Tag Archives: Technology

Avira

AMA on Reddit: Your Questions, Our Answers

Leave a comment

First of all we want to thank everyone who participated in voting up posts and asking question. Carlos really enjoyed answering you guys and loved the thoughtful and interesting queries (I specifically remember him saying more than once: “THIS is a good question! I could discuss it for a week.”). While some of them were a bit challenging to answer, he really tried to come up with something to say for every single one.

We are well aware though, that some of you probably didn’t have the time or opportunity to participate. That’s why we’ve decided to give you more time to ask your questions: Drop by whenever you feel like this week and just ask what’s on your mind. Carlos then will revisit the Reddit AMA post at the beginning of next week and answer the rest of the questions!

My favorite question was this one by the way:

Can jet fuel melt steel beams?
I’m not a physicist but despite other rumours (http://i0.kym-cdn.com/photos/images/original/000/920/259/143.jpg ) I’d still say yes. :)

But of course, there were also more than enough serious ones:

To my recollection, there are about 6 mil new malware discovered daily. How do you deal with such high numbers of new malware constantly appearing?
In our company we have many different ways to catch up to that huge quantity of files. The first thing that you need is to have large back-end systems that are able to manage that huge quantity of files together with different AI systems to classify them in a smart way. At the end, there will always remain hundreds of thousands of files that require a deeper (sometimes manual) look in order to improve or expand our AI systems. Yes and as you can imagine, it is an incredible amount of work.

You don’t know what to ask? Just take at the rest of the cool questions and answers from yesterday.

#content .entry-content
.bq{width:100%;border:1px
solid #dde5ed;color:#758fa3;margin-top:0px;margin-bottom:25px}#content .entry-content
.quest{margin:0px;font-weight:bold;font-size:14px;text-shadow:0px 1px 0px #f8fafb;padding:6px
11px;background:#eaeff5;border-top:1px solid #f4f7fa;border-bottom:1px solid #dde5ed}#content .entry-content
.text{line-height:19px;margin:0px;font-style:italic;padding:10px;background:#f8fafd}

The post AMA on Reddit: Your Questions, Our Answers appeared first on Avira Blog.

Avira

The Avira Online Essentials Dashboard: what’s essential about it?

Leave a comment

Nowadays, taking care of your digital security is no longer reduced to downloading an antivirus program to your personal computer and hope not to catch any viruses while surfing the web. Your digital life has become an extension of all your most important daily activities and you now have to worry also about things like the photos and videos stored on your mobile devices or your email account being breached. Not to mention, how do you protect your close ones when IT isn’t exactly their cup of tea?

Avira Online Essentials: Your dedicated dashboard to manage your security across multiple devices

What if we told you that we can grant all our users access to a dashboard that allows them to manage the security level across all the devices they own and for as many users as they wish? This dashboard is real, it’s called Online Essentials and it is truly…essential, see it for yourself in the video below.

The Avira Online Essentials dashboard gives you an overview of the security applications installed on all your devices and helps you do so for other users as well. You won’t have to worry anymore about your mom’s antivirus expiring without you knowing, it has never been easier to help her keep her computer’s protection up-to-date.

Surfing the web is also safer now that Avira has integrated the Browser Safety feature in the Online Essentials dashboard. You just have to make sure to install our browser extension and we’ll keep you away from malicious websites. To get any worries related to phishing attacks off your mind, we added the Identity Safeguard feature to the menu, so that you can be the first to know about data breaches that may have an impact on your email account.

You’ll enjoy being able to protect and manage your computer, tablet and smartphone’s security in one single place but wait, there’s more. In case you have trouble locating your mobile device, the anti-theft feature helps you find it, block it or even wipe all personal data stored on it remotely. This way, you make sure to prevent any unauthorized access to your private information. A full data report on your device can also be exported from the dashboard to help the police find your stolen smartphone or tablet.

There’s a lot of other cool stuff you can do directly from the Online Essentials dashboard, like organizing a remote connection session in case you need to take over the control on one of your devices from distance.

The best news about the Avira Online Essentials dashboard? It’s free for all Avira users! Register now and unlock all the cool features: http://www.avira.com/en/avira-online-essentials

The post The Avira Online Essentials Dashboard: what’s essential about it? appeared first on Avira Blog.

Avira

New Linux Rootkit Exploits Graphics Cards

Leave a comment

A rootkit PoC for Linux systems that runs on the processors and RAM of the graphics cards, Jellyfish is able to access the computer’s memory without having to route through the computer’s CPU. As CPUs are slower than GPUs for making calculations, GPUs are already used partially by some cryptocurrency-mining malware (e.g. to steal Bitcoins). But Jellyfish is the first malware to run entirely via the GPU, and works with Nvidia, AMD, and even Intel, if the latter is “supported through the AMD APP SDK, a software development kit that allows GPUs to be used for accelerating applications,” says Constantin.

As graphics-card-only malware has never been an exploitable area before, security software developers like Avira would need to engineer security efforts in yet another new direction. Although early reports indicate that Jellyfish is in a beta stage, unfinished, with some bugs, and currently requires OpenCL drivers installed on the targeted system in order to work, it could inspire future variants by those looking to exploit such vulnerabilities for personal gain (AKA cybercriminals).

After a 2013 research paper (pdf) titled “You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger,” the same research team behind Jellyfish has also developed a keylogger called ‘Demon’, which also works via the GPU.

Security firms may definitely have our hands full in coming months, it seems.

The post New Linux Rootkit Exploits Graphics Cards appeared first on Avira Blog.

Avira

WordPress: Compromised Sites Leaking User Credentials

Leave a comment

Only recently there were several reports of WordPress plugins and themes with vulnerabilities:  Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.

This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.

They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.

Avira

Hackers-For-Hire: It’s This Cheap to Hack Your Account

Leave a comment

That’s only partly true. Business Insider released an interesting list that tells you how much it costs to get different accounts hacked. According to the page hacking a generic website is quite expensive when compared to the other options: You’ll have to pay as much as $2000 to get it done. Getting Facebook account access is a lot cheaper with only $350 and the one for Gmail would only cost you $90. One popular hacker apparently even offers to boost Yelp reviews!

Let’s face it. If you know the right search terms you’ll be able to find almost everything. “While it’s well-known that the dark web offers black market marketplaces for things like drugs and firearms, so too are there places where hackers offer up their skills for a fee. These hackers-for-hire offer a wide-ranging menu of services, many of which are likely not legal, “ writes Business Insider, and one of the pages offering some of the services reads: “Hiring a hacker shouldn’t be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience.”

Hacking as something for the mass market? Of course – hackers-for-hire would come in handy if you really need to break into your own accounts; but how often does that really happen? While the above site states in their Terms of Use that “you agree to act responsibly in a manner demonstrating the exercise of good judgment. For example and without limitation, you agree not to: violate any applicable law or regulation, infringe the rights of any third party, including, without limitation, intellectual property, privacy, publicity or contractual rights, etc.” one can only wonder how legitimate the requests made are in the end.

If there is one thing we can take from all of this, it’s that account safety should be takes more serious than ever.

The post Hackers-For-Hire: It’s This Cheap to Hack Your Account appeared first on Avira Blog.

Avira

Ex-NSA Guy Points to Mac Security Flaws

Leave a comment

Whereas Apple develops its iOS with security a part of the process, with OS X development security seems to be more of an afterthought. ‘Bug bounty’ programs are one direction suggested for Apple, but until there is a change in the current approach, the vulnerabilities remain open to any would-be hackers.

At the recent RSA Conference in San Francisco, Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.

More advanced Mac attacks, such as the ‘Rootpipe’ backdoor, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.

AV-Test, a leading independent computer security testing firm, recently tested 10 different Mac OS X security software packages (you can read the full report here), writing that:

“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”

In AV-Test’s analysis, Avira Free Antivirus for Mac earned a 100% detection score against 160 new Mac-specific viruses and malware. If you’re taking chances with no security on your Mac, do yourself a favor and take care of it right now – FREE DOWNLOAD.

The post Ex-NSA Guy Points to Mac Security Flaws appeared first on Avira Blog.

Avira

Smart Cities – Intelligent but Vulnerable

Leave a comment

Air conditioning that is shutting off automatically once you leave the building, apartments who call the fire department when it’s burning – those are just some of the things that scientist Anthony Towsned describes in his book “Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia”.

And some of what you’d dream up for smart cities is already reality! Just take a look at New Songdo, a city that’s being built in South Korea. Trash, transportation and energy will all be controlled centrally. Residents are going to use smart cards as an ID, key, and payment method. Sounds innovative and like a dream, right?

Now if you believe this to be cool, just imagine what a paradise it will prove to be for hackers! Even now with the limited interconnection we have it is already possible to mess with traffic lights to jam roads and reroute cars. A lack of quality encryption makes it easy for hackers to just invade the system and screw around with it.

The more technology a city is using the more it becomes vulnerable to cyberattacks; the smartest cities are at risk the most, says Cesar Cerrudo, an Argentinian security researcher. He suggest that smart cities should secure their networks better to prevent scenarios like the one above. Let’s just hope that people take his advice seriously, otherwhise the dream of a smart city might end up to be a nightmare.

Head over to Golem.de to read the whole article (only available in German).

The post Smart Cities – Intelligent but Vulnerable appeared first on Avira Blog.

Avira

World Password Day: Make Sure Your Password is Secure

Leave a comment

If you are like me, you have a love-hate relationship with passwords. You know you need them. You love them, because you they keep your data and internet-self secure. You hate them, because you have to come up with good ones in order to do so and because if they are finally really good, you most likely will forget them at one point.

So what to do?

The easiest solution would be to get a password manager that automatically 1) Generates complex passwords, 2) Encrypts and store them for you.

A run-of-the-mill six-letter password has 310 million possible combinations – and can be cracked by a fast PC in 30 seconds. The kinds of passwords generated by a password manager would take 23 years …

A password manager is out of the question for you? Then make sure you at least consider the following security tips:

  • Use a unique password for each of your accounts. When a website gets hacked one of the first things bad guys do is checking out if your username/email-address/password combination works on other (high-profile) pages.
  • Your password should consist of at least eight characters. It should include upper- and lower-cases, numbers, and special characters.
  • Try and create passwords that can’t be found in a dictionary. Hackers nowadays have programs that cycle through dictionaries to check if they can access your account.
  • Don’t use character strings like 12345, abcde, qweertyui, etc.
  • Use passwords that can’t be associated with you: Your dog’s name, birthday dates of family members or yourself or your favorite sport are a no go.
  • Change your password regularly – especially when it comes to your email and online banking/online payment accounts.
  • Don’t write down your password and do never ever share them.

If you have trouble coming up with a good, strong, and complex enough password, try one of the many password generators out there. Just make sure to remember it afterwards. 😉

What are your password tips?

The post World Password Day: Make Sure Your Password is Secure appeared first on Avira Blog.

Avira

From Hacker to Security Force

Leave a comment

Well – at least Kevin Mitnick decided to do so. In the early 90s Mitnick became the world’s most wanted hacker. He hacked into and stole corporate secrets of more than 40 major corporations. Some even suspected him of wire-tapping the FBI. No wonder he eventually ended up on the FBI’s most wanted list!

The fact that he managed to elude being captured for years just proves how careful, successful and good he was at what he was doing. It took another computer expert, namely Tsutomu Shimomura, to track him down in the end.

According to news.com.au Mitnickwas charged with wire fraud, interception of wire or electronic communications, possession of unauthorised access devices, unauthorised access to a federal computer and causing damage to a computer. After five years behind bars he was finally released from prison in 2000.

We already know what life currently looks like for Higinio Ochoa, another convicted hacker. Mitnick decided to use his skills for good and founded his own company, Mitnick Security. In addition to that he has written and published several books and is a public speaker.

To find out more about Mitnicks life as a hacker and his current activities, head over to news.com.au to read the whole article.

The post From Hacker to Security Force appeared first on Avira Blog.

Avira

PayPal says: This Microchip Will Be Your Password

Leave a comment

First off there is Yahoo, who wants you to unlock mobile phones with your ears and knuckles. Then there is research going on which is centered on the “secrets” you and your smartphone share. And now PayPal has its own idea on what the new way to make your password safe and easy should look like.

The idea is actually a rather simple one. Instead of having to remember your password and trying to make sure that it stays really secure so that no one can steal it, PayPal wants you to swallow a pill. It’s not a normal pill though but one which thrives in the acid environments of your stomach. Embedded in it is a tiny microchip with all relevant information – it will allow you to log into your account without ever having to create and/or remember a password again.

According to PayPal the next wave of passwords will be edible, ingestible or injectable.

Tweet

Johnathan Leblanc, the Global Head of Developer Evangelism at PayPal, believes that the next wave of passwords will be edible, ingestible or injectable and will remove the  – what he calls – “antiquated” ways of confirming your identity. To protect against being hacked all data would be of course encrypted.

Find out more about this and other ideas from PayPal in the report from the Wall Street Journal.

The post PayPal says: This Microchip Will Be Your Password appeared first on Avira Blog.