 February 3rd, 2012 by lhaas
Reports are surfacing over the past couple of weeks regarding CyanogenMod’s plans for an app store. This venture would provide much needed income for the organization as well as providing a home for Google-banned apps.
Koushik Dutta, a developer of the popular CyanogenMod firmware for Android, is tossing around the idea of a black market app store — my words, not his – filled with apps that will only work on rooted Android phones.
“We also need an app store for apps that are getting shut down for no good reason, other than carrier, or some random corporation doesn’t like it,” Dutta wrote on Google+.
Read more: http://techland.time.com/2012/01/23/banned-android-apps-may-soon-have-a-place-to-go/#ixzz1lHGNym18
But some are questioning whether creating a haven for banned apps is really such a good idea. And can CyanogenMod pull it off properly? This article offers an interesting perspective:
You can’t have a Market with no limitations, or you’d have one filled with malicious apps that steal data, pirated copies of apps that are already existence, and far worse. It would be chaos in its purest form. Any third party Market would have to be policed just as heavily, if not more so to keep people out who think they could slip one past the little guy but couldn’t slip one past Google.
What happens when an app gets banned from the Android Market and then banned from the CyangoneMod Market? Do we go three levels deep with an Inception Market for people who don’t want to put up with the tyranny of the other two markets? Where does it end?
via Is a CyanogenMod-powered App Store a terrible idea?
February 1st, 2012 by lhaas
As many as 5 million users may have downloaded infected apps from the Android Market:
Dubbed “Android.Counterclank” by Symantec, the malware was packaged in 13 different apps from three different publishers, with titles ranging from “Sexy Girls Puzzle” to “Counter Strike Ground Force.” Many of the infected apps were still available on the Android Market as of 3 p.m. ET Friday.
“They don’t appear to be real publishers,” Kevin Haley, a director with Symantec’s security response team, said in an interview today. “These aren’t rebundled apps, as we’ve seen so many times before.”
Haley was referring to a common tactic by Android malware makers to repackage a legitimate app with attack code, then re-release it to the marketplace in the hope that users will confuse the fake with the real deal.
Symantec estimated the impact by combining the download totals — which the Android Market shows as ranges — of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. “Yes, this is the largest malware [outbreak] on the Android Market,” said Haley.
Android.Counterclank is a Trojan horse that when installed on an Android smartphone collects a wide range of information, including copies of the bookmarks and the handset maker. It also modifies the browser’s home page.
The hackers have monetized the malware by pushing unwanted advertisements to compromised Android phones.
via Massive Android malware op may have infected 5 million users
Developers, is your app secure? Get certified from viaForensics.
January 31st, 2012 by lhaas
At next month’s RSA Conference, researchers will demonstrate how the simple use of radio waves can be used to steal encryption keys.
“You tune to the right frequency,” says Kocher, who described the hacking procedure as involving use of a radio device much like a common AM radio that will be set up within about 10 feet from the smartphone. The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used, and computations can reveal the private key. “We’re stealing the key as it’s being used,” he says, adding, “It’s independent of key length.”
Kocher says the goal of the hacking demo, which Cryptography Research will demonstrate throughout the RSA Conference at its booth, is not to disparage any particular smartphone manufacturer but to point out that the way crypto is used on devices can be improved.
“This is a problem that can be fixed,” he says, noting Cryptography Research is working with at least one of the major smartphone makers, which he declined to name, on the issues around these types of radio-based attacks.
via Stealing smartphone crypto keys using plain old radio
January 30th, 2012 by lhaas
The upcoming issue of Digital Forensics Magazine will focus on mobile device digital forensics, including a feature article “Circumventing & Cracking the Android 3Ps – Patterns, PINs and Passwords” written by viaForensics’ Andrew Hoog and Thomas Cannon.
If you’ve even begun the journey into mobile device forensics, you’ve already likely encountered the dreaded “lock screen” on a device secured by a pattern, PIN or password. This article provides background on how Android implements the lock screens and techniques for circumventing and cracking them. Like many forensic techniques, this information could be used for nefarious purposes; however, our intentions are to empower practitioners who use forensics for legal purposes.
Subscribe online and watch for the full issue of Digital Forensics Magazine to hit soon.
January 25th, 2012 by jpisani
With the introduction of VMWare Player 4.0, VMWare Player seems to no longer automates certain aspects of the VMWare Tools Install process. Therefore, you will need to take a few additional steps in order to properly install VMWare Tools on your viaExtract Virtual Machine.
Upon initially opening the Virtual Machine, select Install VMWare Tools from the Virtual Machine tab at the top of the Virtual Machine. Select OK at the next message and a CD Icon Should appear on your Desktop. Double click the icon to open up the media window. This ensures that the CD has properly mounted and we can continue with the command line prompts. Open a Terminal Window (The Black Icon box at the top of your Virtual Machine and enter the following command.
cd /media/VMware\ Tools/
Next run:
ls
You should see 2 files. One is a manifest.txt file and the other is a VMWare tar file. Take note of the version in the file name. The version we installed is v8.8.1-528969 because it is the latest version of VMWare Tools. Should a newer version get released, that file name will change and you will have to change the next command accordingly. Run the following command. Please ensure that the version listed in the command is the exact same as the file listed from the previous “ls” command.
cp VMwareTools-8.8.1-528969.tar.gz /home/analyst/Downloads/
The reason we have to copy the file out is because VMWare player mounts the install CD as Read-Only, meaning we can’t issue our install commands from this location. Once the file has finished copying, run:
cd /home/analyst/Downloads/
You will now be in your Downloads folder. From here we can now unpack that tar file so we can actually install VMWare Tools. Run the following command.
tar xvf VMwareTools-8.8.1-528969.tar.gz
Again, if a newer version of VMWare Tools is released, you will have to change that command accordingly to match the exact version VMWare Player is attempting to install. Once the tar file finishes unpacking (The command prompt “$” will return), you will need to enter the folder that was just created. Run:
cd vmware-tools-distrib/
Once inside that directory, execute the following commands and VMWare Tools will begin installing.
**For advanced users: If you wish to change some of the default install directories, remove the –default from the following command. Only change the directories if you know exactly what you are doing though)
sudo ./vmware-install.pl –default
This process should take a minute or so. Once you see the command prompt, VMWare Tools should have successfully installed. Restart the VM to ensure their connectivity, and you can now begin using viaExtract.
January 20th, 2012 by lhaas
Gallivan, Gallivan and O’Melia (GGO, LLC), the e-discovery experts driving the move toward accessible, affordable e-discovery solutions, have partnered with Legal Talk Network to produce the ‘Digital Detectives’ series of podcasts for 2012. The Digital Detectives series aims to inform legal and technology professionals on a wide range of emerging topics in e-discovery, computer forensics, information security, litigation, and trial technologies.
In the podcast series, Sharon Nelson and John Simek invite experts to discuss important topics of interest to litigators, corporate counsel, computer forensics and e-discovery professionals….
The monthly podcast series will kick off 2012 with guest Andrew Hoog, Chief Investigative Officer at viaForensics, in a discussion on Smartphone Security. In February, Digital Detectives will host Neil Squillante of TechnoLawyer, discussing the “Top Resources for Staying Current in E-Discovery”.
Find the complete library of Digital Detectives podcasts on the Digital Talk Network site at http://legaltalknetwork.com/podcasts/digital-detectives/. Gallivan Gallivan & O’Melia (GGO) is proud to sponsor the efforts of visionary educators and thought leaders in litigation technology and e-discovery.
via Digital WarRoom Sponsors Digital Detectives Podcast Series, Currently Featuring Bruce Olson on Cost Effective E-Discovery for Small Cases.
January 20th, 2012 by lhaas
The battle is heating up:
A day after the Internet was abuzz with protests of the proposed SOPA and PIPA anti-piracy bills, the Department of Justice took a major action against many of the top executives of Megaupload, a popular file-sharing site that the government says was the basis for an “international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works”. Prosecutors revealed indictments against seven people, all of whom are foreign nationals, as part of the case. As a result of the indictments and shutdown of Megaupload, Anonymous retaliated with a series of DDoS attacks against sites owned by Justice, Universal Music and the Motion Picture Association of America…
“According to the indictment, for more than five years the conspiracy has operated websites that unlawfully reproduce and distribute infringing copies of copyrighted works, including movies – often before their theatrical release – music, television programs, electronic books, and business and entertainment software on a massive scale. The conspirators’ content hosting site, Megaupload.com, is advertised as having more than one billion visits to the site, more than 150 million registered users, 50 million daily visitors and accounting for four percent of the total traffic on the Internet,” Justice Department officials said in a statement.
via U.S. Shuts Down Megaupload File-Sharing Site, Anonymous Retaliates With DDoS Attacks | threatpost.
January 19th, 2012 by lhaas
We’ve been preaching for years that organizations needs to take a more proactive approach to their security. Services, such as our liveForensics, add additional layers of security to protect against such breaches.
Unfortunately, the Postbank’s fraud detection system hasn’t performed as it should, and the crime was discovered only after everyone returned to work after the holiday break. Apparently, it should not come as a surprise – according to a banking security expert, “the Postbank network and security systems are shocking and in desperate need of an overhaul.”
The post office and the police have confirmed that the breach happened and that the National Intelligence Agency (NIA) is involved in the investigation. The bank has issued a statement saying that none of its customers’ bank accounts were affected by the heist.
The investigation will hopefully reveal whether the backdoor into the compromised computer was installed by the employee unwittingly or whether the employee was recruited by the gang to allow them access.
via Hackers steal $6.7 million in bank cyber heist.
January 18th, 2012 by lhaas
Silver lining of last year’s security breach is that it has lead to stronger security and better awareness of security issues.
On another topic, Coviello says businesses are rushing and therefore missing an opportunity to build security into virtual and cloud environments as they adopt them.
“[A]s much as I’ve preached for three or four years that we have an opportunity to get it right this time as we virtualize our environments and we go to cloud [by building] security in, it just isn’t happening,” he says. “We’re making the same mistakes all over again.”
The problem is that businesses crave the functionality and savings of virtualization and cloud at the expense of security. “[I]t’s just unfortunately the way the world works sometimes, that people want to get the benefits of a new technology wave and don’t always think through all the security ramifications,” Coviello says.
Despite those shortcomings, Coviello says businesses are accelerating the overhaul of their traditional security to adopt defensive models that are advocated by RSA, particularly automating security analysis and response.
“You would like to think that people would come to these conclusions and act on them more quickly,” he says, “but there’s such competition –whether it’s budget, whether it’s business initiative, whether it’s overhauling their own infrastructure, whether it’s this crazy economy we’re working with — it never goes as fast as you think it should or could.”
via RSA chief: Last year’s breach has silver lining.
January 16th, 2012 by lhaas
Technologies for mobile payments are popping up, including Square and PayPal Mobile. Google Wallet may be the furthest along, although early security concerns (which have now been addressed by Google Wallet) illustrate the need for these new technologies to pay careful attention to how sensitive information is being stored on mobile devices.
Google Wallet uses Secure Element. This chip is embedded in a smartphone, SD card, or credit-card smartcard and encrypts payment information. Google’s website says MasterCard PayPass secures credentials as the transaction is made. Ramirez says the probability of information being intercepted by a third party in the middle of a transaction is very unlikely because of how wireless networks communicate with each other. “It’s infeasible because of the fact that you can’t have two channels communicating to each other at the same time,” he says.
However, a study by security company viaForensics found that Google Wallet stored information, such as the smartphone user’s name, credit-card information, email address and the last four digits of a credit card, which was obtainable by root-accessing a device. Root-accessing allows unrestricted access to information that’s stored on a device. Andrew Hoog, who is a co-founder of viaForensics, says his company notified Google of its findings.
Nate Tyler, who is a spokesperson for Google, tells Consumers Digest that the Google Wallet app has been updated to delete transaction information permanently after a purchase.
Ramirez reminds mobile payment users to safeguard their data by setting separate pass codes for their smartphone and mobile payment account. Consumers also should cancel their credit card if their smartphone is lost or stolen. When it comes to loyalty-based payment apps, such as Starbucks, Hoog reminds consumers to download the company’s official app for the best security. “Look for names that are reputable,” he says.
via News | Analysts: Mobile payment options to grow in 2012 | Consumers Digest.
|
|
