Online PC Support

PC Support


Would Tech Biggies Provide Backdoor Access to User Data?

It is indeed a double-edged sword and till a decision comes through, the debate on whether backdoor access should be given to the government and law enforcing agencies will continue. We are talking here about data encryption and the stand that tech companies are taking in this.

For the uninitiated, this debate has been going on between the two parties for quite some time now with both the parties believing strongly in why the backdoor access should be given or not given to government agencies. While the government believes that backdoor to the sensitive user data can help them nab criminals (wanted terrorists, etc.) easily, tech companies argue that any access into user data can jeopardize the user, particularly the ones who do not belong to the ‘criminal’ category.

Smartphones and all other gadgets that can be used to communicate or transfer sensitive communication have the ability to easily pass on encrypted data between members of an organization. Unless the government is granted the ‘backdoor access’, which is the possibility of decrypting that data to be able to decode what lies therein, law enforcing agencies can do little about the data on the devices that they may have seized from criminals. With this perspective in view, tech companies should actually give the government the right to access data with court’s order. However, this also gives rise to the risk that such information can be intercepted by other criminals, in addition to the agencies, who can use that data for other malicious purposes. With this argument in place, tech companies are mostly against creating a backdoor access.

As you can see, different people have different perspectives on this and it still remains to be seen whether the government will manage to convince the tech companies into giving them the access that they want. However, till that happens, here’s an update on what the different tech companies feel about the data-access proposal.


Is Giving In To Ransomware The Easiest Way Out?

The ugly head of Ransomware, a type of malware, has been cropping up for quite some time. And, every time it has cropped up, it has meant doom for the victims. Cryptolocker and Teslacrypt are two of the most prevalent ransomware families that have conned people into believing that enforcement agencies such as the FBI has apparently found objectionable content on your device and therefore has locked it down. Of course there’s a way you could unlock the device – pay up a ransom!

This is the modus operandi that ransomware uses and most people who fall victim easily give in to this demand fearing that they may be exposed or simply to do away with the hassles of getting the device decrypted (ransomware encrypts the device).

While all this time, every law enforcement agency was advising people against paying up, as they believed it would only boost the confidence of the cyber crooks, it is now that agencies such as the FBI is recommending people to pay up the ransom and get away. The entire decryption process is not only hassling, it is expensive as well.

As per Joseph Bonavolonta, Assistant Special Agent in charge of the FBI’s Boston office, “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom … To be honest, we often advise people just to pay the ransom.”

To justify this, the FBI has shared the below advantages that one can enjoy by paying up the ransom as opposed to looking for options elsewhere:

  • The Bitcoin payment that the ransomware designers demand is typically just a few hundred bucks (around $200) whereas decryption can cost you anything between $500 and $1000.
  • It is simpler to just pay up than look for reliable decryption services.
  • Cyber crooks almost always release a device and content soon after the ransom is paid; the time taken for completing a decryption process is generally longer.

However, having said this, it is also important to note that there is no surety that once you have recovered your device, the cyber crooks won’t ever try to take over it again. Also, while presently they have always let go off a device and its content after the money is received, there’s no guarantee that this will always be the case. The crooks may just take the money and vanish and leave your device useless as there’s a great deal of anonymity available with Bitcoins.

There’s a difference in opinion among the different agencies about whether to or not to pay the ransom; however, they are unanimous about getting the incident reported. Every agency urges users to report the incident with the respective authorities as this is the only way to combat this malware.

SAP Afaria vulnerability puts at risk over 130 million devices and data

Hackers do not miss an opportunity of creating havoc in the lives of unsuspecting technology users. And, when this opportunity comes to them in the form of vulnerability in specific software, they have even more to rejoice about at our cost.

Revelation from ace enterprise software maker SAP has once again left users in a lurch and thinking whether there is anything in the tech world that can be termed as 100% safe. SAP’S mobile device management program Afaria, used by over 6300 companies worldwide, connects mobile devices to the company networks and secures the devices from threats and risks. A critical weakness in the form of ‘authorization bypass vulnerability’ has been found in this system that has the potential to offer grounds to hackers to attack the phones of high-level executives in an organization simply by sending a connection request (SMS) to Afaria servers. Once the connection is established, the hacker can easily use the administrator status to wipe the data in particular devices, disable its Wi-Fi, lock it and even learn the location of the user.

Yes, this is indeed a scary situation and companies that are using this mobile management system need to pay attention to the security and confidentiality of their devices and data. Here’re a few significant aspects of the SAP Afaria vulnerability:

  • A hacker can send a connection request to the Afaria server to obtain a transmitter ID
  • He can also send across a random timestamp to show it as the last admin session
  • After procuring the phone number of an executive (business cards, websites, other means), the hacker can launch an attack by guessing the IMEI number of a device
  • The IMEI number is easy to collect as large corporations typically purchase devices in bulk and this makes it easy for one to guess the serial number of the devices
  • Once the ground is all set, the hacker can attack mobile devices running on any platform – Android, iOS, Windows Phone, Blackberry and so on
  • Since this isn’t specific to a particular device type or OS version, attacks can be launched against a wide range of systems and devices
  • What makes this vulnerability scarier is the fact that an attack can be launched on several devices (running into hundreds) at a time and the data of these devices can be wiped out completely in a go
  • While a backed up device would have less at stake of losing, the number of attacked devices can significantly lower the restore process – even if it were a big corporation
  • Researchers at ERPScan identified this vulnerability while they were testing  the security settings of SAP and Oracle business-critical ERP systems

Alexander Polyakov, CTO at ERPScan shared, “Unfortunately, solutions intended to secure organizations often put them at risk. The MDM solution that manages all company mobile devices is an attractive target for hackers.” This in itself summarizes the entire situation – many solutions that are designed to provide us security, end up putting us at more risks than ever thought of.

To remain unaffected of this vulnerability, enterprises should work upon installing the security patches that were released post the revelation and the security settings of the SAP Mobile Platform components should be re-configured to ensure there isn’t a miss.


Hackers manipulate Xcode; Apple pulls down infected apps from the App Store

Overcoming bigger hurdles give better satisfaction. While this is true in our daily lives, it seems that hackers are presently the ones making the most of this common saying. And bearing the brunt, people on the other side of the fence are iTunes App Store users who’ve unsuspectingly downloaded apps that are laden with malware. This time around, the app developers are also facing the heat as they have been conned into downloading the manipulated version of Apple’s software development kit, Xcode.

As per the latest reports, the affected apps were all developed in China. The modus operandi that the cyber crooks applied this time was to lure the app developers into using the Xcode version that they (the hackers) had maneuvered by playing around with the security features. While the legitimate Xcode kit is also available for free, app developers blundered in the pursuit of retrieving the software faster than they could from the original Apple’s website. Although they couldn’t figure out the mistake that time, it was later that they realized that the apps they created were in fact affected and had the potential to steal customers’ iCloud passwords and create even bigger messes due to this.

As a first step towards combating the threat, Apple pulled down all the infected apps from its app store. In a statement released to the media, Apple shared that “We’ve removed the apps from the App Store that we know have been created with this counterfeit software…” They further stated that, “…We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Out of the 39 iPhone and iPad apps that Apple researchers found were infected, WeChat, Didi Chuxing, and China Unicom Mobile Office are noteworthy. While many developers have already started working on fixing the damages, not everyone has shared their update.

Whether this instance can be treated as a simple intention of hack or another one of the large scale data breaches, only time will tell… For updates on the findings in this case, watch this space.

After hacking Bugzilla, hackers are now targeting Mozilla Firefox users

In the latest incident of data hacking, Mozilla users have had to bear the brunt after the bug tracking and testing tool Bugzilla was infringed. The hackers, after stealing sensitive data from the tool, used it to attack Mozilla Firefox users sending them into panic mode.

For the uninitiated, Bugzilla is an open source program that is mostly public except for security-sensitive data that is only restricted for a select few. Through this program, Mozilla tracks bugs in software that trigger the display of unexpected results when a user is using the Firefox browser.

To curb the reach of the hackers and to minimize the damage caused to users, Mozilla promptly shut down the account that was infiltrated and a high level investigation has also been initiated. While not much was known about the plans of the hackers and the impact this breach instance has had on the users, it is interesting to note that several other tech giants are also using the Bugzilla program as it is an open source platform. The names of organizations in this list include Red Hat, Apache, Gnome, LibreOffice and Eclipse, among others.

In a statement issued by Mozilla officials, they reiterated that “We are updating bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in.”

While it remains to be confirmed yet, initial investigations have revealed that the stolen data was being sent to a remote server in Ukraine. Mozilla further shared that the hackers were manipulating the stolen data to inject a malicious script into the victim’s machine that stealthily looked for key files in the device and uploaded the same to the remote server. As soon as a Firefox user would load an infected webpage, the script would run on the system and start its undercover activities.

Mozilla’s latest update, Firefox 40, is being touted as the security cover that one needs. This update has the potential to address all vulnerabilities that the hackers may have learnt about and thereby prevent harming you.

Facebook Threat Exchange to Curb Hacking Attempts

It isn’t that technology giants aren’t doing nothing about the large scale data breaches that are happening. To combat such threats, tech giants have decided to join hands and come up with measures that are a step ahead of the hackers. Certainly, fighting these threats individually isn’t helping anymore – rather, the demand of the hour is that we all unite and come up with a solution that is robust and efficient.

In February 2015, Facebook launched ThreatExchange – an API-based solution that offers security threat data to different companies that have united for this cause. In the early development stage, companies such as Yahoo!, Tumblr, Pinterest, Twitter, etc. joined hands. They provided their inputs that greatly contributed towards shaping the solution as we see it today. Gradually, others too showed interest in this cause and today Facebook has the contribution and participation of over 90 groups (companies are grouped basis the industry they belong to). Besides technology, there are groups that belong to educational and financial institutions as well as defense contractors.

What is ThreatExchange all about?

ThreatExchange is actually a platform that allows group members to collaborate and warn each other regarding a threat that may be attempting to intrude their database or system. It is the most remarkable weapon, against the next potential ‘spam king’, which you’ve been waiting for. In all, ThreatExchange helps you:

  • Identify hacking attacks and share your knowledge about attacks with other group members
  • Share common signs and traits that hackers display so as to identify the origin of the attack
  • Analyze the attack and share the findings with others in the group
  • Create a common knowledge pool to fight Internet-borne threats

So how’s Facebook putting this up?

Facebook stands at the background while companies publish content and pass on threat information to other members. Facebook keeps tab on the messages and pieces of data shared over this platform, through its own software. Members too use this software to share content. However, the difference is that, group members get to view the program as a regular security solution; whereas, Facebook ensures that the privacy conditions aren’t breached and that companies are able to smoothly share the data with members they wish to alert.

Facebook isn’t charging for this service and is only working towards securing the web and presenting it as a better and more secured place to be in.

As it appears now, ThreatExchange is sure creating the ripples as was expected. With several biggies coming together to stop the menace called ‘hacking’, we definitely can look forward to enjoying a secured web soon…

Cisco Owns the Highest Number of Net-Security Patents!

This comes as a revelation of the latest LexInnova report

No matter which country you reside in or what profession you’re into, the perils of online security are bound to set you thinking. No matter how many doors and windows you close to prevent these perils from penetrating your digital world, there seems to be some little opening or hole in the wall through which threats attempt to enter. It is indeed scary and a slight miss could land you in grave situations.

To keep you safe and covered, different brands providing Internet security solutions constantly strive at offering you better and more sophisticated tools. To keep these tools integral to their system, companies patent their security portfolios so that you remain secured under their protective umbrella and enjoy using the different security systems as well.

As per the latest assessment done by LexInnova, Cisco rules the roost at owning net security patents. It owns as many as 6442 patents – all related to network security. Symantec follows this number and stands at the second position with 5757 patents. However, although these are impressive numbers, there are intellectual properties of other brands that are equal or higher in quality, such as Check Point, Juniper Networks, and Palo Alto Networks, but their numbers aren’t that great. Therefore, these names do not appear on the list of the top three, as released by LexInnova. The company with the third highest net security patents is Daylight.

It is also worth mentioning in the same breath that the assessment reports also highlight that the US, China and Canada remain the top owners of security patents along with Australia. So, it is good to see that there is a varied participation of countries working on securing our digital lives rather than the onus lying on just a select few.

However, it is yet to be seen if some of these smaller companies will be acquired by the bigger brands. That, only time can tell. For now, it is Cisco celebrating the victory…

Avira Wins the Case against Angry Birds-Styled Game

A lawsuit against Avira was filed when the security software had earlier blocked a bundle of software downloads from a game. Freemium GmbH has filed the lawsuit against the antivirus giant stating that Avira has dismissed the software updates released by the game firm. Freemium had claimed up to six months in prison sentence and a whopping amount of €250,000 fine against Travis Witteveen, the managing director of Avira on the ground of violation of trade regulations in Berlin District Court.

Freemium GmbH has filed a cease-and-desist order against Avira in Berlin District Court when the German security firm has issued warnings of bundle of additional software released by Moorhuhn Remake game. The security firm warned that the software bundle might pose threat to gamers’ computers. However, the three-judge panel in Berlin District Court has rejected the lawsuit on the ground of lack of adequate evidences and also ordered Freemium to bear the court costs of €500,000 (US$551,000), as per the latest updates released by Avira of the case. Earlier in May, Berlin District Court has given verbal verdict and now, the court has given written orders.

Avira has warned users that the download manager of Moorhuhn Remake software is a Potentially Unwanted Program (PUP). This PUP category of software is not directly marked as malicious software, but such software may enable other malicious software such as, adware to download on users’ devices. As a user, we often overlook and bypass warnings of such downloads and end up downloading many adware which leak information about our overall computer and internet usage. The Angry Birds remake game, Moorhuhn Remake, is one of such software publishers to bundle in many trial version of software within the main software package so that gamers will download those advertising programs along game’s own software update. One of the programs which came packed with Moorhuhn Remake was a download manager called which is released by Axel Springer, as detected by Avira. There are several other programs embedded in the bundle of software such as PC TuneUP, Zoomit, Web Companion, Super Easy Register Cleaner, Sparpilot, Driver Finder, OK Freedom and Browsing Secure.

Though the game software claimed that users have options to choose not to download these tools, but Avira said that neither any fine print nor the licensing terms had given clear discrimination between the main Moorhuhn Remake software and other bundled software.

China-US Cyber War Update: Chinese Hackers Had Access to US Security Clearance Database

Chinese hackers have kept the World Wide Web busy with as the news of their cyber onslaught of US government systems revealed over the weekend. Over the five years, US intelligence agencies were tracking multiple groups of Chinese hackers who were extracting information from various US segments including energy plants, defense contractors, and electronics manufacturers. However, US agencies have lost track of some Chinese hackers over the one year as they shifted their target to US government systems and hit the Office of Personnel Management. And how they cracked and burrowed deep into those systems is recently discovered as New York Times released a spine chilling update. NYT’s findings revealed that Chinese hackers not only attempted to hook in top the database, but they actually had access and inside help into the database.

NYT said:

“Undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them “administrator privileges” into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems, two senior administration officials said. The hackers began siphoning out a rush of data after constructing what amounted to an electronic pipeline that led back to China, investigators told Congress last week in classified briefings.

Much of the personnel data had been stored in the lightly protected systems of the Department of the Interior, because it had cheap, available space for digital data storage. The hackers’ ultimate target: the one million or so federal employees and contractors who have filled out a form known as SF-86, which is stored in a different computer bank and details personal, financial and medical histories for anyone seeking a security clearance.

“This was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” one senior administration official said. “And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.”

Once hackers got administrators’ privileged access, the risks of secondary penetration cannot be avoidable. They can now access any other computer system which is connected to OPM data. US administration is trying to comprehend which other sectors are the next target of Chinese hackers. Times magazine has claimed that “lax security at the Internal Revenue Service, the Nuclear Regulatory Commission, the Energy Department, the Securities and Exchange Commission — and the Department of Homeland Security, which has responsibility for securing the nation’s critical networks.”

NSA Launched But, Failed to Infect North Korean Nuclear Plant with Stuxnet Virus

The National Security Agency tried to infect a Stuxnet-variant virus to sabotage the nuclear plant of North Korea, but eventually it failed, reported Reuters.

Earlier, NSA launched a similar cyber attack campaign on Iran’s nuclear program in 2009 and 2010, jointly with Israeli forces. Anonymous U.S. Intelligence sources who were familiar with this covert campaign told Reuters that right around the same time of the year when US deployed the Stuxnet virus on Iranian nuclear program back in 2009 and 2010, NSA tried to launch a Stuxnet-style virus which failed to debilitate Korean plant.

According to the news, NSA designed the virus which would be enabled when accessed any computer settings in Korean language. Despite its high-end attempt of virus attack, NSA agents failed to access the core systems which were connected to the nuclear weapon program of North Korea. North Korean security system is widely marked for closed secrecy – so much so that any civilian requires a police permission to even buy and own a computer and even certain restriction is applied to Internet access. The one primary connection which is given to North Korea comes from China.

The United States has been deeply concerned about the strength and efficacy of the nuclear program of Iran and North Korea. Since NSA had already successfully disrupted the nuclear plant by allying with Israeli forces five years back, so their efforts to run the similar Stuxnet virus program on North Korea came as no surprise, reasoned Tim Erlin, the director of security strategy and IT risk of Tripwire, the computer security. He said that North Korea’s singular reliance on China’s internet connection seemingly barred NSA’s cyber attack efforts to attack and crack into the systems. As per Erlin, “they are simply harder to attack with precision cyber-weapons. There’s only one way in, and it’s well guarded. That isolation comes at great cost, of course, but it does provide this advantage.”

Any use of third party trademarks mentioned on this site , brand names , products, phone numbers and services is only referential and onlinepcsupport hereby disclaims any sponsorship , affiliation or Endorsement of or by any such third party .