Security Simplified ! - A Kaapagam Technologies IT Security Blog

HeartBleed : An OpenSSL vulnerability

9. April 2014 13:33 by CA in Vulnerability

A vulnerability affecting OpenSSL has been reported and it may affect your organization. The "Heartbleed" SSL vulnerability affects widely deployed versions of the OpenSSL library, which is used in the majority of software, including web, email, database and chat-servers.

How does it work?

This vulnerability allows an attacker to read a portion of memory from the remote system without the need for any known credentials or other authentication forms. The leaked memory areas might contain a lot of different contents ranging from leftover data from previous communication over log messages, up to private key material employed by the service / daemon. For this reason, there are lots of possible attack scenarios that can result from the vulnerability. An attacker who gains access to the private key of the server certificate can subsequently mount man-in-the-middle attacks against clients and impersonate the server/service. Log messages might also contain credentials or affect the privacy of communications by other clients.
More...

Snapchat : 4.6 Million Usernames & Phone numbers Exposed

2. January 2014 10:28 by CA in Hack, Privacy Leak, Vulnerability

Mid December 2013, Researchers at Gibson Security published Snapchat code allowing phone numbers matching after the exploit disclosures were ignored as theoretical by SnapChat. It lloks like Hackers took GibSec disclosure more serious than SnapChat

 

On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post.

 

The Snapchat accounts - even those marked 'private' - were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical."  More...

Happy New Year 2014 :)

1. January 2014 09:01 by CA in

Dear All,

 

As 2013 comes to a close, we would like to say a big Thank You for your wonderful support.

It has been a good year for us, as we have been working with you to improve our products and services – ensuring better product, better services, better quality, better delivery lead time, and speedy response to your requirements.

2014 is going to be an exciting year for all of us, So come on and let's build our great future together !

Thanks for 2013 and we wish you a great 2014 !  HAPPY NEW YEAR 2014 Cool

BBC FTP Server Hacked by a Russian Hacker

31. December 2013 12:24 by CA in Hack

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers.

The hacker behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other criminals on Christmas Day. Hold Security spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters.

 

The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. More...

iSeeYou : Macbook webcams CAN SPY on you WITHOUT LED twinkling

23. December 2013 14:15 by CA in Hack, Privacy Leak

Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.

 

Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen

 

However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.

More...

1 Million Android Malicious Apps & Malwares in the wild

2. October 2013 19:50 by CA in Malware, Trojan

In a blog post, Trend Micro's Gelo Abendan says that in 2012, over 700,000 malware and high-risk apps were found online. Due to Google's Android operating system expansion and popularity, the firm predicted that this number would reach the one million mark in 2013 as hackers sought to cash-in on Android and mobile devices.

 

The security firm's researchers say that this prediction has now come to pass. According to Trend Micro Mobile App Reputation Service feedback, there are now over one million malware and high-risk applications in the wild. While mobile malware includes premium service abusers and risky apps may push advertisements that lead to dubious sites or replicate popular, legitimate apps in order to steal data or financial information, 75 percent of the examples found performed "outright malicious routines," while 25 percent "exhibit dubious routines," which include adware.

 More...

Facebook Graph Search – An entry to your past & present

2. October 2013 09:27 by CA in Privacy Leak

Stalkers and advertisers will be pleased to know that Facebook is now more searchable than it has ever been, after the social network confirmed that it was in the process of allowing users to dig much deeper into a "friend's" past posts.

 

What’s everyone saying out there? What about just my friends? What do my old photo comments say about me? A trillion posts full of this info start getting unlocked as Facebook begins rolling out Graph Search for posts to a small subset of US English users. It will allow us to see what the world thinks of anything, but could also dredge up the past, defeating ‘privacy by obscurity’.

 

When Facebook launched Graph Search in January, it started with indexing people, photos, places, and interests. It let you find people based on certain characteristics, browse specific sets of photos, find local businesses, and discover media and brands your friends enjoy. Today, almost anything you post is accessible via Graph Search including status updates, comments on anything, photo captions, Notes, and check-ins.

More...

A very obliging Siri opens up a vulnerability in iOS 7.0.2

1. October 2013 19:40 by CA in Vulnerability

An Israeli researcher has found a way to access a locked iPhone's contacts and messages database using Siri.

 

In a YouTube video, Dany Lisiansky showed how a locked phone running iOS 7.0.2 can be opened by using Siri's voice control to make a call to an attacker's system. This "feature" then allows an attacker to access the target handset's Phone application, giving access to call history, voicemail, and entire list of contacts by following seven steps:

More...

Ramnit Malware

30. September 2013 10:55 by CA in Malware

The Ramnit worm appeared in 2010. Within a year more than eight million PCs were infected worldwide. Initially the malware was just file infector spread by removable drives. Later it became better known for stealing user data via browser injection, targeting banking or game users.

 

Ramnit is still prevalent and old domains are regularly updated. Some of the domains have already been “sinkholed” (redirected to communicate only with a controlled server and not with its malicious developers) by other security researchers.

More...