CNET News – Desktop threat, still a threat (December 20, 2012 5:28 PM PST) …item 2.. The Andromeda Strain (1971) “Code 601″ …item 3.. Beware of online banking (22 May 2014) — Payment request: £50 to A.Crook (ref: Thank you) …
Image by marsmet546
One story that Hypponen says was underreported in 2012 was the rootkit known as ZeroAccess. "Zero Access is almost totally under the radar, yet it’s a massive, massive outbreak. It’s almost as big in size as Conficker, which was headline material for weeks. [Zero Access] is a commercial kit, being developed and sold by a Russian coder. [It] installs itself to the [master boot record] so it boots before Windows.
.
……..*****All images are copyrighted by their respective authors ……..
.
… marsmet546 photostream … marsmet546
m.flickr.com/#/photos/90585146@N08/
Thursday, Apri 3, 2014
.
m.flickr.com/#/photos/90585146@N08/8292944597/
2014 – Black text on white background
.
View photo size … Large
m.flickr.com/#/photos/90585146@N08/8292944597/sizes/l/
.
m.flickr.com/#/activity/
.
.
………………………………………………………………………………………………………………………………………………………………………
.
…..item 1)…. CNET.com … news.cnet.com
CNET News Security & Privacy Four security trends defined 2012, will impact 2013
Four security trends defined 2012, will impact 2013
Mobile and Mac malware burbles noxiously, data breaches and data mining will cause more havoc with your privacy, and the Web will continue to suffer the ignominy of poorly-written, Swiss-cheesed code as security experts predict lessons from 2012 go unlearned in 2013.
by Seth Rosenblatt December 20, 2012 5:28 PM PST
news.cnet.com/8301-1009_3-57560373-83/four-security-trend…
.
……………………….
img code photo … Stuxnet OT
asset2.cbsistatic.com/cnwk.1d/i/tim/2012/06/30/Stuxnet_OT…
……………………….
.
The Internet is slowly changing, and security experts say that today’s security issues will continue to be major players in driving that change. Here are four trends that dominated headlines in 2012, and will continue to play a major role in 2013.
—– The Internet as governmental tool
The collective realization by governments around the world that the Internet is an excellent network for conducting surveillance, monitoring, espionage, and war, says Finnish computer security firm F-Secure’s Chief Technical Officer Mikko Hypponen, may not come to full fruition in 2013. But the foundation for that change is already underway.
"There will be more operations along the lines of Olympic Games, also from other sources than US and Israel. Later on, we might look back at these first 20 years of the Web as the Golden Days, when the net was still free," he wrote in an e-mail to CNET. "Olympic Games" is the covert inter-govenrment project that birthed Stuxnet, Duqu, and Flame.
Related stories:
… Senate approves Netflix-backed amendment to video privacy law
… Facebook begins rolling out new privacy tools
… Facebook starts pushing out new privacy settings
… Don’t blame Instagram users — blame Instagram
… Children’s privacy law catches on to apps, social networks
Information security expert Chris Wysopal agreed that "cyber-warfare" is becoming commonplace. "When there’s a political or actual war event, we’re seeing cyber-attacks parallel that. It does seem to be more pronounced. It’s almost not newsworthy, as if we expect it to happen alongside a political event."
Take that in for a moment. Government-sponsored, computer-based attacks, as "almost not newsworthy," he said.
But just because these attacks are becoming more frequent doesn’t mean that they don’t stymie security researchers. Tomer Teller, a security evangelist and researcher at Check Point, said that he was surprised this year by the rise of "precision-targeted attacks."
"We saw that with Gauss this year, from the Stuxnet family. It had an encrypted payload, and researchers couldn’t decrypt it."
Tim Rains, the director of Microsoft’s Trustworthy Computing division, pointed out that these governmental actions have consequences beyond the nuclear reactors of Iran and other industrial targets.
"Eighty-five percent of the exploits against operating systems tried to take advantage of one of the vulnerabilities that Stuxnet used. A very small fraction of malware uses "zero-days," so we’re seeing commodity malware writers benefits from the research of professionals," he said. "It was a trend in 2012, and we’ll continue to see that in the next year."
.
…………………….
img code photo … Android Marching Malware
asset3.cbsistatic.com/cnwk.1d/i/tim/2012/10/15/android-ma…
…………………….
.
—– More mobile devices, bigger targets
Experts have been talking up mobile security for several years now, and as mobile device proliferation continues, so will the security problems associated with them. Because of their very mobile, always-connected nature, experts told me that the problems will become more complex in 2013.
Lookout Mobile Security’s senior product manager, Derek Halliday, noted two interesting trends that his company saw in 2012. Lookout predicted and saw in 2012, "only a few dominant kinds of mobile malware," he said.
Microsoft’s Rains agreed. "[The Looter exploit] is responsible for the second-most highest number of mobile threats we saw."
Halliday added, "The other thing was how geographic specific these threats were. We were surprised by the stark contrast between the U.S. and say Russia or China. If you try to run a toll fraud application at scale in the U.S., you’ll encounter some problems — a double-opt in message, government intervention," he said.
Another point Halliday made was that while Android 4.2 is the most secure yet, with numerous security improvements, operating system fragmentation will prevent it from reaching most people until late 2013.
.
……………………..
img code photo … Flashback
asset1.cbsistatic.com/cnwk.1d/i/tim/2011/09/26/Flashback_…
(Credit: Intego)
……………………..
.
On the other hand, said Wysopal, the impact of mobile malware is definitely growing. "In 2012, half a percent of all mobile users got hurt by mobile malware in the U.S. That’s a million people, not an insignificant number. It’s a trend that is happening slower than expected, but it’s not going to go away."
The malware problem is likely to remain isolated from Apple’s iOS, according to Hypponen. "There’s still no iPhone malware. Five years after shipping one of the most popular systems, they have no malware problem at all. That’s a major accomplishment by Apple. Job well done."
—– Desktop threat, still a threat
Mobile is booming, with Android devices outselling Windows computers in Q3 2012, but that doesn’t mean that we’ll see a downturn in desktop-focused attacks.
One story that Hypponen says was underreported in 2012 was the rootkit known as ZeroAccess. "Zero Access is almost totally under the radar, yet it’s a massive, massive outbreak. It’s almost as big in size as Conficker, which was headline material for weeks. [Zero Access] is a commercial kit, being developed and sold by a Russian coder. [It] installs itself to the [master boot record] so it boots before Windows.
While Hypponen noted that Windows 8 and Macs use UEFI to create secure boot procedures that prevent rootkits like Zero Access, Microsoft’s Rains cautioned that eventually, and possibly in the coming year, this will force rootkits to evolve.
.
………………………..
img code photo … stuxnet
asset2.cbsistatic.com/cnwk.1d/i/tim/2012/06/13/stuxnet_30…
………………………..
.
Mac malware got a lot of attention in the second half of 2011 and in 2012 with Flashback, and that’s expected to continue. Hypponen said, "The author of the Flashback Trojan is still at large and is rumored to be working on something else. And while there have been smart security changes to the Mac OS," likely alluding to Mountain Lion’s Gatekeeper, "there’s a segment of the Mac-using population who are basically oblivious to the threats facing Macs, making them vulnerable to a new malware outbreak."
And across platforms, browsers remain a broad surface to attack despite ongoing improvements.
Jeremiah Grossman of WhiteHat Security said that new exploits and vulnerabilities, such as CSS sniffing attacks, will continue to cause turmoil in the most popular kind of desktop program. "Let’s say you just downloaded Chrome or Firefox. If I can get you to click somewhere on the screen, I can get you. These browsers are not really secure, it’s death by 1,000 cuts." we have 15 years of broken, faulty web code, we have a lot of garbage websites out there that are protecting a lot of interesting data.
—– Privacy and data breaches
One of the big notables in information security over the past year was the rise of awareness in data mining. Brought on by numerous privacy policy changes to high-profile social networks like Facebook, Google, and Instagram, by fast and loose trendy mobile app policies, and by shockingly large data breaches at companies that just can’t be bothered investing in better database protection, privacy is becoming a key security topic.
.
…………………………..
img code photo … hackerstwo
asset1.cbsistatic.com/cnwk.1d/i/tim/2012/06/12/100206hack…
…………………………..
.
Lookout’s Halliday said that he expects privacy to be a hot topic in the coming year. Not only has the California attorney general been pushing for companies to take a stance more favorable to consumers before the government is forced to step in, he said, but consumers are more aware in general.
"Devices are collecting not just location information, but contacts and your historical record of talking to them. We’d be more than happy if there was significant progress towards [better privacy] as a goal," he said.
WhiteHat Security’s Grossman pointed out that it’s not just malware writers who are using exploits. Difficult to detect until recently, "CSS sniffing was being done data aggregators," he said.
—– Holistic security
One trend that’s impossible to deny is that these security problems may start in discretely different realms, but the nature of the Internet is making them more intertwined than ever before. Malware-writing techniques pioneered for Stuxnet inspire consumer-targeted malware writers, who in turn are forced to develop new social engineering techniques as app stores, browsers, and Web site owners play Whac-a-Mole with vulnerabilities.
And issues like the potential for exploiting devices connected directly to the Internet, like smart TVs and DVD players; more creative, harder to stop social engineering; the commercialized selling of all manner of exploits; and utility and medical device hacks are expected to grow in impact.
As much as we don’t want to admit it, security is becoming an issue of ongoing education. 2013 would be a good year to get going on that.
Topics:Security Tags:roundup, 2013, 2012, prediction, security
About Seth Rosenblatt
Seth Rosenblatt is a senior editor at CNET, and has written about nearly every category of software and app available. At CNET since 2006, he currently focuses on browsers, security, and operating systems, with occasional forays into tech and pop culture.
.
.
.
………………………………………………………………………………………………………………………………………………………………………
.
…..item 2)…. youtube video …
— The Andromeda Strain (1971) Part 01 … 9:45 minutes
www.youtube.com/watch?v=wajIliPFHk4
………….
— The Andromeda Strain (1971) Part 02 … 10:04 minutes
www.youtube.com/watch?v=6Rd7ejqZSrg
…………..
— The Andromeda Strain (1971) Part 03 … 10:04 minutes
www.youtube.com/watch?v=VqOwqXafjcg
……………
— The Andromeda Strain (1971) Part 04 … 10:04 minutes
www.youtube.com/watch?v=CHXbBSFBfO4
…………….
— The Andromeda Strain (1971) Part 05 … 10:04 minutes
www.youtube.com/watch?v=dhp63DIM30o
……………..
— The Andromeda Strain (1971) Part 06 … 10:04 minutes
www.youtube.com/watch?v=Ab0woEupW90
………………
— The Andromeda Strain (1971) Part 07 … 10:04 minutes
www.youtube.com/watch?v=anwcFo4fwqA
……………….
— The Andromeda Strain (1971) Part 08 … 10:04 minutes
www.youtube.com/watch?v=wn82Q2JeB_g
……………….
— The Andromeda Strain (1971) Part 09 … 10:04 minutes
www.youtube.com/watch?v=O8Yv7LjD7tY
………………..
— The Andromeda Strain (1971) Part 10 … 10:04 minutes
www.youtube.com/watch?v=xHC7reln_tw
…………………
— The Andromeda Strain (1971) Part 11 … 10:04 minutes
www.youtube.com/watch?v=mUvOfnIPV0E
………………….
— The Andromeda Strain (1971) Part 12 … 10:04 minutes
www.youtube.com/watch?v=aqGztEExN4Y
………………….
— The Andromeda Strain (1971) Part 13 … 10:04 minutes
www.youtube.com/watch?v=OfsJ074Ccp4
…………………..
AStrainMov
Uploaded on Jul 31, 2008
The best-selling novel by Michael Crichton was faithfully adapted for this taut 1971 thriller, about a team of scientists(Arthur Hill, David Wayne, James Olson, Kate Reid and Paula Kelly) racing against time to destroy a deadly alien virus that threatens to wipe out life on Earth. As usual with any Crichton-based movie, the emphasis is on an exciting clash between nature and science, beginning when virologists discover the outer-space virus in a tiny town full of corpses. Projecting total contamination, the scientists isolate the deadly strain in a massive, high-tech underground lab facility, which is rigged for nuclear destruction if the virus is not successfully controlled.
The movie spends a great deal of time covering the scientific procedures of the high-pressure investigation, and the rising tensions between scientists who have been forced to work in claustrophobic conditions. It’s all very fascinating if you’re interested in scientific method and technological advances but it’s more effective as a thriller in which tension is derived not only from the deadly threat of the virus, but from the escalating fear and anxiety among the small group of people who’ve been assigned to save the human race.
The basic premise is still captivating; it’s easy to see how this became the foundation of Crichton’s science-thriller empire.
Category
Film & Animation
License
Standard YouTube License
.
.
.
……………………………………………………………………………………………………………………………………………………………………..
.
…..item 3)…. Beware of online banking: Security expert reveals that ANYONE can hack a bank’s app using free internet tools
… Mail Online – Daily Mail … www.dailymail.co.uk/sciencetech/
… Mobile security expert has demonstrated how a banking app can be hacked
… He built a dummy app and used reverse engineering to connect to a server
… When sending money, the server was able to obtain the user’s password
… It was then programmed to piggyback onto the payment and transfer money to the hacker’s account
… Arxan’s Winston Bond said reverse engineering can be used on any app
… There are also tools and online tutorials to teach hackers the process
By VICTORIA WOOLLASTON
PUBLISHED: 07:27 EST, 22 May 2014 | UPDATED: 08:58 EST, 22 May 2014
www.dailymail.co.uk/sciencetech/article-2636160/Beware-on…
.
More than two thirds of us now use smartphones to make payments and check bank balances online.
Many banking apps have a number of security measures in place – from two-step authentication to passwords and PINs – but they may not be as secure as first thought.
.
……………………
img code photo … SEND PAYMENT – dummy banking app
i.dailymail.co.uk/i/pix/2014/05/22/article-2636160-1E19D3…
Mobile security experts set up a dummy banking app, pictured, to demonstrate how the technology can be hacked using reverse engineering
Arxan
……………………
.
A mobile security expert has revealed to MailOnline how these apps can be hijacked using free tools available online – and the hackers don’t need any of the user’s login details.
Winston Bond is technical manager at mobile security firm Arxan Technologies.
To highlight the risks, he developed a dummy banking app before engineering it to connect it to an external server that could be run by a hacker.
During a demonstration, as he signed into the app, the password was automatically revealed on the hacker’s server.
During another demo, he sent money via the app.
The server was able to piggyback onto the payment and even transfer money to the hacker’s account at the same time.
Although this was a dummy demonstration, Bond explained it is the same process hackers are using to access official banking apps on mobile devices.
The hacking technique used is called reverse engineering.
.
More…
… Google’s 9 smart smoke sensor Nest Protect set to go back on sale after flaw that causes it to turn off if someone WAVES at it fixed
… The tricycle that could replace the cop car: Segway reveals ,000 three wheeler designed for police patrols
The process involves taking an object apart to see how it works, either to replicate or improve it.
.
………………………
img code photo … connected the app to an external server
— bin – Hacker’s Server
.
finnmcmissile% ./hackistan_server
########################################
Ready to capture mobile banking details
########################################
Password: arxan
Balance: 415
i.dailymail.co.uk/i/pix/2014/05/22/article-2636160-1E19D3…
As part of the engineering, expert Winston Bond connected the app to an external server that could be run by a hacker, pictured. During one demonstration, as he signed into the app on his iPad, the password was automatically revealed on this pretend hacker’s server on a laptop, pictured
Arxan
………………………
.
………………………
img code photo … The server was able to piggyback
— bin – Bank Of Arxan
.
finnmcmissile% ./BankOfArxan_server
BankOfArxan_Servier: using default port
New client: Winston’s iPad connect
Payment request: £10 to Wilf (ref: pocket money)
News client: Winston’s IPad connected
Payment request: £25 to Mark (ref: lunch)
Payment request: £50 to A.Crook (ref: Thank you)
i.dailymail.co.uk/i/pix/2014/05/22/article-2636160-1E19D2…
During another demonstration, Bond sent money to a person called Mark, via the app. The server was able to piggyback onto the payment and send money to the hacker’s account, pictured here as A.Crook. Although this was a dummy demonstration, Bond said it is the same process hackers use to access official banking apps
Arxan – Protecting the App Economy
………………………
.
Reverse engineering is not just used for hacking purposes, and is often a technique programmers use to find mistakes or errors in code in order to fix them.
In the case of apps, software reverse engineering involves translating the program’s binary code back into the source code it was originally written in.
.
….
— WHAT IS REVERSE ENGINEERING?
… Reverse engineering is the process of taking an object apart to see how it works, either to replicate or improve the object.
… It is not just used for hacking purposes, and is often used by programmers to find mistakes or errors in code in order to fix them.
… In the case of apps, software reverse engineering involves translating a program’s binary code back into the source code that it was written in.
… This source code reveals to the hackers how the app works, the steps it takes to complete certain tasks and details about the app’s structure.
… A reverse engineer can use a various tools to disassemble a program.
… One example is called a hexadecimal dumper, which prints or displays the binary numbers of a program in hexadecimal format, making it easier to read than binary.
… Another tool is a disassembler. This reads the binary code and displays each instruction in text form.
….
.
This source code reveals to the hackers how the app works, the steps it takes to complete certain tasks, and details about the app’s structure.
Hackers are able to manipulate this source code by adding in lines that connect the app to an external server, for example, or code that tells the app to reveal the password each time it’s entered.
More complicated code is used to create a rule, for example, that means every time a payment is sent, the same amount is sent to the hackers account.
Accomplished hackers can also edit the code to hide these changes from the program, so the software assumes everything is working as it should.
Once the changes are made, the edited code is uploaded back onto the company’s server.
And, as Winston Bond explained, all of these steps can be carried out using tools freely available online.
There are even online video tutorials that show programmers, as well as a hackers, how to access the source code of software.
He did point out that iOS apps and software are more secure and closely monitored than Android, for example – except on jailbroken devices.
‘Jailbreaking’ is the process of removing certain restrictions Apple places on apps and downloads, for example, and makes it easier for developers to adjust settings.
.
……………………..
img code photo … Reverse engineering
i.dailymail.co.uk/i/pix/2014/05/22/article-2636160-1E1A67…
Reverse engineering is the process of taking an object apart to see how it works. It is not just used for hacking purposes, and is often used by programmers to find mistakes or errors in code. Software reverse engineering involves translating a program’s binary code, stock image, back into the source code it was written in
……………………..
.
In many of the cases where banking apps are hacked, Bond continued the attack only works when a user downloads a separate, malicious app.
The demonstration was created after an Arxan study found hackers attacked 78 per cent of the top 100 paid Android and iOS apps last year.
.
…..
— HOW TO PROTECT YOURSELF?
… Many apps are now using additional software, including those developed by Arxan Technologies to prevent hackers from reverse engineering their products.
… However, firms do not reveal if they are protected by such services so users are advised to only download apps from official app stores.
… People should keep an eye on bank statements and report any irregularities.
… They should also check in the phone’s settings for any unusual looking processes running in the background.
… If any look suspicious, users can search online for the names of processes to see what they do.
… Experts also suggest installing antivirus apps on mobile devices.
…..
.
It revealed there were hacked versions of 100 per cent of the top 100 paid apps for Android, and 56 per cent of the top 100 paid apps for iOS.
Last year, Arxan found attackers modified 80 per cent of free Android apps, and this year, this was down to 73 per cent in the same category.
On iOS devices, 40 per cent were hacked last year, compared to 53 per cent this year.
The research unveiled cracked versions of popular financial apps to be at 53 per cent for Android, and 23 per cent were Apple iOS hacked variants.
.
— Share or comment on this article
.
Comments …
Share what you think
.
The comments below have not been moderated.
.
— Sid, Australia, Australia
And after all these wonderful foolproof actions and downloads, chuck the whole lot in the rubbish bin and walk to your banking institution JUST LIKE WE USED TO before we got lazy.
.
.
.
………………………………………………………………………………………………………………………………………..
.
.
.