Latest Posts
Browsing Category
"Android"

Not recover from attacks Heartbleed , now no longer a new vulnerability gap in security protocol OAuth 2.0 and OpenID .
Is
Wang Jing , a doctoral student at Nanyang Technological University in
Singapore has seen a bug that allows hackers to use phishing techniques
in an attempt to steal user details logil unnoticed . Similarly, as quoted PULSAonline via CNET .
The
bug basically allows cyber criminals to use a real web authentication
to turn a popup phishing , instead of the more common ways to make a
fake domain . Well , in the process , the hacker will receive a user login credentials .
Cracks vulnerability is said to have plagued many famous sites ,
including Facebook , Google , Yahoo , LinkedIn , PayPal , and Microsoft .
Google ( which uses OpenID ) said it amid the problem track . While LinkedIn says that the company has published a blog related issues being talked about this . The software giant , Microsoft , claims to have conducted an
investigation while the associated vulnerability exists in the domain of
a third party and not on his site .
To patch the vulnerability gap Wang said not as easy to say . However , Wang also said that if all third-party applications are
strictly adherent use the white list , there is no space for an attack .
" Patching the vulnerability gap is easier said than done . If all third-party applications are strictly adherent using a white list , there will be no room for an attack , " said Wang .
Furthermore
wang said , because in the real world , the majority of third-party
applications do not adhere to it , making OAuth 2.0 based system or
OpenID becomes very vulnerable .
Symantec recently detect phishing emails related to Heartbleed Bug. Phishers attempt to collect information by posing as an insurance service U.S. military attack with messages about Heartbleed.
Bug Heartbleed is a newly discovered security vulnerabilities that affect OpenSSL versions 1.0.1 up to 1.0.1f. This vulnerability is fixed in OpenSSL 1.0.1g. Symantec security report provide greater detail on the bugs and offer steps to fix it.
Spammers and phishers are known to use news and popular topics to disguise their payloads. In the case of a phishing email, phishers often use security concerns to justify and disguise their social engineering methods. The contents of this email try
to force the incoming message recipients to divulge sensitive information.
In this case, phishers send an email like this.

There are a couple of interesting things from the above example that must be disclosed .
According to the X - Mailer header , sender using a very old email client ( Microsoft Outlook Express 6.00.2600.0000 ) . Although many users are still using the old email software , it is
highly unlikely the modern online business will use a desktop email
client to send security notifications .
Note the unusual grammar to use "has initiate " . Often, phishers will try to capitalize on new topics quickly . As such , they usually will make grammatical errors because of the pressure to deliver new phishing soon as possible . Email phishing is also often delivered by people who do not speak English as their first language .
In addition , it aims to be a phishing email security warnings from
U.S. military service leading insurance but contains the " Sign In"
which actually refers to a Turkish manufacturing site that has been
compromised .
While this is not an exhaustive list of the factors to identify
phishing email , it highlights some of the irregularities and
inconsistencies that are often seen in the spread of phishing .
As
stated in the official Advisory Heartbleed Symantec , Symantec warns
users to be wary of any email that asks for personal information that is
new or updated . Users should not click on any link to reset the password or the software updates in the message . If users need to update or change their personal information , you should immediately visit the website .
Although still lagging behind in terms of advertising revenue over iOS, but Android is reported to have passed the number of ad impressions IOS.
Like the latest data from Opera MediaWorks ad tracking that shows that for the first time Android surpassed iOS in the number of mobile ad impressions, as reported by 9to5google.
From these data indicate that Android devices, both phones and tablets, accounted for 42.8% of mobile ad impressions, while iOS devices accounted for less by 38.2%.
But even so the Apple iPhone and iPad are still generating better ad revenue, with 52% receiving.
Android is gradually rising in the second position on advertising revenue and traffic in recent years, beating the BlackBerry and Symbian.
Google OS is up more than six points compared to this time last year, and now controls 33.5% of global advertising revenues. This shows most of this thanks to the many devices that use Android, which now reaches nearly 80% of all smartphones according to IDC.
Samsung still occupies the first position as the top vendor of Android devices, which get the percentage up to 60% of all mobile ad impressions in the first quarter of this year. Mobile ads mainly driven by the U.S. market, which accounts for over 50% of all ad traffic. As for the Asia-Pacific region come from emerging markets like China which is almost 23%, while Europe accounted for only 13%.
The most dangerous security hole in the history of the internet, which reveal Heartbleed OpenSSL security vulnerabilities seized the attention of many observers of the world of cyber security.
However, the number of bug reports Heartbleed actually makes a lot of people are confused to understand what it Heartbleed. Here is a collection of myths circulating about Heartbleed wrong.
1 . Heartbleed is a virus
OpenSSL bug is not a virus , but a security hole . The loophole arises because of a typing error code in open-source encryption protocol used by many websites and servers .
OpenSSL function to help ensure inter - network communications are protected . With the open security holes , one can monitor personal communication or log events , and interesting data.
2 . Effects Heartbleed only affected the web site
Although only affected the site , Heartbleed could interfere with the work of web servers and routers are breached . This is because a lot of the amount of data that can be stolen .
However , web servers and routers are not the only potential targets Heartbleed this bug . Clients that communicate with the server , including smartphones ,
laptops , and other devices that connect online also at risk with what
is called " Reverse Heartbleed , " where the data is stored in the
memory device can also be stolen .
" Usually on the client side , the memory allocated to processes that
are running alone , so that all processes can not be accessed , " said
David Chartier , CEO of the Finnish internet security company ,
Codenomicon to ReadWrite ( 14/04/2014 ) .
" However , that does not mean the content of e - mails and other documents safe , they may still leak , " said Chartier .
3 . Hackers can use to mengonrol smartphones
Based on all current indications , a hacker can not take over control
of smartphones , they can only retrieve data stored in the memory of the
smartphone that has not been getting security patches .
iPhone and most Android devices so far remained immune to this bug Hearthbleed , with the exception of Android 4.1.1 . But Google has said it will soon release a security patch for the operating system .
BlackBerry has said that BBM app for Android and iOS are also affected
by this bug Heartbleed , but the Canadian company said it was preparing
fillings for a gap in the service of his messenger .
4 . Prone Heartbleed Windows XP is no longer supported because Microsoft
This myth wrong . Microsoft Windows XP support ends when the bug Heartbleed found . This of course makes panic . However , Microsoft insists its developer blog that the company from Redmond , the U.S. does not use OpenSSL .
Windows XP , and all versions of Windows , including Windows Phone ,
using encryption component developed by Microsoft itself , namely the
Secure Channel ( or SChannel ) , so it is not affected by the bug in
OpenSSL .
5 . All banks are vulnerable to Heartbleed
Banks
and selling sites are popular not use open-source encryption protocol ,
so we can be sure their website is not directly affected . However , it does not mean the data is stored in a bank or selling the
site remains safe , because forever these sites targeted by hackers .
6 . Frequently accessed site is not at risk / already have security patches , so I'm safe .
Not entirely , because Heartbleed leave no trace after hackers managed to retrieve the data . All data login and password information remains at risk . Because it immediately change the password so such websites issuing security patches .
7 . Heartbleed NSA utilizes a long time to spy on us
Circulated the news that said that the U.S. intelligence agencies ,
the NSA had known bug in OpenSSL , but chose to remain silent and to use
it to conduct espionage .
However
, the NSA denied it and said that it was not using the security hole ,
and a new claim to know the gap after it was announced . But
if the NSA telling the truth or not , nobody knows , considering how
the track record of the government agencies has been in hiding
information .
After the release of Module Developer Kit (SDK) for Ara project last week, Google is now rumored to be releasing Android updates to devices Ara in December, followed by the release from the smartphone in the first Ara January 2015, as reported by gizmodo.
Ara Project allows users to configure the purchase in a variety of ways, including custom colors, images, and of course where the required components in the device. Also available in 3D texture molds, which can produce the desired module corresponding users.
Google experimenting with the mobile phone customization tool for Moto X Moto Maker, so you can expect a much more complicated version from the Christmas Project fig.
I hope that Ara will be a smartphone that can be used for 5-6 years, during which the user can change the CPU or the camera as needed. It is better than having to buy a new device.
Ara also has the potential to drastically change the smartphone, including a number of third-party applications.
Android looks set to soon receive new UI design, it is known from the leaked screenshots recently revealed. If seen from the leaked screenshots, the icons in the new Android UI iconography is inspired from the Google site. This new style of display is called Moonshine, which gave rise to shadow and color contrasts. Obviously this leak is not 100% trustworthy