Average Time To Detect And Respond
Gary Miliefsky, SnoopWall CEO, and founding member of the US Department of Homeland Security announces a privacy breach posed by smartphone flashlight apps. Miliefsky has advised two White House Administrations on Cybersecurity.
He was scheduled to join us on set for Special Report, but we had to make room for breaking news. We know you were all excited to hear this story and so we brought Gary in just for The Daily Bret. Share your thoughts with us on Twitter @BretBaier or here on the blog– after hearing this story will you delete your flashlight app?
Thursday, April 24, 2014: While a great deal of time and effort is invested in designing and developing a software, it only takes a few seconds to bring it down on its knees via hacking. You might choose one of the most secure passwords (according to you, that is) for your online activities, but the fact is cracking the same is no big deal. With the right tools at hand, cracking a password can be a walk in the park. However, in all purposes, do remember the deed takes considerable risk. Do it at your own risk!
Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UNIX version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.
Transform the complexity of IT security and compliance management with SolarWinds Log & Event Manager (LEM) — powerful, easy-to-use Security Information & Event Management (SIEM) in an affordable, all-in-one virtual appliance.
L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available. Software runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
A very fast network logon cracker which support many different services.
9.John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Saurabh Singh, EFYTIMES News Network
“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS”
June 25, 2014
‘Legal malware’ produced by the Italian firm Hacking Team can take total control of your mobile phone. That’s according to Russian security firm Kaspersky Lab and University of Toronto’s Citizen Lab(which also obtained a user manual).
Operating since 2001, the Milan-based Hacking Team employs over 50 people and offers clients the ability to “take control of your targets and monitor them regardless of encryption and mobility,” while “keeping an eye on all your targets and manage them remotely, all from a single screen.”
It’s the first time Remote Control Systems (RCS) malware has been positively linked with mobile phones and it opens up a new privacy threat potential to mobile phone users.
“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS,” wrote Kaspersky researcher Sergey Golovanov.
“These modules are installed using infectors – special executables for either Windows or Macs that run on already infected computers. They translate into complete control over the environment in and near a victim’s computer. Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target – which is much more powerful than traditional cloak and dagger operations.”
Police can install the spy malware directly into the phone if there is direct access to the device, or if the owner of the phone connects to an already infected computer, according to Wired.
Various softwares can also lure users to download targeted fake apps.
Once inside an iPhone, for instance, it can access and activate all of the following: control of Wi-Fi, GPS, GPRS, recording voice, e-mail, SMS, MMS, listing files, cookies, visited URLs, cached web pages, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.
While the malware can be spotted by some of the more sophisticated anti-virus software, it takes special measures to avoid detection – such as “scouting” a victim before installation, “obfuscating”its presence, and removing traces of its activity.
Hacking Team has maintained that its products are used for lawful governmental interceptions, adding that it does not sell items to countries blacklisted by NATO or repressive regimes.
Wired reported that there have been cases where the spying apps were used in illegal ways in Turkey, Morocco, and Saudi Arabia.
Citizen Lab discovered spying malware hiding in a legitimate news app for Qatif Today, an Arabic-language news and information service that reports on events in Saudi Arabia’s eastern Qatif region. It also argued that circumstantial evidence pointed to Saudi Arabia’s government using the spying malware against Shia protesters in the area.
“This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments. An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats for those with access to Hacking Team and Gamma Group toolkits,” Citizen Lab said in its report.
Hacking Team controls the spying malware remotely via command-and-control servers. Kaspersky has discovered more than 350 such servers in more than 40 countries. A total of 64 servers were found in the US – more than in any other country. Kazakhstan came in second, with a total of 49 servers found. Thirty-five were found in Ecuador and 32 in the UK.
Malware is a menace, and it’s gaining prominence with each day.
Tuesday, May 13, 2014: Hackers today are not only becoming increasingly successful in finding new ways to break into computers, but achieving a one hundred per cent success rate at the same time. Cybersecurity firms are witnessing a rampant multiplication of cyberattacks categories that now range from malware and spyware to highly sophisticated breaches directed towards large businesses/enterprises. Today we bring you a list of 8 free tools to get rid of malware.
Anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user’s computer.
2.Emsisoft Emergency Kit
The Emsisoft Emergency Kit contains a collection of programs that can be used without software installation to scan for malware and clean infected computers.
3.Norman Malware Cleaner
This simple and user friendly tool not only detects malicious software but also removes them from your computer. By downloading and running the program it will clean an infected system completely.
Shareware which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications. Although it can detect malware, SUPERAntiSpyware is not designed to replace antivirus software.
Spybot Search & Destroy is a set of tools for finding and removing malicious software. The immunisation feature preemptively protects the browser against threats. System scans and file scans detect spyware and other malicious software and eradicates it.
Executable software, intended for users with advanced computer skills to run it only on occasions where a regular antivirus would not detect certain malware, or where an antivirus cannot update or otherwise function.
7.Microsoft Security Scanner
Free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Made by Malwarebytes Corporation, it was first released in January 2008 and is available in a free version, which scans for and removes malware when started manually.
Saurabh Singh, EFYTIMES News Network
Monday, April 21, 2014: With all the Windows XP end of life fiasco now well behind us, Linux is the preferred choice for individuals and organisations alike around the world. While Linux Mint has the same look and feel as XP, Ubuntu’s recent LTS release boasts of tremendous functionality and a seamless user interface. Likewise, the world of Linux and Open Source has a lot to offer when it comes to providing you with a good alternative to the famed XP. Here are 30 Linux Operating Systems making headlines.
The purpose of Linux Mint is to produce a modern, elegant and comfortable operating system which is both powerful and easy to use. Started in 2006, Linux Mint is now the 4th most widely used home operating system behind Microsoft Windows, Apple Mac OS and Canonical’s Ubuntu.
Ubuntu is a Debian-based Linux operating system, with Unity as its default desktop environment (GNOME was the previous desktop environment).
Zorin OS is a multi-functional operating system designed specifically newcomers to Linux. It is based on Ubuntu which is the most popular desktop Linux operating system in the world.
MEPIS is a set of Linux distributions, distributed as Live CDs that can be installed onto a hard disk drive. The most popular MEPIS distribution is SimplyMEPIS, which is based primarily on Debian stable. It can either be installed onto a hard drive or used as a Live CD, which makes it externally bootable for troubleshooting and repairing many operating systems. It includes the KDE desktop environment.
Manjaro is a user-friendly Linux distribution based on the independently developed Arch operating system. Manjaro provides all the benefits of the Arch operating system combined with a focus on user-friendliness and accessibility. Available in both 32 and 64 bit versions, Manjaro is suitable for newcomers as well as experienced Linux users.
PCLinuxOS is distributed as a LiveCD, and can also be installed to your computer. The LiveCD mode lets you try PCLInuxOS without making any changes to your computer. If you like it, you can install the operating system to your hard drive. Locally installed versions of PCLinuxOS utilise the Advanced Packaging Tool (or APT), a package management system (originally from the Debian distribution), together with Synaptic, a GUI frontend to APT for easy software installation.
Mageia is a Linux computer operating system, distributed as free and open source software. It is forked from the Mandriva Linux distribution.
OpenMandriva Lx is an exciting free Desktop Operating System that aims to cater to and interest first time and advanced users alike. It has the breadth and depth of an advanced system but is designed to be simple and straightforward in use.
Kubuntu is an operating system built by a worldwide team of expert developers. It contains all the applications you need: a web browser, an office suite, media apps, an instant messaging client and many more.
Netrunner is a KDE focused, complete OS. It comes in two variants, one is built on Kubuntu/Debian (Main/Standard Release), one is built on Manjaro/Arch (Rolling Release).
Point Linux is a GNU/Linux distribution that aims to combine the power of Debian GNU/Linux with the productivity of MATE, the Gnome 2 desktop environment fork. Point Linux provides an easy to set up and use distribution for users, looking for a fast, stable and predictable desktop.
Originally based on Gentoo Linux in 2005, Korora was re-born in 2010 as a Fedora Remix with tweaks and extras to make the system “just work” out of the box.
Sabayon Linux or Sabayon (formerly RR4 Linux and RR64 Linux), is a Gentoo-based Linux distribution created by Fabio Erculiani and the Sabayon development team. Sabayon follows the “out of the box” philosophy, aiming to give the user a wide number of applications ready to use and a self-configured operating system.
Trisquel (officially known as Trisquel GNU/Linux) is a Linux operating system based on the Ubuntu Linux distribution. The project aims for a fully free software system without proprietary software or firmware and uses Linux-libre – a version of the Linux kernel with the non-free code (binary blobs) removed.
Knoppix, or KNOPPIX is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. Knoppix was developed by Linux consultant Klaus Knopper.
Lubuntu is a fast and lightweight operating system developed by a community of Free and Open Source enthusiasts. The core of the system is based on Linux and Ubuntu . Lubuntu uses the minimal desktop LXDE, and a selection of light applications.
Peppermint Linux OS is a cloud-centric OS based on Lubuntu, a derivative of the Ubuntu Linux operating system that uses the LXDE desktop environment.
Xubuntu is an elegant and easy-to-use operating system. Xubuntu comes with Xfce, which is a stable, light and configurable desktop environment.
Elementary OS is a Linux distribution based on Ubuntu. It makes use of a desktop with its own shell named Pantheon, and is deeply integrated with other elementary OS applications like Plank (a dock based on Docky), Midori (the default web browser) and Scratch (a simple text editor).
Puppy Linux operating system is a lightweight Linux distribution that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 130 MB, allowing the boot medium to be removed after the operating system has started.
Bodhi Linux is a Linux Distribution leveraging the fast, customisable, and beautiful Enlightenment Desktop. Enlightenment coupled with a minimal set of utilities such as a browser, text editor, and package management tools form the solid foundation of Bodhi Linux.
Linux Lite is free for everyone to use and share, and is suitable for people who are new to Linux or for people who want a lightweight environment that is also fully functional. Linux Lite is also great for reviving that old laptop or desktop you gave up on a few years back.
AntiX is a fast, lightweight and easy to install linux live CD distribution based on Debian Testing for Intel-AMD x86 compatible systems. It offers users the “antiX Magic” in an environment suitable for old computers.
24.Damn Small Linux (DSL)
DSL was originally developed as an experiment to see how many usable desktop applications can fit inside a 50MB live CD. It was at first just a personal tool/toy. But over time Damn Small Linux grew into a community project with thousands of development hours put into refinements including a fully automated remote and local application installation system and a very versatile backup and restore system which may be used with any writable media including a USB device, floppy disk, or a hard drive.
CrunchBang is a Debian GNU/Linux based distribution offering a great blend of speed, style and substance. Using the nimble Openbox window manager, it is highly customisable and provides a modern, full-featured GNU/Linux system without sacrificing performance.
Fedora is a Linux-based operating system, a collection of software that makes your computer run. You can use Fedora in addition to, or instead of, other operating systems such as Microsoft Windows or Mac OS X.
The CentOS Linux distribution is a stable, predictable, manageable and reproduceable platform derived from the sources of Red Hat Enterprise Linux (RHEL).
SUSE is the original provider of the enterprise Linux distribution and the most interoperable platform for mission-critical computing. It’s the only Linux recommended by VMware, Microsoft and SAP. And it’s supported on more hardware and software than any other enterprise Linux distribution.
openSUSE is a general purpose operating system built on top of the Linux kernel, developed by the community-supported openSUSE Project and sponsored by SUSE and a number of other companies.
Edubuntu, also previously known as Ubuntu Education Edition, is an official derivative of the Ubuntu operating system designed for use in classrooms inside schools, homes and communities. Edubuntu has been developed in collaboration with teachers and technologists in multiple countries. Edubuntu is built on top of the Ubuntu base, incorporates the LTSP thin client architecture and several education-specific applications, and is aimed at users aged 6 to 18.
Saurabh Singh, EFYTIMES News Network