September’s breach of Home Depot that saw 56 million sets of credit and debit card data stolen was not the only thing lost in the leak, the company has revealed.
The post Home Depot breach: hackers took 53 million email addresses appeared first on We Live Security.
Eavesdropping is a major concern when we talk about the security of home WiFi networks. People around you, your neighbors in the next apartment, or even your own government, can discover anything flowing through your Internet traffic. Your personal data, like passwords and log in credentials, your credit card numbers, and  your photos and videos, are at risk.
Your WiFi network is not secured
We have written a lot about how to protect our communications using a VPN. To summarize, a Virtual Private Network, or VPN, is an encrypted tunnel where your data travels from your computer to a secure server on the Internet. Avast SecureLine is a VPN that you can use when outside of your home; at cafes, hotels, or airports.
Get your home network secure
But now, it’s time to bring your attention to your home network security. Your router should be correctly set to achieve the highest level of protection. Until you secure your router, you’re vulnerable to people accessing information on your computer, using your Internet service for free, and potentially using your network to commit cybercrimes.
There are basically three levels of security on a home router. These come in types of encryption. They are WEP, WPA and WPA2. These strange acronyms refer to different wireless encryption protocols which protect – in fact, encrypt – the information you send and receive over a wireless network.
WEP (Wired Equivalent Privacy) was the first protocol used in late 90s. It should not be used nowadays as it has serious security weaknesses which are easily hackable by even the most novice hacker. So, the first wise thing to do is move away from WEP. Your router must be quite old if you can’t do that, and you should consider purchasing an updated one, or ordering a new one from your ISP.
WPA (WiFi Protected Access) replaced WEP, but very soon after that, WPA2 replaced WPA. WPA2 implements the latest security standards, especially for data encryption with AES (Advanced Encryption Standard), a strong encryption algorithm.
Using WPA or, better, the WPA2 protocol, means that when any device tries to establish a connection to your wireless network, it will be prompted to enter the security key or password to connect.
Most wireless routers allow you to select WPA2 during the setup process. Unfortunately, the default in many wireless devices is WEP or, even worse – nothing -Â which means anybody in range can connect to your WiFi to use the bandwidth and access your other devices (printer, network disk, etc.).
What to do at home
Avast Home Network Security scans for vulnerabilties.
Verify your wireless network router (or other access point) supports WPA2. If necessary, go to your router manufacturer site and search for the latest firmware to be downloaded and applied according to its instructions. Apply compatible WPA2 settings on each WiFi device, choosing the WPA2 encryption and the correct authentication info.
Although encrypting your traffic won’t protect you from rogues, denial-of-service (DNS) attacks or interference, it will ensure secure wireless communication.
Also, change the default password. Make sure the one you use is long and strong, using a mix of numbers, letters and symbols.
Avast 2015 includes a Home Network Security scanner that can help you determine what needs to be done, explain why, and can direct you to the router manufacturer’s website. Read more about it on our blog, Your home network is at risk of cybersecurity attacks.
Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.
Â
Avast 2015 Home Network Security scans for vulnerabilities in your router.
Complete protection is why the developers at Avast Software decided to include a security feature called Home Network Security (HNS) in the new Avast 2015. HNS is all about scanning your router for vulnerabilities and identifying potential security problems that open the door to threats. Routers are the weakest security point in many home and small business networks these days, so this is a very valid and needed feature.
Here comes the problem. There are zillions of different routers available around the world, but the majority of users just acquire one “that works and is not so expensive†or they get whatever their ISP gives them.  That means the security is already compromised. HNS has been conceived to solve these major threats:
Avast can help you protect your home network
With Home Network Security  on all  Avast security products, we can translate this into security protection for you. This 7-part series published on the Avast blog this month will show you what to do to enhance your network security and how Avast can guide you through the task.
Before we continue, know that there are a lot of free guides available from the major router manufacturers that provide step-by-step information. Take a look, for instance, here. Look for your model and read a bit. Remember, all you learn will work toward protecting your network. You can also download and install a router detector that could help you in this job.
Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.
A special Parliamentary Select Committee has told peers in the United Kingdom’s House of Lords that there will be a global shortage of “no less than two million cyber security professionals” by the year 2017, IT Pro Portal reports.
The post Global cybersecurity skills shortage incoming, warns House of Lords committee appeared first on We Live Security.
The BBC reports that there is currently one Wi-Fi hotspot for every 150 people in the world, but these unmonitored hotspots can potentially cause problems, experts have warned. ESET security expert Mark James highlighted that people’s desire for a ‘free lunch’ shouldn’t cloud their judgement when it comes to security and privacy issues, especially in cases
The post Rise of free Wi-Fi hotspots ‘presents serious security risks’ appeared first on We Live Security.
URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…
For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.
URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature†– and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:
“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.â€
Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.
Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:
Phishing |
Malware |
|||
| # | Shortener | % | Shortener | % |
| 1 | tinyurl.com | 41.30 | k.im | 27.87 |
| 2 | bit.ly | 15.29 | notlong.com | 27.05 |
| 3 | r2me.com | 12.04 | tinyurl.com | 18.85 |
| 4 | snipurl.com | 7.16 | cli.gs | 7.38 |
| 5 | lu.mu | 6.50 | bit.ly | 7.38 |
| 6 | doiop.com | 4.52 | doiop.com | 4.10 |
| 7 | notlong.com | 3.55 | ad.ag | 2.46 |
| 8 | is.gd | 1.93 | is.gd | 1.64 |
| 9 | tiny.cc | 1.81 | tr.im | 0.82 |
| 10 | sn.im | 1.69 | snipurl.com | 0.82 |
| 11 | k.im | 0.96 | ow.ly | 0.82 |
| 12 | shorl.com | 0.66 | dwarfURL.com | 0.82 |
| 13 | tr.im | 0.60 | zi.ma | 0.00 |
| 14 | goo.gl | 0.54 | u.nu | 0.00 |
| 15 | ow.ly | 0.48 | tiny.cc | 0.00 |
| 16 | cli.gs | 0.30 | sn.im | 0.00 |
| 17 | u.nu | 0.18 | shorl.com | 0.00 |
| 18 | moourl.com | 0.18 | r2me.com | 0.00 |
| 19 | idek.net | 0.12 | moourl.com | 0.00 |
| 20 | dwarfURL.com | 0.12 | lu.mu | 0.00 |
| 21 | zi.ma | 0.06 | idek.net | 0.00 |
| 22 | ad.ag | 0.00 | goo.gl | 0.00 |
Source: Avira Virus Lab, taken from the month of July, 2010.
To give you an example, would you click on the following link?
www.ssl-albion-netbank.com/143.027.902
Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).
The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).
Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety
The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.
URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…
For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.
URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature†– and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:
“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.â€
Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.
Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:
Phishing |
Malware |
|||
| # | Shortener | % | Shortener | % |
| 1 | tinyurl.com | 41.30 | k.im | 27.87 |
| 2 | bit.ly | 15.29 | notlong.com | 27.05 |
| 3 | r2me.com | 12.04 | tinyurl.com | 18.85 |
| 4 | snipurl.com | 7.16 | cli.gs | 7.38 |
| 5 | lu.mu | 6.50 | bit.ly | 7.38 |
| 6 | doiop.com | 4.52 | doiop.com | 4.10 |
| 7 | notlong.com | 3.55 | ad.ag | 2.46 |
| 8 | is.gd | 1.93 | is.gd | 1.64 |
| 9 | tiny.cc | 1.81 | tr.im | 0.82 |
| 10 | sn.im | 1.69 | snipurl.com | 0.82 |
| 11 | k.im | 0.96 | ow.ly | 0.82 |
| 12 | shorl.com | 0.66 | dwarfURL.com | 0.82 |
| 13 | tr.im | 0.60 | zi.ma | 0.00 |
| 14 | goo.gl | 0.54 | u.nu | 0.00 |
| 15 | ow.ly | 0.48 | tiny.cc | 0.00 |
| 16 | cli.gs | 0.30 | sn.im | 0.00 |
| 17 | u.nu | 0.18 | shorl.com | 0.00 |
| 18 | moourl.com | 0.18 | r2me.com | 0.00 |
| 19 | idek.net | 0.12 | moourl.com | 0.00 |
| 20 | dwarfURL.com | 0.12 | lu.mu | 0.00 |
| 21 | zi.ma | 0.06 | idek.net | 0.00 |
| 22 | ad.ag | 0.00 | goo.gl | 0.00 |
Source: Avira Virus Lab, taken from the month of July, 2010.
To give you an example, would you click on the following link?
www.ssl-albion-netbank.com/143.027.902
Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).
The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).
Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety
The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.
Sounds obvious – right? But can you always tell? For instance, if several bloggers contribute posts to the same account, will you know who was supposed to post which article and when? And if you use a service like NetworkedBlogs to automatically publish links from your blog to your Twitter and Facebook accounts, do you really carefully check every tweet and post?
Recommendation:
If you notice unexpected posts on your social media accounts, delete them immediately and change your password.
Most social media services these days enable you to check the location of the last logins – even if they tend to be approximate. So if you are in Germany and you see that someone logged in on a different continent, chances are your account was hacked.
Recommendation:
Regularly check the locations where you supposedly logged in. If you notice an open session in an unexpected location, terminate it. A step-by-step guide on how to do that in Facebook can be found here.
Ever heard of likejacking? It is a derivative of “clickjackingâ€, but specific to Facebook. It works as follows: you are lured onto a page with an attractive post, such as the “10 funniest television bloopers†or “watch this baby panda sneezeâ€. The page is composed of two layers – a front layer, which is a cute sneezing panda, and a back layer, with a Facebook “Like†button, which follows your cursor wherever you click. As soon as you do so, you’re Facebook page will get flooded with ads…
Recommendation:
On Facebook you have the ability to check which apps you have liked and can disable them. If you don’t know the apps that you find there, remove them from your profile – a hacker may have liked them to get money for every purchase made form those ads. Make sure that their posts are also gone.
Assuming that you didn’t simply forget your password, it might be that someone accessed your account and changed your password. Please note that if this is indeed the case, most probably the cyber criminals have also replaced the email address used to recover the password.
Recommendation:
Contact the owner of the platform (e.g.: Facebook, Twitter) – it’s the best way to claim your account back.
Are you now following lots of new and unknown people? For example, malware may hijack your account and make you follow spambots on Twitter or Facebook. This then further spreads malicious URLs to more people. The same applies for a host of private messages/tweets sent from your account – unbeknown to you.
Recommendation:
Change your password immediately. Optionally, we recommend you delete the posts and let everyone know that they should not click on the links posted from your account during the period of time when you were hacked.
If you think you may own a hacked social media account, you can contact the owner here:
The post 5 signs of a hacked social media account appeared first on Avira Blog.
Sounds obvious – right? But can you always tell? For instance, if several bloggers contribute posts to the same account, will you know who was supposed to post which article and when? And if you use a service like NetworkedBlogs to automatically publish links from your blog to your Twitter and Facebook accounts, do you really carefully check every tweet and post?
Recommendation:
If you notice unexpected posts on your social media accounts, delete them immediately and change your password.
Most social media services these days enable you to check the location of the last logins – even if they tend to be approximate. So if you are in Germany and you see that someone logged in on a different continent, chances are your account was hacked.
Recommendation:
Regularly check the locations where you supposedly logged in. If you notice an open session in an unexpected location, terminate it. A step-by-step guide on how to do that in Facebook can be found here.
Ever heard of likejacking? It is a derivative of “clickjackingâ€, but specific to Facebook. It works as follows: you are lured onto a page with an attractive post, such as the “10 funniest television bloopers†or “watch this baby panda sneezeâ€. The page is composed of two layers – a front layer, which is a cute sneezing panda, and a back layer, with a Facebook “Like†button, which follows your cursor wherever you click. As soon as you do so, you’re Facebook page will get flooded with ads…
Recommendation:
On Facebook you have the ability to check which apps you have liked and can disable them. If you don’t know the apps that you find there, remove them from your profile – a hacker may have liked them to get money for every purchase made form those ads. Make sure that their posts are also gone.
Assuming that you didn’t simply forget your password, it might be that someone accessed your account and changed your password. Please note that if this is indeed the case, most probably the cyber criminals have also replaced the email address used to recover the password.
Recommendation:
Contact the owner of the platform (e.g.: Facebook, Twitter) – it’s the best way to claim your account back.
Are you now following lots of new and unknown people? For example, malware may hijack your account and make you follow spambots on Twitter or Facebook. This then further spreads malicious URLs to more people. The same applies for a host of private messages/tweets sent from your account – unbeknown to you.
Recommendation:
Change your password immediately. Optionally, we recommend you delete the posts and let everyone know that they should not click on the links posted from your account during the period of time when you were hacked.
If you think you may own a hacked social media account, you can contact the owner here:
The post 5 signs of a hacked social media account appeared first on Avira Blog.
Before one can tell if a file is malicious or clean,
it’s important to determine the file type,
and then if the file is valid or corrupted:
If the file is indeed corrupted (aborted download…), there is no point in checking further. However, pretending to be corrupted while being valid is a way to evade detection: if the file can still run properly, it might infect a user and exploit a system, even if it may look invalid according to the official specifications.
So your reaction might be:
“Just do your work properly, and implement the official specifications”.
Sadly, it’s not that easy:
because the official specifications are typically far from enough. They only cover the general case of what should be required in theory, not all the corner cases of everything that would actually execute in reality. Official specifications are not enough.
For example, the official Adobe PDF specifications say that a PDF shall start with a signature from 8 possible values (%PDF-1.0 until %PDF-1.7). This sounds easy to check and implement, right ?
Sadly, in practice it’s quite different: Adobe Reader itself just accepts %PDF-1. , or %PDF- followed by a NULL character, and at any position within 1024 bytes.
So, the official PDF reader itself doesn’t strictly follow the official PDF specifications, made by the same company, and what it actually does is not even documented anywhere. If you want to create a robust tool, then you can be sure that official specifications are not enough !
So, if the official tool does something out of bound and undocumented, nothing prevents readers to do follow different undocumented behaviors. So the same files could lead to different interpretations, and none of them is perfectly documented!
A PDF file is made of objects. PDF objects should end with the endobj keyword.
Some objects, like the content of a page, are stream objects.A stream should be closed via the endstream keyword, and then this object should end with the usual endobj keyword.
First, ‘endstream’, then ‘endobj’.
Several readers force the end of a stream of an object if the word ‘endobj’ is present before the ‘endstream’, which means you can’t print the string “this is an endobj” as is, because it will be interpreted as the end of the object, and at the same time, the end of its stream.
The consequence? After an ‘endobj’ word in a stream, some readers will stop parsing as a stream, while others will go on until ‘endstream’ is encountered.
However, parsing the root defining element of the PDF – the trailer – doesn’t explicitely require to parse an object-like structure.
What if the trailer is defined in such an ambiguous object in a PDF (hand-made PoC, for clarity)
Some readers will parse this trailer, some won’t. So some readers will see totally different documents, with the same file:
The post Official specifications are not enough appeared first on Avira Blog.
