The Heartbleed Still Bleeds

July 6, 2014 — Leave a comment

Just when you thought that we are done with the Heartbleed threat, there is some bad news to spoil the mood. As you remember, this was the most serious OpenSSL vulnerability, we have ever seen. The funny thing about it, though, is that we had 600,000 servers potentially jeopardized at the beginning of this unusual crisis. What is the situation right now?

Well, for what is worth, two months after the bug was discovered, we still have more than 300,000 servers left with no appropriate protection. Two months we had to deal with this trouble. And what have we done? We only cut it in half. This is a fantastic example, how we treat our security seriously. We are being ironic on this one. We hope that is obvious.

The trouble with the curve in this matter is that the knowledge about the potential security threat is not enough to eliminate it quickly and efficiently. How much more time do we need to eliminate the Heartbleed completely? Two more months, or maybe two more years? Yes, our dear friends, this is the reality we are living in.

The Heartbleed still bleeds, and there is nothing we can do about it. Can we? It seems that the pressure was not strong enough to make IT security experts do something seriously and quickly about it. Or, maybe we are exaggerating. Maybe, it is too much to ask while demanding to clean 600,000 servers in 6 weeks. Either way, we lose, for sure.

KitKat Security Smart

July 5, 2014 — Leave a comment

According to the most recent findings of IBM security experts, it seems that KitKat and other newer Android versions have a serious security flaw. The main focus of their report was the KeyStore segment of the Android OS. The things could not get worse in this matter for Android, could they? How are we to interpret these findings?

Well, this is definitely a bad news for all Android users. KeyStore is the most important and sensitive component for the proper security functioning of any system. It would be very interesting to see how Google will react about this one. We are also not sure whether or not the IBM can claim the bug bounty, in the first place?

For what is worth, being the number one platform for mobile devices in the world, certainly draws a lot of attention both positive and negative one. Living under the spotlights is definitely not an easy thing. However, Google has probably gotten used to it by now. What about the signature of these findings?

Well, we sure hope that Microsoft or Apple signatures are completely eliminated in these cases. Who is who’s best friend in this story is a question worth million dollars. It comes without saying that Android has been extremely successful. We sure hope that they will be dedicated enough to security issues solving, as well.

Korben’s Report

July 5, 2014 — Leave a comment

It seems that one French blogger was a busy little bee. He had apparently discovered one, at least to say quite a bizarre security flaw associated with the MediaTek chips. So, let us see what has our friend Korben discovered and why it is so important from the security point of view? Should we hate or adore him for what he had done?

Here is the funny part of this intriguing story. Korben has figured it out, that when you send “=” through an SMS to some smartphones, which uses MediaTek chips, the following happens. Your smartphone restarts automatically after receiving this message. Really disturbing, isn’t it? What can we do about it?

Well, you have two options. Either you will acquire a new smartphone without these chips, or hope that your friends will not kill your phone with these “=” SMS. How can this happen and be possible in the first place, is yet unknown. What we need to know to eliminate this trouble, is also unknown.

We do not have to guess twice what is happening in your head as you read this post, do we? You are probably wondering, what can happen if you try some other symbols for these MediaTek related SMS? How thin is a borderline between restarting and hacking a smartphone? Well, we hope youwillnot be the one to find out.

The Blind Man Who Taught Himself How To Hack

July 3, 2014 — Leave a comment

Although, you may find this story hard to believe, we are actually referring to a true event, which took place in Zambia. Believe it or nor, a blind hacker is facing a two years imprisonment for his crimes. Yes, you got that one right. He is a blind person. He lives in one of the last countries you could possibly expect for a hacking to occur.

And yes, he was able to successfully hack one of the leading Zambian telecommunication companies. In addition, this extraordinary hacker was able to ensure access to mobile phones used by the Zambian minister of defense and minister of foreign affairs. So, what was the damage caused by his hacking activities?

Well, no more than $4,000 for the period of four years. Pay attention, only for the phone bills on the “borrowed” phones. For what is worth, we do not favor or support crime in any form or situation. However, this remarkable individual, who was able to overcome his disability, definitely deserves a better fate than a jail time.

At least what Zambian government can do in his case, is to offer him a well-paid full-time job in either some telecommunication department or in the police. He has proven his talents already, hasn’t he? A man like him you definitely need to have as your most trusted ally. Never as your worst enemy. Right?

E-mail Untold

July 2, 2014 — Leave a comment

There are so many things your e-mail can tell about you, which are beyond your control or influence. The very first thing is your location. Your e-mail comes with your IP address. Almost anyone can learn more about your location with the use of the following link: http://www.yougetsignal.com/tools/visual-tracert/. And, that is not all.

People, who have received your email, can easily run it through various social networks. This is a simple way to determine for which apps your e-mail has been used for registration purposes. All they have to do is to identify your Facebook profile with the help of your e-mail. What possibly more they could have asked for?

Here is one extremely useful site, which can be used to list all networks and websites your e-mail has gone through for the registration purposes: knowem.com. Here is an appropriate word of advice in this matter. Create two e-mails. One for communication and the other for registration purposes. Even a couple of them, if necessary.

Some people have even found a way to make money out of these situations. On http://www.spokeo.com for a few bucks per month you can get a detailed report about an e-mail of your greatest interest. What is the moral of this educational story? The worst enemy, when it comes to your IT security, are you yourself. Think about it.

Look There’s Luuuk!

July 1, 2014 — Leave a comment

The guys from the Kaspersky Lab were busy little bees, as usual. This time they have discovered a fraud scheme, which seriously crippled one of the major European banks. We are talking about an impressive amount of more than $500,000, which went into the wrong, but extremely skillful hands of hackers. Are you eager to find out more about this unlawful profitable scheme?

Well, first things first. Let us start with the C&C server and Zeus malware software. Although, it is not quite sure which form of the Zeus malware was used for this particular purpose (Citadel, Spy Eye, IceIX, etc.), the fake banking experts obviously knew which one to choose in order to achieve their financial goals. They also knew how to successfully cover all of their tracks.

Here is the most interesting part of this extremely indicative crime story. The money itself was not transferred to hackers’ bank accounts. Actually, they were able to use temporary accounts and pick up the money by using the ATMs. In addition, they even used various teams to withdraw different amounts of money. Really impressive indeed.

So what is the moral of this story? Well, this does not necessarily mean that you have to run for help and assistance from the Kaspersky Lab Team. You simply have to be aware of the following fact. The bigger you become, it does not mean you will become invulnerable by default. This is a signal for all kinds of thieves out there to keep their eyes on you and your clients. Think about it!

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

IT Security