Showing posts sorted by date for query smartphone. Sort by relevance Show all posts
Showing posts sorted by date for query smartphone. Sort by relevance Show all posts

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android 4.4 'KitKat' -The More Compatible, Intelligent and Simple Android Ever

Posted by Avik Sarkar On 12/07/2013 12:33:00 am

Android 4.4 'KitKat' All You Need to Know-The More Compatible, Intelligent and Simple Android Ever 

Earlier we have discussed several times on android- which is one of the world's most popular and widely used operating system based on Linux kernel, mainly designed for smartphones and tablet computers. Since last four years we have got various flavor of android among them 2.2 (Froyo), 2.3.3–2.3.7 (Gingerbread), 3.2 (Honeycomb), 4.0.3–4.0.4 (Ice Cream Sandwich) & 4.1.x-4.3.x (Jelly Bean) successfully drawn public attention and gained popularity. After the success of Jelly Bean, now Google has introduced Android 4.4 nicknamed 'KitKat.' Official website of android explained the reason of this nomenclature -'as everyone finds chocolate so tempting, we decided to name the next version of Android after one of our favorite chocolate treats, the KitKat®!' Immediately after this release android 4.4 is vogue as with this version of android Google improved performance and memory usage, makes this version more compatible than ever; you can easily try KitKat on your older smartphones. Now lets illuminate android 4.4 briefly-

Introduction:-
Readers, I will introduce a simple way the new features of the version of android, "The KitKat" Accompanies the more intelligent and simple search for Android, says the official Google blog, and more importantly, Should Have compatibility with older devices. This means more people que can have access to the innovations than other Android updates.

Performance and improved use of memory:-
Many of the major changes are the KitKat under the hood. The overall performance should improve, especially in relation to RAM. The Android developers site says "KitKat streamlines all the key components to reduce memory consumption", so even older smartphones running Android 4.4 will be faster and more responsive - even with 512MB of RAM. The multitasking should work better and you can switch applications without lock your smartphone.

Simpler and more powerful: (Google Now)
The Google Now gained much prominence in KitKat, with quick, more cards, and more features without using their hands. Not too can wake up your smartphone to start a search and take a picture saying only "OK Google Now"? It's like Google Glass, but on your smartphone.
The Google Now will also gain space on your homescreen, if you want (and you can slide left to right to find it), and Google will add more cards to make your smartphone smarter automatically suferindo things based on your interests , location, and more.

Support SMS, location sharing, and animated GIFs in Hangouts:-
Google announced this week that Hangouts will turn the main messaging app - is text messaging, video calls and instant. If you hate having your conversations scattered in several different apps, with KitKat you need only Hangouts, which replaces the old Mail app.
The use of location sharing can be very convenient when you're meeting a friend and wants to tell exactly where it is.
Finally, if you like to put emojis in messages, are present in many new keyboard Google.

Improvements in NFC, Cloud Printing and File Management:-
The KitKat also includes improvements that developers can now use apps to improve their apps. Regarding the NFC, it may automatically take you to the right app when you touch your device into a payment terminal. Printer manufacturers can develop served to send print files from Android to your printer. And the new framework for access to storage provides a consistent way to access files stored in other facilities in other apps (eg, open or save files in Dropbox or Box when you're in the browser).
In short, I will whole heartily agree with Google while saying -KitKat 4.4 is Smart, simple, and truly yours To know more about Android 4.4 'KitKat' click here

While concluding this article, I on behalf of Team VOGH, want to thank our new guest editor Mr. Rafael Souza, for sharing his view and extensive thought on android 4.4. Rafael we love you. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Posted by Avik Sarkar On 12/21/2012 07:17:00 pm

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Serious security hole has been discovered in Samsung smartphones. According to a member of XDA-Developer forum named 'alephzain' the vulnerability exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. As per sources the vulnerability is marked as "severe". This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats. Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.” 
While talking about security holes in Samsung phones, then we would like to remind you that few moths ago, researcher have unveiled several android based handsets including Samsung Galaxy S3, S2 were vulnerable to 'remote wipe' hack.   




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

AT&T a leader in telecommunication services, announced a brand new service which calls "AT&T Locker" that will allow iPhone and Android smartphone customers of AT&T to store 5GB worth of videos and photos for free in AT&T's cloud. The most interesting thing is that, the service is available through a free app in the Apple App Store or the Google Play store. And it allows users to store roughly 5,000 average sized photos in the cloud. The app requires subscribers use either an iPhone 3GS or newer device. And Android users must be on version 2.1 or higher of the Android OS. Users can choose to upload new photos and video via Wi-Fi, AT&T's cellular network or both. Customers can manage those photos and share them through the app on the smartphone or on the AT&T Locker web page. AT&T plans to incorporate additional features in future versions of AT&T Locker. And the company didn't say whether higher storage options will be available.
This service is exactly similar to Apple's iCloud service also allows up to 5GB of free storage. And it also offers Photo Stream, which allows its iPhone users to automatically store photos in Apple's cloud and share them across multiple iOS devices as well as share them with other people. The service stores up to 1,000 pictures automatically and this storage doesn't count against the iCloud storage limits. Google also offers storage in its Google Drive service. This service also offers up to 5GB of free storage. You can store anything here from pictures to documents to music. Of course there are also other options for storing photos and other digital content including Dropbox and Microsoft's SkyDrive which is also a very handy option. 



Brief Description:-

AT&T Locker™ allows you to Store, sync and share your photos, videos and documents in one convenient place. AT&T Locker is an app that lets you store, sync and share your data in one safe, convenient place. Your content is easy to access on your computer and phone from virtually anywhere. Photos and videos can be backed up automatically from your phone. It's also easy to share to email, Facebook and Twitter. First 5 GB of storage is free. Additional storage is available for the low monthly price of just $3.99 for 30GB or $9.99 for 100GB.

• Photos and videos can be automatically uploaded to your AT&T Locker from your phone
• Easily access your photos, videos and documents from your phone and computer
• Easy to share to email, Facebook and Twitter
• First 5 GB of storage is free. Additional storage is available.
• Your content is secure and backed up in the cloud
• Store your favorite memories in a safe and convenient place
• Store music from your computer to your AT&T Locker



-Source (AT&T, Cnet)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Outlook.com -A New Email Service Introduced By Microsoft

Posted by Avik Sarkar On 8/04/2012 02:44:00 am

Outlook.com -A New Email Service Introduced By Microsoft  

After successfully revamping it's popular mail service Hotmail through it's look and features with the name of 'Newmail', now the software giant Microsoft has launched a new email service that shares the name of its famed email software, Outlook. Outlook.com is accessible as a preview now, and anyone can sign up for an account. If you already have a Hotmail or Live email address, you can convert that to an Outlook.com address in the settings now. The old Hotmail/Live address remains active--users will still get mail sent to the old addresses--unless you explicitly choose to delete it. The interface is based on Metro, the user interface you see in Windows Phone and the upcoming Windows 8. This means you get a clean, uncluttered design and simple icons familiar to anyone who has used a Nokia Lumia smartphone. Microsoft is not requiring everyone that has a Hotmail account to switch to the new address, but it seems the plan is to eventually have everyone move over.
Research firm comScore says Hotmail has 41 million monthly unique visitors; AOL, 24 million. That makes them the No. 3 and No. 4 e-mail providers in the U.S., behind Yahoo Mail, with 84 million unique visitors, and Gmail, 68 million. Worldwide, more than 324 million people still use Hotmail monthly, making it the top provider globally. But Hotmail's user base is on the decline.
Like many email clients, you get a list of folders on the left navigation bar. What's interesting is the Quick Views dropdown below the folders, which lets you filter certain kinds of email. By default, it filters emails with documents or photos, flagged messages and those that give you shipping updates. That last one will be useful for those who frequently shop online and are always expecting packages. These categories can be customized to suit your needs.
With Outlook.com, you can also turn on a reading pane that lets you read the message either below or on the right of the email list. As a security measure, it shows a blank message by default, and not the first one in your inbox--you have to explicitly click on a message to show it, reducing the risk of being exposed to malicious emails by accident.
On the far right is an advertisement column. This shows a random selection, unlike Gmail, which uses targeted ads based on the content of your email messages. 
To find out more about the features and design of Outlook.com it will be best if you try it out yourself, just visit www.outlook.com and sign up for an account, or simply switch your current Hotmail/Live email to an Outlook.com one.



-Source (Outlook.com, Cnet)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LibreOffice 3.5.3 Final Arrives, 60+ Bugs Have Been Fixed

Posted by Avik Sarkar On 5/03/2012 12:35:00 pm

LibreOffice 3.5.3 Final Arrives, 60+ Bugs Have Been Fixed 

The Document Foundation announces LibreOffice 3.5.3, the fourth version of the 3.5 family. LibreOffice 3.5.3 provides additional stability to corporate and individual users of the best free office suite ever. As expected, the new stable release adds no new features, instead fixing more than 60 bugs found in the core of the program. These include problems when importing PDF, PPTX, RTF and DOCX files, as well as a crashing bug.
Highlighted Features:-
  • Calc performance improvements
  • Lightproof improvements
  • Collaborative spreadsheet editing using Telepathy
  • A Microsoft Publisher import filter
  • A signed PDF export
  • A smartphone remote control
  • A new UI for picking templates
  • A Java based GUI for an Android viewer
  • An improved Impress SVG export filter
  • Tooling for more and better tests
The distribution for Windows is an international build, so you can choose the user interface language that you prefer. Help content is available via an online service, or alternatively as a separate install. For Windows users that have LibreOffice prior to version 3.4.5 installed, either uninstall that beforehand, or upgrade to 3.4.5. Otherwise, the upgrade to 3.5.2 may fail. LibreOffice contains all the security fixes from OpenOffice.org in 3.3.0, and perhaps more as a side-effect of the code clean-ups. Microsoft Office 2010 will complain that ODF 1.2 and extended documents written by LibreOffice 3.5 are invalid (but opens them still). This is a shortcoming in MSO2010 only supporting ODF 1.1, please see here for further details. 

To Download LibreOffice Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Introduced Dedicated Windows Phone Store (Waha Store) in UAE

Posted by Avik Sarkar On 4/18/2012 10:50:00 pm

Microsoft Introduced Dedicated Windows Phone Store (Waha Store) in UAE 
Software giant Microsoft in collaboration with global wireless distributor Brightpoint Middle East has launched a dedicated Windows Phone E-commerce store in the United Arab Emirates. The site, named the Waha Store (after oasis) will provide a convenient, reliable and centralized destination for consumers across the country to purchase the latest Windows Phones from a variety of OEMs. Shoppers will have the opportunity to compare various models, read reviews, and watch demo videos. The Waha user interface mirrors the Windows Phone experience, enabling shoppers to immediately familiarize with the operating system and ‘Metro’ design style. Shoppers will also have the opportunity to compare various models, read reviews, and watch demo videos, to get a good understanding of the product range and features. The site’s integrated social media platform will bring people together, by allowing them to make recommendations and share their activities with friends, family and colleagues.
The newly-designed user navigation reflects how people work, play and communicate: so-called hubs (such as contacts, photos, and games), bundle applications and the internet are organised into useful topic areas and help users to efficiently manage their work and private life.
Anurag Gupta, president of Brightpoint Europe, Middle East and Africa, said: “Our expertise in offering e-commerce and supply chain solutions will make Waha the go-to place for all UAE customers who have been awaiting a well-functioning channel to access Windows Phones. We look forward to supporting Waha’s launch in other countries in the Middle East and Africa, as we continue to expand our presence in the region.”
“We are very pleased to bring Windows Phones to early-adopter smartphone consumers in the UAE, where there has been growing excitement about the launch,” said Samer Ramez Abu-Ltaif, regional general manager, Microsoft Gulf Region. “Customers need a dependable way to obtain accurate information on, and securely purchase, the latest mobile handsets; and Waha Store provides exactly that – your Windows Phone oasis.” Unfortunately the store precedes the availability of the Windows Phone Marketplace in the region, but this will become available in the UAE “in the next few months.”




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Malicious Android Application Stealing User Data & Personal Information

Posted by Avik Sarkar On 4/16/2012 12:32:00 pm

Malicious Android Application Stealing User Data & Personal Information 

Yet again security vulnerability found in Android application. An information security company has warned about malicious Android smartphone applications that steal and transmit personal data, such as contact information stored in users' address books. The company said these types of free applications have been downloaded up to 270,000 times, indicating that potentially millions of people have had their personal information stolen. An Internet security expert said, "It's possible that creating applications that transmits users' information without consent can be considered a crime under the Penal Code, which criminalises the creation of computer viruses." The malicious application only has three buttons: Steal SD Card Contents, Steal App Data, and Upload Identifying Data.Every application has at least read-only access to the contents of this external storage. No Permissions scans the /sdcard directory and returns a list of all non-hidden files. All the files discovered can be fetched. The worrying part is that the SD card usually stores some of our most private files, including photos, backups, external configuration files, and, in some cases, even Open VPN certificates.
According to NetAgent, a Tokyo-based information security company, the applications were disguised as video tutorials for popular games on Google Inc.'s Android operating system. The applications were named by affixing the expression "the Movie" to existing game titles. The company found at least 16 of these applications.
The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Arrested Anonymous Hacker After Posting Girlfriend's Abusive Photo

Posted by Avik Sarkar On 4/14/2012 05:46:00 pm

FBI Arrested Anonymous Hacker After Posting Girlfriend's Abusive Photo 
FBI arrested  a 30-year-old computer programmer from Galveston named Higinio O. Ochoa III, who is widely known as @AnonW0rmer. He was active member of Anonymous affiliated 'CabinCr3w' He made a mistake that probably makes his fellow hackers cringe at the stupidity of it. Taunting law enforcement, he posted a photo of his girlfriend from the neck down, breasts pushed up with a sign taped to her saying ''PwNd by w0rmer & CabinCr3w <3 u B****'s!' 
Trouble is, the photo was taken with an iPhone...with GPS co-ordinates embedded in the photo. The FBI said it confirmed the identity of Ochoa, who calls himself 'w0rmer' online and is a member of 'CabinCr3w', an offshoot of hacking group Anonymous. GPS co-ordinates embedded in the photo - as are found in all pictures taken by a smartphone - showed authorities the exact street and house in Wantirna South, Melbourne where it was taken. Different tweets from @Anonw0rmer pointed to other sites referring to 'w0rmer', including one which had Ochoa's name with it and more pictures of his girlfriend. Authorities then found Ochoa's Facebook page, on which he named Kylie Gardner from Australia as his girlfriend. The FBI was then satisfied she was the woman in the photo taken in South Wantirna. Even though the breasts photo does not show the woman's face, the FBI is convinced it is the same woman. They add it is definitive proof that Ochoa is w0rmer.  
In a post allegedly written by Ochoa on Pastebin, he said 'around 8 agents from the FBI stormed my apartment'. He was taken to an FBI office in Houston where he paid a $50,000 bail. Ochoa appeared in court on April 10 before a magistrate, where the photograph evidence above was revealed in the FBI's affidavit. It comes a month after former Lulzsec leader and Anonymous member Sabu was revealed as an FBI informant. But in the Pastebin post, Ochoa claimed he was not guilty of the same betrayal.
He wrote: 'I did tell FBI that I would participate in the capture of my fellow crew mates, a play which undoubtfully both satisfied and confused the FBI. Those however who know me best would vouch for me undoutfully that doing so would put this movement at risk. ALL information provided to the FBI merely made MY case weaker and caused internal confusion showing the inherent weakness in the system.'




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

eCrypt Me & eCrypt One On One -Incredible Email Security Solution (More Security & Privacy)

Posted by Avik Sarkar On 3/23/2012 03:44:00 pm

eCrypt Me & eCrypt One On One- Incredible Email Security Solution (More Security & Privacy

To implement more security and privacy eCrypt Technologies has developed two incredible email security solutions in the United States. ‘eCrypt Me’ and ‘eCrypt One On One’ are the two latest security solutions which are cost-effective, user-friendly and easy to use. Both solutions are available on a trial basis on the company’s website. ‘eCrypt Me’ is a web based email security solution that offer a secure environment to users of all types of email. ‘eCrypt One On One’ is an email encryption software for BlackBerry smartphone users. Both of the email security solutions use a combination of AES256 and ECC521 algorithms to secure all data. According to Brad Lever, CEO of eCrypt technologies - “Our goal is to provide the highest level of security to users across the world. We believe in making security solutions simple yet effective, so that implementation of our solutions does not become a headache for our users”

Brief Description:- 
‘eCrypt Me’ offers a web based email encryption, secure file storage and secure document sharing platform to all existing email addresses, whether its Gmail, Yahoo Mail, Hotmail, POP, IMAP, Exchange, GroupWise, or other. Users can use their existing email identities to send and receive emails on the platform. The web based email security solution includes a secure File Vault which secures online document storage and file sharing. The email security solution is very easy to use and secured data in unsecured, public, free Wi-Fi environments, preventing unauthorized data interception threats. For BlackBerry smartphone users, ‘eCrypt One on One’ provides the highest level of encryption, unbeatable by hackers. The encryption software is downloaded directly to the smartphone and embeds itself into the BlackBerry operating system. The software generates unique random key sets for each contact. Users can select which messages to encrypt by adding contacts to the software’s Secure Contact List. ‘eCrypt One on One’ has been designed to encrypt emails sent between two people. 

For More information & to use eCrypt Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Think Android: National Security Agency Disclosed Smartphone Strategy

Posted by Avik Sarkar On 3/06/2012 08:42:00 pm

Think Android: National Security Agency (NSA) Disclosed Smartphone Strategy
The National Security Agency has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn't want to be wedded to any particular smartphone operating system. But its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smart phones.
"We wanted to use the commercial standards that are out there," said Margaret Salter, technical director in NSA's information assurance directorate. "We wanted plug and play — but that was hard." The NSA also wants interoperability in order not to be trapped in vendor ok-in, but this is turning out to be hard to achieve. Earlier in January 2012 NSA has released the first public release of the Security Enhanced (SE) Android Project, a program designed to find and plug security holes and risks in the Android flavor of Linux. SE Android is based on the NSA’s SELinux, first released in 2000.
The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present. NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP encryption and IPsec encryption."


-Source (IT World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone

Posted by Avik Sarkar On 2/27/2012 07:40:00 pm

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone  
 
Security experts have discovered a serious flaw in a component of the operating system of Google Inc’s widely used Android smartphone that they say hackers can exploit to gain control of the devices. Researchers at startup cyber security firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user’s phone carrier. The message urges the recipient to click on a link, which if done infects the device. At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike’s claim. Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents. He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
“With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices,” said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike.
Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple’s App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple’s iPhone by sending malicious code embedded in text messages that was invisible to the phone’s user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1. Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google. CrowdStrike’s method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system’s Web browser.


-Source (MyBoradband, Google, CrowdStrike)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Acunetix Web Vulnerability Scanner v8 Released

Posted by Avik Sarkar On 2/19/2012 09:48:00 pm

Acunetix Web Vulnerability Scanner v8 Released  
Earlier we have discussed various times about Acunetix. November last year the team has released Acunetix Web Vulnerability Scanner 8 BETA and now in February we finally got the most awaited Final resale of Acunetix 8. Before this final resale in January this year Release Candidate (RC) of Acunetix 8. Version 8 echoes years of counter-hacking experience through its new ability to lock hackers out by integrating scan results into Imperva’s Web Application Firewall, and by recognizing a new breed of vulnerabilities through new detection methods. Additionally, Acunetix WVS 8 takes vulnerability scanning to a new level by integrating smarter and more reliable automated features, making it quicker to launch a scan with less configuration required. In the official blog Mr. Nick Galea the CEO of Acunetix  told:- “Acunetix WVS 8 continues to set new standards for web vulnerability scanners. Web security exploit statistics are steadily on the rise — unfortunately not in favor of website owners — which is why version 8 of WVS focuses on providing a comprehensive solution to anyone wanting to make their online presence a safe one. Acunetix WVS 8′s high performance scanning engine provides even more accurate exploit detection, and coupled with the new automation enhancements securing a web application has never been easier. WVS 8 makes it clear why Acunetix is the number one choice for companies to audit and secure their websites.”

Features At a Glance:- 
* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit

Other New Features:-

  • Real time Crawler status (number of crawled files, inputs discovered, etc.)
  • Support for custom HTTP headers in automated scans
  • Configurable log file retention
  • Detailed Crawler coverage report
  • Scan status included in report

To Download Acunetix Web Vulnerability Scanner v8 Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Bluetooth Mobile Keyboard Introduced More Comfort & Portability

Posted by Avik Sarkar On 12/18/2011 12:24:00 pm


Microsoft introduced new Bluetooth mobile keyboard which can give more functionality, comfort, portability. The Microsoft Bluetooth Mobile Keyboard 5000 works with any Bluetooth-equipped laptop, but it really shines when used with an iPad, iPhone, iPod touch or Android tablet or smartphone, giving you a comfortable keyboard that’s truly portable.
The best part of the Mobile Keyboard 5000 and its 6000 brother is the fact that the keys are full-sized, and they press down even farther than most laptop keys. While testing, it paired up easily and instantly with iPad 2, and gave typing comfort that far surpassed that of typing on a glass screen.
A downside to using this keyboard with an iOS device is the weird way its “Delete” key works, holding onto the Apple convention — you’ll need to use the “Backspace” key if you want to get rid of any text. And, to skip around between words, your PC keyboard shortcuts won’t work either — you’ll need to hold the “Alt” key as you move around between words instead of the Control-D you might be accustomed to with PCs. This won’t matter much to Mac users, but PC users might need to take a little time to get used to it.
Another downside to using this keyboard is the bane of all Bluetooth devices — they tend to drain the batteries of laptops, tablets and smartphones, which might be a consideration if you work long hours and want to type long missives on your portable gadgets.
Summing up, if you’re one who likes to place a keyboard in your lap, but don’t want the heat and weight of a laptop sitting on you all day long, this keyboard will be ideal. Beyond that, if you like Microsoft’s “comfort curve” design often find yourself needing to type on an iOS or Android device, this well-designed keyboard is worthy of your $49.95.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Your Car At Risk, Hackers Can Attack Modern Cars Remotely

Posted by Avik Sarkar On 12/16/2011 01:33:00 pm


Hackers could attack modern cars without even touching them, as new car models roll off the line loaded with complex IT systems running millions of lines of software code, it's become evident that hacking a car to gain external control of it is possible. While actual cases in the field are rare, the industry is moving to secure its systems and prevent cars from becoming a major target said by Brian Jackson a security researcher. In the exclusive report he said: An unsuspecting driver opens her door and steps into her new car, placing her smartphone on the dash as it connects with the in-car infotainment system for hands-free features. Little does she know there's a Trojan virus on her phone just waiting to be connected to a car – and it executes malicious code on the vehicle's embedded software. Suddenly a hacker has the ability to track her car, unlock the doors, or even control the climate controls and speaker volume.
It sounds like a scene out of the next James Bond film, but the above scenario could be a reality today. As auto makers look to woo consumers with snazzy in-car technology features, they are also opening up personal vehicles to the underground community of hackers that have long targeted computer users. In-car IT systems such as Ford's Sync or General Motor's OnStar could be opening up exploits that allow hackers to take control of your car without even laying hands on it.
While complex in-car IT systems are so new that actual car hacking cases in the field are virtually non-existent, researchers have demonstrated it's possible. But investigations into car hacking by police may be impossible at this point because of a lack of forensics capability to detect malware. All the more reason for security vendors like McAfee, now a division of Intel Corp., to push car manufacturers to pay serious attention to security.
“It shouldn't be the responsibility of the consumers to have to secure these systems,” says Tim Fulkerson, senior director of marketing at McAfee embedded security group. “Just as manufacturers have built in seat belts and air bags, now that they're moving to software innovation, they need to bring software security into these vehicles.”
Best known for its PC antivirus software, McAfee is now working with car makers to build secure enough systems that consumers won't end up buying virus scan software for their ride. When it comes to car makers and securing IT system, Fulkerson says it “is certainly not their area of expertise.”
Perhaps that's why a team of car-hacking researchers from the University of Washington and the University of California at San Diego have had so much success. Dubbed the Center for Automotive Embedded Systems Security (CAESS), the team demonstrated in May 2010 how a criminal with physical access to a car could implant malware. Then in August 2011, the team showed an external car hacking attack could be mounted through various paths including Bluetooth and cellular radio.
One such attack was executed after the researchers reverse-engineered a car's telematics operating system and found the program responsible for handling Bluetooth functions. From there, they planted a Trojan horse (a piece of malicious software) on an HTC Dream smartphone that monitors for new Bluetooth connections and if it finds a telematics unit, sends the payload.
Researchers were also able to use special hardware to “sniff” the MAC address of the Bluetooth connection needed for pairing new devices with the telematics unit. After cracking the password through brute force, or machine-assisted repeat attempts, the Trojan could be uploaded from a device in the attacker's hands.
But seeing such an attack executed in the wild today is unlikely, according to Patrick Neal, a program coordinator for crime and intelligence analysis at the B.C. Institute of Technology (BCIT). He had his students explore car hacking methods identified by the CAESS group and others. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

United States Is Building Cyber Defense For Both Private & Public

Posted by Avik Sarkar On 12/03/2011 12:08:00 am


United States is developing cyber defense for both Public and Private. In an exclusive report it said that In the 21st century, the American Dream is coded in zeroes and ones. Sophisticated information systems are now embedded in every facet of our daily lives. Whether it is an electronic payment card transaction or a smartphone search for a restaurant, nearly everything we do depends on the smooth operation of secure information systems.
Beyond our personal lives, strategic infrastructure services like power transmission, transportation and major financial transactions all rely on information systems for wide-scale safety and security. U.S. embrace of information technology offers enormous advantage. But it also exposes us to vulnerability. The usefulness and value of U.S. information systems invites attack from hackers, industrial spies, terrorists and criminals.
Cyber attacks are on the rise, and their variety, scope and scale increase monthly, imposing staggering costs. Up to 90 percent of U.S. businesses reported data intrusions over the past year, according to a recent survey, costing an estimated $96 billion in the first six months of 2011 — nearly as much as in all of 2010. The Commerce Department estimates that the theft of intellectual property, most stolen via electronic means, costs $250 billion annually and deprives U.S. workers of approximately 750,000 U.S. jobs.
U.S. businesses, which own and operate many of the most valuable information systems, are America’s first line of defense against cybersecurity threats. Chief executive officers take this responsibility seriously. We have integrated cybersecurity into the way we manage our companies and conduct our operations. But we need tools from government that only government can provide.
In a new Business Roundtable report, “Mission Critical: A Public-Private Strategy for Effective Cybersecurity,” U.S. business leaders call on Congress and the Obama administration to use smart cybersecurity policies that facilitate new levels of domestic and international collaboration — especially for cyber events that target national interests.
These include technical support essential for protecting global corporate assets against cyber attacks, and greater international cooperation in bringing cyber criminals to justice.
What business needs most is a reliable partner. Partnership, shared responsibility and coordinated response – these are the attributes of a modern, flexible and effective cybersecurity strategy. We know for sure that prescriptive government mandates are not going to work. Threats change so rapidly that solutions are often obsolete before they can be implemented. Inflexible mandates don’t fit the reality of privately owned information systems and rapidly evolving threats. 
Today, government responsibility is fragmented and cybersecurity is not integrated into the way the U.S. government does business. The U.S. legal and policy environment inhibits information sharing between business and government. Effective cybersecurity is too important to America’s future to let old ways of doing things stand in the way.
Information security is a critical component of economic and national security. It is also a necessary foundation of future U.S. prosperity and opportunity. Washington has to get this right. Congress and the administration need to make effective cybersecurity – based on flexible, collaborative and responsive public-private information sharing partnerships – an urgent national priority.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Acunetix Web Vulnerability Scanner 8 BETA Arrived

Posted by Avik Sarkar On 11/19/2011 05:58:00 pm

One of the worlds famous web vulnerability scanner Acunetix has released their next version WVS 8 BETA. Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS.  Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced automation, ability to save scan settings as a template to avoid reconfiguration, and multiple instance support for simultaneous scans of several websites. WVS 8 also ushers in a new exciting co-operation between Acunetix and Imperva: developers of the industry’s leading Web Application Firewall.

Some Improved Features:-    
  • AcuSensor Technology
  • An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
  • Industries' most advanced and in-depth SQL injection and Cross site scripting testing
  • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer  
  • Visual macro recorder makes testing web forms and password protected areas easy
  • Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms
  • Extensive reporting facilities including VISA PCI compliance reports
  • Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
  • Intelligent crawler detects web server type and application language
  • Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
  • Port scans a web server and runs security checks against network services running on the server  
Brief Description of  Acunetix 8 Features:-

Manipulation of inputs from URLs:-
Acunetix WVS can automatically detect URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.

Automatic IIS 7  rewrite rule interpretation:-
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Support for custom HTTP headers

To function correctly, some web applications need incoming requests to contain specific HTTP headers. It is now possible to define custom HTTP headers to be used during automated scans.

Imperva Web Application Firewall integration:-
An exciting co-operation between Imperva and Acunetix: WVS 8 scan results can be automatically imported into an Imperva Web Application Firewall and interpreted as rules.

New vulnerability class: HTTP Parameter Pollution:-
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Multiple instance support:-
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites and opening up further support for multi-user scenarios on the same server/workstation.
Redesigned Scheduler:-
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance and thereby allowing scans to complete in less time.
Automatic custom 404 error page recognition and detection
Acunetix WVS 8 can automatically determine if a custom error page is in use and recognizes it without requiring any custom 404 recognition patterns to be configured for a scan

Scan settings templates:-
WVS 8 now allow the settings for the scan of a specific application to be saved as individual templates, making it quick and easy to recall the exact settings for a website each time it is scanned. This is particularly useful when scanning multiple sites, allowing the user to load the template for each site instead of re-configuring all the settings manually.

Simplified Scan Wizard:-
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Smart memory management

The following settings have been added to ensure even the most complex scans will complete automatically, and successfully:-
  •     Define number of files per directory
  •     Limit number of subdirectories per website
  •     Assign Crawler memory limit

Real-time Crawler status:-
Crawler data is now updated in real-time information and provides live feedback how many files have been crawled, how many inputs have been detected, and more.

Scan termination status included in report:-
Reports now include the termination or completion status of each vulnerability scan. For example: the report will display if the scan was completed successfully or halted manually.

Web application coverage report:-
A new report template that lists all the web application files crawled and specific vulnerability tests performed on each file.
Log file retention:-
It is now possible to define the retention span before log files are automatically flushed; to ensure logs are not deleted each time WVS is restarted.


To Download Acunetix Web Vulnerability Scanner 8 BETA Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws in Android 4.0 (ICS)

Posted by Avik Sarkar On 11/18/2011 08:04:00 pm


Facial reorganization to unlock can easily be bypassed with simple photo trick in Android 4.0 (Ice Cream Sandwich). Recently a blogger named "soyacincau" demonstrated about he vulnerability and showed how easily any one can bypass the facial reorganization. He took a photo of himself using another phone and held it up to the front facing camera on the Samsung Galaxy Nexus, the first smartphone to run Android 4.0, which was then unlocked. In ocotober a developer of CyanogenMod also concluded the same thing. 

Video Demonstrations:-



Later A Google spokesperson told that the feature is considered to be experimental and offers little security. According to the news site, the user interface for the Face Unlock feature also warns users that it is less secure than using a pattern, PIN or password, even going as far as saying "Someone who looks similar to you could unlock your phone". It is unclear if Google will add "Or a photograph of you" to the warning.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ice Cream Sandwich (Android 4.0) Source Code Released

Posted by Avik Sarkar On 11/15/2011 08:09:00 pm


Google officially released the source code of long waited Android 4.0 also known as Ice Cream Sandwich (ICS). Although the repositories will also contain the source code of Android 3.x, Honeycomb, it will be scattered through the history of the various files. Honeycomb was not released as open source because, according to Google, the company took numerous shortcuts in the development of the tablet version of Android. The Google developers are not globally tagging (marking in the history) the 3.x releases of Android in the repository. Queru said: "since Honeycomb was a little incomplete, we want everyone to focus on Ice Cream Sandwich", though he later backed off on this position slightly saying he was considering tagging some of the 3.2.x release in the frameworks to help developers. 
The release comes with ICS 4.0.1, the one Galaxy Nexus will ship with, so it’s the latest version. Unfortunately the device build target, full_maguro, can be used for building a system image for the Samsung Galaxy Nexus, though we will get builds for more devices soon, according to Queru. Hopefully developers will be able to port it to other devices pretty soon, because I would really like to see how ICS runs on my Galaxy S II.
There were many rumors that Google will release the Galaxy Nexus at the November 16th event and once with this release we can be nearly sure that’s what the event will be about. All we have to see next is if Google will have more luck with their new device in comparison with the other Nexus-branded smartphones. They will probably be able to take advantage of the fact it will be only ICS smartphone, though I am pretty sure Samsung, HTC, Motorola and all the others will do their best and move fast to release ICS smartphones and updates for the ones currently on the market. Ice Cream Sandwich is the latest and probably the biggest Android update, which unites all devices into one OS and promises a lot of improvements, like speed and battery life. It also comes with exciting new features and an all-new design. It will probably boost Android’s sales even more.

To download the ICS Source Code Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android 4.0 Ice Cream Sandwich Will Be Used BY HTC in Early 2012

Posted by Avik Sarkar On 11/07/2011 08:36:00 pm


The HTC Sensation, Sensation XL and Sensation XE were named as the first HTC smartphones lined up for the Ice Cream Sandwich update early next year, as well as the HTC Rezound, EVO 3D, EVO Design 4G and Amaze 4G, which will receive the update over-the-air “through close integration with our carrier partners,” HTC said. The new HTC Vivid, going on sale this week, is also on the upgrade list.
Owners of HTC phones will have to wait until early 2012 for their device's mobile OS to be upgraded to Google’s Android Ice Cream Sandwich 4.0. In a post to its Facebook page HTC wrote not just phones with fast multi-core microprocessor chip architectures would get Android 4.0, but also HTC phones with fast single-core processors, such as the HTC Sensation XL. Android 4.0 is meant to be Google’s OS that bridges the smartphone and tablet gap – currently served by two different versions of the OS. Ice Cream Sandwich refreshes the navigation methods on Android phones by removing the need for the hardware navigation buttons, as well as a sleeve of improvements and gimmicks my colleague Armando Rodriguez discusses at length.

For more info about Android 4.0 Ice Cream Sandwich click Here


-News Source (PC World, HTC)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search