Friday 27 December 2013

Researchers report security flaw in Samsung's Galaxy S4

Researchers report security flaw in Samsung's Galaxy S4

 Here's some Grinchy news for those of you who put Samsung's Galaxy S4 on your holiday wish list: Israeli researchers have identified a vulnerability in the smartphone that allegedly allows a hacker to easily intercept secure data.

We did not immediately hear back from Samsung with a response to the reported flaw, but the company has told The Wall Street Journal and other news outlets that it's looking into the issues and thus far doesn't believe the problem is as serious as the researchers present in their findings.

The report comes not only as many Galaxy S4 phones sit wrapped up under Christmas trees, but also as Samsung pitches its new Knox security platform, used in the device, to federal agencies like the Department of Defense.
 The Knox software offers high-level encryption, a VPN feature, and a way to separate personal data from work data. It also enables IT administrators to manage a mobile device through specific policies, and Samsung hopes it will appeal to security-sensitive clients as a replacement for BlackBerry devices. Knox-enabled devices have already been approved by the Pentagon for government use.

The alleged vulnerability was discovered earlier this month by researchers at Ben-Gurion University's Cyber Security Labs. Specifically, they say while the Knox is the most advanced security-driven infrastructure for mobile phones, the alleged flaw enables malicious software to track e-mails and record data communications. The flaw was uncovered by Ph.D. student Mordechai Guri during an unrelated research task.

"Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands," he said. "We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately." 

via Online Sources
Team- Hack4friends

Wickr 2.0 makes self-destructing SMS -- Care about Privacy

Wickr 2.0 makes self-destructing SMS -- Care about Privacy


Wickr 2.0's debut on Friday makes it much easier to invite friends to use the app, thanks to a new address-book scanning feature that prevents Wickr from learning who you're inviting. That's a big difference from just about every other service out there, which accesses your address book -- usually with your permission -- and then holds on to that data like the digital gold that it is.
Nico Sell, co-founder of Wickr, said that it was important to the company to avoid holding any sensitive information about its customers on its servers
 "Unlike other apps, Wickr does not upload your contact book to our servers; your contacts never leave your device," she said. "We create a cryptographic representation of your contacts that we store on our servers to match with your friends."

Available now on iOS and on Android in the next few days, the Wickr update still uses some of the toughest standards for major encryption protocol available. It uses
ECDH-512 encryption to protect your data; ECDH-512 for the security key exchange; RSA-4096 both as a backup and in legacy versions of the app; and SHA-256 for Transport Later Security and hashing. Once it encrypts a message, the keys are used only once then destroyed by the sender's phone. Since Wickr's servers don't have the decryption keys, there's no way for Wickr to access your messages.

Whit Diffie, co-inventor of the ECDH standard, is a Wickr adviser. The company boasts a veritable who's who roster of privacy bona fides on its advisory board, including Cory Doctorow, Paul Kocher, and Brian Behlendorf.

On top of all that, the service deletes attachment metadata to ensure that the company knows even less about you.

Sell thinks that her free app is at the forefront of a new movement to protect people from government intrusion, no small effort in the wake of the NSA leaks by Edward Snowden.

 "I believe this is the first bacterial growth app ever invented," she said, explaining "bacterial" as being "beneficial to society."

"We plan to license this piece of tech to all the messaging apps in trouble with regulators for abusing users' contact books," Sell said of Wickr's business model.

Wickr 2.0 ditches the mostly-red interface for a streamlined white one with red accents. While the interface makes the app easier to use, the company has invested in other usability features to compete more directly with its competition.

You can now finally reset your password without it being as big a hassle as before; customize your avatar, contact names, and group names; invite multiple friends at once; and send insecure e-mail or SMS from Wickr. For the last one, it warns you when you're about to send a message to a non-Wickr recipient.

Wickr still may not be for everyone, but for people who value sending private messages privately that are authentically difficult -- if not impossible -- to be read by anyone but the intended recipient -- then Wickr is one of the best messaging apps around. 


Team-Hack4friends

Target data stolen in hack showing up on black market --

Target data stolen in hack showing up on black market

As if the Target hack ordeal couldn't get any worse -- data from the retail chain's massive security breach stolen between November 27 and December 15 is popping up in huge quantities on the black market, The New York Times reported Friday.

After Target conceded Thursday that its in-store point-of-sale systems were indeed hacked, compromising as many as 40 million debit and credit card accounts, fraud industry experts are seeing the information flood online card-selling markets to the tune of a "ten- to twentyfold increase" in high-value cards.

The hack, which affected only shoppers who made purchases physically at Target stores and not online customers, was a sophisticated operation. It allowed the hackers to glean customer names, credit and debit card numbers, expiration dates, and three-digit security codes from customers, data that can then be burned onto counterfeit cards and sold on the black market typically for $20 to $45 apiece.

However, Brian Krebs, the security blogger who broke the story of the breach, reported Friday that batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card.


 Target CEO Gregg Steinhafel released a statement assuring customers that no one will be held responsible for fraudulent charges and that only a few instances of fraud had since been reported. That echoes a sentiment by Visa yesterday in a statement to CNET in which a company spokesperson said, "Because of advanced fraud-monitoring capabilities, the incidence of fraud involving compromised accounts is actually rare, and Visa fraud rates remain near historic lows."

Steinhafel also said that no PINs had been compromised, a grave concern for those potentially affected as compromised PINs would allow one in possession of a counterfeit card to withdraw cash from an ATM. He added that Target had no reason to believe that customers' Social Security numbers or dates of birth were scooped up in the hack.

Target expects to have notified all 40 million of those affected via e-mail by the end of the weekend. In an attempt to save itself for what will inevitably be a disastrous hit to its holiday sales, Steinhafel also announced a promotion: 


Team-Hack4friends

Snowden's Christmas message about Privacy of ordinary person

 Snowden's Christmas message about Privacy of ordinary person

Edward Snowden, the National Security Agency whistleblower, delivered a video message on Christmas Day via UK's Channel 4 with a simple theme: "privacy matters."

"A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves -- an unrecorded, unanalyzed thought," Snowden said in the 1-minute, 43-second message. "And that's a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be."


          Must watch this video if you care about your privacy


Snowden referenced George Orwell's "1984" and noted the book's dystopian visions of microphones, video cameras, and televisions that watch people "are nothing compared to what we have available today. We have sensors in our pockets that track us everywhere we go." 


 He also used the message as an appeal to people everywhere to rally against widespread surveillance.

"The conversation occurring today will determine the amount of trust we can place both in the technology that surrounds us and the government that regulates it. Together, we can find a better balance," he said. "End mass surveillance. And remind the government that if it really wants to know how we feel, asking is always cheaper than spying."

UK's Channel 4 chose Snowden for its annual alternative message and response to Queen Elizabeth's annual Christmas address.

Snowden has temporary asylum in Russia following his leaks earlier this year about the National Security Agency's extensive electronic surveillance programs. The US Justice Department's charges against him include violations of the Espionage Act. 


Team- Hack4friends

Tuesday 24 December 2013

MacBook Webcams can be used to covertly spy on people -- With proof

MacBook Webcams can be used to covertly spy on people -- With proof

Imagine going about your daily life and then one day receiving photos of yourself from inside your home. Sound spooky? Well, this really happened to a woman named Cassidy Wolf, according to the Washington Post. And, to make matters worse, she was nude in the photos.

How did this happen?
Apparently, there's a way for hackers to spy on people via their iSight Webcams in older Apple MacBooks. Typically, when the camera is on a little light is also set off. But, in a newly discovered workaround, this light can be deactivated -- meaning unsuspecting victims have no clue they're being watched.
The Washington Post revealed this new research by Johns Hopkins computer scientist Stephen Checkoway, which shows how people can be spied on with MacBooks and iMacs released before 2008. Using proof-of-concept software, called Remote Administration Tool or RAT, Checkoway was able to reprogram the iSight camera's micro-controller chip so that the light doesn't turn on.

While it could be feasible to do this trick on newer Apple computers or laptops by other brands, it hasn't yet been proven possible.
In the case of Wolf, who was Miss Teen USA, the person spying on her was her high school classmate Jared Abrahams. The FBI was able to nab Abrahams, who pleaded guilty to extortion in October.
In another report by the Washington Post, the former assistant director of the FBI's Operational Technology Division Marcus Thomas said the FBI has been activating computer cameras without turning on the warning lights for years.

This is not the first time someone has been remotely spied on with a Webcam, but it is the first known time that it's been done without the warning light being triggered.

Team Hack4friends

Sunday 1 December 2013

Google upgraded its web security certificate to 2048-bit encryption

Google upgraded its web security certificate to 2048-bit encryption

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.
The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.
That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren't in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.

Click to enlarge this image

Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.
Google said it beat its internal end-of-year deadline for the 2,048-bit move. It's also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making.
In other words, the Net's technology giants are working actively to make surveillance, authorized or not, significantly harder.
"Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can't guarantee security," tweeted Strobe Talbott, president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.
There's a lot of work to be done yet, though.Google also supports a standard called "forward secrecy," which uses different keys for different sessions so that decrypting a single message doesn't mean previous messages can likewise be decrypted using the same key. But many other Net giants don't support forward secrecy -- though that's changing, too.
Source -Online media
Team Hack4friends
If you little like our posts/article then share them with your friends and other people to spread our voice throughout the world.

*****************************Thanks for Your kind Visit****************************

Receive All Free Updates Via Facebook.