Aug 23

McAfee upgrades Android privacy protection in new Mobile Security

A new version of McAfee Mobile Security helps Android device users keep control of their personal information.

Rather than simply reporting on app permissions, the new version of McAfee Mobile Security also uses a reputation database to check the possible destinations of data sent by apps.

This helps to prevent data being delivered to adware and spyware networks, according to company officials.

They also pointed out that comScore has found 33% of apps ask for more permissions than they need to perform the stated functions, and that according to the University of California Berkeley 97% of users do not understand the relationship between permissions and risks.

“Android apps can ask for 124 types of permissions – these apps could be invading your privacy and exposing your personal life,” said Luis Blando, vice president of engineering, McAfee.

 “With McAfee Mobile Security, consumers can now filter their App Alert notifications to just those apps that are using permissions of interest or concern to the user.”

Other features include malware detection, ‘safe surfing’, SMS filtering, and anti-theft measures.

The $29.95 McAfee Mobile Security is available from Google Play, and also from McAfee’s site which allows a free trial.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/08/mcafee-upgrades-android-privacy-protection-in-new-mobile-security/

Aug 22

Microsoft says don’t use PPTP and MS-CHAP

Microsoft is warning of a serious security issue in MS-CHAP v2, an authentication system that is mainly used in Microsoft’s Point-to-Point Tunneling Protocol (PPTP) VPN technology. Three weeks ago at the Black Hat conference, encryption expert Moxie Marlinspike presented the CloudCracker web service, which can crack any PPTP connection within 24 hours for $200.

The basic problem has been known for many years: MS-CHAP v2 uses a strangely convoluted combination of three DES operations. This combination can reliably be cracked by trying out all 256 possible DES keys – no matter how complex the password is. A specially developed server can finish this task in less than a day using FPGAs.

Once a PPTP log-in process has been recorded using a network sniffer, the chapcrack open source tool can extract the required tokens, and the key can be cracked for $200 by CloudCracker; this key can then be used to decrypt all the network traffic. The same is also true for corporate Wi-Fi networks that are encrypted with WPA2 and MS-CHAP2. Their MS-CHAPv2 challenge-and-response traffic can be intercepted with FreeRADIUS-WPE and then fed to chapcrack as before.

Two basic strategies can provide more security: either the MS-CHAP authentication traffic is given its own, separately encrypted tunnel – Microsoft recommends the Protected Extensible Authentication Protocol (PEAP) for this purpose – or the system is migrated to a secure VPN technology. Microsoft’s suggested alternatives include L2TP/IPSec, IPSec with IKEv2 and SSTP. The OpenVPN open source protocol is not listed in the recommendation.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/08/microsoft-says-dont-use-pptp-and-ms-chap/

Aug 22

Multi-platform spyware penetrates smartphones and VMs

In late July, virus researchers discovered a trojan going by the names Crisis and Morcut that uses a number of techniques to spy on Windows and Mac OS X users. It installs a backdoor in the system and then uses rootkit functionality to conceal itself from the system. Crisis includes a wide range of espionage tools, allowing it to perform functions such as eavesdropping on Skype calls, keylogging and tapping into webcams.

Anti-virus company Symantec has now discovered that, when running under Windows, the malware has a number of other interesting tricks up its sleeve. Crisis searches for VMware images and infects them with a copy of itself. It also uses the Remote Application Programming Interface (RAPI) to install modules on any devices running Windows Mobile (the forerunner to Microsoft’s current Windows Phone operating system). What exactly these modules do there is not yet clear – Symantec’s virus lab has not managed to get hold of them.

With the help of a little social engineering, the malware appears to be being spread via a Java file named AdobeFlashPlayer.jar, which is signed using a self-signed VeriSign certificate. If a user opens the file and chooses to ignore the error message generated by the self-signed certificate, separate payloads for Windows or Mac OS X are executed depending on the operating system on which the file is opened.

It is notable that this piece of spyware has not yet been observed in the wild by any of the major anti-virus software companies. Samples were uploaded to anti-virus service VirusTotal, which passed them on to the virus labs. Its limited distribution suggests that Crisis is being used for targeted attacks, along the lines of those carried out using commercial trojan toolkit FinSpy, sold by Finfisher. According Russian AV company Dr Web, this is the latest specimen of Italian company HackingTeam’s Remote Control System, also known as Da Vinci.

The company sells its spyware as a “hacking suite for governmental interception” and, among other things, its product brochure promises the ability to eavesdrop on Skype calls. As well as Windows and Mac OS X, Da Vinci also supports iOS, Android, Blackberry, Symbian and Linux. Close inspection of the screenshots in the brochure suggests that Da Vinci also appears to be able to divulge the current location of the person under surveillance.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/08/multi-platform-spyware-penetrates-smartphones-and-vms/

Aug 22

Adobe Flash Player update patches six critical holes

Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another bug that was fixed is a cross-domain information leak. The problems exist in Flash Player 11.3.300.271 and earlier versions on Windows, Macintosh and Linux, and in the Android versions 11.1.115.11 (Android 4.0) and 11.1.111.10 (Android 3.x and 2.x) and earlier.

All six vulnerabilities were rated critical by Adobe. The company’s security bulletin does not contain any detailed information about the flaws. Users are advised to update their version of Flash as soon as possible.

Adobe has released Flash Player 11.4.402.265 for Windows and Mac OS X, version 11.2.202.238 for Linux and Flash Player 11.1.115.17 and 11.1.111.16 for Android. The Android updates are only available to devices that had Flash Player installed before 15 August when Adobe stopped making Flash for Android available. As Adobe’s AIR is based on Flash, it has also been updated to version 3.4.0.2540.

Windows, Mac OS X and Linux users can get the update appropriate for their system from the Flash Player Download Center or for a different system through another page on Adobe’s web site. The users of Google’s Chrome browser will be automatically updated to the latest version of the Flash Player component, which is included in version 21.0.1180.81 of Chrome for Linux, 21.0.1180.83 for Windows and 21.0.1180.82 for Mac OS X.

The latest Flash update comes a week after Adobe had fixed several other vulnerabilities in its Flash Player and Adobe Reader software. Several vulnerabilities in Adobe Reader remain unpatched.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/08/adobe-flash-player-update-patches-six-critical-holes/

Aug 21

Google’s Motorola takes on Apple

Motorola Mobility logoGoogle’s subsidiary Motorola Mobility has lodged a complaint with the International Trade Commission (ITC), seeking to ban several Apple devices from being imported into the US by citing that Apple has violated its patents. The complaint was filed on Friday but the details of the complaint were not made public until after the weekend. In the ITC complaint, Motorola lists the following seven patents which it says Apple has infringed on:

  • No. 5,883,580, titled “Geographic-Temporal Significant Messaging,” which issued on March 16, 1999
  • No. 5,922,047 , titled “Apparatus, Method and System for Multimedia Control and Communication,” which is sued on July 13, 1999
  • No. 6,425,002, titled “Apparatus and Method for Handling Dispatching Messages for Various Applications of a Communication Device,” which issued on July 23, 2002
  • No. 6,493,673, titled “Markup Language for Interactive Services And Methods Thereof”, which issued on December 10, 2001
  • No. 6,983,370, titled “System For Providing Continuity Between Messaging Clients And Method Therefor,” which issued on January 3, 2006
  • No. 7,007,064, titled “Method And Apparatus For Obtaining And Managing Wirelessly Communicated Content,” which issued on February 28, 2006
  • No. 7,383,983 , titled “System And Method For Managing Content Between Devices In Various Domains,” which issued on June 10, 2008

The legal action is seen by some observers as Google striking back at Apple for the design and patent legal actions it has taken against phone makers who use Google’s Android operating system. Motorola Mobility is asking for an import ban on all Apple equipment “which utilize wireless communication technologies to manage various messages and content”. This is not the first time that Motorola Mobility have taken legal action against Apple; in October 2010, Motorola filed complaints with the ITC and US district courts alleging patent infringement.

Meanwhile, Google’s Director for Public Policy, Pablo Chavez, has criticised the patent system of the United States, saying that Google doubts the current state of affairs is conducive to innovation or the needs of consumers. According to a report by CNET, Chavez was speaking at the Technology Policy Institute’s conference in Aspen, Colorado when he said “we think that these patent wars are not helpful to consumers. They’re not helpful to the marketplace. They’re not helpful to innovation.”

He also pointed out that he thinks software patents are different from patents in areas such as medicine and that the company is looking to “brainstorm longer-term solutions.” Chavez’s comments came as a reaction to an accusation by News Corp. executive Rick Lane who alleged Google was acting anti-competitively by having its Motorola Mobility subsidiary attack Apple for infringing its patents.

Google and its subsidiaries are also involved in other patent-related lawsuits in the US and Europe, and Google itself recently won a legal battle against Oracle involving Java-related patents.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/08/googles-motorola-takes-on-apple/

Page 30 of 53« First...1020...27282930313233...4050...Last »