Showing posts with label online security. Show all posts
Showing posts with label online security. Show all posts

Friday, 28 December 2018

Computer Chip Vulnerabilities Discovered

Computer Chip Vulnerabilities

Researchers discover new Computer Chip Vulnerabilities!

We all know computer chips, software updates and their ilk are all not free from bugs and more. But now researchers at Washington State University have discovered another flaw in computer chips that could cause some serious vulnerabilities. These so called computer chip vulnerabilities were previously unknown to man and now that they are known can cause some huge problems.

These computer chip vulnerabilities can cause failures in modern high tech electronics even though they of the high performance variety. One would expect the high performance computer chips to be relatively free from such problems but the reality is something else altogether. 

Causing a deliberate Computer Chip Vulnerability: 


Researchers at Washington State University found that by deliberately adding malicious work load onto the computer chip they could affect the communication system on the chip. This communication system on the chip is important and damaging that could cause some big problems.

Talking of big problems, such a computer chip vulnerability could cause the computer chip’s life to shorten drastically.

Working to Understand Computer Chip Vulnerabilities: 


Researchers have been at work trying to understand how vulnerable computer chips really are to malicious attacks. This they do in order to identify threats and devise suitable actions to remedy such computer chip vulnerabilities.

Many tech vendors such as Samsung and Apple deliberately send software updates that intentionally slow down earlier phone models as a way to encourage people to buy newer more expensive models.
Research into computer chip vulnerabilities has earlier looked at various computer chip components like computer chip memory, circuit boards, processors and other areas for computer chip vulnerabilities. But researchers at Washington State University have discovered new threats in the most important part, which was previously not looked into – The communications system.

Not only was this vulnerability discovered in the backbone of the computer chip, it was also discovered that high performing computer chips had such vulnerability too.

“The Glue that Holds Everything Together”

The communications system in a computer chip is the glue that holds that entire processing of the chip together. Once that glue breaks down, a very powerful chip becomes useless.

High performance computer chips have a number of processors that perform large amounts of complex work. These processors communicate with each other through the communications system on the chip. This communication system also coordinates all the processes. So it is not hard to imagine a slight flaw in such area could cause some serious damage.

Researchers are at present looking for ways to incorporate such high performance chips with multiple processors onto hand held devices. This computer chip vulnerability could potentially affect our smartphones too.

Researchers at Washington State University devised a series of attacks that targeted the communications system. The results were shocking, in that the entire communications system was affected and was likely to fail because of such an attack.

Such computer chip vulnerabilities could be used by malicious persons to target a computer chip and cause it to malfunction.

Wednesday, 6 June 2018

How to Minimize Privacy Risks from Smart Gadgets

Smart Gadgets Echo

Smart Gadgets are prone to Security Risks

As the number of smart gadgets keep increasing, they make our homes smarter and lives easier. On the flip side, the smart gadgets are prone to security risks thus making them vulnerable to hacking.
There are a number of smart gadgets that have become vulnerable and prone to security risks. The Amazon Echo smart speaker had sent a private conversation to an acquaintance thus increasing the risk of the new voice-enabled technology.

Another smart gadget in the form of a smart doll which was seemingly a harmless toy was in fact a security risk. The smart gadget was used by hackers to intercept conversations over the connection.

A smart car too is not free from security risks. According to security researchers, the common car gadgets were vulnerable to cyber-attacks. The telematic control unit (TCU) are used for navigation, voice and data communication. The researchers were able to attack one of the TCU gadgets which was basically used to track per-mile insurance. The device that was installed in the car enabled them to hack into the car’s systems thereby taking complete control of all the functions of the car.

Let us take into account another smart gadget like the smart fridge. It is easy to get all the information regarding the user’s Gmail. A hacker can intercept all communications over a compromised internet connection. The home network that is connected to the smart fridge becomes vulnerable. According to the security researchers, a flaw in the SSL integration makes it easy for the hackers to access the network and in turn keep a track on all the activity linked to the user name and password that connects the fridge to the Gmail.

Various ways of protecting the smart gadgets from cyber attacks 


There are a few ways to ensure that your smart gadgets are safe from hackers. We can adopt certain practices to make our homes and personal data safe.

Our primary goal is to ensure that the network that enables all the smart gadgets is secure. Make sure that you do not connect to open or any public Wi-fi. On your home Wi-fi, enable password protected access. In case you have a default password on a router, make sure to change it.

On all the smart gadgets that are connected, make sure that all the operating systems are updated.
Get a secure router where the network security is enhanced.

Buy smart gadgets with added security. 


If the smart gadget that you are using is a smart speaker, then you can turn off the microphone button so that any private conversations are not prone to attacks.

In the case of smartphones you can turn off the mic access to all the apps except those apps used for video conferencing or voice recorders.

You can cover the camera of your smart gadgets like laptops or smartphones to prevent spying. The security camera in the house can be turned towards the wall when you are at home.

Since we are in an age where smart gadgets have become a part of our daily lives, we should make sure that we buy devices after checking out the reviews and also check out videos that will keep you aware of the security risks and glitches.

Wednesday, 26 October 2016

Hackers Used New Weapons to Disrupt Major Websites Across U.S.


map
Crucial sites were difficult to reach to individuals crosswise over wide swaths of the United States on Friday after an organization that oversees vital parts of the web's framework said it was under assault. Programmers unleashed a mind-boggling operation on the internet through some devices like webcams and computerized recorders and slice access to a portion of the world's best-known sites, a staggering rupture of worldwide web dependability. Clients reported sporadic issues achieving a few sites, including The New York Times, Spotify, Twitter, Reddit, Airbnb,Etsy, SoundCloud, and Netflix. The organization, Dyn, whose servers screen and reroute web activity, said it started encountering what security specialists called a dispersed dissent of-administration assault in the early morning.

Reports that numerous locales were blocked off began on the East Coast, however, spread westbound in three waves as the day wore on and into the night. Also, in an upsetting improvement, the assault seems to have depended on a huge number of web associated gadgets without their proprietors' knowledge — with programming that permits programmers to summon them to surge an objective with overpowering activity.

The assaults were not just more regular, they were greater and more advanced. The run of the mill assault dramatically increased in size. Besides, the aggressors were all the while utilizing diverse techniques to assault the organization's servers, making them harder to stop. The most successive targets were organizations that give web foundation administrations like Dyn.

The main cause and working of the gadgets-

Jason Read, the creator of the web execution checking firm CloudHarmony, possessed by Gartner Inc., said his organization followed a half-hour-long interruption early Friday influencing access to numerous destinations from the East Coast. Dyn is a New Hampshire-based supplier of administration for overseeing DNS, which goes about as switchboard associating web activity. Krebs, whose site was focused by a comparative assault in September, said the XiongMai gadgets are basically unfixable and will remain a threat to others unless they are completely expelled from the web.

These gadgets are thusly used to make a botnet, or robot system, to send a large number of messages that thumps the out casualties' PC frameworks. The source code for Mirai was discharged on the purported dull web, locales that work as a kind of online underground for programmers, toward the start of the month.

The assault comes during an era of increased open affectability and worry that the country's establishments and framework could confront huge scale hacking assaults. The latest illustration has been the arrival of messages stolen from the servers of the Democratic National Committee, which the USA knowledge sources say was the work of Russian Federation.

The theme has come up often amid the fall's hard-battled presidential crusade. The US Department of Homeland Security and Federal Bureau of Investigation both were mutually exploring the late blackout. Dyn authorities wouldn't affirm the figure amid a phone call later Friday with correspondents.

It is too soon to figure out who was behind the assaults, however, it is this kind of assault that has US authorities concerned. They are concerned that an assault could keep nationals from submitting votes.

Thursday, 6 October 2016

Have hackers turned my printer into an offensive weapon?



list
It was just last month that is in September one of the largest net attacks took place with pinpointed a renowned OVH a French hosting firm and a blogger. This single attack is believed to have comprised of over one trillion bits of data. Both of the hacking events marked a change in the methods used by hackers who survive by breaking into websites which hold widespread data add this form of attacks is known as Distributed Denial of Service attacks (DDoS). The data was sent to the targets through and other such "smart" devices which were hijacked by the hackers.

Can I tell if my webcam/DVR/printer is attacking someone? 

Well to be honest, not easily. If you are a medium of bombarding someone else, your internet speed may slow down however it may not be noticed at times of normal browsing while it may be evident when it comes to video or music streaming or games which will lag. For those who are tech savvy, they can make use of software’s which keep a tab on the flow of data packs on their home network, however this is not easy if you are unaware of what you are doing exactly.

Could I get in trouble for letting my webcam attack someone? 

In terms of legality, you can’t get into trouble with the police however it is believed through researches that a hacker can get into your internal network through a webcam hack and keep a tab on everything else. So in such a case you have an intruder which is best if gotten rid of by taking the necessary action.

Why are malicious hackers using these devices? 

That’s because it is way easier to hack in comparison to PCs or servers and these devices tend to make use of default passwords and fail to have any kind of security software in place. And to the benefit of the hackers, there are endless numbers that stay on all day long and it is a task to both update as well as secure. In modern days it is extremely easy for hackers, they are able to target vulnerable devices and put together an army of their own to create a botnet without having to rent hijacked machines like in the past.

What kind of devices are they scanning for? 

Web-associated cameras are especially prominent however outputs are likewise being completed for advanced TV recorders, home routers and printers. All these have a fundamental processor inside that can be subverted to pump out attack packets. Brian Krebs, the blogger who experienced an assault an IoT botnet, has ordered a rundown of gadgets known to have misused his webpage with information. Large portions of the login names and passwords for these gadgets are anything but difficult to-crack. On 1 October, source code for one IoT assault was freely shared, driving some to propose that numerous more malignant programmers will now begin checking for vulnerable gadgets. This guide made by security firm Symantec demonstrates where Europe's botnets are facilitated. Turkey is home to the vast majority of the commandeered devices and PCs.

How new are these types of attacks? 

The main DDoS assaults were seen on the web in 2000. The primary influx of information bombardments was gone for betting locales which were undermined with being thumped disconnected unless they paid an expense. The greater part of those coercion endeavors utilized commandeered PCs to send information. Presently the ascent of the Internet of Things that is populated with brilliant gadgets has commenced recharged enthusiasm for these sorts of assaults. Security scientists have cautioned about the perils of unreliable IoT gadgets for quite a while yet they are beginning to be utilized for critical assaults sooner than numerous individuals anticipated.

Friday, 12 August 2016

Hackers Breach the Ultra-Secure Messaging App Telegram in Iran

Telegram

Telegram Accounts Hacked – Susceptibility of SMS Text Message


According to Reuters, over a dozen Iranian Telegram accounts, like the messaging app having a focus on security have been compromised in the last year due to the susceptibility of an SMS text message.They have recognized around 15 million Iranian users’ phone numbers, which seems to be the biggest known breach of the encrypted communication systems as informed by cyber researchers to Reuters.

 According to independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, studying Iranian hacking groups for three years has informed that the attack which had occurred this year, had not been reported earlier, has endangered the communication of activists, journalist together with several others in sensitive positions in Iran, where Telegram is said to be utilised by around 20 million users.

Telegram tends to endorses itself as an ultra-secure instant messaging system since all the data is encrypted from beginning to end which is known as end-to-end encryption. Various other messaging services comprising of Facebook Inc., WhatsApp state that they have the same proficiencies. Telegram, which is headquartered inBerlin, states that it has 100 million active subscribers and is extensively usedin Middle East, inclusive ofthe Islamic State militant group and in Central and Southeast Asia as well as Latin America.

Authorization Code –Diverted by Phone Company/Shared with Hackers


According to Anderson and Guarnieri, the susceptibility of Telegram is in its use of SMS text messages in activating new devices. When a user tends to log on to Telegram from a new phone, the company directs them with an authorization code through SMS which can be diverted by the phone company and shared with the hackers, according to the researchers.

Equipped with the codes, the hackers can now add new devices to the Telegram account of the user enabling them to read chat histories together with the new messages. Anderson had informed during an interview that they had over a dozen cases where Telegram accounts have been negotiated through ways that sound like fundamentally coordinated with the cellphone company.

According to the researchers, Telegram’s dependence on SMS verification tends to make it defenceless in any country where the cellphone companies are possessed or profoundly influenced by the government.

Iranian Hacking Group – Rocket Kitten


Telegram spokesman stated that customers could defend against these attacks by not relying on the verification of SMS. Telegram enables though it is not essential that customers create passwords which could be reset with the so-called recovery emails.

The spokesman, Markus Ra has informed that if one has a strong Telegram password and the recovery email is secure, the attackers can do nothing about it. The researchers believe that the Iranian hacking group Rocket Kitten is responsible for the Telegram breaches based on resemblances to the setup of past phishing attacks credited to the group.

There is a prevalent rumour that Rocket Kitten tends to have ties to the Iranian government. John Hultquist, managing the cyber espionage intelligence team at the security firm FireEye, of Rocket Kitten has informed that `their focus generally revolves around those with an interest in Iran and defense issues however their action is completely global. With regards to Telegram attacks, it has also been suggested by the researchers that SMS messages could have been conceded by Iranian cell phone companies, which is an industry that has prospective links with the government

Monday, 25 July 2016

How to Stay Anonymous Online

Anonymous Online
Credit:MIT News

New Privacy Pattern – Strong Security Guarantees


Privacy networks tend to guard individuals living under exploitive regimes from scrutiny of the Internet usage. However from recent discovery of susceptibilities in most of the well-known networks, Tor has urged computer scientists in endeavouring to come up with more secured privacy patterns. In July, at the Privacy Enhancing Technologies Symposium, scientists at MIT’s Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federal de Lausanne will be presenting a new privacy pattern which would offer strong security guarantees though will use bandwidth more efficiently than its ancestors.

In tests, the systems of the researchers needed only one-tenth as much time just like secure experimental systems in transferring a large file between unidentified users. Albert Kwon, a graduate scholar in electrical engineering and computer science and first author on the new paper, said that the initial use case that they thought of was to do anonymous file-sharing where the receiving end and sending end do not know each other.

The reason was that things like honeypotting, where spies tend to offer services through an anonymity network in order to entrap its users, are a real issue. However they have also studied applications in microblogging, something like Twitter, where one would want to secretly broadcast your messages to everyone.

Heart of System – Sequence of Servers - Mixnet


The system invented by Kwon and his co-authors, his advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT, David Lazar, a graduate student too in electrical engineering and computer science together with Bryan Ford SM `02 PhD’08, an associate professor of computer and communication sciences at Ecole Polytechnique Federale de Lausanneworks on many prevailing cryptographic techniques though connects them in a novel way.

The heart of the system is a sequence of servers called a mixnet wherein each server tends permutes the order where it receives messages before it is passed on to the next. If messages from Sender Alice, Bob and Carol tend to reach the first server in the order A, B, C that server would send them to the second server in an altered order like C, B, A. The second server would permute them before sending them to the third and so on. The message that had been tracked from the point of origin, by an opponent would not know which was which by the time they had exited from the latest server

The New System – Riffle


It is this reshuffling of the messages which is said to be named – Riffle, for the new system. Similar to several privacy systems, Riffle tends to also use a technique known as onion encryption – Tor, in which case is an abbreviation for `the onion router’.

In the case of onion encryption, the sending computer tends to wrap each message in many films of encryption utilising a public key encryption system such as those that tend to protect most of the online financial transactions. Each of the servers in the mixnet seems to remove only one layer of encryption so that last server only knows the final destination of the message.

To prevent message tampering, Riffle tends to use a system known as verifiable shuffle. Due to the onion encryption, the messages which each server seems to forwards do not look like the one it received, it has peeled off a layer of encryption. However the encryption could be done in a way which the server would generate a mathematical proof which the messages it sends seems valid operations of the ones receiving it.

Wednesday, 4 May 2016

Hackers Steal Millions of Minecraft Passwords

Minecraft

Minecraft Passwords Stolen by Hackers


Login data of more than seven million members of the Minecraft site Lifeboat has been stolen by hackers. Lifeboat is a service for determined servers and customized multiplayer games for Minecraft Pocket Edition and this data breach tends to affect customers who seem to use the service. If one has used Minecraft Pocket Edition without signing up for Lifeboat, it is ok but if one used Lifeboat, they would possibly get a message compelling them to change the password for the site in early 2015 which was because the company was aware about the hack, though it had not made the information public till recently. Lifeboat permits members to run servers for customised, multiplayer maps for smartphone edition of Minecraft.

There is confirmation that the information that is stolen comprising of email addresses and passwords is provided on site that trade in hacked data. Investigation recommends that passwords were weakly protected and hence attackers could work them out with ease. Evidence regarding the breach had been passed to Tony Hunt, independent security expert, who stated that he had received the list from someone who tends to trade in stolen identifications. Most of the people had informed him that the data had been circulating on dark net sites.

Passwords for Lifeboat Hashed – Little Security


Mr Hunt had mentioned that the data had been stolen in early 2016 though the breach had only been known, now. He said that passwords for Lifeboat accounts were hashed though the procedure utilised provided little security. Hashing is said to be a technique utilised to scramble passwords in order that they are not easily read if the data tends to get stolen or lost. According to Mr Hunt, usually a Google search for hashed password would practically provide it in an accurate plain text and people familiar in cracking tools could possibly computerize and accelerate this procedure.

He further stated that a Google search for a hashed password could quickly return the correct plain text value and well known cracking tools could automate as well as speed up this procedure. He had mentioned in a blogpost regarding the breach that a large percentage of those passwords would be reverted to plain text in a short time. He also informed that this often tends to lead to other security problems since several people re-use passwords and find out one which could lead attackers to compromise accounts on other sites. Lifeboat, in a statement provided to Motherboard, had stated that it had taken action in limiting the damage.

How to Minimise Damage to Users


It informed the news site that when this occurred in early January, they figured the best thing for their players was to quietly force password resets without letting the hackers know they had limited time to act, adding that it now used stronger hashing procedures. It also mentioned that they had not received any reports of anyone being damaged by this. Mr Hunthad been critical of the company for `quietly’ compelling the password re-set stating this policy had left him speechless.

As an alternative, he said that Lifeboat should have done more in alerting users so that they could change passwords rapidly if they used the same one on other sites. He said that the first thing which should be a priority with any company after an incident like this is `How to minimise the damage to the users’.

Wednesday, 13 April 2016

The Ransomware That Knows Where You Live

Ransomware

Ransomware - Scam Email Quoting People’s Postal Addresses -


As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.
Ransomware_1

Addresses Highly Precise


One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases


As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.

Thursday, 24 March 2016

Why the Government can’t Actually Stop Terrorists from Using Encryption


Whatsapp

Encrypted devices at the hand of the governmental agencies seem like a bliss but same is made available for the common public or more importantly lands in the hands of terrorists then world appears to be in danger. U.S. government is currently failing to gain an upper hand in the fight to compel the tech giant Apple and others to give access to their encrypted devices. But having to these encrypted devices and technologies will not be enough to marginalize the wide availability of same technologies to the terrorists and criminal minded individuals.

How the encrypted service or devices turns to be out-of-reach of U.S. government

Most of the encrypted products and services are made by the developers who are from all parts of globe. In simple words most of the encryption projects happens to be open source in nature which brings an amalgamation of great developers from across the globe and it puts them out of government’s reach as well.

An example will help in understanding the limitation of governmental agencies in going after the encrypted services and products. There is a popular instant messaging service based in Germany called Telegram and it offers one of kind encrypted chat functionality. Another encrypted services provider which helps in encrypted voice call and test messages is called Silent Phone which is based in Switzerland. They are simply out of reach of the U.S. government but are easily available for the public and criminal minded individuals alike.

Open source projects are simply driving the ushering of encrypted technologies reach

A research conducted by the Open Technology Institute has revealed that there are about 16 different applications for encrypted communications are being developed outside of US mainly through the open source projects.

U.S. government hands are simply tied as it can’t stop the developers from developed such application outside its borders. However it is enraging a battle against the domestic companies which offers encryption services to its consumers.

Even more number of common users has started making use of strong means and forms of encryption technologies than before for their own reasons. This has made it necessary for the tech companies to bring such encrypted features in their own applications as default in order to reign in consumers from adopting other applications. iPhone has already brought the features of setting up the password by default in order to encrypt the information stored on the device. On other hand Facebook owned Whatsapp is thinking aggressively about bring an encrypted texts and messages features on its instant messaging platform.

U.S. government has finally understood that with continuous availability and emergence of new mode of encrypted communication applications it is not feasible to reign in the availability to the users. But as it is working on other front of reducing the amount of information which is likely to get encrypted by bringing in default encryption features in the popular applications and devices. In other words U.S. battle against encryption is not going to stop the common users and terrorist alike from using the encryption technologies in future.

Tuesday, 22 March 2016

Chinese Hackers Behind U.S. Ransomware Attacks Security Firms

Hack

A group of four security firm investigating the cyber attacks on the U.S. based companies has found that most of the hackers make use of the same tactics and tools which were once associated with the Chinese government supported cyber attacks. Ransomware has become a major tool for unleashing the cyber attacks on the unsuspecting common users. Ransomware as the name suggests simply take over the control of the system and very carefully encrypts all the data stored on the system which leaves it inaccessible to the users. In order to get back the access users are required to a ransom of few Bitcoins.

Hackers tricks users into installing Ransomware

Security firms have stated that hackers use various complex and highly intelligent ways to spread ransomware by actively exploiting the vulnerabilities found in the application servers. Once vulnerability has been compromised hackers tricks users into installing ransomware on their devices. In one of the recent attacks more than 30% of the machines at transportation and a technology firm were infected with the ransomware.

The rise of ransomware over the years

Ransomeware aren’t something new as it has been in wide usage by the cyber criminals over a decade. In the beginning unsuspecting users were lured into downloading infected programs or antivirus suits which when installed happens to overtake the device and requires a ransom of certain amount in order to get back the access.

However in the recent years cyber criminals has got hand at the better encryption techniques which ensures that users wouldn’t be able to get access to their files without paying the ransom. Formatting the devices is a great way to do away with the ransomware but it comes at the cost of losing all the data associated with device. Ransomware payments are mainly made in the virtual currency Bitcoin which offers secrecy from governmental agencies and others.

‘Mind’ game behind ransom

Ransomware happens to be one of the most successful tools of the cyber criminals as a greater percentage of infected users end up in paying the modest ransom amount for their inaccessible data. Cyber criminals usually set a modest price as a ransom in order to give back the access to the users. Most of the victims are willing to pay this amount in order to get back their data and it also results in getting positive response in the online sphere. Assume a victim pays about 1 or 2 Bitcoin which amounts to $600 and he gets back the access to its data and he give a feedback on the online forums that he was relieved to get access to data finally after paying then ransom operators. In short all the other victims searching for this malady online will be more willing to pay on basis of this feedback.

On other hand security firms have warned victims that paying ransom will only end up in making cyber criminals much more ambitious. Very soon they will shift from asking ransoms of few Bitcoins to performing some complicated scams and credit card theft as well.

Saturday, 19 March 2016

Spies can steal objects by recording the sound of a 3D printer


3D printer
Industrial espionage isn’t a new thing rather it has been going for ages since the old age. Over the years the technological advancement has opened up a new frontier for the industrial spies to discreetly spy over the industries secrets without even being there. Researchers have discovered that industrial spies can easily and accurately steal the 3D objects by simply recording the sound produced by the 3D printer when printing such objects.

University of California shows the method of reversing the work done by 3D printer

University of California researchers have shown a simple yet mind blowing method which reverse engineers the 3D design by carefully analyzing the vibrations made a 3D printer. Industrial spies are likely to perform the same trick to get hold of 3D objects by using this very method for their own end.

Shedding more light on this research the director of the UCI’s Adavanced Integrated Cyber Physical Systems Lab, Mohammand Al Faruque, said that industrial spies can even make use of the smartphone to record the vibrations made by the 3D printer to develop their own 3D object.

Researchers had made the use of recording wherein data recorded included things like how a 3D printer parts move and the very same logic can be used recreating the 3D objects with an accuracy of almost 90% which is more than enough to know what is being created.

3D print theft are becoming more commonplace

Over the years 3D print theft signs have been raised throughout the globe but this research will only help in cementing the idea of 3D print theft more convincingly. The losses incurred due to this kind of cybercrime are relatively small or not much known about it at the present.

Another point which doesn’t go positive with the thought of rampant 3D print theft without getting under the radar is that 3D file come heavily encrypted. But some of the system has been developed which can be used to unscramble and remove the encryptions from the 3D files with ease and simplicity. Companies can invest huge amount in securing the printing networks but it is not possible to protect the vibrations and sound made by the 3D printers.

This research turns head of the US agencies

Following the publication of the results of this research some of the US agencies and other researchers had shown active interest in the possible 3D thefts. Al Faruque has stated that the prospects of the 3D printing theft technology can be used in the surveillance and military sector which will help in making the 3D printer networks much more secure and better than before.

Researchers have concluded that 3D printer manufacturers should use some precautionary measures like adding white noises or some other distant and random vibration in order thwart the likelihood of 3D printing theft. Furthermore companies should also term the 3D printing machine zones as the ‘no smartphone’ zone which will help in minimizing the 3D print theft to a great extent.

Friday, 4 March 2016

Your Phone Isn't That Secure It Can Be Hacked With Play-Doh

finger_print

Chinese Start-up Reveals how to Unlock Apple iPhone with Play-Doh


A Chinese start-up had revealed how it can unlock an Apple iPhone through the fingerprint sensor utilising Play-Doh. Jason Chaikin, President of mobile security firm Vkansee had developed a mould of his fingerprint and then took the modelling clay Play-Doh pressed it on to the mould and created a duplicate. He then touched the Play-Doh on the fingerprint scanner of the iPhone and the device seemed to get unlocked. Chaikin did the demonstration to emphasize the lack of sophistication in the present day biometric solution and not just on iPhones but on the other devices as well.

Apple had not provided any official comments but pointed to the security sections of its website. The website stated that every fingerprint is unique and so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The possibility of this taking place is 1 in 50,000 for one enrolled finger’.Touch ID only enables five unsuccessful fingerprint match attempts prior to which one must enter the passcode and one cannot progress unless it has been provided.

Patented Fingerprint Sensor beneath Glass of the Phone


Chaikin showed the firm’s patented fingerprint sensor which is placed beneath the glass of a phone. Presently, manufacturers have to cut a hole in the device in order to put the sensor. He informed CNBC at the time of the interview at the Mobile World Congress – MWC in Barcelona recently, that the demand for under glass scanning which is resistant to hacking is the first thing which is heard from the device manufacturers.

The solution of Vkansee picks up third level details on an individual’s finger like the thickness of the ridges on the person’s finger or the pores of the skin. The product also enables fingers to be read when they seem to be wet that is presently an issue with such sensors. According to Chaikin, the issue at the moment is that the biometric seems to be too simple and he had named an example of 2014 wherein a hacker had managed to take a high resolution picture of German Defense Minister Ursula von der Leyen’s finger and engaged in reverse plot in unlocking her phone.

Eye Print another System of Authentication


Manufacturers are observing new biometric systems to validate users as consumers tend to use their mobile devices for various tasks comprising of banking and shopping and the eye print seems to be another system of authentication that can be done by utilising a smartphone’s front facing camera. The company, EyeVerify is one of the companies producing software which tends to recognize minute details in a person’s eye like the blood vessels.

The chief executive of the U.S Company, Toby Rush, had stated that the eyes’ features are stable. He had informed CNBC in a phone interview that they look at micro features just outside the eye and the strongest is the blood vessels in the eye. They tend to be stable and work really well. He added that fingerprints are great and not going anywhere, but fingers and eyes would win the day. Anyone in biometrics would agree that multiple options provide the best security in a strong manner and best user experience.

Tuesday, 16 February 2016

Hack' on DoJ and DHS downplayed

DHS

Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

Wednesday, 14 October 2015

Crippling Linux Botnet Strikes Gaming, Education Sites


Botnet
Botnet Plundering Linux Computers – Attack Powerful


The IT world has recently revealed that a botnet has been plundering the Linux computers and the attacks seem to be quite powerful. Several of the targets seem to be in Asia and the security experts are making efforts in tracking them and the botnet appears to be of Asian origin.

A network of Linux computers seems to be flooding gaming as well as education sites with about 150 gigabits per second of malicious traffic, according to Dan Goodin of Ars Technica, which in some cases is adequate to knock the targets offline.

This is a DDoS – distributed denial-of-service network and the discoveries are from Akamai Technologies. The Security Intelligence Response Team – SIRT, at Akamai reflected the botnet XOR DDoS as `High Risk’ in an advisory posted recently.

 It is said that the XOR DDoS botnet had developed and now has the potential of mega DDoS attacks at 150 plus Gbps and are utilising a Trojan malware in hijacking the Linus system. The first access was obtained by brute force attacks in order to discover the password to Secure Shell services on a Linux machine. When the Login has been attained, the attackers used root privileges in order to run a Bash shell script, thereby downloading and executing the nasty binary

SIRT Tracking XOR DDoS – Trojan Malware


Akamai’s Security Intelligence Response Team has been tracking XOR DDoS, which is a Trojan malware that DDoS attackers seemed to have used in hijacking Linux machines in building a botnet for distributed denial of service attack campaigns with DNS and SYN floods.

Some of the key points observed by Akamai were that the gaming sector had been the main target, which was followed by educational institutions. The botnet seemed to attack around 20 targets each day, 90% of which were from Asia.

The malware tends to spread through Secure Shell – SSH services vulnerable to brute force attacks owing to weak passwords. This could turn from bad to worse. The team at Akamai expect the XOR DDoS activity would continue since attackers refine and improve their methods, inclusive of a more diverse selection of DDoS types of attack.

Advisory Describing DDoS Mitigation/Malware Removal Information Available


As per the Akamai team, the IP address of the bot seems at times hoaxed though not always. The botnet attacks noticed that in the DDoS campaigns against Akamai consumers were a mixture of hoaxed and non-hoaxed attack traffic. According to Lucian Constantin of IDC News Service recently stated that this power to generate crippling attacks at more than 150 Gbps represent several time greater than a usual company’s organization could endure.

 In the meanwhile an advisory describing this threat inclusive of DDoS mitigation payload analysis as well as malware removal information is made available for download from Akamai. Eliminating the XOR DDoS malware seems to have a four step procedure wherein most of the scripts are provided in the advisory.

Senior vice president and general manager of Akamai, Stuart Scholly has said that XOR DDoS is an example of attackers switching focus and developing botnets utilising compromised Linux systems to launch DDoS outbreaks. This occurs more frequently now than earlier, when Windows machines were the main targets for DDoS malware.

Thursday, 8 October 2015

Global Nuclear facilities 'At Risk' of Cyber-Attack

Iran

Cyber-Attacks on Nuclear Power Plants on the Rise


According to a report, the danger of serious cyber-attack on nuclear power plants across the globe is on the rise. It has stated that civil nuclear infrastructure in several nations are not well equipped to defend against such outbreak.

 The report had mentioned that most of the control systems for the organization were insecure by design due to their age. Circulated by the influential Chatham House committee, the report considered cyber defences in power plants across the world over an 18 month period. It stated that cyber criminals, state sponsored hackers as well as terrorists were increasing their online activity which would mean that the risk of a significant net based attack would prevail.

 This kind of attack on nuclear plant though on small scale or unlikely, should be taken seriously due to the harm which would follow if radiation was released. Besides, it is said that even a small scale cyber security instance at a nuclear facility would lead to a disproportionate effect on public opinion as well as the future of the civil nuclear industry.

Research, unfortunately carried out for the study indicated that the UK’s nuclear plants and the related organization did not seem to be adequately protected or prepared due to the industry being converted to digital systems recently.

Increase in Digitisation/Growing Reliance on Commercial Software


Increase in digitisation and growing reliance on commercial software is giving rise to the risk that the nuclear industry tends to face. There seems to be a `pervading myth’ that computer systems in power plants were isolated from the internet due to which, they were immune to the type of cyber-attacks which has evaded other industries.This air gap between the public Internets and nuclear system seems easy to breach with `nothing more than a flash drive’.

It observed that the destructive Stuxnet computer virus infected Iran’s nuclear facilities through this route. The researcher also came across virtual networks together with other links to the public internet on nuclear structure networks.

Some of these seemed to be unknown or forgotten, by those in charge of these organisations. Search engines which had hunted out critical structures had indexed these links making it easy for attackers to locate ways in to networks as well as control systems

Security with Cyber Security – Priority for Power Station Operators


According to chief executive of the Nuclear Industry Association, Keith Parker, he states that `security inclusive of cyber security is an absolute priority for power station operators. All of Britain’s power stations are designed with safety in mind and are stress tested to withstand a huge range of potential incidents. Power station operators tend to work closely with national agencies like the Centre for the Protection of National Infrastructure and other intelligence agencies, to be aware of emerging threats always’.

He added that the industry’s regulator continuously monitors plant safety to protect it from any outside threats.The first international conference with regards to cyber threats facing plants and manufacturing facilities was held in June this year by the International Atomic Energy Agency.

 Yukiya Amano, director of the IAEA had informed during the conference, that both random as well as targeted attacks were directed at nuclear plants. In a keynote address to the conference he commented that `staff responsible for nuclear security needs to know how to repel cyber-attacks and to limit the damage should the system be penetrated.

Wednesday, 23 September 2015

Poker Players Targeted By Card-Watching Malware

Poker

Malware Target Popular Online Poker Sites


Malware researchers at security firm ESET have come across a new Trojan which has been designed to cheat online poker by a sneak quick look at the cards of infected opponents. According to ESET’s security researcher, Robert Lipovsky, the malware is said to target PokerStars and Full Tilt which are two of the most popular online poker sites.

He has mentioned in his recent blog post that the attackers operate in a simple manner and after the victim has been affected successfully with the Trojan, the culprit then attempt to join the table where the victim tends to be playing with an unfair advantage by getting to know about the cards in their hands.

Malware, Win32/Spy.Odlanor, covers up as a benevolent installer for several general purpose programs like Daemon Tools or mTorrent. Lipovsky has mentioned that people tend to get infected while downloading some other useful application from some unofficial source.

In some instances, it tends to get loaded on to the user’s systems through several poker related programs which comprises of poker player databases as well as poker calculators like Tournament Shark, Smart Buddy, Poker Calculator Pro, Poker Office and much more.

Prowls in Software Created For Better Performance


The tricky malware has been discovered prowling in software created to support poker fans with better performance according to a security firm which discovered it. The software is also said to target other valuable information on a user’s computer like login names as well as passwords.

When a system is infected, the software observes the activity of the PC and operates when a victim has logged in to any of the two poker sites. Thereafter it begins taking screenshots of their activity and the cards they tend to deal with and send the screenshots to the culprits.

Lipovsky mentioned that later on the screenshots can be retrieved by the cheating culprits which reveal not only the hands of the infected opponent but the player ID as well.This according to ESET enables the criminals to search the sites for that play and join in their game. Both the targeted poker sites permit searching for players by their player ID and so the culprit can connect with ease at the table on which they tend to be playing.

Largest Detection of Spywares – Eastern European Countries


With the information gathered with regards to the victim’s hand, it provides significant advantage to the criminal. Lipovsky writes that he is not sure if the attacker tends to play the games manually or in some automated way.ESET have discovered that the Windows malware seem to be prowling in some of the well-known file-sharing applications, PC utilities and many other widely used poker calculators and player databases.

Lipovsky writes that the largest number of detection of spyware has been active for several months where most of the victims were from Eastern European countries. However, the Trojan tends to be a potential threat to any online poker player.

 Most of the victims were from the Czech Republic, Poland and Hungary. ESET had stated that they had discovered various versions of this malware dating back to March 2015. To make matters worse, new versions also tend to contain `general purpose data stealing functions’ with the abilities of siphoning passwords from several web browsers. As of September 16, several hundred users have been infected with Win32/Spy.Odlanor.

Tuesday, 1 September 2015

Samsung Smart Fridge Leaves Gmail Logins Open to Attack

Smart_Fridge

Samsung Smart Fridge – MiTM attacks on Connections

Security researchers have identified a possible way of stealing user’s Gmail identifications from Samsung smart fridge. At the recent DEF CON hacking conference, Pen Test Partners have discovered the MiTM – man-in-the-middle, weakness which enabled the exploit at the time of the IoT hacking challenge. The hack was against the RF28HMELBSR smart fridge, a part of Samsung’s line-up of Smart Home appliances that is controlled through their Smart Home app.

Though the fridge gears SSL, it tends to fail in validating SSL certificates thus enabling man-in-the middle attacks on most of the connections. Internet connected devices are designed to download Gmail Calendar information to on-screen display. Security shortcomings would mean that hackers who tend to be on the same network could possibly steal Google login information from their neighbours.

According to a security researcher at Pen Test Partners, Ken Munro, `the internet-connected device is designed to download Gmail Calendar information on its display and it seems to work the same way like any device running a Gmail calendar. User or owner of the calendar, logged in, can make updates and those changes are then seen on any devices which a user could view the calendar on

Fridge Fails to Validate Certificate

The fridge fails to validate the certificate while the SSL is in place and hence the hacker who tend to access the network where the fridge is on, probably through a de-authentication and fake Wi-Fi access point attack, can man-in-the-middle, the fridge calendar client and steal Google login information from the neighbours.

Since the fridge has not yet been in Europe, the UK based security consultancy fell short of time at DEF CON in trying to interrupt communications between the fridge terminal and the software update server. Efforts were made to mount a firmware-based attack through a customer updates was not successful but they had more safety when it pulled apart the mobile app and discovered the possible security problem in the process, though was not confirmed.

Name of a file that was found in a keystore of the mobile app’s code indicated that it comprises of the certificate which was used to encrypt traffic between the mobile app and the fridge.

Working on IoT Security/Hacking Research

The certificate had the correct password though the information to the certificate seemed to be stored in the mobile app in an obscured manner.

Then the next step would be to find out the password and use the certificate data in order to confirm to the fridge and send commands over the air to it. Pedro Venda of Pen Test Partners adds that `they wanted to pull the terminal unit out of the fridge in order to get physical access to things such as the USB port and serial or JTAG interfaces, but were unable to do so since they had run out of time. The MiTM is sufficient enough to expose a user’s Gmail information’.

 The team at Pen Test Partners are working on more IoT security and hacking research. It had published research that revealed Samsung’s smart TV’s failure to encrypt voice recordings sent through internet, in February. Samsung had informed that they were looking into the issue and stated that `at Samsung they understand that the success depends on consumer’s trust and the products and services provided. Protecting consumers’ privacy is the top priority and will work hard each day to safeguard valued Samsung users’.

Certifi-gate Vulnerability

Certifi-gate

Certifi-gate Vulnerability – Disclosed at Black Hat Conference

Mobile application manipulating the Certifi-gate vulnerability which was disclosed at Black Hat conference in Las Vegas earlier this month has been removed from the Google Play store. Although the number of Recordable Activator downloads, which is a screen recorder app for Android devices soars between 100,000 and a half million, researchers at Check Point Software Technologies discovering the vulnerability stated that it would be successfully manipulated on only three devices.

The company had mentioned in a blog post, that the data seems to come from Check Point’s home-based Certifi-gate scanner application. Data from scans utilising the scanning app portray that LG devices the most are at a risk, together with Samsung and HTC, and 16% of the devices responding to scans indicate that they host vulnerable plugins. Certifi-gate which was revealed at Black Hat, three weeks ago and when misused, enables an attacker to take complete control of the device by using malicious mobile app or SMS message. The weakness is due to the third party remote support tools which are either pre-installed on Android devices by the developers and/or carriers, or are available to be downloaded.

Mobile Remote Support Tools – mRST

Mobile remote support tools – mRST tend to be generally signed with OEM certificates proving them system level privileges for the purpose of handling remote support tasks. It was revealed by Check Point at Black Hat that there are authentication problems which could be bypassed by malicious app utilising one of these mRST tools.

The issue with Recordable Activator is that it tends to download vulnerable form of TeamViewer as well as abused insecure communication between the app and system-level plugins. App that are signed with OEM certificates are treated as trusted and evade native Android restriction avoiding app like Recordable Activator in obtaining excessive permissions.

It could then be utilised in exploiting the prevailing authentication vulnerability as well as connect with the plugin in order to record whatever is happening on the screen, according to Check Point. Ohad Bobrov, researcher of Check Point, had explained at Black Hat that a malicious app tends to impersonate the original mRST to obtain access to everything on the device.

Tools Pre-installed with No UI

Bobrov stated during a press conference at Black Hat that the reason of this problem was that on several devices, these tools are preinstalled and in many cases since these tools do not have a UI, one is not aware of its existence on the device since one does not see an icon and it is not visible on the device to show that it exists.

Thus it tends to get easier for an attacker to take control of it. Check Point states that to patch up this problem is not easy since the tools which are generally preinstalled, may need manufacturers to push updated ROMs to vulnerable devices. Though new versions of remote support tools like TeamViewer tend to be released, the older versions could still be likely to be in circulation for a while.

He further adds that it would take a long time till a new version comes up though but the more problematic issue is not the bug but its architecture. The vendors and OEMS have signed this vulnerable mRST with their certificate and one cannot withdraw or else the plugin will not function.

Friday, 14 August 2015

Hackers Target Internet Address Bug to Disrupt Sites

Bug

Hackers Manipulating Internet Architecture

According to a security firm, it is said that hackers are manipulating a serious flaw in the internet’s architecture wherein the bug seems to target systems that tend to convert domain names into IP addresses. Taking advantage of it could impend the smooth function of the internet services since it would permit hackers to launch denial-of-service attacks on websites, possibly forcing them offline and regular internet users would unlikely be severely affected.

Bind seems to be the name of a variety of Domain Name System – DNS software which is used on most of the internet servers. The most recently discovered bug enables attackers to crash the software thus taking the DNS service offline and stopping URLs for instance, from functioning. Patch for the fault is made available, though several systems need to be updated.

 The ISC – Internet Systems Consortium that had developed Bind had mentioned in a tweet that the vulnerability was `particularly critical’ and `easily exploited’. Last week ISC had release a patch for serious vulnerability in BIND, one of the popular Domain Name Servers which is bundled with Linux.The flaw that affects versions of BIND 9 from BIND 9.1.0 to BIND 9.10.2-P2.

Fault in Handling TKEY Queries

It could be exploited to crash the DNS servers running the software followed by a DoS attach. Red Hat, Ubuntu, CentOS as well as Debian have all been affected with the bug and so patching is straightforward, update or apt-get update, whichever is suitable to the environment together with a DNS server restart.

 A networking expert at Sucuri, Daniel Cid, had published a blog post stating the vulnerability wherein he had clarified that the real exploits taking advantage of the fault had already taken place, based on the reports received from the customers of the company, that they were facing DNS server crashes. He also informed BBC that a few of the clients in various industries had their DNS servers crashed due to it.

He further added that due to their experience, server software such as Bind, Apache, OpenSSL and the others did not get patched as often as they should. According to a report in The Register, CVE-2015-5477, last week, there is a fault in handling TKEY queries, like a constructed packet could use the defect in triggering a REQUIRE assertion failure, which could cause BIND to exit. Cid informs that it is also trivial to check if the DNS server is being targeted.

Large DNS Exploits Take Down Hunks of Internet

One could look for the ANY TKEY in the DNS logs with querylog enabled since TKEY request seems to be `not very common’ and should be easy to notice suspicious requests. Brian Honan, cybersecurity expert, had commented that a spike in exploits of the fault was expected in the next few days.

He further added that the websites would frequently be accessible through other routes and cache addresses on DNS servers all over the world even though certain key DNS servers have been made to crash. He stated that `it is not a doomsday scenario but a question of ensuring that the DNS structure could continue to work while patches tend to be rolled out.

According to Mr Cid, the impact on general users is probably to be minimal and the average internet users will not experience much pain besides a few sites and email servers down. A large DNS exploit could take down hunks of the internet.

Monday, 10 August 2015

Watch Out for These Serious Mac Attacks

Apple’s esteemed line of Mac devices are about to go through troubled times with the emergence of new age advanced bugs and glaring loopholes in Apple’s operating system. Security researchers had unearthed a new kind of vulnerability in the Mac devices, which allows the hackers install devious ad-wares like VSearch without even requiring the password. VSearch is a notorious malware, which infects the Mac devices with numerous pop-up ads and redirects the users to different search engine whenever they try to use Google.

VSearch bug reported earlier by vigilant security researcher

A German security researcher named Stefan Esser had made this bug public earlier this week. It should be noted that the generally accepted protocol is to inform Apple about the new bug discoveries not to disclose it to the public and cause a furor. Some of the hackers had already taken advantage of this bug found by the German researcher. They had actively used this newfound vulnerability to attack Macs devices as said by a security company named MalwareBytes in their blogpost.

How this bug works and how it can be neutralized?

This bug is designed to effectively take advantage of the Mac OS X 10.10 (Yosemite) features that determines which programs are allowed to make changes on the computer without the need of password. Yosemite makes a list of those programs and keeps it hidden in a file named Sudoers. However, this bug allows the malware to get listed in the Sudoers file which simply means that the malware gets the capability to install any in any part of the OS without users approval via password.

Esser had provided a fix to solve this malware issue. It should also be noted that next patch for the Yosemite will include the bug fix because even Apple about this vulnerability for a while.

Another deadly bug, which take over the control of Mac device

Another group of security researchers had found a more threatening bug, which has the ability to take permanent control of the Mac device. Users can effectively get rid of most vicious malwares by reinstalling the operating system but this new vulnerability in Mac devices turn the game away from the users. Using this particular vulnerability hacker can easily install the malware directly in the computer’s firmware, which is responsible for booting up the computer.

A team of researchers had developed this worm and named it Thunderstrike 2 which can easily take the advantage of this security flaw in Mac deices.

This worm can be installed on the computer just like any other malware where people happen to click on wrong links or fails to the ploy of phishing scam. Once installed this malware takes a nastier turn and keeps looking for the devices connected to Mac in order to load them with worm. Other users when uses the same infected Ethernet adapter happens to get their Mac devices infected too. This bug has not been fixed till now by the Apple.