Upgrade From XP, No Thanks

I was reading this article today about about the market share of Microsoft OS's in terms of how much malware effects them quantity wise, and with what is said in the article, I agree, XP is the most vulnerable to attackers.



While XP is still the most popular OS out of them all, it's slowly losing it's market share of users as more stores around the world ship out machines with Windows 7 on them and in the near future, Windows 7 will likely become the most popular OS, which creates a question for attackers. Where will they move onto?

I think we see it enough everyday in the news that Android smartphones are by far the most popular platform to attack just because of the openness and by far the most vulnerable, just like XP is, and we see it everyday that the world is moving onto smart phones. Smartphones ARE computer that we can hold in our hands, laptops and notebooks were the *thing* for a while, but smartphones is where it's at in terms of where the market share will go.

While I work in the computer security community, I do advise most everyday users to upgrade to Windows 7, but frankly the malware problem overall is down to the end users that don't keep up with security patches.

For now though, I'll be one person to keep XP alive, I'm sticking with Windows XP until support stops, then I'll move onto the newest OS (likely be Windows 8 by that time)

Google Adds g.co URL Shortener

Another awesome idea by Google, a second URL shortener, but this one is more designed around security.

Unlike goo.gl, which is public, anyone can make a short URL with goo.gl that can lead anywhere, but g.co will be private and only created by Google themselves, can't be created by anyone and Googles plan is to use them for when linking to something that is a Good product or service.

The idea is that more users will trust g.co links if they know that the website they are being linked to is a Google product and safe.

Nice one Google!

Rammnit Adapts To Zeus

In the latest malware news, the file infecter known as Rammnit gets an upgrade. The writers and creater(s) of Rammnit has adapted the Zeus code into it's coding, and this is just the first step in the evolution of newer infections.

Earlier this year we saw the Zeus source code released online, followed by SpyEye code being released online, and so far Rammnit is the first to take advantage of this and the creators added Zeus into Rammnits source code, all in the name of financial gain.

The malware scene and writers make millions from online fraud everyday, and as we saw, Zeus and SpyEye was widespread and very successful in what the infection was made to do, now with Zeus/SpyEye being released online, it's given malware writers a new base and platform for them to build around and possibly upgrade, and it just makes it easier for malware writers to create new malware with new techniques.

Sure, right now a lot would say TDL4 (as far as fixable infections go) is still the most dangerous as it's hiding in the MBR, one of the most dangerous areas of a machine to play with, but the point I'm making is that making malware nowadays with all the tools appearing online and in underground communities, it's not hard to do.

It wouldn't suprise me if we DID see more malware taking on the likes of Zeus into their code, and this can only result in more new and dangerous malware appearing.

More on Polymorphic File Infecters

I was sat thinking this evening about this new infection Kaspersky picked up a few days, and it amazes me as to why more malware writers haven't (yet) adapted this technique of infecting many of a computers system files.

I mean across the forums that I help on, we do see the likes of Virut, Sality and Rammnit but it's only the minority for now and it's a constant fight between the good guys and the bad guys.

Truely if the bad guys were bent on winning in the sense of creating malware that can't be beat, they would of adapted to infecting system files. Sure they've already managed this in the likes of TDL3 where it infects a random .sys driver file but it can be disinfected and repaired. Now with TDL4 they've gone as far as hiding in ring0 with the MBR infections.

I'm really just amazed why we aren't yet seeing TDL4 come with an explosive bomb attached to its chest and start infecting system files - it can be done and it's the one kind of infection that cant be stopped as the damage is just too great.

Sure we know the only way out of an infection like this is a quick drop everything and format situation, so I wonder if the bad guys want us to fight their malware instead of going down the path of destruction method, I mean their malware longs longer when we fight it right? rather than formatting, and they can constantly update to stop our tools from killing the infection.

Ah well, it was just a topic I was sat wondering about, who knows if we'll see more file infecters in the future.

Polymorphic File Infectors

I was reading this article today on Securelist about a new virus Kaspersky picked up called Virus.Win32.Xpaj.gen. It's a polymorphic file infector.

What are they and what makes them dangerous?

Essentially a polymorphic file infector injects malicious code into every .exe file on a machine and damages them beyond repair. This new virus works the same way as Win32.Sality virus, it spreads via USB so no doubt if this new infection starts to spread bigtime, it will cause mayhem on computers. Luckily the other infections that use this file infecting techniques aren't seen often so lets hope we only see a minimum of this new infection.

What can be done

As expected with malware nowadays, this one also comes with backdoor capabilities, and sadly with polymorphic file infectors there is nothing that can be done, the damage caused to a machine is too severe, and as I've seen with other infections like this, like the Rammit & Virut families, there is nothing that can be done to combat it.

The one warning I can give is the word of warning people to switch off autorun in Windows (even though Windows Updates now does this) to prevent infected USB hardware infecting your machines. Even though this update from Windows should of reached the majority of users by now, I still see lots of machine with autrun switched on, my old college machines for example.

The only way out is to fully format the WITHOUT backing anything up as backed up files are likely to be infected as well.

Here is another article about Sality & Virut by another amazing member of the security community meikimoes, worth reading.

Recommended Apps for Android

Thought I'd make a "Recommended Apps for Android" list, just some of apps I use on my Android everyday and some that run in the background, but they are all recommended anyway.

Facebook
Twitter
Google+
Teamviewer
Skype
Lookout Mobile Security
Droidwall*
Wireless Tether*
BBC News
ZDNet
TuneIn Radio

* = Apps that require a Rooted Android phone.

Facebook to enforce real name policy?

Was reading this article today on TheHackerNews and thought I'd post a little something about it.

The sister of Facebook CEO, Randi Zuckerberg wants to put an end to online anonymity. Facebook wants to force people to use their real names on Profiles.

You realize all this will do is anger the online consciousness that is Anonymous and me included. I'm not really a Facebook fan, never have been. I'm only on there to talk to a few friends and family, and my name is set to Belahzur because that's my online identity.

I'm sure everyone saw the big debate Google got when they forced this on users of Google+ and suspended accounts for it, frankly if Facebook did the same to me, cut me off contact with family just because I'd rather keep my real name hidden, then I'll happily leave Facebook and never go back there.

I don't want to sound like I'm all for Anonymous, but as an insider, what they do is for a just cause. I want my freedom of speech and my right to hide my name if I want to. If Facebook do plan to do this, then they deserve what's coming to them November the 5th.

MS Declares Victory Over Linux

I was reading this article on ZDNet today, and it caused something in me to snap.

To me Linux has never been a threat to MS directly, I don't see where MS see the Linux competition from, I like Linux because of the openness of it, allowing me to do what I want to the OS.

Mobile matters. Desktop doesn’t.

Just cause I don't like MS - Android market share owns that of Windows phone.... isn't Androids kernel based on Linux? oh wait it is, Linux isn't a threat? Linux is a bigger threat than MS imagine it to be - Linux was never developed to compete with MS, it was developed and mainly used nowadays for people who are sick of MS and want to try something different.

Linux is free to download - any distro of it, I don't have to pay anyone a penny to legally download ubuntu or Redhat. Lets look at another fact.

Boot discs - I'm sure you can name an awful lot of them, 90% of them are based on Linux. You can call us hackers if you wish, but the Linux community is about sharing in the openness of Linux, we like knowing how things work and reverse engineering and making it our own version of something.

Take a lesson from Sony, I'm fairly certain everyone on the internet saw the attacks on them, and that started because of what they did to Geohot and others, they removed OtherOS and forced me off PSN because I want to keep Linux on my PS3.

Recently Mozilla are planning their own Firefox OS - Guess what? they are planning to base it on....... Linux. MS only say they declare victory now because they've had the market share of OS users now for so long and I doubt that will ever change, Windows will hold claim of the most popular OS, but great things come in small packages and that's what Linux offers. We don't have to rely on anyone else with Linux, like with Windows Updates, if we want something added or changed, we do it ourselves.

MS can declare victory over Linux, but Linux will NEVER die.

Google buys Motorola

Todays big news, Google has bought Motorola for the price of 12.5 billion.

Quote from ZDNet:

While Motorola Mobility will remain a licensee of Android, and Android will remain as an open operating system, Motorola Mobility will act as a separate business under the arm of Google.

There has been many contributors towards the Android OS and why is has been so successful in it's market share of recent, and that's down to the openness of Android, and it's exactly the reason I chose Android over the other smart phones.

Others think Google just bought themselves a lawsuit however, Microsoft were suing Motorola for Android patent infringement, and Microsoft could potentially sue Google now, as Motorola is now working under Google. This would be a decent court room fight to see, not many companies would think of going against Apple or Microsoft in court just because of how much money each company has, but the 1 company that is strong enough to fight Microsoft, would happen to be Google.

I imagine if MS are still fighting Motorola, I can see MS settling and coming to an agreement. My thoughts if they went to a court room battle, MS vs Google directly over this, I can't see MS winning; it's more about which company has more money and looking at how much Google make every day alone, MS wouldn't be on the winning end.

With Google taking up more and more market share for the Android OS, Microsoft will also need to do the same if they ever want to (at the very least) get their Windows Mobile OS out into the market, and one way they could do this, would be to buy out RIM (Research In Motion), the makers of the BlackBerry phone, just to try and even the battlefield for Microsoft a little bit more. This has yet to be seen, but it's one way MS could counter attack Googles newest purchase, some say MS will buy Nokia or RIM, others say they wont.

With Google and Microsoft are going at each other on the mobile OS war, I'd love to see Google slap Microsoft down a peg or two, would Microsoft even dare to fight Google? that would be a good lawsuit to watch.

I guess we shall see in the coming days/weeks how this unfolds.

Facebook & Phone Numbers Exposed

So it appears Facebook have added a sneaky setting very quietly to be Facebook Mobile settings and this is *by default*, a big security risk. Facebook expose your mobile phone number with people who you may not want to share it with.

Here's a screenshot from my list of contacts. I've removed their names and numbers to respect their privacy.



One of my friends there is an old friend from college, I never had this mobile phone number but now apparently Facebook gives me it because of this new stupid feature they put in.

Those who use Facebook Mobile from your smart phone, please switch off contact sync so Facebook doesn't get your contacts from your phones contact book.

I don't really like nor do I appreciate Facebook doing this, I use my phone for my Facebook login approval settings, I trusted Facebook with my number and now they want to give it away to others without my permission?

I'd advice everyone to disable that option so others can't get your phone number.

More information here: http://goo.gl/NH3Zl

Google+: Safer than Facebook?

As you have probably seen on the internet, there is an on-going debate over Google+ allowing pseudonym name on their social networking. Right now G+ is still in beta, giving scammers/spammers alike the chance to send out false invitations to Googles social networking site, anyone who doesn't have an account is 99% likely to click the link hoping to get invited to G+.

Google also ban people not using their real names, so to spammers, does that keep them away from Google+? sure there has been lots of scams concerning G+ but not originating from G+.

On the same subject on privacy and safety. Google+ works on a 'circles' system, meaning we can share data and information with a small group of people we choose or an individual compared to Facebook, where it's friends only, or friends of friends, or no one at all.



This is my circle, only 6 people, but I can add a status and only a select few people I choose can see it, does this make your information safer? only those who you want to see your status can see it, I suppose the answer would be yes.

The only downside is when your added to someone else's circle, they can message you without your approval, making it easier for spam/scam messages to be sent out. Google+ is still at a very young age to say it has over 10 million members and Google can and probably will change and upgrade quite a few things before it goes public, sadly this is just one of the dangers of the closed beta stage.

Right now, Google+ looks safer than Facebook, but only time will tell.

"Phone Hacking" has go to stop

Yet again another morning, I check my Twitter feed to see another person being arrested under the suspicion of phone hacking.

A little while back BBC Panorama did a show about this, they met a hacker who explained how easy it is to do this, and I have to agree, it is easy. I'm an Android user and I know how to do it, but again this comes down to the end user problem.

People who buy smart phones but don't change their voice mail PIN, or they do change it, but they change it to 1 2 3 4 or something similar that is easy to guess just from looking at the keyboard, usually it's numbers that are on a horizontal line or a vertical line so people don't forget it.

Unfortunately doing that doesn't make your voice mail PIN number secure, it needs to be random, use sites like www.random.org to give you a random 4 number PIN.

It's a shame how people think phones aren't anything like computers, they don't need security because they are in your hands and no one else's, but they do, they are mini hand held computers and should be treated the same way as a desktop or laptop computer.

ChromeOS Vulnerabilities

ChromeOS Vulnerabilities

As the ChromeOS fan base grows, so does the market share of malware. Since ChromeOS is based solely on a browser, malware writers focus their attacks into malicious extensions for Chrome. Take example from Scratchpad, one of the apps that comes pre-installed with ChromeOS and the vulnerability that was found in it, known as open permission.

A quote from Kyle Osborn at the Defcon 19 Conference.

Because it has access to all sub-domains under Google.com, this could include your contacts or Voice account. An exploit could export your entire contact list as a CSV," he said, simply because you were using a Google-written app.

Through the use of a tested malicious app installed into ChromeOS, they were able to forcefully download an app of their choosing, and because everything is synced to a users Google account, there is no defense wall to bypass.

Don't get me wrong, the security in ChromeOS is much tigher than other OS's but the attacks are shifting from the everyday malware we see in Windows to web based attacks.

The only downside is how this system turns the end user into the firewall basically. When installing apps, it still shows what information that apps accesses, but not everyone reads that, infact the majority of people wont read it and will just skip the small print to install the app.

A writeup on the Chromium blog can be found here about developing apps more safely: http://goo.gl/lzH5Q

RIM & BlackBerry Rant

Now, time for the big news story of the day, riots happening across several parts of the UK. The riots are thought to be organised on BlackBerry Messenger service (BBM) as it's a closed system and more private than other platforms of communication.

Quote from RIM:

We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can. As in all markets around the world Where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement and regulatory officials. Similar to other technology providers in the UK we comply with The Regulation of Investigatory Powers Act and co-operate fully with the Home Office and UK police forces.

Because of this statement, the BlackBerry blog site was hacked and defaced by TeaMp0isoN, and here is the quote from them.

Dear Rim;
You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all, the Police are looking to arrest as many people as possible to save themselves from embarrassment…. if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it, we have access to your database which includes your employees information; e.g – Addresses, Names, Phone Numbers etc. – now if u assist the police, we _WILL_ make this information public and pass it onto rioters…. do you really want a bunch of angry youths on your employees doorsteps? Think about it…. and don’t think that the police will protect your employees, the police can’t protect themselves let alone protect others….. if you make the wrong choice your database will be made public, save yourself the embarrassment and make the right choice. don’t be a puppet..

p.s – we do not condone in innocent people being attacked in these riots nor do we condone in small businesses being looted, but we are all for the rioters that are engaging in attacks on the police and government…. and before anyone says “the blackberry employees are innocent” no they are not! They are the ones that would be assisting the police

I have to say I am with TeaMp0isoN, not every BlackBerry user is guilty and passing on messages that are perfectly innocent to the police is invasion of privacy, how many of your customers would love to know you plan on passing their location via GPS to police? it's besides the point that it's police but that your tracking them anyway, when customers may not want to be tracked.

Innocent police will be harmed just to track down the guilty? there has to be a better way than this, it's not right but it's not like we have a choice in the matter right? think about it though for a second, because of this, how many people will leave RIM and go over to Apple (iPhone)or Google (Android)?

On a similar note, a few days ago I made a quick blog post about another raid on a PS3 hacker that was raided by police (http://goo.gl/dRWpy), and during these riots, a Sony store caught fire, bad karma? quick video here http://youtu.be/dK5ecuxXyYM

Chrome extensions

For those of you out there that use Facebook as well as other platforms like Twitter for news or just want to see only relevant information and need a way to hide anything that isn't useful, like the sponsored box? or friends are friends with other peoples, here's some helpful Chrome extensions that I use.

The first, Facebook Purity. http://goo.gl/Wej8V

Once installed you may want to configure it just a bit, but I use it to hide anything I don't want to see, give it a try, it's worth it.

Once configured to meet your needs, it add a little bar at the top of your Facebook news feed, to show/hide items that you have chosen to be hidden, it's very simple to use and filters all the useless crap.



Second, have you ever wanted to shorten a URL really really quickly? if so, use this extension. goo.gle Shortener Lite: http://goo.gl/NW3s3

It will add a little button to the top right of your Chrome window, and when you want to shorten a URL, just press it and there you have it, a short goo.gl URL.



There is also another blog post, listing a nice collection of extensions for Chrome, specifically for those who work in computer security, worth looking at and installing a few.
http://goo.gl/iFHzC

Funny Wifi Names

1 week old article but only getting around to going through all my favourite tweets recently.

Saw this article about their favourite Wifi names on Mashable.com, some made me laugh.
http://mashable.com/2011/08/03/best-wi-fi-names/

But on that basis, have you enabled or disabled your SSID Broadcasting? would love to hear some other funny Wifi names out there.

Short to long URL's

It seems LongURL isn't working right now, so here's an alternative site to make short URL's long again.

I've tested it personally across quite a few URL shortening services like bit.ly/goo.gl/tinyurl/shadyurl and it works fine.

http://urlxray.com/

Insert a short URL, press the X-ray button and see where the short URL leads to. Very handy for avoiding phishing scams.

My week in review

So looking back at the past week, lets go over a few things.

First, the infamous Defcon 19 Conference. The tech generating is getting younger and smarter, the 10 year old girl going by the name of CyFi found exploits in farming games by altering the clock to make time go faster, my hats off to you, that's very impressive to say she is just 10 year old.

Mikko Hyponnen gave his awesome talk about how we've been fighting computer malware for 25 years, and how this started with the Brain.a virus. Two articles of his talks about how and why computer virus started appearing online found in these two links: http://goo.gl/sjvWb & http://goo.gl/4tFle

Next we have the UAV that can stay in the air for upto 1hr that can monitor for WiFi signals, phone signals and Bluetooth, and using this is able to track movement of a signal it picks up, pretty cool eh? this is made possible by the 32gb Linux hardrive inside the vehicle to store it's stolen data.

For a roundup of the 2011 Conference, see this excellent article by Threatpost: http://goo.gl/Z680g

Next is the new WiFi standard, for anyone who works in networking will be very familiar with the 802.11 a/b/g/n standard, well now it's time to introduce the next stage in the evolution of standards. Introducing 802.22, a new range of WiFi that allows upto 62 miles away, 12,000 square miles to be exact. This probably wont be seen on devices for another year or so, but don't worry, your router(s) should still be able to use this newer standard.

Something tells me we'll see this going to iPhone/iPads very soon, Apple are usually very quick on the updates, and now the wireless tethering on devices like iPhones and Androids, we may see 802.22 make an early appearance.

Sony at it again?

Just reaald an article about police raiding the home of another PS3 hacker for publishing his jailbreak software. Sony, did you not learn from the past few months, do you want the attacks to resume? Cause your sure going the right way about it to piss more people off again.

Sorry but it has to be said. As the video published by Anonymous said, this is the same as someone legally owning and buying a computer but being punished for installing or deleting programs.

Keep it up Sony, your going to hell regardless, you've lost a massive user base to MS xbox during the PSN downtime.

GMail 2 step verification

I know this news is 1-2 weeks old but it needs be repeated. As more of the worlds market start going to smart phones (Android/iPhone/BB), Google started doing as Facebook do, using a security feature that works by sending an SMS message to a users  smart phone and requires a pin number to access any GMail account with this security feature setup.

I think more and more sites need to start doing this, as I told a friend the other day, he can have my Facebook name and password but can't access my account without my phone. So with this in mind, it's no wonder were seeing more trojans on the Android phones that access users text messages and phone calls & voice mails, since using open source is easier for hackers to find exploits in. Is the future of malware moving onto smart phones too? Windows still holds the base for malware but as technology evolves (ChromeOS and OSX), so does malware, it becomes more and more widespread to many different targets and platforms. But anyway back on subject, people need to start using the two step verification in GMail, and start locking up their data and protect themself online.

Good work to Google on this, it's a step in the right direction security wise.

Facial Recgonition Software

So just how much DO you value your privacy these days? I was reading an article today about someone who used everyday software available on the net to identify people using nothing more than a basic picture of someone and using facial recgonition is able to track down their personal information such as their Facebook, names and adresses, etc

So how much do we value privacy these days? Your best friend Facebook could be your worst enemy? Is this even possible?

Although I have to say this is a very smart evolution to technology. Yes it was only developed as test that it can be done but "if it can be used, it can be abused" as they say.

Twitter parental controls

Another nice move by Twitter! They are testing out a parental control feature to filter out content that may be NSFW (not safe for work) and this is added as an option in the settings to filter out tweets that are marked as 'sensitive' by the publisher of a certain tweet, and this is done without the possibilty of false positive and without forcefully filtering content.

Thank you to Twitter for not forcing this upon users and not censoring information shared. I love you Twitter. <3

Google Chrome

Google have updated Chrome to stable version 13.0.782.107, following Google paying out $17,000 in bounty reward money to researchers. Users are encouraged to update to this new version.

Windows XP - breading ground for malware

So I was reading an article on technet about Windows XP being the most popular OS for malware and more specifically the TDL4 rootkit that infects the Master Boot Record (MBR) as the research by Avast shows XP counts for 74% of malware, with Vista counting for 17% and 7 counting for 12% and 7 being safer than XP. Yes I understand this result naturally comes with the fact Vista and 7 have better defences with the UAC & driver signing as well as a few other defenses, then when it comes to x64, even less because of the different file system it uses.

Vista & 7 might be safer but are harder to repair if they do get infected - I see plenty of Vista and 7 machine that come with custom written MBR code from manufacturers for OEM partitions, and repairing these aren't easy - many malware removal tools write 'default' Vista or 7 code and these OEM machines don't use 'default' code and using default code on an infected machine causes the machine to become unbootable.

So yes XP might not be as safe as the more upto date OS's but it's much easier to repair the MBR on an infected XP machine.

However, I aren't just bashing Vista & 7, it's just these certain features like OEM are designed to help the everday user but sometimes make our jobs harder, and lots still love XP because it works and it's simple.  It's not complicated and XP had many years between the release of XP and the release of Vista, so are the end users to blame for the mass infection range of XP?

Facebook bounty program

Facebook have recently started a bug hunting bounty project, similar to what MS and Google have, for any white hat anywhere in the world to volunteer their skills for. Facebook is willing to pay upto $500 or more for any security hole found, but ask that researchers take oath that they give Facebook a 'reasonable' amount of time before they publish their research publically.

Have to say, good on Facebook, to me they have really tightened their security - I use the text message service with a code number if an unauthorized device accesses my Facebook account and it hasn't failed me in testing it out, aling with entering a device name.

Good work Facebook, keep it up, +1 to you guys on this.