Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Caught WhatsApp messages leaded to Belgian terrorist captures
by Rudolf Faix Friday, June 12, 2015 5:12 AM

WhatsAppEnd-to-end encryption holes in WhatsApp message metadata have uncovered jihad terrorists.

The FBI has been campaigning hard to get free access to the messages went by scrambled informing administrations. Yet, it clearly didn't require that level of access to WhatsApp messages sent between individuals from a charged Chechen jihadist gathering working in Belgium. As per a report by Bloomberg, a couple of men were captured and warrants were issued for three others for supposedly get ready for a terrorist as in Belgium. 

The captures took after attacks in which 16 individuals were confined, which Belgian law implementation authorities said was the consequence of "working with U.S. authorities to monitor suspects’ communications on WhatsApp Inc.’s messaging service," Bloomberg's Gaspard Sebag reported. 

The BBC reports that the men fixing to the al-Nusra Front in Syria and the Islamic Caucasus Emirate. One man confined had as of late come back to Belgium injured in battle in Syria while battling with al-Nusra. There were two gatherings attacked one in Ostend on Belgium's coast, and the other inland at Louvain. The Louvain gathering was said to be plotting a terrorist assault in Belgium. BBC likewise refered to Belgian authorities as saying WhatsApp messages blocked by the US government were utilized to follow the gathering. 

WhatsApp started giving end-to-end (E2E) encryption of its messages last November with the joining of security specialist Moxie Marlinspike's WhisperSystems encryption convention TextSecure. In principle, if TextSecure were being used by the affirmed terrorists, the substance of their messages would have been exceptionally hard to peruse; the TextSecure convention persistently changes sets of encryption keys with each new message. Yet, it’s dubious that the messages were scrambled especially since E2E encryption is not upheld by the Apple iOS rendition of WhatsApp, and gathering messages and pictures aren't bolstered by WhatsApp for Android yet. 

Regardless of the possibility that a percentage of the messages stayed secured by encryption, it’s conceivable that the FBI or NSA assembled metadata at the server for the messages. That metadata could have been utilized to build up the associations between the suspects and the injured jihadi, which would have permitted the US organizations or Belgian law requirement to accomplish more focused on observation. 

In an article in German magazine C'T, proofreader Fabian A. Scherschel dove into the encryption conspire in WhatsApp and battled that it didn't shift the key used to scramble data in travel rather, it utilized a key got from the client's watchword and encryption code in light of the RC4 calculation for both inbound and outbound correspondence. The hint was that captured and gathered messages could hypothetically be broken a great deal all the more effortlessly since the key seeds could be all the more effectively discovered on the grounds that it diminished the quantity of conceivable keys. Be that as it may, in a reaction to the article presented on Reddit, Moxie Marlinspike said, "This article should be retitled 'Breaking News: WhatsApp E2E Deployment Process Exactly As Advertised.'  We announced a partnership, not a finished deployment. In the blog post announcing that partnership, we publicly outlined the WhatsApp E2E deployment process, and it describes exactly what has been 'discovered' here. As I said in the blog post, deploying across this many users (hundreds of millions) and this many platforms (seven, of which they checked two) takes time, and is being done incrementally. I also point out that we will be surfacing information in the UI once that is complete."

 

Tags: , , , , , , ,

Security

Android Ransomware - Porn Droid
by Rudolf Faix Thursday, June 4, 2015 7:03 AM

AndroidAs of late, zscaler ran over another variation of Porn Droid - an Android ransomware variation guaranteeing to be from the FBI, which blames individuals for watching youngster porn and after that requests a fine of USD 500.

It at first seems to the client as though they are downloading an obscene feature, yet once the client taps on the document, it takes on the appearance of the Google patch overhaul and traps the client into introducing the application.

Screenshot Update Patch Installation
It looks like a patch application

In the wake of clicking "Continue", the malware requests head access to the gadget asking for consents, for example, "Erase all data", "Set storage encryption", "Change the screen-unlock password" as demonstrated in screenshot beneath.

Screenshot: Activate Device Administrator - Porn Droid
Admin access

Once the client taps on the "ACTIVATE" button, the malware gets head control of the gadget and locks it while showing a fake FBI cautioning as seen underneath. It bolts the client's telephone by incapacitating keyguard and sets top need for the malware application which guarantees that no other application or client action can override the malware application's movement.

Screenshot: FBI device lock
FBI warning message

Screenshot: FBI Paypal payment
Payment tab

The FBI cautioning screen additionally contains dynamic data significant to the tainted gadget, for example, the program history, IMEI number, telephone number and casualty's photo, which has been taken by the malignant application. This is done to threaten the end client as a notice message proposes that the data will be utilized by the FBI to recognize the client if the fine is not paid.

Screenshot: FBI with user information
Screen with user information

Detailed analysis: zscaler ThreatLab

 

Tags: , , , , , ,

Security

Malware application for non-jailbroken iPhones
by Rudolf Faix Thursday, June 4, 2015 4:36 AM

iPhoneCybercriminals in Japan are focusing on iPhone clients with an online trick that deceives them into introducing a malevolent application when they endeavor to view porn features.

This sort of assault, known as a single tick extortion, is not new and has been utilized for quite a long time against Windows, Mac and Android clients. On the other hand, what's fascinating in this specific case is that it works even against non-jailbroken iPhones. 

Apple firmly controls how iOS applications are circulated to clients by constraining engineers to distribute them on the authority App Store where they are liable to Apple's audit strategies. Then again, there are exemptions to this standard as unique advancement programs for which members need to pay additional. 

All the more ON CSO: Mobile Security Survival Guide 

One such program is known as the iOS Developer Program and has a yearly participation expense of US$99. Designers enlisted in this system can appropriate applications over the air, outside of the authority App Store, yet there are a few limitations. They can just appropriate applications in this way to 100 gadgets for each year and the special IDs (UDID) of those gadgets should be enlisted ahead of time. 

Another project that is more adaptable, additionally more lavish, is known as the iOS Developer Enterprise Program. It is proposed for organizations who add to their own applications and need to introduce them on their workers' iOS gadgets without distributed them on the App Store. Interest in this system costs US$299 every year. 

Scientists from antivirus seller Symantec accept that Japanese cybercriminals are misusing the iOS Developer Enterprise Program in their most recent a single tick misrepresentation crusade, despite the fact that they don't have affirmation yet. 

"They could have either applied for membership on their own or compromised someone else's account," the specialists said Tuesday in a blog entry

Both those potential outcomes are awful. In the event that assailants petitioned participation, it would imply that the US$299 cost is no more a sufficiently high hindrance for them. The length of they can contaminate a vast countless rapidly and benefit from them, its justified, despite all the trouble for assailants to pay that passage value regardless of the fact that Apple will probably repudiate their designer ID when the assault is found. 

On the off chance that they utilized a bargained record, that may move others to do likewise. That would be awful news for organizations in light of the fact that interest for stolen designer records enlisted in the iOS Developer Enterprise Program would become on the secret business. 

The maverick application utilized as a part of this extortion battle obliges client affirmation before its introduced. On the off chance that that is acquired, the application will guarantee that the client has subscribed to a grown-up feature site and needs to pay 99,000 Japanese yen (just about $800) over the course of the following three days, or the cost will go up to 300,000 yen ($2,400). 

It's anything but difficult to perceive how that can be productive. On the off chance that a solitary casualty pays $800, the aggressors as of now profit paid for selecting in the iOS Developer Enterprise Program, in addition to a $500 benefit.

 

Tags: , , , , ,

Security

UNCERTAIN APPS: millions of customer data at risk
by Rudolf Faix Sunday, May 31, 2015 5:51 AM

Still are app developers careless with user data. A study by the Fraunhofer SIT showed that several million records are at risk in the cloud - for a lax handling of authentication.

Hand coming out of the monitor for typingDevelopers are still storing unprotected preferred secret keys and tokens for access to the cloud storage in their apps. With little effort it can get read. For this criminals can get access to databases such as the Amazon Web Services (AWS) or Facebook. By this way are up to 56 million records compromised, estimates the Fraunhofer Institute for Security in Information Technology (SIT).

Together with the Technical University of Darmstadt and expert from Intel examined the Fraunhofer SIT in an automated process about two million apps in Google Play Store and Apple's App Store. In many has been the simplest form of authentication for access to cloud providers implemented. The developers are probably not aware of how inadequate the information are protected and getting collected by the Apps Data.

Unrestricted access to customer data

In their experiments, the scientists could not only read highly personal information, such as who are friends with whom Facebook or health information, from some app users. Using the secret key actually they could read complete user databases or even could manipulate them.

The report concludes that user cannot become actively protect. You should be careful what app you entrust personal information. Developers, however, should be better informed of the safety precautions of the cloud provider and implement more restrictive access controls in their apps. The researchers have already informed some developers on the most critical vulnerabilities.

Cloud providers have to act

Even with the providers of cloud services is the Fraunhofer SIT in contact. Both, Amazon and Facebooks Parse.com, Google and Apple have been informed of the findings too. The cloud providers also incumbent responsibility to bring the app developers to use not only the most vulnerable authentications. In addition, the cloud provider should make not convenient, but the safest possible standards mandatory.

The problem is not new. Already in June 2014 did researchers of the New York's Columbia University, a similar investigation and covered a distance of thousands of secret access token for Amazon Web Services open. The researchers then criticized that many developers did not follow the recommended conversions when programming their Apps and imbedded secret keys directly into the source code. They are apparently unaware of how simple source code can be translated back. In March 2014 researchers had discovered ten thousands of AWS credentials on Github.

 

Tags: , , , , ,

Security

Be careful with the instant message that crashes iPhones and iWatch
by Rudolf Faix Sunday, May 31, 2015 4:21 AM

Newfound iOS bug triggers wave of instant messages that causes iDevice reboot loop.

iWatchThere's yet another iOS bug that causes Apple gadgets to crash when they get instant messages containing a string of extraordinary characters. With further finessing, the same endeavor may have the capacity to assault Macs, since OS X is likewise not able to process the same mix of characters, which are in fact known as glyphs.

As indicated by individuals researching the bug on reddit, the content reasons iPhones running different variants of iOS to expeditiously crash. A whirlwind of Twitter clients, irate that their gadgets succumbed to instant messages, demonstrates that the bug is bringing on issues. Apple will in all likelihood issue a fix. Meanwhile, clients can secure themselves against the irritation message by going to framework settings, exploring to Notifications>Messages>Show Previews, and switching it to off. 

iPhoneThat change will forestall assaults that are as of now coursing on the web, yet it may not prevent scoundrels from discovering better approaches to crash individuals' iDevices. As per reddit the string messages sent over WhatsApp might likewise trigger the accident. What's more, contingent upon the way individual applications parse Unicode glyphs, different projects may do likewise. The bug can likewise trek up OS X, in spite of the fact that the assault obliges an objective to connect or glue a malevolent record into the Mac terminal, as indicated by an analyst who passes by the Twitter handle Hacker Fantastic.

Programmer Fantastic has tweeted a mixture of other fascinating specialized points of interest. The bug, he reported, lives in a piece of the working framework that procedures Unicode glyphs and reasons a string to be composed to a specific memory area. The bug is fixed to the way flag warnings process Unicode, reddit user sickestdancer98 reported. The pennant is not able to show the content and in the long run crashes the whole OS. 

While the bug is legitimately viewed basically as an aggravation, refusal of-administration vulnerabilities can frequently be the consequence of genuine defects that, with more work, can be misused to perform code-execution assaults. Furthermore, notwithstanding when more vindictive adventures aren't conceivable, DoS openings can infrequently show open doors for blackmailers or individuals hoping to upset huge occasions for occurrence individuals at a meeting. Anticipate that Apple will discharge a patch in the advancing week or somewhere in the vicinity.

 

Tags: , , , , ,

Security

Filter by APML

Follow me

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.