediately. The bug was first reported on Reddit.com where some people were complaining about it.

According to TheRegister, this is what happens once your mobile receives the message containing the “Unicode of Death”, a string of text including Arabic characters and different symbols: “The bug causes CoreText to access memory that is invalid, which forces the operating system to kill off the currently running program: which could be your text message app, your terminal, or in the case of the notification screen, a core part of the OS.”

And sickestdancer98 from Reddit explains: “I can tell you it is due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then “gives up” thus the crash. On a jailbroken device, this ultimately leads to safe mode. However, on a stock iOS device, there is no safe mode hence the respring after the crash. That is why this only happens when you are not in the message because the banner is what truly crashes the entire system. Is this a possible vulnerability? Maybe. Has this been around already? Roughly since iOS 6. Can it be fixed/patched? That, my friends, is up to Apple. I hope I cleared things up a little bit if it did help in anyway, shape, or form.“

Apple is already working on fix which they’ll make available in an upcoming software update. Until then there are a couple of workarounds floating around online, one if them being to just turn off the lock screen notifications for now.

The post “Unicode of Death” Crashes Your iPhone appeared first on Avira Blog.

Avira

Typosquatting tries to make a victim of everyone

Leave a comment

Reality sets the stage

The reality is that ‘legitimate’ sites – such as those provided by hotels, airlines, schools, or any other ‘official’ organization – can be and very often are infected by various types of malicious software (AKA malware). The malware, once installed, enables cybercriminals to capture private information parked on or passing through the computer of the unsuspecting website visitor.

In addition to our own Avira Protection Lab findings, even Google reports that the vast majority of websites infected by malware are legitimate sites that have been hacked – often without the organization behind the site even being aware of it. This is why IT security firms like Avira frequently contact companies to let them know that their official websites have been compromised.

Legitimacy distorted

With legitimate sites a larger potential target, and people going to them doing so with false confidence in their level of safety, smart cybercriminals know that there is deception potential, even if an organization takes all necessary security measures to ensure that its website is secure. Sometimes the most-effective attacks are against the simplest of human errors – in this case, the typo, and thus mistyped URLs serve hackers as a simple enough distortion of a legitimate site.

This method taking advantage of misspelled URLs is known as ‘typosquatting’. Also called ‘fake URL’, ‘URL hijacking’, and ‘brandjacking’, the approach relies on the human tendency to make an error when typing a web address into a browser’s address bar, taking advantage of the most likely spelling variants (e.g. phonetic) and errors (e.g. letter transposition) to set a trap for the unsuspecting typist.

What it looks like

A hacker using the typosquatting technique with www.example.com would use variants such as www.example.org, www.exampel.com, www.ecsample.com, and so on. Once the person arrives on one of the incorrect sites, he/she has landed on an infected webpage (or gets redirected to one of several or many owned by a ‘cybersquatter’).

In some cases, the fake site will also look just like the original site – same messaging, same graphics, same logo. In a best-case scenario, the infected page contains only advertisements, but some of these can act as malware by opening one after another even if you try to exit the page – a technique known as ‘mousetrapping’.

The hacker’s motive

Almost without exception, the motive is profit. In the case of ad-infected pages, hackers earn money by redirecting traffic to the ads, plus more when those ads are clicked (which is bound to happen, based on sheer numbers driven to them). In the case of malware-infected pages, hackers earn money by stealing private data that enables them access to bank accounts.

Your solution

Avira security software blocks malware and adware from installing on the potential victim’s PC, therefore preventing the theft of the Avira customer’s private data. While Avira Free Antivirus provides baseline protection (a level that everyone, without exception, should have as a bare minimum), Avira premium versions offer additional security layers and maintenance utilities to also keep your PC running like new.

The post Typosquatting tries to make a victim of everyone appeared first on Avira Blog.