‘Stegano’ Malvertising Exposes Millions To Hacking
December 13, 2016 by admin
Filed under Around The Net
Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
PC Monitors Vulnerable To Hacking
You should probably be leery of what you see since, apparently, your computer monitor can be hacked.
Researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.
Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.
They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.
During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.
It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.
However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.
The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.
The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.
For instance, cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it, Kataria said. Or they could even spy on users’ monitors, by logging the pixels generated.
However, the two researchers said they made their presentation to raise awareness about computer monitor security. They’ve posted the code to their research online.
“Is monitor security important? I think it is,” Cui said.
Dell couldn’t be reached for immediate comment.
Source- http://www.thegurureview.net/computing-category/computer-monitors-are-also-vulnerable-to-hacking.html
Apple Begins Testing Of Safari 10
July 6, 2016 by admin
Filed under Around The Net
Comments Off on Apple Begins Testing Of Safari 10
Apple has begun testing Safari 10 with developers running the 2014 and 2015 editions of macOS, gearing up for a fall release of the updated browser to users of Yosemite and El Capitan.
Safari 10 was introduced earlier this month as part of macOS Sierra, this year’s operating system upgrade.
Apple typically supports its newest browser on three editions of macOS: The latest version and its two predecessors. The now-current Safari 9, for example, receives updates, including security patches, on last year’s El Capitan, 2014′s Yosemite and 2013′s Mavericks.
Safari 10 will be supported on Sierra, El Capitan and Yosemite. Meanwhile, Mavericks will remain on Safari 9.
The Safari 10 preview is currently available only to registered Apple developers, who pay $99 annually for access to early builds, development tools and documentation.
The general public will get its first look at Safari 10 next month after Apple opens up its broader-based public beta program for Sierra. Those who have signed on to the beta preview will also be able to download preliminary versions of Safari 10 for El Capitan and Yosemite, running the preview browser but sticking with their older, more stable operating systems.
Some of Safari 10′s signature features will be available only within macOS Sierra, including web-based Apple Pay — where payment is authorized with an iPhone or Apple Watch — but others will be supported by older versions of the operating system. Among the most notable are the new ability for developers to distribute and sell Safari add-ons in the Mac App Store, and easy portability of iOS content blockers to macOS.
If Apple replicates last year’s beta schedule, it will release the first public preview of macOS Sierra and Safari 10 around July 14.
Courtesy http://www.thegurureview.net/aroundnet-category/apple-begins-testing-of-safari-10-browser.html
Verizon Goes IoT
Verizon has rolled out ThingSpace, a development platform for companies of all sizes to create Internet of Things applications more efficiently and then later manage those apps.
The carrier also announced it is creating a new dedicated network core for IoT connections that can scale far beyond the ability of its existing networks with the intent to reach billions of sensors and devices.
“Continued innovation in smart cities, connected cars and wearables demonstrates that IoT is the future for how we will live and work,” said Mike Lanman, senior vice president of enterprise products at Verizon during an event held at Verizon’s San Francisco Innovation Center. He said Verizon is taking a “holistic approach” to help expand the IoT market from millions of connections to billions. The event was webcast.
Other major wireless carriers, including AT&T, are developing programs to offer a range of services to industries and cities for connecting IoT sensors to wireless networks and then to cloud services for data analysis.
At Verizon, Lanman said the company is working to lower the cost of connecting billions of existing devices that companies have used for years to Verizon’s network. Holding up a new computer chip made by Sequans Communications, an LTE chip maker, he said the chip will provide a “significant reduction in cost…that changes the game.” It will provide 4G LTE connectivity in modules connected to IoT devices to “make the wide-area network more accessible to developers.”
Also, next year Verizon will launch a new IoT core network within its LTE network to provide a “much lower cost” than with Verizon’s existing wired and wireless networks.
“The cost for an IoT module and the cost to connect will both drop dramatically,” Lanman added. “Whether you are connecting your dog or water meters and any other low-payload devices, we’ll handle it through a new IoT core.”
Source-http://www.thegurureview.net/consumer-category/verizon-launches-thingspace-for-iot-development.html
HTTP2 Procotol Nears Completion
When it comes to amping up traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.
The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.
Not everyone is completely satisfied with the protocol however.
“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.
Others, however, praise HTTP/2 and say it is long overdue.
“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”
First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.
Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.
“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.
While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.
HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.
HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.
As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks — mobile users for instance,” Garrett said.
Will GoDaddy Do An IPO?
March 26, 2014 by admin
Filed under Around The Net
Comments Off on Will GoDaddy Do An IPO?
Web hosting company The GoDaddy Group Inc is gearing up for a second attempt at an initial public offering, according to two people familiar with the matter, as the 2014 tech IPO pipeline continues to grow.
GoDaddy, the Internet domain registrar and web host known for its racy ads, would join a number of high-profile tech names expected to go public this year in the wake of Twitter Inc’s successful debut. They include “Candy Crush” developer King Digital and cloud services providers Box and Dropbox.
The company is in the process of selecting underwriters for its IPO, one of the two sources said on condition of anonymity.
GoDaddy was not immediately available for comment.
GoDaddy had filed to go public in 2006 but was told at the time that it would be required to take a 50 percent haircut — a percentage that is subtracted from the par value of assets that are being used as collateral — on its initial public offering.
The company instead decided to pull its filing, citing unfavorable market conditions.
The company, founded in 1997, was eventually acquired by a private equity consortium led by KKR & Co and Silver Lake in 2011 for $2.25 billion. Silver Lake declined to comment while KKR did not immediately respond to a request for comment.
Other private equity buyers included Technology Crossover Ventures.
GoDaddy, which provides website domain names, is famous for airing bawdy commercials with scantily clad women for the past decade during the Super Bowl.
The Wall Street Journal first reported on the plans.
Kindle Fire Raises Privacy Concerns
December 5, 2011 by admin
Filed under Consumer Electronics
Comments Off on Kindle Fire Raises Privacy Concerns
Amazon told a Massachusetts congressman that the Silk browser in its Kindle Fire tablet doesn’t pose a privacy threat to customers, but the lawmaker wasn’t satisfied with that statement.
U.S. Rep. Ed Markey (D-Mass.), the co-chairman of a congressional caucus on consumer privacy, on Tuesday released the results of questions he had put to Amazon CEO Jeff Bezos in October about Silk and the data it collected.
Markey wasn’t happy with Amazon’s answers.
“Amazon’s responses to my inquiries do not provide enough detail about how the company intends to use customer information, beyond acknowledging that the company uses this valuable information,” said Markey in a statement.
“Amazon states ‘Customer information is an important part of our business,’ but it is also important for customers to know how the company uses their personal information,” Markey continued. “Amazon is collecting a massive amount of information about Kindle Fire users, and it has a responsibility to be transparent with its customers. I plan to follow-up with the company for additional answers on this issue.”
Silk, which is based on the open-source WebKit engine, connects to Amazon’s cloud service and servers by default. The service will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components, a way, claimed Amazon, to speed up browsing on low-powered devices like the Kindle Fire.
Hackers Creating Networking Website
July 25, 2011 by admin
Filed under Around The Net, Internet
Comments Off on Hackers Creating Networking Website
Anonymous, which has taken credit for several high-profile cyber attacks in recent months, plans to launch what it says will be a new social networking site called AnonPlus.
The group’s move was apparently spurred by Google’s decision to shut down Anonymous’ Google+ account for community standard violations, a report by Mashable says.
For the moment, at least, AnonPlus appears to be little more than a single, somewhat poorly formatted page explaining what the site will be about.
“This lil info dump of a site is here simply to dispence (sic) info, soon the actual site will go up and you can begin to interact with it,” a message on the site notes.
“This project is not overnight and will take many of those out there who simply want a better internet,” the message noted. “We will not be stopped by those looking to troll or those willing to stop the spreading of the truth.”
The message doesn’t mention Google shutting down Anonymous’ Google+ account, but it does promise members that with AnonPlus there would be no fear of “censorship”, “blackout” or “holding back.”