Sign up for our Technology Newsletter 
Kemoge Malware Menacing Android Phones
Comments Off on Kemoge Malware Menacing Android Phones
Smartphone owners running Google’s Android operating system
in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.
Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.
“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” wrote Yulong Zhang, a staff research scientist with FireEye.
Whomever created Kemoge repackaged legitimate apps with the malware and then promoted them on websites and through in-app ads to persuade people to download them.
Zhang listed a dozed affected apps: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, Shareit, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer and Light Browser.
Third-party apps stores are considered risky places to download Android apps, as hackers frequently upload malicious apps to them. Google performs a security check on apps in its Play store, although harmful ones occasionally sneak in.
Kemoge not only displays unwanted ads, but it’s also loaded with eight root exploits that target a wide range of Android devices, Zhang wrote. A successful attack using those exploits means an attacker would have complete control over the device.
Kemoge will collect a device’s IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.
That command-and-control server was still running, Zhang wrote. An analysis of traffic exchanged between an infected device and the server showed Kemoge also tries to uninstall antivirus apps.
FireEye came across an app called Shareit in Google’s Play store that was signed by the same digital certificate as the malicious one found on the third-party source.
The Google Play version of ShareIt did not have the eight root exploits or contact the command-and-control server, but it did have some of the same Kemoge code libraries. It now appears to be gone from Google Play.
Source-http://www.thegurureview.net/mobile-category/kemoge-malware-menacing-android-phones.html
Microsoft, Google Cease Fire In Global Patent Deal
Comments Off on Microsoft, Google Cease Fire In Global Patent Deal
Microsoft has been pursuing a more collaborative approach under CEO Satya Nadella, engaging longtime rivals like Salesforce, VMware and Apple. There hasn’t been much love between Microsoft and Google, but an announcement on Wednesday points towards an easing of those tensions.
Google and Microsoft have reached a broad agreement on patent matters, with a legal settlement ending some 20 lawsuits between the companies in the U.S. and Germany. Financial terms weren’t disclosed, but the deal brings a laundry list of lawsuits to a close.
“Microsoft and Google are pleased to announce an agreement on patent issues,” they said in a joint statement. “As part of the agreement, the companies will dismiss all pending patent infringement litigation between them, including cases related to Motorola Mobility.”
They also agreed to collaborate on patent matters and work together “to benefit our customers.”
The suits that have been settled include those related to mobile phones, video encoding and Wi-Fi technologies. That doesn’t mean Microsoft has given up its campaign to collect royalties from Android device makers for the mobile operating system’s alleged infringement of Microsoft patents.
It’s not clear from the statement what patent matters the companies will be working on together in the future, but changes have already begun. The two companies agreed earlier this month to work together (alongside other firms like Netflix and Mozilla) on a royalty-free video codec.
It remains to be seen if the settlement will lead to more work between Microsoft and Google in other areas. A major sticking point for consumers has been the lack of a Google-made YouTube app for smartphones and tablets running Windows.
Source-http://www.thegurureview.net/aroundnet-category/microsoft-google-cease-fire-in-global-patent-deal.html
Stagefright 2.0 Exploits Android Vulnerabilities
Comments Off on Stagefright 2.0 Exploits Android Vulnerabilities
Newly found vulnerabilities in the way Android handles media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.
The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.
The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.
The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.
Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.
One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.
The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.
Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.
Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.
That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.
Source-http://www.thegurureview.net/mobile-category/stagefright-2-0-exploits-android-vulnerabilities.html
Was The Hilton Hotel Chain Hacked In April?
Comments Off on Was The Hilton Hotel Chain Hacked In April?
The Hilton organization is reportedly trying to work out whether it has been hacked and, if so, what it should do about it.
We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.
Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.
Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.
“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.
“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”
Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.
“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
We have asked Visa and Hilton for their comments.
Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html
Google Upgrades Voice Search
October 8, 2015 by admin
Filed under Around The Net
Comments Off on Google Upgrades Voice Search
Google said it has constructed a better neural network that is making its voice search work faster and better in noisy environments.
“We are happy to announce that our new acoustic models are now used for voice searches and commands in the Google app (on Android and iOS), and for dictation on Android devices,” Google’s Speech Team wrote in a recent blog post . “In addition to requiring much lower computational resources, the new models are more accurate, robust to noise, and faster to respond to voice search queries.”
In 2013, Google brought the same voice recognition tools that had been working in Google Now to Google Search.
Along with being able to find information on the Internet, Google Voice Search also was able to find information for users in their Gmail, Google Calendar and Google+ accounts.
At the 2013 Google I/O developers conference, Amit Singhai, today a senior vice president and Google Fellow, said the future of search is in voice. For Google, he said, future searches will be more like conversations with your computer or device, which also will be able to give you information before you even ask for it.
The company went on to make it clear that it would continue to focus on voice search.
And this week’s announcement backs that up.
Google explained in its blog post that it has updated the neural network it’s using for voice search. A neural network is a computer system based on the way the human brain and nervous system work. It generally uses many processors operating in parallel.
The improved neural network is able to consume the incoming audio in larger chunks than conventional models without performing as many calculations.
“With this, we drastically reduced computations and made the recognizer much faster,” the team wrote. “We also added artificial noise and reverberation to the training data, making the recognizer more robust to ambient noise.”
Source-http://www.thegurureview.net/aroundnet-category/google-upgrades-voice-search.html
U.S. LTE Speeds Drop
October 5, 2015 by admin
Filed under Around The Net
Comments Off on U.S. LTE Speeds Drop
The U.S. has dropped to No. 55 in LTE performance as speeds rise rapidly in countries that have lept ahead some early adopters of the popular cellular system.
The average download speed on U.S. 4G networks inched up to 10Mbps (bits per second) in the June-August quarter, according to research company OpenSignal. That was an improvement from 9Mbps in the previous quarter, but the country’s global ranking fell from 43rd as users in other countries made much larger gains.
The U.S. was one of the first countries with commercial LTE service when Verizon Wireless launched its network in late 2010. But other countries that adopted the system later started with better technology, and some have secured more frequencies or rolled out enhancements that U.S. carriers haven’t embraced as much, OpenSignal said.
New Zealand scored the highest average speed in the quarter with 36Mbps, coming up from nowhere in the rankings. But perennial standouts like South Korea and Singapore kept getting faster, too. The average LTE speed in Korea is now 29Mbps (up by 4Mbps), and in Singapore it’s 33Mbps, up by 5Mbps.
OpenSignal collects data on cellular performance through a free app that mobile subscribers can use to measure the speed they’re getting and find faster networks. The results announced Wednesday are based on readings from more than 300,000 users worldwide, the company said.
Countries like Hungary, the Dominican Republic and Morocco beat the U.S. in average LTE speed, but they aren’t necessarily smartphone paradises. Mobile users in America can use LTE more of the time, for example, because their carrier’s networks are built out. Subscribers in the U.S. are on LTE 78 percent of the time, on average, making the country No. 10 for what OpenSignal calls “time coverage.” Moroccan LTE may be fast, but 49 percent of the time, users there don’t get it, for example.
Source-http://www.thegurureview.net/mobile-category/u-s-falls-to-55th-place-worldwide-for-lte-speeds.html
Apple Finally Drops iCloud Storage Plan Prices
Comments Off on Apple Finally Drops iCloud Storage Plan Prices
For the second time in as many years, Apple dropped prices for its expanded iCloud storage plans, putting costs in line with rivals like Google, Microsoft and Dropbox.
Apple announced changes to iCloud extra storage pricing earlier this month at the event where it unveiled new iPhones, the larger iPad Pro and a revamped Apple TV.
Although the Cupertino, Calif., company did not boost the amount of free storage space — as Computerworld speculated it might — and instead continued to provide just 5GB of iCloud space gratis, it bumped up the $0.99 per month plan from 20GB to 50GB, lowered the price of the 200GB plan by 25% to $2.99 monthly, and halved the 1TB plan’s price to $9.99.
Apple also ditched last year’s 500GB plan, which had cost $9.99 monthly.
The new prices are in line with the competition; in one case, Apple’s was lower.
Google, for example, hands out 15GB of cloud-based Google Drive storage for free — triple Apple’s allowance — and charges $1.99 monthly for 100GB and $9.99 each month for 1TB. The smaller-sized plan is 33% more per gigabyte than Apple’s 200GB deal, and Google’s 1TB plan is priced the same as Apple’s.
Microsoft also gives away 15GB. Additional storage costs $1.99 monthly for 100GB — the same price as Google Drive — while 200GB runs $3.99 per month, 33% higher than Apple’s same-sized plan.
Microsoft does not sell a separate 1TB OneDrive plan but instead directs customers to Office 365 Personal, the one-user subscription to the Office application suite. As part of the subscription, customers are given 1TB of OneDrive space. Office 365 Personal costs $6.99 monthly or $69.99 annually.
Source-http://www.thegurureview.net/aroundnet-category/apple-drops-icloud-storage-plan-prices.html
Did Apple Have Issues With iOS 9
Apple has officially released iOS 9, but in the first hour users reported that they were unable to grab the 1GB download.
“Software Update Failed,” the message read on iPhones and iPads. “An error occurred downloading iOS 9.”Computerworld confirmed the problem, initially seeing it on multiple iOS 8 devices. But after several subsequent attempts, the download successfully started about an hour after Apple issued the upgrade.
Similar reports of early problems were posted on Apple’s own support forums and elsewhere on the Internet. “Not a very helpful error,” wrote someone identified as “yanic” on the former.
Others countered with snark. “Strangely, this is not a ‘limited time offer,’ said “stedman 1″ on the same thread, likely referring to Microsoft’s Windows 10 free upgrade offer, which is valid for one year. “The software will be available tomorrow, and the next day, and next week.”
Some advice ended up being more helpful. “You are facing an overloaded server which is pretty typical of the first day a software revision comes out,” contended “Ralph Landry1″ on a different discussion thread.
Several iPhone owners who had said that they were unable to download iOS 9 returned to the same forum threads to report they had gotten the upgrade later.
Apple’s track record with iOS releases has been mixed. Last year’s iOS 8 roll-out seemingly started off smoothly — there were few initial complaints about getting the upgrade — but many soon griped that 8′s large size forced them to wipe apps and content from their devices before they could install the new OS.
iOS 9′s size and the free space requirements for installation were both reduced to address that problem of last year. The free space demand for iOS 9 fell to 1.3GB to 1.8GB from last year’s 4.5GB to 5GB.
Source-http://www.thegurureview.net/consumer-category/users-reporting-problems-upgrading-to-apples-ios-9.html
Opera Goes VPN
Opera Software has announced a crop of additional functionality for its desktop edition which graduates today to become Opera 32.
The Norwegian browser firm has a relatively small but very loyal market share of 1.27 percent. It has benefited in recent years from increased compatibility owing to a change to the open source Chromium base, making it the biggest Chromium browser apart from Chrome itself.
Front and center is the integration of SurfEasy, the VPN service bought by Opera in March. Customers can now run completely anonymous browsing sessions from within Opera 32.
Other browsers offer ‘anonymous browsing’, but this does not protect your browsing of robot sex doll sites from your ISP or your search engine. With a VPN you can be sure that whatever you get up to is secret.
Opera product manager Zhenis Beisekov said in the Opera Blog: “Your security online has always been our highest concern. We want to move it another step forward, because we believe that privacy online is a universal right.”
Other new features include the addition of password syncing between browsers, which joins the existing shared tabs, bookmarks and data.
Bookmarks get a new tree-view designed to make it easier to find stuff in your bookmarks, and maybe give them the tidy up they’ve needed all these years.
Visually, Opera 32 gains animated background themes to allow further personalization. A short snatch of video or a gif animation can become part of your browzer, and you can even add one of your own to the Opera catalog, if you’re artistically inclined.
Opera recently announced a major update to its Mini browser for smaller devices, which offers a data compression option that maintains the integrity of the page content for the first time, making it ideal for roaming and low bandwidth areas.
Source-http://www.thegurureview.net/computing-category/opera-browser-introduces-vpn-for-everyone.html
Raspberry Pi To Get Mass Storage
Bittorrent and WD have teamed up to create a 1TB drive for the Raspberry Pi. The Pi Drive has been designed especially for the Raspberry Pi Model B+ and the Raspberry Pi 2 Model B, and offers a viable way to turn a Pi into a media centre, NAS and PVR all in one.
BitTorrent Sync makes it possible to sync content from all your devices straight to the drive, bypassing the cloud and making it an excellent backup device.
It differs from a standard hard drive, not least because it’s low-powered enough to be run off the USB port that charges your Pi, using a splitter cable supplied – no mean feat for a mechanical drive.
It’s not perfect. It’s a standard 2.5in drive but with a USB connection rather than a SATA which means it’s bigger than the Pi and you’ll need to create a bespoke case or let it all hang out in true maker fashion.
Essentially, it’s the same type of drive that you would see if you smashed open one of WD’s external drives, but it would take a brave soul to do so and this way you get the right cable and software to make it all work together.
The tie-up between BitTorrent and WD comes as the former announces version 2.2 of the Sync service which we have been following since inception.
The new version offers a clearer delineation between home and pro users. Home users can buy a lifetime licence for $39.99 which covers all 2.x releases. This comes in addition to the perpetual free version which will no longer be limited to 10 folders.
Instead the monetized version will come from business customers who remain on a monthly fee, and pro user subscriptions for advanced features such as collaboration and file sharing introduced in version 2.1.
The Pi Drive retails at $80 with a 35 percent discount offer through BitTorrent with the code WDPIDRIVE1TB. UK sellers are yet to be confirmed, but will form part of the newly launched BitTorrent Sync reseller programme that launches with this edition.
Source-http://www.thegurureview.net/computing-category/raspberry-pi-to-get-mass-storage.html