BlackBerry Offers to Help in Tracking Down London Rioters, Official Blog Gets Hacked in Retaliation

You are probably aware of the shameful display of hooliganism that has ravaged several British cities including London, just a year before it is due to host the Olympics. According to reports, BlackBerry Messenger (BBM) was the primary tool used to spread and organize the riots.

The riots started on August 6, in response to the Police shooting of Mark Duggan in Tottenham. A protest march by a couple of hundred people turned violent, and resorted to rioting, vandalism, and looting. Over the next few days, the disturbance spread to several other cities including Birmingham, Liverpool, and Nottingham. As mentioned earlier, the vandals, who were mostly youths, resorted to using BBM as the primary means of communication. UrbanMashup has dug up evidence that illustrates how BBM was used to spread information about areas that were being attacked and were vulnerable.

Reacting to the widespread allegations of misuse of BBM during the riots, the official BlackBerry UK Twitter account promised to co-operate with the police during the investigation. It issued the following brief statement on the aforementioned micro-blogging platform:

We feel for those impacted by the riots in London. We have engaged with the authorities to assist in any way we can.less than a minute ago via CoTweet Favorite Retweet Reply

Although RIM has declined to reveal the extent of its co-operation with the police, according to The Inquirer, The Regulation of Investigatory Powers Act could be used to force Research in Motion (RIM) – the Canadian manufacturer of BlackBerry, to hand over data from its encrypted BBM network.

This announcement obviously didn’t sit well with some people. A group called Team Poison defaced the official BlackBerry blog in retaliation. Team Poison has urged RIM to not cooperate with the UK police, as it believes that handing over BBM data will lead to innocent bystanders, who were at the wrong place at the wrong time, getting implicated. It also threatened to release RIM’s UK employee database to the angry rioters, if the Canadian company didn’t back down. The offending blog post has already been removed by RIM, but a screenshot provided by an HN user is embedded below.


What Does Your Ten Year Old Do? This One Hacks Mobile Games!

Her pseudonym is  CyFi. She does not like it when the cabbage in her farm-style game takes hours (in real time) to grow. So, what does she do? She hacks these games to make the crops grow faster. Meet CyFi  from  DefCon Kids. CyFi is just ten years old and she is the co-founder of DefCon kids.


This budding hacker, who goes by the pseudonym CyFi, has discovered a zero-day exploit in Android and iOS games. This class of exploits lets her fast-forward through some games by fiddling with the clock on the mobile device. Some other games were stubborn not to obey CyFi’s hacks. She pwned them by turning off the Wi-Fi and increasing the time in fragments. The Wi-Fi on these devices was probably used to detect abnormal usage by sending data back to the game servers.

Her crops grow faster and she is content with it. CyFi calls her vulnerability the Time Traveler. However, she has decided not to name the affected games.  Independent security researchers have also identified this as a new class of security vulnerabilities in mobile games.

The matter will come to light at a new addition to the DefCon conference, the DefCon Kids. DefCon Kids aims to foster the hacker culture among young and budding enthusiasts.

Seth Rosenblatt from CNET  had this to say-

CyFi’s mother, who must remain anonymous to protect her daughter’s identity, told CNET that at the end of CyFi’s presentation at  DefCon Kids  they would offer a $100 reward to the young hacker who found the most games with this exploit over the following 24 hours. The reward is sponsored by AllClearID, an identity protection company that is also sponsoring the DefCon Kids. This is the first year of DefCon Kids programming at the conference, a reflection of the fact that members of the hacking community are getting older and raising families.

This is not a serious security breach, considering that it will not result in any stolen data or anything remotely similar. However, it is a new class of hacks that will embarrass a number of Android and iOS game developers.

How to Identify and Avoid Facebook Scams

Facebook has become real spammy of late. Scam messages appear on the  Facebook news feed every now and then. We have reported several scam messages spreading on Facebook. Scammers trick users by creating scam messages with titles and thumbnails that make them curious to click. The purpose of creating scams is either drive traffic to scam web sites or earn money.

Scammers go through users’ account and gather publicly available information, and send phishing emails to obtain secured information like credit card number and bank details. Sometimes, they create malware programs that are automatically downloaded on your computer which help them gain access to credentials like email id, passwords and so on.

Avoiding scams on Facebook is not an easy task. Scam messages look like every other message appearing in your news feed. Scams have the ability to draw attention due to the thumbnails and titles used in it. Here is a comparison of a real Facebook message and a scam message. (Both are video messages)

Real Message vs Scam Message - Facebook

There are four major parts you need to notice in order to identify a scam.

  • Title  – Make sure the title of the message is appropriate. Try to avoid scams with keywords – “showing tits“, “exposing breasts“, “dead“, “OMG!!“, “Free Facebook Credits“, “Girl stripping” and so on.
  • Link – Scam messages often come with appropriate titles and  hence it becomes difficult to identify whether it is a scam or not. When such a situation occurs, the next thing to identify is the link. You can see the difference between the links in the above image. It clearly indicates that the second message is a scam.
  • Message/Description Scam messages usually have vague descriptions. Sometimes, it contains a message that “you need to verify your age before you can watch a video”. Facebook does not have any such step where users are asked to verify their age. If you notice such messages, then you should avoid clicking on it.
  • Play Button The play button in a scam message is always small. Clicking on it will open a page in a new tab. However, the real Facebook message will start playing the video then and there itself.
Here’s another example –
Identifying Facebook Scam

Here are more tips on how you can identify and avoid Facebook scam messages –

  • Avoid clicking on short URLs. If you really want to see where the URL leads to, then try using to expand the URL.
  • Avoid strange messages sent to you by your friends. If you feel that the message is inappropriate, then you always have an option to ask your friends and verify it.
  • If you receive messages sent by a user who is not on your friends list, then check for any links and read tip 1.
  • Minimize the use of applications on Facebook. They’re quite useless.
  • If you are asked to grant permissions after clicking on a link, then make sure that you are granting permission to the right application. You can always revoke permissions by going to Account > Account Settings > Applications
  • Bookmark Techie Buzz – Facebook Scams. We always keep you updated with the latest scams spreading on Facebook.

If you were already tricked into a scam despite being careful, then worry not. Here are a few things that might help you get rid of them –

The Pwnie Awards 2011: Reliving The Fail Moments of The Year

If you are a network security enthusiast, The Black Hat   ® Technical Security  Conference is an event you should follow religiously. This year’s Black Hat Conference at Las Vegas had some awesome events out of which, the Pwnie Awards was the moment of crowning.

The Black Hat remains the biggest and the most important technical security conference in the world by remaining true to our core value: serving the information security community by delivering timely and actionable security information in a friendly, vendor-neutral environment.

epic-failEvery year at the Black Hat Conference, the Pwnie award celebrates the achievements and failures of the security community. This year too, they were back to present the awards and the one company that was  disgraced badly was poor Sony.

To sum up the awards, the ASP.NET Framework received the Best Server-Sided Bugaward for allowing remote code execution and the FreeType library used in MobileSafari received the Best Client-Sided Vulnerabilityaward. While the Windows Kernel received the award for the Best Privilege Escalation Bug, the Lamest Vendor Response Awardwent to RSA for their handling of the SecurID compromise.

However, I was in for a surprise when I went over to the Most Epic Failsection and there was not one but five epic fails from the winner Sony- the PS3 jailbreak, Sony Online Entertainment account theft, the rise of LulzSec (it grew on Sony’s fails), PSN shutdown and Sony eventually firing its security team over the fiasco.

The Epic 0wnageaward went to Stuxnet but no one received the award personally for obvious reasons.

Sony is already a hot favorite with hackers and they have constantly ridiculed it to their heart’s content, but is Sony even listening to these voices? Does it make a difference even if they win the Pwnie Epic Fail? All they can say for the time being is Buy our award winning products!

(Image Credit)

TimesofMoney/Remit2India Database Hacked Through SQL Injection – HDFC Bank Vulnerable Too

Update – August 4th 2011: TimesofMoney contacted us with an update saying that this breach does not exist and will be sending us a statement regarding the same shortly.

In this day and age of technology, it does not come as a surprise that websites are frequently hacked. Groups like Anonymous and Lulzsec have been creating havoc on the internet, however, there are other cases too where security teams hack several websites to show them how insecure they are.

One of the most common way of hacking websites is by SQL injection. Ironically, was also hacked using an SQL Injection attack a few months back.

Today, zSecure Team has found a vulnerability in a very popular digital payments site called TimesofMoney which provides online remittances, fortified domestic e-payment mechanisms and facilitated remittance solutions of banks. The company is behind products like Remit2India, DirecPay and Times Card.

The zSecure Team claims that there exist a critical SQL Injection Vulnerability in the TimesofMoney website using which an attacker can gain access to the site’s entire database which contains the huge amount of customers confidential information.

This vulnerability may prove to be very critical for the company because TimesofMoney is India’s one of the leaders in e-payment system. Existence of such a critical flaw in company’s web may cause huge to the existing market reputation of the company concerned.

The group also claims that HDFC Bank’s Website is also vulnerable right now:

We discovered alike vulnerability in HDFC Bank’s Website as well and issued them a similar advisory. But even after couple of weeks of sending our advisory to the bank, the said vulnerability is still open for outside attacks. If the said vulnerability doesn’t get fixed by the bank as an earliest then our next post may disclose that concerned vulnerability publically.We hope that both the companies (TimesofMoney and HDFC Bank) will take immediate actions to fix the reported vulnerabilities

TimesofMoney currently has a SQL Injection Vulnerability which is very high. They are currently running the Oracle Database 11g Enterprise Edition. The vulnerability allows hackers to access the database as well as run a database dump. It also has a possibility of shell uploading.

The security team has also posted images about the hack, which can be viewed below.

TimesofMoney Hacked Database 1

TimesofMoney Hacked Database 2

TimesofMoney Hacked Database 3

TimesofMoney Hacked Database 4

The security team have said that no data has been dumped, but the fact that the attackers can access your financial information so easily is enough to make me cringe. I would suggest that you purge information from the relevant sites, till it is fixed. More information on the vulnerability can be found at zSecure website.

Thanks for the tip Christopher

Using TimThumb on Your Website? Either Patch It Or Ditch It Right Now

If your WordPress theme uses a TimThumb library or you are manually using the TimThumb script on your site’s template, stop reading this article and remove the script right now. Your website is in a state of serious security risk, as anyone can upload and execute arbitrary PHP code in your TimThumb cache directory.

About TimThumb:   TimThumb is a PHP script used for cropping, zooming and dynamically resizing images on websites. While TimThumb can be used on any website, it is ideal for blogs and other websites who use templates and themes (self hosted WordPress blogs, for example). Using TimThumb, you can dynamically fetch a cached copy of an image and proportionally resize it to fit in your blog template. Thumbnails, profile picture of users and signature images are typical examples where TimThumb script is used. Whilst TimThumb has found a home in WordPress themes, it is by no means limited to them – TimThumb can be used on any website to resize almost any image.

Here is how the TimThumb script works under normal conditions:

You get the TimThumb script from Google Code, upload it to a directory of your webserver, specify a cache directory and call the code from the source of your template. There are a lot of parameters which can be used with TimThumb, it depends on the requirements of your website and how you want to scale internal as well as external images.

Once your script is in place, it will continue to work in the background and store a copy of the original image in the cache folder. So if you are scaling a really large image to 100 X 100 using TimThumb, an exact match copy of the image will be saved in the cache folder. This image will be shown to your website visitors.

And here is how the recent TimThumb vulnerability goes to work.

Since the cache directory is public and is accessible to anyone visiting the website, an attacker can compromise your site by figuring out a way to get TimThumb to fetch a PHP file and put that file in the same directory. Now since the cache directory is preconfigured to execute any file ending with a .PHP extension, you are trapped.

The only way this security vulnerability can be avoided is to explicitly modify the permissions of the cache directory and tell your web server not to execute .PHP files from TimThumb’s cache directory. But in case of WordPress blogs and other websites, almost every web server is preconfigured to execute .PHP files on any directory.

Mark Maunder, discovered the problem when his own blog got hacked due to this TimThumb exploit. The hacker uploaded a file in the cache folder of Mark’s web server and added a malicious code with a base64_decode. Suddenly ads were popping out on every page of Mark’s website, the results could have been more alarmic. Some common possibilities are – serving malicious content, redirecting to a random website, loading advertisements or putting up a fake login page for users.

How To Keep Your Website Safe From TimThumb’s Security Exploit

There are quite a number of ways you can avoid such situations on your website.

1. Don’t use the script at all: This is probably the best and recommended option for anyone who don’t know how to tweak the WordPress theme of his site. Ask your theme developer to permanently remove TimThumb script from your WordPress theme or find the files which are calling that TimThumb script. Delete those codes and don’t forget to delete the TimThumb directory as well (be careful, take a backup of your theme first).

2. TimThumb is not exclusive: There are quite a number of alternatives to consider. For example: you can use jquery plugins to resize internal images on your website.

3. Patch it: If You must use the TimThumb Script, first patch the script to it’s latest version. Before using the script, open the timthumb.php file for editing, jump to line number 27 and remove the options for $allowedSites. The array should have no elements and it should look something like this:

//external domains that are allowed to be displayed on your website
$allowedSites = array();


Save the file and upload it back. This will disable timthumb.php’s ability to load images from external sites and the attacker wont be able to compromise your site using an external image

4. HTACCESS: Open up Notepad and dump the following code in it:

Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Save the file as .HTACCESS and upload it to TimThumb’s cache folder (remember to save as All Files and not as a text file). This HTACCESS file will prevent PHP and other scripting languages from being executed and anyone trying to access the files will get a 403 forbidden access denied message.

5. Why not WordPress? WordPress already has a very decent image handling system and there is a chance that you might not need TimThumb in the first place. The way WordPress handles images is far more secure, never creates cached files or writes them to a directory and keeps the images in the same place where they were uploaded by default. And since WordPress releases security and feature enhancements on a time to time basis, your WordPress powered functions will automatically stay secure as you update WordPress.

Ben Gillbanks, the developer of TimThumb is working on a fix and a more secured version of TimThumb should be released soon. [changelog is here]

Bonus tip: Unless you know the code and their corresponding output, never use free WordPress themes  for your site. A lot of them contain base_64 decoded codes embedded within the source, which can hurt in more ways than one.

AVG Premium Security Protects You against Identity Theft

AVG has launched a new product called AVG Premium Security, which boasts of an unique Identity Alert component. Over the past few months we have witnessed numerous large scale data thefts of varying severity. Although the Sony PSN hacking incident grabbed the limelight, there were numerous other small, but perhaps more damaging, incidents. A helpful netizen even created a service that can automatically alert you if your online identity is compromised.

AVG’s Identity Alert component also performs a similar function, but probably more thoroughly. AVG claims that it scours the web, including chatrooms, forums, and criminal webpages to check if your identity has been compromised by monitoring your e-mail address and debit and credit card numbers.

When you combine the shocking security lapses we have seen out of very high profile and respected brands such as Sony, Epsilon and Citigroup in the past few months with the liability shift toward consumers, it is clear that identity theft protection tools are no longer a nice to have,said J.R Smith, CEO, AVG Technologies. Banks and corporations are at an important tipping point, showing strong indications that they will no longer simply cover losses,- expecting the online users to share equal responsibility in taking appropriate security measures that ultimately protect each other from malicious attacks.

Besides the Identity Alert component, AVG Premium Security includes AVG Internet Security and AVG Quick Tune. Internet Security features anti-virus, anti-spyware, AVG Protective Cloud Technology, and the AVG Community Protection Network. Quick Tune is basically a stripped down version of AVG PC Tuneup. It offers disk defragmenter, junk file removal, registry cleaner, and broken shortcut remover.

With its new offering, AVG is hoping to compete with Kaspersky Pure, Norton 360 and other similar products. The Identity Alert module helps AVG differentiate itself from its competitors, and the suite itself is competitively priced at $69.99. However, it might also be an overkill for most users. In my humble opinion, as long as you take the basic precautions like not reusing passwords, a simple firewall and antivirus is likely to suffice.

Android Security Apps Benchmarked: Bit Defender Has the Highest Detection Rate, Symantec the Lowest

The growing sophistication and popularity of smartphone operating systems has handed malware developers new platforms for wreaking havoc. Apple by and large avoids malware scares by maintaining a tight grip over the iOS App Store. However, Android’s open nature makes it a much easier target. Although malware outbreaks on Android aren’t nearly as big of a problem as they are on Windows, over the past year, a few of them have succeeded in creating trouble. PCSL (PC Security Labs) from China has published a comparative study of some of the security solutions for Android currently available in the market.

PCSL used a sample database consisting of 90 malware to test the detection capabilities of Android antimalware/antivirus applications. The detailed report is yet to be published, but the chart below illustrates the overall results.


Bit Defender was the top performer followed by a Chinese solution called Qihoo 360. Somewhat surprisingly, reputed vendors such as Trend Micro, AVG, and Symantec performed miserably. One possible explanation might be that PCSL, which itself is based in China, used a sample set that contained a sizable proportion of malware of Chinese origin. I guess we will have to wait for the release of the full report to know more. Many familiar names including Lookout and ESET were also excluded from this shootout; however, PCSL has promised to include them in the next edition.

Gmail Now Warns About Filters That Forward Email to Another Address

is definitely one of the best email providers out there and they have always been innovating and adding new features. We have written several Gmail Tips and features in the past, however, a new feature is being rolled out to users where they are being warned about filters that forward emails to other email addresses.

Gmail has always been keen on increasing the security of their service after what happened in China. They have been adding features which displays the locations you logged into Gmail from and also alerts you about suspicious logins. Additionally, Google has also added features like forced SSL and two step validation process.

The new alerts about forwarding filters is really useful and will allow users to see if anyone is forwarding emails to other accounts. In fact, I was very keen on having this feature for Gmail and had even spoken to few developers on creating an extension for Gmail, however, Google beat me at it.

Gmail Forwarding Filters Alert

The new message will be displayed on the top of the page as seen in the screenshot above and will allow users to review settings and change them if required. Currently, the "Review Settings" link takes you to the Filters page, however, I would have loved to have Gmail only display those filters which are forwarding emails to other accounts when I click on it.

A Google help page is also setup to tell users about this new feature, it states;

Why do I have a forwarding filter notice?

You’re seeing a notice to help you confirm that the forwarding filter setting that’s active on your account is accurate. If your account has this feature enabled, you should see this notice.

Forwarding filters are a pretty powerful feature that enables you to send a specific portion of your incoming email to another email account. This mechanism is helpful especially when you have more than one email account. Even so, it’s a good idea to make sure all the details are consistent with what you intend and expect. We encourage you to review your settings and verify that they are accurate.

How long will I see this notice?

For about a week, this notice will appear for a few minutes each time you sign in to your account. Displaying the notification in this way helps ensure that you have a chance to see the notice, rather than someone who might try to gain unauthorized access to your account and use this setting improperly. The notice will disappear immediately if you choose to disable the forwarding filter setting, but that decision is up to you.

How do I remove unwanted forwarding filters?

If the content of the notice looks unneeded or unfamiliar, please do the following:

  1. If you see unfamiliar account access, please change your password immediately. This may indicate that someone has unauthorized access to your account. It’s a good idea to pick a strong password for your Gmail account and never use it again on other websites.
  2. Sign back in to your Gmail account and click the gear icon in the top right corner of Gmail and choose Mail settings.
  3. Click the Filters tab.
  4. Search for the terms "Forward to" and delete any filters with unfamiliar email addresses. Note, there may be more than one filter.
  5. Click the Forwarding and POP/IMAP tab.
  6. In the "Forwarding" section, click the first drop-down menu and remove any unfamiliar email addresses.
  7. Select the Disable forwarding radio button if you want to disable non-filter based forwarding.

Kudos to Gmail on adding this feature, I have always wanted it and would have created it myself. It will definitely help people to keep a quick eye on Forwarding filters and remove them if necessary.

OMG Towel Pulling Prank Sets This Poor Girl Totally Undressed – Facebook Scam

Another new video related Facebook scam is spreading rapidly on . The scam is similar to earlier scams like the Brother rapes and ills sister scam, Girl raped by Teacher in Classroom scam and the Ex Girlfriend Revenge Video scam where pictures of scantily clad women or couple in compromising positions accompany the updates.

OMG Towel Pulling Prank Facebook Scam

The current scam is similar to earlier survey scams, where users are asked to complete a survey before they can watch the video in question. However, after completing the survey no video is shown and instead the user’s wall page is updated with a similar message that they had originally clicked on thus further spreading the scam.

The new scam is going around with messages like:

OMg,, Towel Pilling Prank Sets this poor girl totally undressed scam.

It is totally shocking as well as somewhat humorous

It is recommended that you DO NOT click on such links or scam messages on Facebook. If you come across this scam message, please delete/remove the scam from your Facebook news feed immediately. Alternately, you can report the scam to Facebook Security.

Here is an article about Avoiding Facebook Likejacking and Clickjacking scams. We have also compiled a list of Most Actively Spreading Scams on Facebook on Facebook for you to look through and avoid. You might also want to use a security application for protecting you from Facebook scams. As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook.