Welcome, Guest |
You have to register before you can post on our site.
|
|
|
Welcome Guest!
|
Welcome to the Promo2day Community, where we feature software giveaways, computer discussion, along with a fun, safe atmosphere! If your reading this it means you are not yet registered.
You will need to Register before you can make posts, chat or enter the forum giveaways.
Be sure to also visit the Help/FAQ page.
|
MasterCard Moves Forward with Selfie-Based Payment Method |
Posted by: tarekma7 - 02-25-2016 , 03:32 AM - Forum: Security News
- Replies (2)
|
|
It may look as a good idea now, but there are some downsides
MasterCard is moving a pilot program into the next stage and has decided to allow users to authenticate and authorize payments using biometrics instead of a classic PIN.
Launched last year in June, MasterCard's pilot program was only available for people in the Netherlands and the US and allowed users to pay for goods using four new distinct techniques.
Innovative payments pilot program to expand to more countries
To enter the program, users had to install a special MasterCard app on their smartphones or use one of the MasterCard-issued wristbands.
With these tools, users had the option of authorizing payments by taking a selfie (face recognition), placing a finger on their phone's camera (fingerprint recognition), speaking a code (voice recognition), or by measuring their cardiac rhythm (via the wristband).
At the Mobile World Congress held in Barcelona these days, MasterCard has announced that, starting this summer, these payment options and the pilot program will be expanded to more countries.
The country list includes the UK, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland, Denmark, and Canada, which will join the previous countries, the US and the Netherlands.
Are selfie-approved payments safe?
MasterCard says that the new biometrics-based payments service was created to ensure and keep user data safe. The company says that no selfies, voice commands or fingerprints are sent to its servers for storage and that the mobile app transforms everything into ones and zeros.
Only this code is sent to MasterCard's servers, and it will be processed and analyzed for similarities to the user's default biometrics.
Security experts aren't really looking forward to biometrics-based payment verification systems. While passwords and PINs can be changed once compromised in a data breach, once biometrics data has been lost, the user may find it hard to change their face or voice just for the sake of their bank account's safety.
Source
|
|
|
Windows 10 Redstone Build 14271 for PC Now Available for Download |
Posted by: tarekma7 - 02-25-2016 , 03:06 AM - Forum: Software Discussion
- Replies (1)
|
|
Redmond also ships new Redstone build for PC insiders
Microsoft has just released a new Windows 10 Mobile Redstone build for new Lumia devices participating in the Insider program, but the company took everyone by surprise and also shipped a PC build too.
Aimed at insiders who are enrolled in the fast ring, the new Windows 10 build for PCs is all about bug fixing and performance improvements and Gabe Aul, the head of the Windows Insider program, says that getting as much feedback as possible is critical at this point.
Redstone is the next big update for Windows 10 coming in mid-2015 and that’s why Microsoft is pushing so hard for feedback, as fixing bugs at this point is essential before the development team starts work on new features.
Bug fixes and known issues
Windows 10 Redstone build 14271 is thus fixing the majority of major issues reported in the previous release (you can check the full changelog in the box after the jump), including a bug causing the accent color not to change when the slideshow option is enabled on the desktop. We’ve had this bug on one of our PCs here at Softpedia and it was really annoying, especially if you like to tweak the look of your desktop regularly.
Additionally, this build brings updates for the music control icons shown in taskbar previews in music apps, including Groove Music, with Microsoft claiming that they should now look more crisp and cleaner at higher resolutions.
Needless to say, there are also some known issues, including one causing a number of PCs to freeze or get a BSOD when resuming from hibernation. The only workaround available at this point is to completely disable hibernation, Microsoft says, but a patch is expected to be included in the next build.
Keep in mind that this build is only available for the fast ring, so bugs like this are something to be expected at this point. Microsoft still recommends those who don’t want to spend too much time diagnosing bugs to switch to the slow ring.
Source
|
|
|
Attackers Can Hijack Wireless Mice and Keyboards to Install Malware |
Posted by: tarekma7 - 02-25-2016 , 02:47 AM - Forum: Security News
- No Replies
|
|
Dell, Microsoft, Lenovo, Logitech devices affected
Vulnerabilities in USB dongles used for wireless mouse and keyboard peripherals can allow an attacker to take control over a victim's computer and carry out malicious actions.
This attack currently affects mice and keyboards sold by companies like AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft.
Only Logitech has issued a firmware update to protect their dongles against this type of attack. The other companies have been made aware of the problem and are working on a fix.
MouseJack attack relies on faulty USB dongles
The attack, codenamed MouseJack, was discovered by IoT security firm Bastille, who found a flaw in how a wireless mouse/keyboard talks to its dongle.
By default, vendors foresaw issues with wireless input equipment and protected communications between the computer and the wireless device using encryption.
Bastille researchers discovered that the USB dongle does not create unique pairings between the computer and its device. This means that an attacker could also use another similar device with the victim's dongle.
In theory, this should have been impossible because of the encryption that made sure that a mouse/keyboard without the proper key could not have connected to a dongle.
MouseJack attack can install malware in seconds from up to 100 meters away
Bastille found out that particular devices did not enforce this policy and accepted unencrypted commands from other mice/keyboards. Attackers could take control over the mouse's movements or the keyboard's input, manually or with automated attacks.
Researchers put together a Python script that could automate their attack in a matter of seconds, more than enough in many enterprise scenarios where an employee goes to get a cup of coffee or glass of water from the office kitchen.
During this time, attackers can install malware on the victim's computer, from a distance of up to 100 meters (330 feet) away.
Technical details regarding the attack, along with a list of affected devices can be found on Bastille's MouseJack website.
Source
|
|
|
Kaspersky Anti-Virus Not Working on Windows 10 Redstone Build 14271 |
Posted by: tarekma7 - 02-25-2016 , 02:45 AM - Forum: Security News
- No Replies
|
|
“We’re working with Kaspersky on a fix,” Microsoft says
Microsoft has just released a new preview build of Windows 10 Redstone and while the majority of fast ring insiders will rush to install it, there’s one very important thing to have in mind when doing so.
Kaspersky’s security software isn’t working on this particular build because of a bug and Gabe Aul, head of the Windows Insider program, confirmed this today, adding that there’s absolutely no workaround available at this moment.
“If you have Kaspersky Anti-Virus, Internet Security, or the Kaspersky Total Security Suite installed on your PC there is a known driver bug that prevents these programs from working as expected in builds from the Development Branch,” Aul explained, emphasizing that this is the kind of bug that has to be expected in an early build that’s only available to insiders opting for the fastest release.
Just switch to Windows Defender
Furthermore, Aul revealed that the Windows development team is already working with Kaspersky engineers on a fix, but for the moment, turning to a different security product is the safest way to go.
“We are partnering with Kaspersky to fix this issue for a future release, but at this time there are no known workarounds. While this issue is present, we recommend using Windows Defender or another third party anti-virus product of your choice to remain protected,” Aul said.
Windows 10 Redstone build 14271 is part of the development branch, so it’s only released to users who want to try out the latest builds compiled by Microsoft. Versions that are included in this branch are usually very buggy and this is one of the reasons why Redmond recommends users to switch to the slow ring if they don’t want to mess with critical issues that could significantly impact performance, reliability, or security.
And certainly, this bug is living proof that builds that are part of the insider program are not intended to be used on main PCs, a thing that lots of users out there are already doing.
Source
|
|
|
343 Android Apps Infected with Clickjacking Malware Found on Google Play Store |
Posted by: tarekma7 - 02-25-2016 , 02:42 AM - Forum: Security News
- No Replies
|
|
Porn Clicker Trojan strikes again, this time worse than ever
Yet again ESET researchers have found clickjacking malware in Android applications that managed to squeeze by Google's highly lauded app screening process and made their way on the official Play Store.
This particular issue is nothing new, neither to ESET or Google. Something similarly has happened three different times last year, first in April, then May, and then again in July.
Porn Clicker Trojan at the core of the issue
At the core of the issue is a malware family which the developers have named Porn Clicker Trojan. The reason behind this name is because of its behavior.
The trojan works by opening an invisible browser window and clicking on ads on pornographic websites. It does this every minute or so.
Because it does not steal any user data, log user behavior, or sends credentials to remote servers, many security firms have deemed this malware to be inoffensive since it's focused mainly on monetary gains for its operator without causing damage to the user.
Of course, there can be some cases where a user that leaves his mobile carrier Internet connection on, could see a higher bill the following month as the trojan loads and reloads smut websites in the background.
Ten new Porn Clicker-infected apps added to Play Store each week
The Porn Clicker Trojan is usually distributed as apps cloned after popular apps or free versions of commercial Android games. These apps are distributed via third-party app stores, but also via Google's Play Store.
During its most recent wave of infections, ESET's Lukas Stefanko says that the trojan's mode of operation has changed only slightly.
The trojan's new feature is a scanning function that searches the user's device for security and antivirus products. If it finds such tools, the trojan will not execute. This may also explain how the trojan passed Google's app review process.
"On average, ten new porn clickers a week bypassed Google’s security checks during this campaign," the ESET team notes. "To get a sense of the scale, porn clickers on Google Play have on average, been downloaded 3600 times each."
ESET has published the list of apps it recently detected as infected with the Porn Clicker Trojan.
Source
|
|
|
CCleaner Cloud: Even Better Than Before |
Posted by: tarekma7 - 02-25-2016 , 02:36 AM - Forum: Software Discussion
- Replies (1)
|
|
All the power of CCleaner, now available from your browser!
CCleaner Cloud is the new cloud version of the legendary application. And like the original, has all the features any regular user of CCleaner will instantly recognize, but also a number of new ones that serve only to enhance what was already a smashing little program.
Different
Perhaps the biggest difference between CCleaner, and CCleaner Cloud is the fact that the control center now runs via your internet browser. What this means, is that all of a sudden taking care of multiple computers with CCleaner need no longer be the time consuming task it used to be, especially for businesses and overworked IT departments.
Instantly familiar
The CCleaner bit of CCleaner Cloud is pretty much the same as the standard desktop version, and works in the same fashion as well, allowing you clean the registry, uninstall programs, and get rid of all the junk that Windows likes to accumulate over time.
CCleaner Cloud also allows you to monitor and manage the optimization of lots of machines. Being able to remotely install apps, clean junk files and defragment several PCs all at once from the same interface. The web interface is also highly intuitive.
Easy setup
Installing and using CCleaner Cloud is straightforward and doesn’t take much time, but you do need to create an account via the website, install the 6MB agent, and confirm the email address you gave.
I found adding the Windows computers on my network to CCleaner remotely, an easy and simple task. One of the really nice features of CCleaner Cloud is the fact that not only is the default CCleaner utility available, but there’s also ready access to Degraggler, and Speccy; two of Piriform’s other workhorse programs. Remote defragging operations worked seamlessly, including removable devices, which while maybe obvious, is still a nice touch.
CCleaner Cloud also keeps track of all the events and actions that have been performs and sends email notifications, so you have a handy history of everything you’ve done. This sounds like a simple feature, but can be incredibly powerful! For example, you can be alerted when a drive is running out space, when certain errors occur, and so on.
Compatibility
The cloud version of CCleaner also works, and can be deployed to all Windows versions back to XP SP2, though I was unable to confirm this because my old XP machine may finally just have gone to Silicon heaven. Piriform do claim to only offer limited support for Windows 10 at present, but it seemed to work flawlessly on my 2 Windows 10 laptops. The only other requirements needed are at least 512MB of RAM and a fairly recent browser.
There are three editions available, and the Free version allows you to look after 3 machines remotely. You can also gain full access to the other editions via a free 14-day trial.
Final Words:
CCleaner Cloud is a very handy and useful tool to have on your machines. Making the jump to the cloud has only served to put Piriform ahead of its rivals, once again.
You can sign up for CCleaner Cloud here.
Source
|
|
|
Chinese App Creates Another App Store Inside Apple's iOS App Store |
Posted by: tarekma7 - 02-24-2016 , 12:20 PM - Forum: Phones & Tablets News
- No Replies
|
|
Chinese devs hide app store inside an educational iOS app
The Chinese developers of an app called 开心日常英语 (Happy Daily English) have found a way to go around Apple's review process and embed a fully functional iOS app store inside their application and had it hosted on the official iOS App Store itself.
The developers of this app, a Chinese company named XY Helper, have done this by creating a fully working iOS app that exhibits two different behaviors based on the user's geographical location.
For non-Chinese users, the app would be a simple educational app that taught Chinese users English, but for Chinese users, the app would transform itself into an app store that allowed them to install rogue, pirated or cracked apps using various tricks, without requiring users to go through the side-loading process.
Double-faced behavior fools Apple's reviewers
The app got approved and added to Apple's website when the iOS App Store reviewers accessed the app, from somewhere outside China, and didn't notice anything strange, seeing its educational interface.
But as Palo Alto security researchers are explaining, this app followed all the legal procedures not to give itself away, and then installed third-party apps on user phones without triggering any alarms.
Its bag of tricks includes the re-implementation of a tiny Windows Apple iTunes client. This allowed users to download and even purchase apps from third-party stores using a realistic Apple interface.
The store-in-store app (codenamed ZergHelper by security researchers) also recorded some of Apple's Xcode IDE functions, so ZergHelper would automatically generate app development certificates, right from Apple's server. These certificates would then be used on a per-client basis to sign the rogue applications it would be installing.
For some users, the app captured their Apple IDs
The app also asked users to re-type their Apple IDs in order to generate these certificates in their names. For some users, ZergHelper reused Apple IDs so that it wouldn't attract too much attention.
On top of this, ZergHelper was coded in Lua, a programming language that allowed the developers to dynamically update the app, but without going through Apple's app review process. This technique allowed the developers to change the app's behavior without the risk of being discovered during subsequent updates, something akin to the JSPatch library.
The malicious store-in-store app existed on the official App Store from October 30, 2015, to February 19, 2016. Palo Alto says it noticed ZergHelper distributing over 50 apps rogue apps.
Source
|
|
|
Baidu Browser Acts like a Mildly Tempered Infostealer Virus |
Posted by: tarekma7 - 02-24-2016 , 12:16 PM - Forum: Security News
- Replies (1)
|
|
Baidu Browser collects user's personal information
The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.
Baidu Browser is the Chinese clone of Google Chrome, with Baidu being a Web search company in China, just like Google, and the browser a spin-off from the Chromium project, just like Google Chrome.
An intrusion of user privacy
According to Citizen Lab researchers, the browser engages in the now-obligatory habit of collecting user details, which many software and Web-based services also do, "for analytics purposes."
The problem is that the Baidu Browser collects and then sends this information via unencrypted or easily decryptable connections.
During tests, researchers say that the Android version collects data about the user's operating system, the phone's IMEI, browsing history, search terms history, the phone's last GPS coordinates, and nearby wireless networks and local MACs.
On the other hand, the Windows version also collects data like the user's search history, browsing history, MAC address, CPU model, hard disk drive model and serial number, and file system volume number.
The browser collects and sends this information on startup, when the user starts typing content in their address bar, and on any page view.
Information collection behavior narrowed down to an SDK
Obviously, this is an intrusion of the user's privacy and something you wouldn't expect your browser to be collecting. This very same behavior is often found in infostealer (information stealer) malware that's usually deployed to collect information on targets before deploying more complex threats like ransomware, Bitcoin miners, spyware, or banking trojans.
Citizen Lab researchers narrowed down the information leakage issues to a common SDK, Baidu Mobile Tongji (Analytics) SDK, used for both the Android and Windows versions.
Together with mobile security firm Lookout, the researchers identified this SDK inside 22,548 app packages. Back in November 2015, researchers from Trend Micro identified a similar Baidu SDK, which could be found in 14,112 Android apps and included features that could be abused to install backdoors on all infected devices.
Insecure updates allow MitM attacks
But Baidu Browser's issues didn't stop here. Researchers also discovered that the browser checks and downloads updates but does not use code signatures. This practice exposes users to MitM (Man-in-the-Middle) attacks that allow an attacker to send malicious files to users disguised as a Baidu update.
Researchers say that they informed Baidu of all their issues, which the company started to address through updates to both the Android and Windows version on February 14, 2016. Some information leaks are still active.
Baidu also agreed to answer a list of questions regarding the browser's behavior. The answers can be viewed here.
In May 2015, the same Citizen Lab researchers analyzed another Chinese Web browser (UC Browser) and found a slew of issues in that product as well.
Source
|
|
|
|