All posts by Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6

Startup Review: Visualize your Resumes Using ResumUP

When it comes to job searching, having a resume that stands out, has all the relevant information and one that is a reflection of yourself definitely helps.

ResumUP is a web 2.0 service that creates a visually captivating resume for you. You can either login using your Facebook account or LinkedIn account. ResumUP will then analyse your data and convert it into a graphical resume.

The signup is a pretty straightforward process. As I mentioned above, you can use either your Facebook or LinkedIn account to login. Once logged in, you can immediately start building your resume by clicking the My Resume button at the top of the screen.

You can either choose to have a normal non-graphical resume or the more compelling graphical one. Most of the data will be automatically added depending on the information on the social profile that you used to sign in.

 

 

Apart from the general information such as education, work experience etc. you can also include more detailed information about your identity and skills using an easily manageable grading system. The Identity rating system was pretty straight forward to use but the Skill set infographic had me thinking for a minute to setup. May be that was just me, but I think they should have had made it just like the Identity section.

Once completed, you can share your resume using various sharing options provided by ResumUP, as well as download it as a PDF or PNG for attaching with emails or taking a printout. One thing I liked about the Export feature was that you could control the amount of information that you actually wanted in the PDF/PNG. That is, if you were intending to submit your resume to a particular company or individual and didn’t want to include your ‘intention’ such as the salary or position you are expecting, you can do that.

All in all, it is a very easy to use service with an easy-to-use interface. There aren’t many templates to choose from, but the one it uses is really compelling and interesting. I felt that one drawback was that there was no way you could download it without the ResumUP watermark. It would have been nice to have a paid option to download the resume without the watermark. So if you are a job seeker looking for a way to beef up your resume, ResumUP is a definitely a nice service to use.

Flame: World’s Most Advanced Malware Discovered

Security researchers at Kaspersky Labs have discovered a new variety of malware that was used to spy on Middle Eastern countries. The attack has been highly targeted, infecting about 5000 computers across Iran, Israel, Sudan, Saudi Arabia and other unnamed countries. The malware, called Flame, affects Windows machines, and once infected, it can record audio conversations, take screenshots, sniff network traffic, intercept keyboard, etc.

Functionally, it can be said that Flame is similar to Stuxnet or Duqu but differs from them in several aspects. It is much more complex than either Stuxnet or Duqu. For those unaware, Stuxnet was used to target Uranium enrichment plants in Iran, while Duqu was used to steal sensitive information. While both Stuxnet and Duqu were single pieces of malware, Flame is a collection of modules consisting of a Trojan, a backdoor and a worm. While the payload size of Duqu was 300KB and that of Stuxnet was 500KB, Flame is a whopping 20MB in size. “The reason why Flame is so big is because it includes many diff
erent libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine,” explained Alexander Gostev of Kaspersky Labs in a blog post.

 

Flame has the ability to add new modules later to improve its functionality, making it even more dangerous. Considering the sheer complexity and the limited targeting of Middle Eastern countries, one can only assume that this might be a work of a nation state. According to Hungary’s Laboratory of Cryptography and System Security,

The results of our technical analysis support the hypothesis that [the worm] was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities. It is certainly the most sophisticated malware we [have] encountered. Arguably, it is the most complex malware ever found.

Flame still remains undetected by the 43 major anti-virus vendors.

Iran’s Computer Emergency Response Team is investigating the virus and has posted some features as shown below.

·         Distribution via removable medias[sic]

·         Distribution through local networks

·         Network sniffing, detecting network resources and collecting lists of vulnerable passwords

·         Scanning the disk of infected system looking for specific extensions and contents

·         Creating series of user’s screen captures when some specific processes or windows are active

·         Using the infected system’s attached microphone to record the environment sounds

·         Transferring saved data to control servers

·         Using more than 10 domains as C&C servers

·         Establishment of secure connection with C&C servers through SSH and HTTPS protocols

·         Bypassing tens of known antiviruses, anti-malware and other security software

·         Capable of infecting Windows XP, Vista and 7 operating systems

·         Infecting large scale local networks

You can read a detailed Q&A about the Flame malware, published by Kaspersky here.

Court Extends the Date to Cut off Computers affected by DNSChanger from Internet

A federal Judge has extended the date to cut off computers affected with the DNSChanger malware from the internet.

DNSChanger is a malware that replaces the default DNS servers of the infected computers with rogue DNS servers which send the victim to websites that steals your information. It is believed that around four million computers were infected by this malware including half of all Fortune 500 companies and Government agencies.

As we had previously reported, the crackdown on DNSChanger malware was part of an FBI Operation called Operation Ghost Click which resulted in the arrest of six Estonian men who were thought to be behind the creation of malware.

FBI has been trying to help the affected users by replacing the rogue servers with temporary servers to keep them connected to the internet. And, so far, they have replaced around 100 Command and Control Centers in the US, since then, according to Computer World.

[…] the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.

Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.

Previously, the Southern District of New York Court had order the US Government to take down the temporary servers, that had replaced the rogue servers by March 8. Now, that deadline has been extended to July 9 to give the law enforcement officials some more time to the respective ISPs to help clean their customer’s PCs.

The work done by the law enforcement agencies and the ISPs have indeed reduced the number of affected users, according to a report by a security firm, IID. But still there are thousands of users who are still affected by the malware and will be cut off from the internet in four months, if proper action is not taken.

To check whether you system is infected by DNSChanger, you can use this free tool provided by Quick Heal.

FBI Disables 3000 GPS Devices after Supreme Court Ruling

Last month, the United States Supreme Court had ordered FBI to turn off all GPS devices that were placed without a warrant.

fbi

In accordance with that ruling, FBI has disabled around 3000 GPS devices across United States, reports Wall Street Journal. Quoting Andrew Weissmann, General Counsel of FBI, WSJ states that the order has set a ‘sea change’ inside the Justice Department.

The agency is also considering the implications of the concurring justices – whose arguments were largely based on the idea that a person has a reasonable expectation of privacy in the totality of their movements, even if those movements are in public.

“From a law enforcement perspective, even though it’s not technically holding, we have to anticipate how it’s going to go down the road,” Mr. Weissmann said.

But the issue is not just turning off these devices. FBI is also facing problems in retrieving the GPS devices back after they disabled it. FBI has requested the court to allow them to temporarily turn on the device in order to retrieve it, states Weissmann.

The court order banning the use of warrantless GPS tracking was issued in the case United States vs. Antoine Jones, a case in which, federal agents attached a GPS tracking device to the suspect’s Jeep without a warrant.

All nine Justices of the Supreme Court came to the unanimous conclusion that the Government had violated the fourth amendment.

“The Government’s attachment of the GPS device to the vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a search under the Fourth Amendment. The government physically occupied private property for the purpose of obtaining information”, the order said.

You can read the entire ruling here (pdf).

UK All Set for Large Scale Surveillance of its Citizens

According to a report on Telegraph, British authorities are planning on setting up a large scale surveillance programme of its citizens. The report, which did not cite any sources, says that landline, mobile and broadband companies will be asked to store customer data so that they could provide it in real-time to the authorities if needed.

Surveillance

This stored database will not have actual content of the call, but the details of the sender and recipient. Social networking sites such as Facebook and Twitter will also be included in this monitoring program.

For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook.

Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.

The Home Office is understood to have begun negotiations with internet companies in the last two months over the plan, which could be officially announced as early as May.

All this data will be stored by the respective companies rather than the government itself. This move can be highly controversial since this database can be of high significance to the companies themselves as well as some third parties.

Telecom companies can track a customer’s behavior from his/her communication in order to provide targeted advertisement. Also, this kind of database will be of extremely high value to the hackers around the world and what kind of security measures, the telecom companies will implement to protect this database is a very valid question.

The report states that legislative time for this programme (called Communications Capabilities Development Programme or CCDP) will be allocated in the Queen’s Speech in May.

Privacy advocates have already raised their concerns.

“This will be ripe for hacking. Every hacker, every malicious threat, every foreign government is going to want access to this. And if communications providers have a government mandate to start collecting this information they will be incredibly tempted to start monitoring this data themselves so they can compete with Google and Facebook. The internet companies will be told to store who you are friends with and interact with. While this may appear innocuous it requires the active interception of every single communication you make, and this has never been done in a democratic society”, Guy Hosein of Privacy International said in a statement.

UK is already in the line of fire, after the News of the World phone tapping scandal. Now, how its citizens are going to react to legislation that will legalize monitoring their communication activities is to be seen.

MSE Briefly Flags Google as Malware

Microsoft Security Essentials, the free anti-virus program from the Redmond Giant, flagged Google.com, the most popular search in the world, as malware for a short period of time, yesterday.

MSE started showing warning messages when users tried to access Google from IE after a definition update named 1.119.1972.0. Soon, support requests started pouring in on Microsoft Support Forum and were noticed by noted Security expert, Brian Krebs.

“I first learned of this bug from a reader, and promptly updated a Windows XP system I have that runs Microsoft Security Essentials. Upon reboot, Internet Explorer told me that my homepage — google.com — was serving up a ‘severe’ threat”, Brian wrote in a blog post.

google_malware

The false positive appeared to users who had installed AV programs based on Forefront Anti-malware engine such as MSE and Forefront Client Security. The software detected Google as malware – Blacole.BW, a virus rated as severe by Microsoft.

Microsoft has since released an update for MSE which resolves this issue. If you are still getting the warning while trying to access Google, open Microsoft Security Essentials or Forefront Client security (whichever one you have installed) and update the definitions to the latest, which is 1.119.2014.0 at the time of writing of this article.

Anatomy of a Phishing Email

Phishing is a popular method of social engineering employed by scammers. A scammer posing as someone else uses popular communication medium such as email or telephone to contact a victim and request confidential information. This information is used for purposes such as withdrawing money illegally from the victim’s account or even identity thefts.

Identifying a phishing email is easy if you keep in mind certain basic fine points. I will be explaining these points with the help of an old phishing mail that circulated around 2007.

clip_image002

1. Generic Salutation – Phishing emails usually begin with ‘Dear User’ or ‘Dear sir/madam’ rather than specific salutation used in legitimate important mails.

2. Time frame – Usually, a sense of urgency is portrayed in phishing emails in order to make the victim anxious so that he acts in haste.

3. Threat – A threat is generally associated with the time frame so that as mentioned above, the victim is forced to act in haste. Usual threats include cancellation of accounts, charging of credit cards etc.

4. Suspicious links/Request for confidential information – While some phishing mails ask the victim to reply with certain information such as credit card numbers or PIN, others provide a web page where the victim can enter this information.

If the email asks you to reply with your password or any other sort of confidential information, you can be absolutely sure that it is a phishing mail. No company will ever ask you to send your password or credit card number by email.

In case of email with links, see if the link is pointing to the location which it is supposed to. Phishers usually use a text which looks like a URL which is linked to a phishing page. For example, it will look like google.com, but it will be pointing to some other webpage. If you hover your mouse over the link, your browser will display the actual hyperlink.

clip_image004

You can also use a link scanner extension with your browser for extra security. I use the link scanner from Virus Total called VTChromizer. You just have to right click the link and select ‘Scan with Virus Total’. You can also use scanners from AVG, McAfee etc.

5. Poor language– Most probably, authors of phishing emails might not be someone you could depict as masters of the English language. So, there might be grammatical, punctuation and spelling mistakes. Although it is not necessary that every phishing email will have mistakes, most of them that I have seen was not perfect on the language side.

Another equally important way to fight phishing is to make sure that the email came from the right source. If you get an email from Amazon, check whether it came from something like no-reply@amazon.com rather than something like [email protected]

All of today’s major email providers have spam filters that will detect phishing mails and all major browsers have anti-phishing features, such as, the ‘Smart Screen’ for IE9 which can effectively protect you from phishing attempts. And now, with these simple tips, you can hopefully detect those one or two phishing mails that sneak into your inbox.

Leaked Email Exchange Indicates Hacker Group Trying to Extort Money from Symantec

Anonymous has made a Pastebin dump of email exchanges between a Symantec representative called Sam Thomas and Yamatough, the spokesperson of the hacker group Lords of Dharmaraja.

The hacker group is accusing Symantec of ‘bribing’ them in order to prevent the release of the pcAnywhere source code. Looking at the email exchange however, it seems that the hacker group was in fact trying to extort money from Symantec.

The emails shows how Yamatough was trying to extort money through a service called ‘Liberty Reserve’ to an offshore account or to accounts in Lithuania or Libya. Sam instead suggests wiring $1000 through PayPal which Yamatough declines. Sam then increased the total payment to $50,000 with an initial transfer of $2500 for three months and the rest of the money after they provide enough proof that the source code has been destroyed. At this point, Yamatough becomes suspicious that the FBI is involved and the email exchange stops even though Sam tries to continue the conversation. You can read the entire conversation in the above link.

In a comment made at Infosec Island, Cris Paden of Symantec confirmed that the email exchange posted was legitimate.

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still on going, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Paden also confirmed to Forbes that Sam was in fact an agent trying to get more information out of Yamatough.

“Anonymous has been talking to law enforcement, not to us. No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation,” he said.

Anonymous has uploaded the leaked source code to the torrents. But Symantec has reiterated that, you are safe, as long as you are using the latest version.

You can find additional information about the source leak here.

Symantec admits a 2006 Network Breach led to Source Code Leak

Symantec has now retracted its previous statement that the security breach which led to the leak of source codes of their older security products happened at a third part server, reports Reuters.

In a statement made to Reuters, spokesperson of Symantec, Cris Paden confirmed that the data breach occurred at the networks of Symantec in 2006.

“We really had to dig way back to find out that this was actually part of a source code theft. We are still investigating exactly how it was stolen”, he said.

Previously, it was assumed that the breach had occurred at a server of Indian Government. He also revealed that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere were also obtained by the hackers. Symantec in their earlier statement had said that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 were the ones that leaked.

A few days ago, ‘Yama Tough’ who is acting as the spokesman of the hacking group Lords of Dharmaraja (who took the responsibility of breaching) tweeted that they will be releasing the code of pcAnywhere to the black hat community so that they can exploit its users using zero day vulnerabilities. They had also threatened of releasing the source code of Norton to the public, but backed out at the last moment tweeting,

We’ve decided not to release code to the public until we get full of it =) 1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem

Paden has acknowledged that pcAnywhere users are indeed facing ‘a slightly increased security risk’ and said,

Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.

Symantec is still reiterating that the code leaked is old and there isn’t a huge risk for its customers provided that they are using the latest versions. But as long as they didn’t write the source codes of their latest products from scratch, there are chances that at least part of the leaked source code is still used. The leak however will be a great advantage for competing security product vendors to understand the working of the Symantec products and use it to improve their own products.

Online Retailer Zappos Breached; Customer Info Accessed

Zappos, an online retailer run by Amazon has suffered a security breach and has confirmed that its customer information was accessed.Zappos

In an email sent to its customers, CEO of Zappos, Tony Hsieh said,

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Fortunately for its users, Tony has confirmed that the database containing the credit card information and shipping addresses was not breached. A similar kind of breach had occurred at CoveritLive, a few days ago. Like the breach at Zappos, while the hackers could access the username and/or password of CoveritLive users, luckily, they failed to get their hands on the financial data.

As a result of the breach, Zoppos has temporarily blocked international users and has cancelled telephone support. They are urging its users to contact them by email, in case they have any questions.

Zappos is now enforcing a password reset for all of its users. They are also working along with the law enforcement agencies on the investigation of the hacking incident. So if you have an account on Zappos, it is recommended that you change the password as soon as possible. Also, if you have the same password associated with any other online accounts, it would be wise to change that as well.