Microsoft Security Essentials Beta Opens for Public

Microsoft has made the beta for the new version of Microsoft Security Essentials (MSE) available for public widely. Earlier, the beta was only available for a limited number of beta testers.

MSE Beta

The download isn’t straightforward though. You need to click the Download Now link on the Microsoft Security Essentials homepage that would take you the MSE beta page on Microsoft Connect (Windows Live ID required). The current beta build is version 4.0.1111.0. The beta is available both as 32-bit edition (8.87 MB) and 64-bit edition (11.04 MB). The software supports Windows XP with Service Pack 3, Windows Vista with Service Pack 1 or 2, and Windows 7 with Service Pack 1.

SNAGHTML8083d1

This latest version includes the following new features and enhancements to better help protect your PC:

  • Cleans highly impacting malware infections automatically, with no required user interaction
  • Enhanced performance
  • Simplified UI
  • New and improved protection engine

While, Microsoft Connect is used to engage with beta testers by encouraging participation in surveys to report results or submitting bugs, the MSE Beta page doesn’t have those available at this moment though.

Twitter Acquires Android Security Startup Whisper Systems

Twitter has recently acquired Whisper Systems, a mobile security and privacy company that specializes in Android security and is still in its beta stage.

Whisper Systems provides security and management solutions that transform consumer phones and tablets into enterprise-ready devices.

android-whisper-systems The driving factor for Whisper Systems’ work with security, was their dissatisfaction with the state of mobile security. This led them to modify the entire Android stack and include security features at different layers. After rigorous fine-tuning, they came up with a modified Android kernel and called it the  Whisper Core. Whisper Core was the same Android kernel, but with an enterprise-level security. Some of the enterprise security features in Whisper Core were:

  • Full disk encryption, SD card encryption and smudge resistant unlock patterns
  • Network security though a firewall
  • Encrypted backup to the cloud
  • Selective app permissions
  • An SDK for developers

This was enough to impress Twitter. Now, Whisper Systems will undergo a transition, during which their systems will go offline. Whisper Systems announced their acquisition, saying,

We started Whisper Systems with the goal of improving security and privacy for mobile devices. We were attracted to this not only because we saw it as an opportunity to reinvent the security solutions that never really worked in the PC environment to begin with, but also because the stakes are much higher — due to the nature of mobile devices themselves — and we didn’t like the way that things were looking.

We ended up tackling the full stack — all the way from application-level solutions at the top of the stack, down through a  hardened version of Android, to  kernel modifications  at the bottom of the stack. Along the way, we learned a lot, and developed products that we are proud of.

Now that we have been acquired by  Twitter, we are looking forward to integrating our technology and our expertise into Twitter’s products and services.

With the acquisition of Whisper Systems, Twitter has also acquired security related IP on Android. This will help Twitter create a secure system for its users by integrating security in the Android system itself and minimizing intervention from the user. The Whisper Systems team will start working with Twitter soon.

(Via: @babelsquirrel)

Katrina Kaif, Deepika Padukone, and Kareena Kapoor Are Cyber Criminals’ Favorites

According to a study by McAfee, Katrina Kaif is the most dangerous celebrity in the Indian cyber space. While Katrina has a huge fan following and is one of the most searched celebrities on the Web, this would be an awkward sobriquet. She is followed by Deepika Padukone and Kareena Kapoor in the Most Dangerous Indian Celebrity’ revealed by McAfee after they researched popular culture’s most famous people to reveal the riskiest celebrity sportsmen, actors, and politicians across the Web.

The cyber criminals create malicious software and online threats designed to steal personal information around fans looking for results on search engines using strings such as name of celebrity’ combined with words like free downloads’, hot pictures’, screen savers’, and videos’.

“In a celebrity crazy country such as India, cyber criminals find it very lucrative to use the names of popular figures as keywords to lure people to websites with malicious software. This year’s study found movie stars top the most dangerouslist, while sports stars and politicians are among the safest.

– Venkatasubrahmanyam Krishnapur, Senior Director, McAfee India

The top 10 celebrities in India with the highest risk percentages are:

  1. Katrina Kaif
  2. Deepika Padukone
  3. Kareena Kapoor
  4. Saif Ali Khan
  5. John Abraham
  6. Priyanka Chopra
  7. Aishwarya Rai Bachchan
  8. Bipasha Basu
  9. Aamir Khan
  10. Shah Rukh Khan

The study for Most Dangerous Celebrity’ used the McAfee SiteAdvisor site ratings which indicate the sites that are risky to search for celebrity names on the web and calculate an overall risk percentage. McAfee SiteAdvisor technology tests and rates nearly every trafficked site on the Internet and uses red, yellow and green icons to indicate the website’s risk level.

FBI’s Operation Ghost Click Busts Operators of DNSChanger Malware

FBI has released details of its Operation Ghost Click which led to the arrest of six operators of an internet fraud ring that had created and distributed a malware called DNSChanger. All of the arrested men were of Estonian descent and worked primarily from Estonia and Russia.

DNSChanger changed the DNS settings of the host computer, so that when a user of the affected system tried to open a webpage, he/she would be re-routed to a website or advertisement as decided by the hackers. The victims were also directed to websites with other potential malware. They had infected about 4 million computers in 100 different countries. United States alone had almost 500,000 DNSChanger infected PCs ranging from those owned by individuals to enterprises to even those used by NASA. The hackers are believed to have gotten at least 14 million dollars from the fraud.

As Janice Fedarcyk, Assistant Director in Charge of FBI’s New York office, read out in a statement,

The harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:

They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.

Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.

Users involuntarily routed to Internet ads may well have harboured discontent with those businesses, even though the businesses were blameless.

And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defence that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

The rogue DNS servers have been replaced by genuine ones so that the affected users do not have to face disruption of internet services. But do note that this process does not remove the actual virus from the affected system. FBI has released a PDF document with details on how to check whether your system is infected. They have also released a range of rogue IP addresses that was used by the gang.

clip_image001

The details on how to find your IP address and help on cleaning up your system is also detailed in the PDF document mentioned above.

Have you been pwned? PwnedList will help you find out

Do you, at times, wonder whether your accounts have been compromised? If the answer is yes, you can now verify your doubt by using a service appropriately called PwnedList (Pwn is a jargon used by hackers to imply that an account has been compromised).

It was developed by two security researchers – Alen Puzic and Jasiel Spelman, of DVLabs. They explain the birth of PwnedList as:

The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.

At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise.

All you have to do is head to PwnedList.com and enter your email id or username in the text box and click Check. The data is then compared with SHA-512 hashes of harvested account dumps stored as key value pairs. The site says that the entered data is used only once for the search and is not stored. Still, if you don’t want to enter your username/email, you can use the SHA-512 hash of your email (or username) instead.

pwnedlist_homepage

So, what if your email or username is identified in their database? Immediately change their passwords as well as passwords of your other accounts just to be on the safe side. See my article, The Layman’s Guide to Computer Security  for tips on creating a strong password.

A Look at Facebook’s Security Infrastructure

25 billion actions a day or 65,000 actions a second! That is the volume of actions generated by Facebook’s 800 million users. And Facebook this week, released some information about its massive Security infrastructure called the Facebook Immune System or FIS that scans all of these actions for any kind of suspicious activities.

As New Scientist explains,

It protects against scams by harnessing artificially intelligent software to detect suspicious patterns of behaviour. The system is overseen by a team of 30 people, but it can learn in real time and is able to take action without checking with a human supervisor.

The system was developed over a three year period and the numbers released by Facebook shows that it has been pretty effective. The number of users affected by spam has been reduced to less than 1%. Even though that 1% accounts for about 8 million users, with a little bit of caution from the end user while using Facebook, that number can be reduced even further.

Microsoft Research has put forward a PDF detailing the principles of FIS. According to it, the main components of FIS are

• Classifier services: Classifier services are networked interfaces to an abstract classifier interface. That abstraction is implemented by a number of different machine-learning algorithms, using standard object-oriented methods. Implemented algorithms include random forests, SVMs, logistic regression, and a version of boosting, among other algorithms. Classifier services are always online and are designed never to be restarted.

• Feature Extraction Language (FXL): FXL is the dynamically executed language for expressing features and rules. It is a Turing-complete, statically-typed functional language. Feature expressions are checked then loaded into classifier services and feature tailers1 online, without service restart.

• Dynamic model loading: Models are built on features and those features are either basic or derived via an FXL expression. Like features, models are loaded online into classifier services, without service or tailer restart. As well, many of classifier implementations support online training.

• Policy Engine: Policies organize classification and features to express business logic, policy, and also holdouts for evaluating classifier performance. Policies are Boolean-valued FXL expressions that trigger responses. Policies execute on top of machine-learned classification and feature data providers. Responses are system actions. There are numerous responses.

Some examples are blocking an action, requiring an authentication challenge, and disabling an account.

• Feature Loops (Floops): Classification generates all kinds of information and associations during feature extraction. The floops take this data, aggregate it, and make it available to the classifiers as features. The floops also incorporate user feedback, data from crawlers2, and query data from the data warehouse.

clip_image002

Although FIS has come a long way in tackling spam, it should be noted that FIS is still vulnerable to tactics that are new to it, such as,  socialbots. A socialbot works by sending friend requests to random people. The profile data of people who accept this friend request is used for identity theft, phishing attacks etc.

So, it is always up to the end user to remain cautious of these types of attacks in order to protect their personal information.

You can find some of the common tips to protect your Facebook account here.

BSNL Website Hacked by Pakistani Hacker

BSNL just can’t get enough of the negative lime-light. It has not even been two months since we reported BSNL getting compromised, and here we are again. A self-proclaimed Pakistani hacker has defaced a public BSNL page. Last time, we revealed a serious security flaw in an internal application at BSNL called Dotsoft, and funnily enough, the vulnerability still exists.
dotsoft-hack
Apparently, Dotsoft became a hot topic with ethical hackers earlier in 2009, here is a clear proof-of-concept hack attempt aimed at Dotsoft. Though, this time, the situation is even worse. Today, a sub-directory on the BSNL website was hacked by a Pakistani hacker. The hacker, who calls himself ‘KhantastiC haX0r’, placed an index.html file on the sub-directory to prove that he has write-access to the web server.   He has also stated he has copied and removed all logs of the intrusion, as well as copied the databases — possibly being held for ransom? The defaced site is available at http://www.bsnl.co.in/tender1/ and doesn’t seem to affect any other pages within the same sub-directory, like http://www.bsnl.co.in/tender1/archive3.php.

khantastic-hacker

It is worth mentioning that although ‘Khantastic haXor’ claims to have connections with the PCA, he was actually thrown out of the PCA according to online reports. The situation was so bad that his personal details were exposed by a rival online ‘crew’. They went so far as to include personal photographs of the person in question. In any fashion, KhantastiC haX0r doesn’t seem to take his online anonymity very serious, as his Google+ account features pictures in high detail.

BSNL seriously needs to strengthen itself against attacks like these, with over 90 million subscribers, it’s a wonder they’ve managed to stave off theft of credit cards, passwords and other internal databases. It would seem like this is an online turf-war and BSNL was simply caught in the middle, perhaps their state ties can help them with building a more robust and secure network.

This makes for a good Diwali gift for BSNL from Pakistan.

Interactive Authentication Methods Get Rid of Annoying Passwords

I hate passwords. To rephrase, I hate remembering passwords. I have often believed that trying to recollect passwords has a lot to do with hair fall. Either naturally or you end up pulling your hair out since you can’t recollect the damn password. Some websites want you to have a 8 character password that’s not your first name or should have a special character . While some websites won’t allow you to enter a special character. The rules make it frustrating to remember passwords. I hate passwords.

OEMs started using finger print scanners for authentication but the accuracy is enough to make you want to chop your finger and tape it to the scanner. Or disable the password—not recommended though. Mobile phones can’t have finger print scanners and until recently, 4 digit number combinations are the standard security feature. These touch devices, however, are capable of more. In Android, Google introduced a feature called Patterns. Instead of entering number combinations, you draw a pattern on the screen to unlock the device. I have tried on my friend’s phone and find it quite intuitive. However, fellow Techie Buzz writer, Rajesh Pandey points out that figuring out a Pattern password is very easy. The finger smudges on the screen after repeatedly drawing the pattern makes it convenient to figure out the combination. Screenshot courtesy Keith Dsouza:

In Android ICS, Google has introduced facial recognition. Another interesting security implementation that uses the front facing camera to unlock the phone. I haven’t tried how consistent the feature under the varying lighting conditions but Google’s demo at the Android ICS event failed. Having said that, Xbox Kinect uses Kinect ID to recognize you and log you into the system. Convenient and secure enough. Screenshot courtesy Google:

In Windows 8, Microsoft showed something similar to Patterns. Called Picture Passwords, users can log into the system by touching specific points on the lock screen image. These points are set by the user and are way more convenient and intuitive compared to entering passwords on the tablet. I wouldn’t be surprised if the next major release of Windows Phone introduced picture passwords, in fact it should. Screenshot courtesy me:

While security continues to be a threat as seen by the recent troubles Sony faced, there need to be more intuitive ways to authorize users. Google and Microsoft seems to be working on them with some practical solutions.

Croma Partners with Intel to Launch Laptop Theft Protection Service in India

Croma, the mega-store chain from Tata Sons, has partnered with Intel to introduce anti-theft service for laptop users in India. Using Intel Anti-Theft Technology built into Sandy Bridge (2nd Generation Intel Core) processors, laptops can automatically disable themselves if they are lost or stolen.

Mobile PC usage in India is on the rise and we expect to further accelerate it with the new Ultrabook devices. Protecting users’ sensitive information as well as laptops themselves is paramount,said R. Sivakumar, Managing Director, Sales & Marketing Group, Intel South Asia. We are thrilled to see Croma offering Intel Anti-Theft Service for Indian laptop users.

A stolen laptop can be locked down by sending a signal over the internet, or by using intelligent hardware timers. Locking down a laptop essentially makes it unbootable and unusable. Intel also provides a secure vault in the hard disk that is cryptographically protected. If a laptop is locked, then the data in the secure vault can’t be read even by connecting the hard disk to a different computer. Even reformatting the hard drive, installing a new hard drive, or changing the boot order won’t help in circumventing the lock. However, Intel and Croma didn’t make it clear if laptop tracking with the help of GPS module will be available or not.

Intel-Anti-Theft

We are proud to be the first retailer to introduce Anti-Theft service for all the laptop users at Croma. With the launch of this Anti-Theft service, our consumers will now enjoy peace of mind while securing their laptops and their digital lives.said Mr. Ajit Joshi, CEO & Managing Director, Infiniti Retail Ltd. Croma is delighted to partner with Intel for this exceptional service that will provide our customers an opportunity to safeguard their laptops. This initiative evidently affirms the Company’s resolution of bringing world-class shopping experience to its customers.

The theft protection service will be bundled with select laptops sold from Croma. For other laptops sold through Croma, it will be as an optional feature starting at Rs. 199 for a period of 2 years.

NoScript Now Available For Firefox Mobile On Android

If you’re looking for added security when browsing on your Android device, look no further than NoScript. The popular Firefox extension has now been made available for Firefox Mobile. It’s called NoScript Anywhere.

Browsers have become extremely complex. With more and more platform-agnostic webapps appearing, users have been living and working inside a browser instead of a desktop. Google has been pushing Chromebooks that provide a full web experience using nothing more than their Chrome browser. Safari has gone mobile. Firefox has gone mobile. Opera has gone mobile. All these mobile browsers are gaining popularity, yet nobody has been addressing the issue with modern browsers: security.

NoScript allows users to selectively block Java, Javascript, Flash from executing without permission.  It provides XSS (Cross Site Scripting) and ClickJacking protection using integrated plugins. The add-on has been completely re-written to support a mobile interface. Once installed, NoScript immediately starts blocking harmful web applets using the default recommended options. More advanced settings such as whitelisting, blacklisting, and granular permissions will be editable on a desktop and can be synchronized via Firefox Sync — keeping all your devices up-to-date, whether a mobile device or full blown desktop/laptop.

NoScript Anywhere allows the plugin to be installed without restarting Firefox Mobile. It provides an option for disabling automatic playback of Flash and Java applets, instead, a placeholder can be clicked to initiate execution of the plugin.

Naturally, NoScript Anywhere is based on the extremely popular open source NoScript extension written by  Giorgio Maone,  who also created the  FlashGot Download Manager.  The work started at the beginning of 2011, it took short 9 months of incubation before being completed and available for public use.  

The majority of mobile browsers are based on WebKit, but are proprietary and different across the board by manufacturer. Android’s browser is based on Chromium, iOS’s based on Safari and BlackBerry’s based on a moldy flaming banana peel.

Firefox Mobile will hopefully become extremely popular among all smartphone users, and we will see NoScript Anywhere usage increase, making the web just a little bit safer for everybody.