Month: May 2015

Security Questions as Authentication: Robust or No Good?

Are security questions difficult to crack? Not really, if it is the scam artists that you are referring to! Yes, this once used to be one of the safest hurdles that you could create to deny cyber crooks from entering your digital fort. However, with sophisticated tools now available to crack these relatively simple security questions, cyber criminals aren’t lagging too much behind you where it comes to cracking these barriers. On an average, users prefer to set up easy questions like: What’s your mother’s maiden name? What’s your first pet’s name? What’s your school’s name? What’s your favorite food? Certainly, they have two benefits for choosing one of these. One, the answer would be unique and two it will be easier for them to remember the passcode. Nonetheless, in the midst of these, users often underestimate the simplicity of finding the answer – most security questions (such as the above) have been cracked by scammers in less than 10 attempts. This is indeed alarming and scary. Thankfully, there are better authentication gates now available that you can use to secure your digital life. This includes reset codes sent via SMS to the registered mobile numbers and alternate e-mail addresses where the websites can validate you. If you are still caught up in the debate that security questions are still secured, here’re some specific facts and figures that could...

Read More

Computer Expert Hacked Entertainment System to Make Planes Fly Sideways

Earlier in April 2015, Christ Robert was banned from boarding United Airlines flight following his tweet on his skills on hacking planes’ networks. But that stern rejection could not stop him from hacking planes, according to a recent FBI. He hacked and flew plane sideways! Once again, Christ Robert, CTO and founder of One World Labs, is in the news for admittedly hacking the communication system of the plane and manipulating the navigation of the plane. He has stated that while he was flying on the plane, he could access the entertainment system of the plane under his seat. He connected the in-flight entertainment system of the plane to his computer and then, modified the code and seized the Thrust Management System using default username and passwords. Roberts has revealed that he has hacked planes more than “15 to 20 times” within the course of 2011 and 2014 by simply plugging an Ethernet wire to the entertainment box that lies under the seat. This time, he has changed the mode of flight of engines into the climb mode and made the plane fly sideways. According to FBI, “He [Roberts] stated that he successfully commanded the system he had accessed to issue the “CLB” or climb command,” FBI Special Agent Mark Hurley wrote in the warrant application. “He stated that he thereby caused one of the airplane engines to climb...

Read More

Breaking Bad Fans Are Warned against Crypto Ransomware Malware Attack

Bad news alert for Breaking Bad fans as their digital assets are under the radar of malware assaulters. A new crypto ransomware threat is detected in Australian cyberspace to take hold of computers and sensitive files, security researchers at Symantec have confirmed. How Breaking Bad crypto ransomware works? Symantec has discovered this new crypto ransomware malware which is called Trojan.Cryptolocker.S which is targeting Breaking Bad fans in Australia. Once infected a computer, Trojan.Cryptolocker.S encrypts all the files contained in devices including documents, pictures and videos and then claims a ransom of Australian $1,000 (which is approx (US$791) for users to decrypt those files. The malware programmers use a Breaking Bad themed ransom demand message which illustrates ‘Los Pollos Hermanos’ branding image. Additionally, the malware authors also depict a quote of Walter White, the protagonist of the series which reads “I am the one who knocks.” When asked which method is used by this crypto ransomware malware authors, security researchers at Symantec has revealed “We believe that the crypto-ransomware uses social engineering techniques as a means of infecting victims” in their blog post. According to Symantec researchers, “The malware arrives through a malicious zip archive, which uses the name of a major courier firm in its file name. This zip archive contains a malicious file called ‘PENALTY.VBS’ which when executed, downloads the crypto-ransomware onto the victim’s computer. The threat also...

Read More

Even Google’s Patched Password Alert Version has Problems, Issue Detected!

All it took was a seven-lined code to dupe Google’s anti-phishing Chrome extension. And it didn’t take that long – this anti-phishing Password Alert system was found flawed within 24 hours of its debut. Paul Moore, a security researcher with British Unity Group, wrote that JavaScript code which bypassed the anti-phishing protection it was supposed to provide. Paul’s proof of concept The anti-phishing Chrome extension called Password Alert was introduced on Wednesday to protect users from phishing sites and hackers. On typing the password on the extension, it will alert users if the password has been used on any non-Gmail page and it should be changed by scanning all HTML pages which might fake a Gmail login page. Paul uploaded a video on YouTube showing how his code could mislead Google’s Password Alert. In this proof of exploit video, he showed that how Password Alert will not work. After applying his seven lines of JavaScript code, the Password Alert started frequently appearing and disappearing on the page and failed users to make any use of it. He said that “anyone looking to launch a phishing attack against a Google account simply needs to add those seven lines to render the Password Alert protection useless.” Other security flaws detected Though Google has not come up with any response, but it released a patch version 1.4 to fix the Password Alert...

Read More