Getting To Grips with Online Security

For any business security is important, yet small companies often face a more difficult challenge than larger firms. As a business with limited financial resources, you can't always afford large in-house IT teams or rely on custom-built software.

As a result, the best entrepreneur needs to find cost effective methods that remain just as efficient. In an age dominated by online data protection, performance is something that cannot be compromised. Fortunately, there are a number of steps you can take, such as an SSL certificate.

What is SSL? 

SSL stands for Secure Sockets Layer and refers to private communications between your server and other users. This is what keeps customer information from leaking: by encrypting the data sent back and forth, it is all the more difficult for would-be data thieves to listen in. Consequently, the better the SSL, the more difficult it is for thieves to intercept, which makes it more likely that hackers will look elsewhere.

OpenSSL is an open-source version which is ideal for use with smaller businesses. As an open-source variant, OpenSSL is easy to tailor and customise to your needs. Many companies use this across the globe because it is affordable, regularly updated and enables your company to obtain an SSL certificate.

How do certificates help? 

Having security in place is pointless if people are not aware of it, so you need a way to show off your efforts. Not only does it provide official proof of your protection, an SSL certificate can keep your business secure at the same time. A certificate represents a certain recognised grade of achievement, which will often result in a green padlock symbol appearing in various web browsers. This small symbol reassures customers that the information they give you is safe, helping to build further trust between you and them.

There are different certificates available. Depending on the nature of your business, you may want to invest in an Extended Validation Secure Sockets Layer certificate, or EV SSL for short. EV SSL goes even further to check information being sent back and forth. If anything happens in between, such as someone trying to steal data, you’ll be aware.

When dealing with the likes of B2B, this extra precaution is something many will expect as standard practise. The right SSL certificate proves you take your business and its data protection obligations seriously without breaking the bank.

Your Chrome Speech Recognition Can Be Turned Into Spying Device by Malevolent Intent

Talking of computer browsers, worldwide users are mostly familiar with three of them, which are Internet explorer of Microsoft, Free share Firefox and the third is Google Chrome. Among these three familiar browsers, a special feature separates the Google Chrome from the other three, and that is Speech Recognition. It can secretly listen to you, using your computer’s microphone and can transcribe the conversations occurring at your home without your knowledge.

This ‘hands-free’ Voice Recognition’ technology has been an obsessive for many technological companies over the years. Their vision is to build a Matrix-like world where the computer users like us will be too lazy to even move their fingers to click a mouse button. Their future has us all perpetually online through computers performing almost all our daily functions via computer. The capability has been there around for some years and so has the ability to abuse it.

A Whistle-blower: 

An Israeli software developer, naming Tal Ater, was working on this Voice Recognition software, brings to world’s notice about a security bug in Google’s Chrome browser which is yet to be fixed. The whistle-blower warns that this bug in Google Chrome are being exploited by various malicious sites which can activate your PC’s microphone and listen to anything said around your computer even after you have left those sites.

Working Mechanism: 

The whistle-blower first discovered the bug while working on the voice recognition technology and is termed as Annyang. It is a tiny Java-script library that lets its visitors control the site with voice commands supporting many languages. The visitors uses this technology as an alternative to mouse or keyboard to manoeuvre around by simply saying commands like ‘search’ , ‘back’.

Spying activity: 

The whistle-blower though defends Google as there is no fault or any sinister intent on their part, for this error. It is the websites that the user’s visit, which is being exploited by the Google Chrome bug to spy on you in your home and you won’t be aware of that.

Example: suppose you are gaming online or just surfing the internet with an old computer of yours. You enter a site that supports voice recognition and you activate it upon entering, simply by clicking a button marked ‘Voice Recognition Off’. After you have finished navigating the website through your own voice commands you click the ‘Voice Recognition Off’ button or just leave the website. Your Google Chrome Browser will show that the plug-in is now off and has stopped listening to the sounds caught by your microphone. The problem lies with the monitor which clearly shows that the listening device is OFF, is actually still ON.

Refusal of fixing the bug: 

Google refuses to fix the bug as they are not guilty on their part. But the whistle-blower explains that Google will just need to fix the hole of its browser or else this whistle was not needed to be blown.

Tools Manipulating RAM to Mislead Cyber crime Investigators

ADD, attention deficit disorder, a tool changes the structure of the Windows physical memory and thereby, disturbs the memory functioning of the system and changing the pattern of the memory consolidation within the system. What it does is, make fake files, fake network connections, bad server dumps and ultimately, making a false background of the memory track. With this increasing amount of false server lists along with a great number of fake network connections are allowing cyber manipulators to work without much threat and do their job at a swift pace.

What cyber crime analysts and investigators do? 

There is always a memory dump in any computer system that has been running. Whatever occurs in the process, while the computer is running, every memory goes into the memory dump and that can be identified and objected at any point of time. This memory dump allows you to understand the pattern of surfing along with the network and server connections that have been subjected by the user. Every list of used objects gets located in the memory dump and the analysts using their analytics tools capture this dump and go through it to find any range of crime or misconduct and thereby, work in a way to prevent cyber crimes in a particular location or network. Cybercrime analysts have had a huge amount of job in the present time with an increasing amount of cyber frauds. An analyst looks for:-

• Proof of private sessions
• Passwords history
• Browsing networks
• Malwares and encrypted codes that form a part of the memory but not the disk.

The new tool creating hazard for the cyber crime investigators:- 

With the advent of internet, there is an increase in the amount of frauds and large network scams in the area of cyber use for thefts, frauds, cheating and other miscellaneous activities. ADD has come up with a facility that allows the user to dislocate itself from the normal network browsing history and relocated at a different location and finally disrupting the RAM. With a change in the memory location, it becomes utterly difficult for the cyber analysts to find the exact IP address and browsing history.

 A bigger problem exists with the fact that the attacker may insert such attacking and fake files into the network that allows another cyber crime group to attack at another networking sites and creating a greater number of malwares that will affect the RAM and disrupt the whole memory dumping process.

The cyber crime network is getting stronger with every passing minute and is using such artifacts that are very tough to validate and analyse. Even if the hacked system gets into the hands of the analyst, the ADD tool that has created the hazard will send the analyst on a journey that is far from the actual event and therefore, will add more to the confusion and hacking the malwares would not be possible.

The anti- cyber crime and cyber theft intercom are also trying to increase their resources and technologies that will allow them to build a stronger cyber rule and disallow the cyber attacker to attack the RAM and disturb the memory use.

Nexus X – The First Android L Smartphone

The Nexus X (instead of Nexus 6) is highly anticipated smartphone for 2014, which is rumored to be launched by Google sometime this year – most probably being Halloween. As with last year’s pitch, Google might launch is without a separate announcement and sell it through its play store unlocked across the world. This would be the first smartphone to launch with Android L – the next major version of android with a facelift in form of a more modern design and pastel color palette.

The Expected Specifications

Internally, the Smartphone goes by the codename “Shamu” and its latest appearance was on AnTuTu benchmarks whose screenshots were leaked by TKtechnews and it referred to the phone as “Nexus X” – thus a departure from the usual numbering system. The leaked images confirm a 2.7 GHz quad core Qualcomm Snapdragon 805 processor, 3 GB of RAM, Adreno 420 GPU – the fastest mobile GPU in market, a 13 MP camera with OIS and flash, and a 2.1 MP front facing camera. The images also confirm a 1440×2560 4K resolution with either 5.2’’ or 5.9’’ LCD IPS screen along with 32 GB and 64 GB non-expandable memory.

Android L in Tow

Nexus X will launch with Android L out-of-box – maintaining the tradition of Nexus line. Google has brought some major changes to the Android OS with a complete facelift. Google dubs it as the “Material Design” philosophy, which emphasizes light backgrounds, accented edges and shadows to give a feeling of depth without fancy 3D animations. The subtle animations present are intuitive and help to improve UX. The button overlays similarly are floating in nature with distinct colors and shadows. Further, notifications are improved with the most important ones grabbing your attention only with an improved lock screen.

Pricing and Availability

The Smartphone is being made by Motorola this time – which was recently acquired by Lenovo from Google. The most expected date of release would be October this year during Halloween. A recent screenshot from French retailer “Fnac” shows the Nexus X 64 GB Black version being available at €449 unlocked though the credibility of the leaks is in question. Fnac’s databases are not the safest and the leak could have been manufactured by hackers so take it with a pinch of salt. Earlier it was said the Nexus X would be priced at $ 499.99 by Best Buy for a 2-year contract on Sprint in the US. Though the impending launch of Apple’s next iPhone might make Google launch it on all carriers at once. It will be available internationally unlocked via Google’s Play Store.

Verdict

With iPhone 6 coming in Q3, Google is gearing up to launch its own Nexus X with the latest Android L in tow (which might go by the name “Lemon Meringue” once launched) and the top of the line hardware at competitive prices. Availability, performance and pricing will determine how the device performs. Further people are eager to get their hands on Android L, first demoed in Google I/O, which should definitely help the Smartphone.

25000 Co-opted Linux Servers Drop Malware, Spread Spam and Steal Credentials

Recently a new report has been released by the security company ESET, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. This research report was a joint effort by ESET, CERT-Bund, SNIC and CERN.

Over past some years, ESET has recorded around 25,000 malware-infectedservers, which have been significant in various functions like:

• Spam Operations (averaging 35 million spam messages each and every day )
• Infecting site visitor’s computer via drive-by exploits.
• Redirecting the visitors to malicious websites.

The report says about two well-known organisations becoming the victims of Windigo. This ongoing operation was started in 2011, and has affected some high profile servers and companies like cPanel and Linux Foundation’s Kernel.org.

Easier with Single Factor Logins: 

There was a common thread that the Linux servers consisted of, and all were infected with Linux/Ebury. The Linux/Ebury is a malware that provides a root backdoor shell along with an ability to steal SSH credentials. The report also mentioned that there are no vulnerabilities on the Linux servers, which could be exploited, but only stolen credentials were leveraged. Thus in a sense helps explain the compromise made, as Linux servers are, for the most part, bulletproof.

Getting access to the credentials etc: 

The question arose in the minds of the Linux users was that, how the attackers got access the credentials, login and ultimately installing the malware.

A helping hand is offered by Pierre Marc Bureau,a security intelligence bureau named after the program manager of ESET Pierre Marc. They provided the Linux users with the answers that says that it takes to compromise one server in a network, whichmakes it easier there forth. Once the root is obtained by the attackers, they install Linux/Ebury on the compromised server and start to harvest the SSH-login credentials. Along with the additional login credentials, the attackers explore to see what the other servers can be compromised in that particular network.

Additional Malware: 

As mentioned above in this article, the infected servers are part of spam campaigns, they redirect the visitors to the malicious websites, or in case of vulnerable computers, it downloads malwares to the victim’s computer. In order to successfully accomplish this, the attackers install some additional malwares on the servers consisting of:

• Linux/Cdorked: it provides a backdoor shell and are able to distribute Windows malware to end users via drive-by downloads.
• Linux/Onimiki: it resolves the domain names with a particular pattern to any IP address, without any need to change further any server-side configuration.
• Perl/Calfbot: it is a lightweight spam bot written in Perl.

Victims: 

The Windigo Report further adds that there are two types of victims, the Linux/Unix server operators and End-users who receive spam and or visit a website on a compromised server. In that respect, ESET has confirmed that the compromised servers try to download the following Windows Malware:

• Win32/Boaxxe.G: A click fraud malware.
• Win32/Glubtela.M: A general proxy that targets Windows computers.