Archive for July, 2012

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference.

The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes.
Two independent security consultants will give a class called “Advanced ARM exploitation,” part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting.
The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux.
In addition to mobile and Web security, Black Hat presentations will also cover security issues and attack techniques affecting industrial control systems, smart meters and embedded devices.
Advertisements

Andrubis is designed to analyze unknown apps for the Android platform (APKs). It has been brought to us by the guys at Iseclabs, who already have an awesome Windows executable scanner Anubis. Infact, it can be considered as an extension for Anubis.
Andrubis gives us an insight into various behavioral aspects and properties of a submitted app by employing both static and dynamic analysis approaches. During the dynamic analysis part an app is installed and run in an emulator – the Dalvik VM. In addition to the normal tracking of open, read and write events, network traffic operations and detection of dynamically registered broadcast receivers , taint analysis is also carried out to report on leakage of important data such as the IMEI. Not only that, cellphone specific events, such as phone calls and short messages sent are also captured by the Andrubis service.
Information is also obtained statically, without actually executing the Android application. Information related to the intent-filters declared by these components is also included.
In short, like the core-Anubis does for Windows PE executable’s, Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, cryptographic operations, dynamic code loading and information leaks. An Andrubis static analysis yields information on e.g. the app’s activities, services, required external libraries and actually required permissions.
In order not to reinvent the wheel, Andrubis leverages several existing open source projects in addition to the Android SDK, such as:
  1. DroidBox
  2. TaintDroid
  3. apktool
  4. Androguard
To see how effective it is, an example report of the DroidKongFu.A Android malware, scanned via the Andrubis can be found here.

What if when you sent a message to someone, it had a very good chance of going to someone else in your contact list? That would be pretty scary right? That what some Skype users are reporting.

The bug was first discussed in Skype’s user forums, and seems to have followed a June 2012 update of the Skype software. Skype has confirmed the bug existence and that a fix is in the works. However, the company characterizes the bug as “rare.”

 Purchased by Microsoft last year for $8.5 billion, the Luxemburg company which has as many as 40 million people using its service at a time during peak periods, explained that messages sent between two users were in limited cases being copied to a third party, but did not elaborate further on the matter.
Five other individuals of the Microsoft-owned program confirmed they were also seeing instant messages being sent to the wrong person from their contact list. Sometimes it’s just a few messages, while other times it’s a whole conversation.
Skype has, on its blog, confirmed the issue of a bug sending instant messages to wrong contacts and has promised a fix. Addressing the issue, Skype wrote, “Based on recent Skype customer forum posts and our own investigation over the past couple of days, we have identified a bug that we are working hard to fix.

Microsoft Sri Lanka Buy Genuine

Each year, millions of consumers and small businesses worldwide are hurt by counterfeit software they have purchased unwittingly, and many companies that sell legitimate software have difficulty competing with low “too good to be true” prices offered by software counterfeiters. Many consumers still end up with counterfeit copies of Microsoft software and are unwitting victims of a crime. These consumers believe they purchased a properly licensed copy and often have the documents to back this up, but their copy is not properly licensed.

In addition, counterfeit software is increasingly becoming a vehicle for the distribution of viruses and malware that can target unsuspecting users, potentially exposing them to identity theft and corruption or loss of personal or business data.

Don’t fall victim to software piracy

Each year, millions of consumers and small businesses worldwide are hurt by counterfeit software they have purchased unwittingly, and many companies that sell legitimate software have difficulty competing with low “too good to be true” prices offered by software counterfeiters. Many consumers still end up with counterfeit copies of Microsoft software and are unwitting victims of a crime. These consumers believe they purchased a properly licensed copy and often have the documents to back this up, but their copy is not properly licensed.

In addition, counterfeit software is increasingly becoming a vehicle for the distribution of viruses and malware that can target unsuspecting users, potentially exposing them to identity theft and corruption or loss of personal or business data.

Buy Genuine Software

When you consider that a high percentage of software in use in Sri Lanka is illegally copied, you begin to see the scope of the problem. There are the costs to businesses and agencies using pirated software: higher total cost of PC ownership; lack of technical support; software incompatibility; viruses; and, in the worst cases, legal costs and fines. And what about the rising cost of honesty? Piracy puts the honest software reseller on an uneven playing field, often bidding against competitors who use illegal products as a price weapon. Unchecked, these practices destroy honourable businesses, handing huge portions of the PC distribution channel to pirates.

What is Software Piracy?

Software Piracy occurs in many forms. It is important to understand the different ways software is pirated, not just to comply with the law but to protect yourself and your computer. Common types of piracy:

End user or corporate copying: When the number of copies of software installed on PCs exceeds the number of licenses held for that relevant software.

Counterfeiting: The unauthorised use of Microsoft’s trademarks for example reproducing Microsoft? software or packaging, where buyers are deliberately misled into believing the product they are buying is genuine.

Hard disk loading: When a new or second-hand PC has Microsoft? software installed but has been supplied without the original disks, Certificate of Authenticity, End User License Agreement, or the operating manual for the software installed on that PC.

Mis-channelling: Software that has been distributed under special discount licenses and then redistributed to others who do not qualify for these licenses. Try to buy locally to avoid scams from other regions. Software is often stolen in one region and sold cheaply in another.

Beware of internet piracy

During the past few years, the use of the Internet to distribute pirated software has grown – threatening customers and legitimate Internet businesses. Distinguishing pirated software on the Internet is extremely difficult because you can’t check the product for physical warning signs or even see the person you’re buying from. Many people who try to buy software over the Internet never even receive the programs they’ve ordered. Others find they are unable to get their money back if they discover that the software is pirated. Microsoft does not authorize any other Web sites to offer downloads of Microsoft software. Some of these counterfeit downloads may include viruses or broken code. The only way to download genuine Microsoft software is through Microsoft.com

How will genuine software benefit you?

The capabilities you expect: With genuine software, you receive the real product, complete and fit for the use intended – not an imitation. Your system will deliver the features, options, and performance you need to maximize your productivity and enjoyment.

Support is there when you need it: Genuine software is eligible for technical support. If there are any problems with the product or if you need help, you can contact Microsoft or one of its partners for the support you need.

Ongoing improvements: you’ll get access to updates, enhancements, and innovations that help you do more with your PC.

Confidence and peace of mind: your software is authentic, properly licensed, and you know that your business does not have to be concerned about legal troubles associated with pirated software.

Your genuine software is secure software: Using genuine software is an important part of keeping systems secure and running smoothly, because it means continued access to the latest security enhancements and product updates.

Your reputation is safe: Using genuine software is part of maintaining a professional reputation among friends, customers, partners and employees.

Windows Genuine Advantage

Microsoft Genuine Advantage programs, including Windows Genuine Advantage (WGA), provide technologies that help you determine whether or not your copy of Windows is genuine, including product activation and validation. Both help you ensure that your copy of Windows is genuine and properly licensed. You can rest assured Genuine Windows software is published by Microsoft, and supported by Microsoft or an authorized partner, giving you full capabilities, access to all the latest updates, and confidence that you are getting the experience you expect. Microsoft values your privacy and does not use any information collected to contact you or identify you.

You can find out if you’re running genuine by clicking Validate Windows on http://www.microsoft.com/genuine

WGA Notifications

Windows Genuine Advantage Notifications is a program that helps Microsoft fight software piracy and helps you validate that the copy of Microsoft Windows XP installed on your computer is genuine and properly licensed.

If your copy is not genuine, WGA Notifications will provide periodic reminders to help you take the appropriate action. It’s part of Microsoft’s commitment to fight software counterfeiting and help you avoid problems before they happen.

Software piracy is a worldwide problem that affects Microsoft, consumers, partners, and the broad industry. Unlike a pirated or counterfeit copy, a genuine copy of Windows XP is backed by Microsoft or a trusted partner, and comes with the features and performance you’d expect. Recent research shows that acquiring and using counterfeit software can be risky. Installing the latest WGA Notifications can keep your system up to date and alert you to the presence of counterfeit.

Proof of genuine licensed software

Commonly, businesses inadvertently throw away valuable documentation relating to proof of purchase such as receipts. It is extremely important that you are able to prove that your organisation has valid licences for all of its software assets. Failure to do so may result in legal action, the outcome of which may require your organisation to purchase new licences. To satisfy proof of purchase and your legal right to use the software, you should keep track of your software inventory and ensure that your organisation always has the following:

Original media (CD ROM and/or diskettes)

A licensing document, often called an “End-User Licence Agreement” (EULA)

Certificate of authenticity

Manuals and user guides

Printed copies of any license agreements entered into online

Keep invoices and receipts that show original purchase dates. In the event of an investigation, you may need these.

Tips for buying software

Here are some smart tips to help you shop safely:

Be aware that not everyone is as honest as you are. Pirated software is widely available. Get full company addresses and phone numbers up front.
Avoid doing business with companies or individuals who won’t verify their identity and full business name or provide a physical street address and telephone number for follow-up after the purchase has occurred. Always ask for full details regarding returns, service and warranty policies.

Avoid purchasing from distributors who are unwilling or unable to provide adequate or satisfactory descriptions of these policies.
Keep records. Keep the invoice and any other receipts or related documents, and keep them until the software arrives and proves satisfactory.

Be wary of bargain prices. If the price seems too good to be true, then it probably is. As a guide, check the offer against the publisher’s recommended or estimated retail price (note: Reseller prices may vary). It’s all right if the price is lower, but be wary if it’s too much lower.

Be cautious of distributors that offer unusual inventory explanations. These include references to special deals, and liquidation or bankruptcy sales. Software pirates often use these types of phrases to fool people into believing that they are getting genuine product. If in doubt, call the software publisher.The publisher will provide details about what you should receive when you acquire the software and will give an indication of the price range.

Tips for safe Internet shopping

Be on the look out for spam emails, unsolicited commercial email otherwise known as junk mail, offering software prices that are too good to be true. There is a high risk that these software titles are unauthorised or pirated. Be cautious about offers requesting the wiring of money to foreign banking institutions. Be wary of software shipping into Sri Lanka from overseas. Be careful of pirated software that may contain hidden viruses and worms that a hacker could use to take control of your computer or steal your personal information.

Software Asset Management

Besides implement the tips for buying software given above, you could implement Software Asset Management Guidelines. With proper Software Asset Management (SAM), you know what you have, license only what you need, and use your software assets effectively.
A clear understanding of your software assets will ensure that you are able to budget for software more effectively, procure software from your publisher at the best possible price, eliminate unwanted applications and ensure that you and your company stay within the prevailing laws in Sri Lanka.

This is what you can do:

Create a written company policy regarding the acquisition and storage of software. Communicate the policy clearly to all employees who purchase, manage, or use software in the organization. For a suggested policy, visit http://www.bsa.org and download the “Guide to Software Management”.

Clearly identify a software asset manager, who is responsible for ensuring that the policy is understood, implemented, and followed.

Conduct a software audit, first counting all the PC’s in your company and then taking an inventory of the software installed on them. You’ll need all the software product names, version numbers, and serial numbers.

Announce a piracy prevention policy to keep your organization in line with the IPR Act 2003; then keep watch on your PC’s to ensure that suspect software does not find its way in.

Software Asset Management allows you to:

Work more efficiently – multi-versions of software may be hampering business processes

Save money – avoid overbuying and check you have the most cost-effective program

Justify software investments – understand the value and be able to identify your needs;

Peace of mind – know what you have and where it is, and that your software is appropriate and safe

Keep your data safe, optimise deployment, improve employee satisfaction and business performance

For more information on SAM, please visit http://www.microsoft.com/resources/sam/default.mspx

Examples of Counterfeit Software

Counterfeit software is the result of unauthorized copying, reproduction, or manufacture of software products. Counterfeit software often looks authentic and is sometimes distributed in packaging that imitates the original manufacturer’s packaging.

The Counterfeit Gallery

The Counterfeit Gallery shows examples of counterfeit software in three categories (low-grade, mid-grade, and high-grade counterfeits). The more you know about counterfeit software, the easier it will be for you to ensure you always purchase genuine Microsoft software.

Launch the Counterfeit Software Gallery now.

Source: http://www.microsoft.com/srilanka/BuyGenuine.aspx

Symantec says it has fixed a problem with a recent update to anti-virus software that was causing PCs to crash. On Wednesday, July 11, Symantec released updates for Symantec Endpoint Protection 12.1, which is used largely in business environments. Users running Windows XP reported crashes that resulted in “the blue screen of death.” The issue affected users running a specific combination of software: Windows XP, the most recent version of SONAR technology, the July 11 rev11 SONAR signature set and third party software.

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.

It detects if you’re running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.

Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”

The Windows one sends the following information back to the remote attacker’s CPU details, Disk details, Memory usage, OS version, and user name. The Trojan can also download a file and execute it, or open a shell to receive commands. ‘Graviton‘ is a combination of pure ‘C’ and ‘asm’.

We’re always looking for ways to improve our Wi-Fi signal, and if you aren’t ready to give up and buy a new router, you can tryextending your range with a soda can. Just cut it up and put it on your antenna, where it’ll act as a parabolic reflector and enjoy Wi-Fi on the far side of your house. Plus, when you’re done, you can hang pictures with the can’s tabs, too.

As for me the above information is a pretty much cool and effective… I’m on my way to super market now to get me some Red Bull cans..

Source: Lifehacker.com