Monday, July 29, 2013

Deal of the Week: Acer Iconia Tablet A700-10k32u for only $349!

Acer ICONIA Tab 700-10k32u - Tablet - Android 4.0 - 32 GB - 10.1" TFT ( 1920 x 1200 ) - rear camera + front camera - USB host - microSD slot - Wi-Fi, Bluetooth - black

Lightweight and smaller than a magazine, the ICONIA TAB A Series is very easy to carry. It runs on the tablet-tailored Android operating system, and sports a capacitive multi-touch display with smart divisions that open up more possibilities for interaction.  Enjoy a touch experience!

This lightweight tablet weighs only 1.5 lbs, and still offers 10.5 hours of battery life and features such as:

  • 1GB DDR2 RAM

  • 32GB e-MMC

  • MicroSD card reader

  • 802.11b/g/n WLAN and Bluetooth

General Specifications

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

Call (619) 325-0990 to order Acer INONIA Tablet today!


Buy of the Week offer valid through August 2, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

HzO WaterBlock is waterproofing everything!

[caption id="attachment_11475" align="aligncenter" width="600"] Photo Credit:[HzO][/caption]All the panic attacks from damaging your phone because a couple droplets of water touched your smartphone will no longer exist.  This new WaterBlock technology called HzO is waterproofing everything.  This technological advancement is a game changer.

Click here to view a video provided by FoxBusiness.com

This simple spray makes your cellphone, tablets, shoes, clothes, and just about everything you can think of water resistant.  HzO is a nano-coating that protects even the smallest electronics on the inside.  The WaterBlock technology defends against any moisture at the molecular level.  The product attaches to the circuits in devices and repels liquids away.  The HzO doesn't add any weight nor does it affect the performance of your device.

Not for consumers


The HzO is not for consumers, HzO is something device makers are going to start to incorporate into the manufacturing processes. HzO is soon appearing in gadgets from NavELite, putting it in the luxaury TAG Heuer smartphone. This special liquid blocking technology began for emergency response communications equipment that could function in maritime environments. This waterproof equipment would save thousands of lives, since electronic devices would never fail from water damage. In 2009, ZAGG had a vision of protecting electronics and other commercialized technology with the HzO solution.

Gorilla Glass


[caption id="attachment_11476" align="alignright" width="270"] Photo Credit: [cnet News][/caption]Gorilla Glass is another alternative to check out for protecting your smartphones. Although this isn't a waterproof protect ant, the Gorilla Glass is 8 to 10 times more resistant than normal smartphone screens. According to Corning, consumer complaint rates are more than twice as high for scratches on touch-screen notebooks than for scratches used for other mobile devices.   Dell is the first one in line to sign up for installing the Gorilla Glass this fall.

So relief is on the way...spending hundreds for your smartphone will be safer than ever. Clumsy mistakes, won't be so crucial to the life of your gadgets anymore.

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:

New Gorilla Glass protects touch-screen notebooks - c|net
http://news.cnet.com/8301-1001_3-57595779-92/new-gorilla-glass-protects-touch-screen-notebooks/
July 29, 2013

HzO WaterBlock Technology
http://www.hzoinside.com/

HzO Makes Your Smartphone Waterproof... on the Inside - Mashable
http://mashable.com/2013/01/09/hzo-waterblock/
Jan 9, 2013

Waterproof Phones a Must Have in 2013 - Fox Business
http://video.foxbusiness.com/v/2080938609001/waterproof-phones-a-must-have-in-2013/
Jan 8, 2013



Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Friday, July 26, 2013

Pelosi Saves NSA Phone Metadata Program!

The NSA's spying program was almost terminated by congress until San Francisco Representative Nancy Pelosi stepped up and saved it.  Nancy Pelosi, California's 12th district saves the NSA phone metadate program.  Pelosi worked to kill the Amash amendment to the 2014 Defense Appropriations Bill.  The Amash's amendment took away the funds of the NSA's domestic phone record program, which collects metadata on all called within the United States.

The slim margin of 205 to 217 almost passed.  Rep. Pelosi worked undercover to convince numerous Democrats to vote against the amendment.

Foreign Policy


Map of San Francisco
Foreign policy also know as foreign relations, consists of interest strategies chosen by the state to safeguard it's national interests and to achieve its goals within the international relations millieu. - Wikipedia

According to Foreign Policy, a Democrat told publication, "Pelosi had meetings and made a plea to vote against the amendment.”

The aide also said the "“Pelosi had a big effect on more middle-of-the road hawkish Democrats who didn’t want to be identified with a bunch of lefties” in their favor was the gutting of funding that the NSA insists is key to protect the national defense.

Not surprisingly, the Democrat in favor of the NSA's surveillance programs, managed to split the Congresses decision in half.  Although, this split was not along the norm of party lines.  Both of the parties; Democrats and Republicans voted for as well as against the amendment.  Rep. Pelosi's district does make her vote and lobbying efforts very curious.  Nancy Pelosi is the single representative of San Francisco, which holds a large industry of technology and it's occupants.

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:

Hey San Francisco, Your Rep. Pelosi Saved The NSA Phone Metadata Program - TechCrunch
http://www.hyphenet.com/blog/pelosi-saves-nsa-phone-metadata-program/



Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Wednesday, July 24, 2013

Sandboxes Application Attacks: System Keeps on Advancing

[caption id="attachment_11397" align="alignleft" width="300"]Pad Lock Internet Image courtesy of [Ventrilock] / FreeDigitalPhotos.net[/caption]In computer security, a sandbox is the surveillance structure for separating running programs.  Sandbox's are used to execute untested code, or suspicious programs from unknown third-parties, suppliers, and untrusted uses and websites.  Sandbox applications are on the attack and malware systems keep advancing outsmarting these applications.  Sandbox applications usually isolate threats and protect endpoints from malware attacks, the protection is not forceful enough against advanced malware attacks.

Rahul Kashyap, chief security architect of Bromium stated, "Outlined threat vectors sandboxes could not effectively block in a Pen-Tester's Perspective".  Not to say these sandboxes are not working, but pointing out the fact that people look at these sandboxes as fail-proof, so other security measures are often not considered.

It's as if a dead bolt lock on the front door of your home is going to keep all away.  Even if there is a home security alarm installed, burglars can still enter and rob you.
Attack type spreadsheet


The Attack


Bromium labs grouped these attacks into two categories:

  • One that bypasses the complete sandbox

  • One that exploits to succeed without breaking the sandbox

The bypass techniques focus on exposing Windows OS and the sandbox itself.  The other includes post-exploitation scenarios, like keylogging, remote access, hijacking contents, screen scraping, stealing files, and getting into networking shares.

IT and network administrators shouldn't rely completely on sandboxes.  Administrators should continue to practice other security options to keep systems from vulnerabilities.   Executing malware within a sandbox is not safe, because malware is sophisticated enough to do severe damage to systems.

 Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:
Application Sandboxes Won't Stop Advanced Attacks: Research - Security Week
http://www.securityweek.com/application-sandboxes-wont-stop-advanced-attacks-research
July 24, 2013

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Tuesday, July 23, 2013

Viber Gets Attacked By Electronic Syrian Army


Viber Syrian Hack

Viber's online help desk, an instant-messaging and VoIP service was phished by pro-Syrian hackers. They claimed to have accessed e-mail addresses, phone numbers, and other personal information belonging to the company's users and employees.

Viber has confirmed the situation in which they have been hacked by the Syrian Electronic Army.  This is a pro-government group of hackers in Syria aligned with the President Bashar al-Assad.  AppleSpot reported the hack affected the Viber support page, although it was very unclear to the extent upon which hackers accessed Viber systems.

Viber has now verified that the only hack allowed access of two small systems.  One being a customer support panel and the other a support administration system.  According to the company's official response, "no sensitive user data was exposed and Viber's databases were not 'hacked'." Viber did not attest weather or not the attack cam from the Syrian Electronic Army, though the hacker group does take responsibility for the compromise. Viber did claim the hack was the product of a phishing attack that was pinpointed on one of their employees.


Viber's Story


Viber is a system that allows user to send free text mesages, photo messages, video messages and share locations with other users. Viber users can make free HD-quality calls to other Viber users on iPhone, Android, Windows Phone, Blackberry, Windows, Mac, and many other devices. There are more than 200 million users in over 193 countries, Viber is repeatedly evolving by introducing new platforms and adding new features to gain popularity.

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:
Viber Attacked By Syrian Electronic Army - TechCrunch
http://techcrunch.com/2013/07/23/viber-attacked-by-syrian-electronic-army/
July 23, 2013

Viber’s online help desk sacked by pro-Syrian hackers - arstechnica
http://arstechnica.com/security/2013/07/vibers-online-help-desk-sacked-by-pro-syrian-hackers/
July 23, 2013

Buy of the week: Dell OptiPlex 9010 AIO (All-in-One) for only $957!

Dell_Optiplex_9010_Lanikai_Slvr_Front_432x258_L5Your business needs a desktop which will handle the toughest jobs. Guarantee long-term dependability with the powerful, serviceable holler OptiPlex™ all-in-one desktop. OptiPlex desktops are subjected to extremely Accelerated Life testing to assist offer long product life.

Push the boundaries of process power with Intel® Core™ i5 or Intel® Core™ i7 processor choices, giving associate degree automatic burst of speed once required due to Intel® Turbo Boost Technology two.0.

Collaborate and share knowledge through voice over IP information processing (VoIP)3 and Microsoft® Lync. The all-in-one choices embody wireless computer network, Bluetooth® and gigabit LAN for effective communications. Add a lot of flexibility with the multi-touch all-in-one possibility, giving associate degree facilitative rotating camera and interface support.



Dell Optiplex

Call (619) 325-0990 to order a Dell OptiPlex 9010 Projector today!

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

Buy of the Week offer valid through July 26, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Friday, July 19, 2013

Microsoft Warns: Children are the enemy

Child playing game on phoneChildren today rely on technology to play these days.  They are watching TV on their tablets, playing games on the iPad, and surfing the internet as young as 2yrs old.  Children like pushing buttons and bright lights so why would we think they would much rather sit and read a book when there are interactive games and book that entertain at a much higher level.   Children at a very young age are uploading pictures and navigating through various pages of the internet.  This is why Microsoft is warning us to be careful of letting them run free when surfing the net.  Click, click, and a click can lead to disaster giving up our personal information to malicious malware.

Security and privacy issues are approached when children have keener senses, better motor skills and are more knowledgeable  when it comes to computers.


Pre-school children should learn to get to grips with technology and its problems, argues David Harley, ESET Senior Research Fellow.

Children under the age of 5 use the internet on a regular basis.  A survey of 1,100 mothers on Netmums found that one in eight (12.8%) said their son or daughter was two or younger when they first went online.   My son always liked to use my iPhone to look at pictures.  I watched him scroll through my Groupon App looking at pictures of exotic destinations, restaurants, and pretty girls.  Then he clicked on an image of a woman with heavy colorful eye makeup and long eyelashes.  Before I could take the phone away from him, with two more touches of the screen, he bought a pair of $280 Mink eyelashes!  I couldn't believe it!Baby with laptop

When we start browsing the web and see potentially dangerous websites that looks full of Malicious malware, our first reaction is to get away as quickly as possible.  Microsoft knows the potential threat of children unknowingly  submitting our computers  to cybercriminals and thieves alike.


Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:

Children are “the enemy” of good IT security, Microsoft researcher warns - WeLiveSecurity
http://www.welivesecurity.com/2013/07/18/children-are-the-enemy-of-good-it-security-microsoft-researcher-claims/


Parents need to teach pre-school children to use the internet safely - WeLiveSecurity

http://www.welivesecurity.com/2013/05/03/parents-need-to-teach-pre-school-children-to-use-the-internet-safely/

Images courtesy of [Tina Phillips, imagerymajestic ] / FreeDigitalPhotos.net

Thursday, July 18, 2013

Comic-Con Scams

Comic-Con is back, and everyone is scurrying to get their hands on sold out tickets. Comic-Con International: San Diego is a four-day event showcasing comic books, science fiction/fantasy movies/tv, and pop culture arts of it's nature. Booths are set up in themes of horror, animation, fantasy, and everything else sci-fi techies would want to dalliance in. Comic-Com San Diego

More than 1000,000 specimen attend the event, each year the number raises. Major stars are now showing up at this event, gaining huge popularity for the Comic-Con charade. Tickets are hard to come by for this extravaganza. Usually they are sold out well before the engagement. "There are people that have been living in San Diego their entire life, want to go to comic-con, and have never been able to get a ticket," says Sheryl Reichert, with the Better Business Bureau.

The tickets seem harder and harder to come by every year. Calling into popular radio shows are a great way to get your hands on tickets days before the premier.

Be Warned


The Better Business Bureau (BBB) is warning everyone to be careful whom they purchase tickets from. Don't buy tickets from strangers, especially strangers selling them online, like Ebay and Craigslist. If someone is saying they are reselling tickets on the behalf of comic-con is probably lying.

The SDCC Facebook page claim there are people claiming to be convention workers and selling other badges for discounted prices. Do not trust these people. If you haven't purchased your ticket already, don't look desperately into the scam artist wanting to sell you that golden ticket.

Here are some tips to keep in mind:

  • Comic-Con never mails tickets

  • Comic-Con doesn't have advanced ticket sales

  • You may always return a ticket for a refund

  • There are thieves lurking at the event
Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.



References:

Better Business Bureau warns of Comic-Con scams - NECN
http://www.necn.com/07/18/13/Better-Business-Bureau-warns-of-Comic-Co/landing.html?blockID=846793&feedID=11106
July 18, 2013
Comic-Con Ticket Scam Claims Permission to Change Badge Names - The Convention Fans Blog
http://conventionfansblog.com/2011/06/10/comiccon-ticket-scam-claims-permission-to-change-badge-names/

Wednesday, July 17, 2013

Yahoo: $5 Billion Share Buyback Program


Yahoo has released its  Q2 earnings, and a this have given everyone the answer they are waiting for — yes, Yahoo still has plenty of cash to pursue more acquisitions.  This all lies in the company’s share buyback program. “During the second quarter of 2013 Yahoo repurchased 25 million shares for $653 million,” here is the release for this.  Those are part of a bigger $5 billion program.  These shares can be reissued and sold for cold cash any day.

Last September 2012, Marissa Mayer decided to sell 40 percent of Yahoo’s stake in Alibaba for $7.6 billion.  $3.65 billion was put aside to reinvest in Yahoo shares, giving that the company has confidence in its own future.


“We are happy to announce that as of today we have essentially completed our commitment to return $3.65 billion from our Alibaba Group proceeds to shareholders, repurchasing a total of 190 million shares,” wrote CFO Ken Goldman in today’s earnings release.



Yahoo will be growing further and  further.  It has a $5 billion share buyback authorization with the SEC and it will be planning on using this authorization in full.  Reports of the disappearance of Yahoo’s cash after the $1.1 billion Tumblr acquisition have been greatly exaggerated.  Yahoo bought Tumblr for $1.1 billion in mostly cash in hopes that it will continue to grow and define it's image as a mega company with social influence.  Tumblr has 300 million monthly unique visitors and is expecting to have a growth in traffic of %20.

If you are not familiar with a stock buyback program, the stock can either be canceled or reissued at a later date.  If it is reissued it is a big win for the company because the existing shares are not over saturated and the new shares just keep the same stock number, just like it was before.

Yahoo if very confident that there is no better investment than its own stock.  Yahoo ever so slightly raises the price of existing shares as there are less outstanding shares.



Yahoo Shares


Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


References:

With Its $5 Billion Share Buyback Program, Yahoo Still Has A Big Pile Of Cash For Acquisitions - TechCrunch
http://techcrunch.com/2013/07/16/with-its-5-billion-share-buyback-program-yahoo-still-has-a-big-pile-of-cash-for-acquisitions/

Yahoo! Reports Second Quarter 2013 Results - Yahoo
http://finance.yahoo.com/news/yahoo-reports-second-quarter-2013-200500159.html

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: ViewSonic PJD5134 DLP projector - 3D for only $370!


Tech Data Description:  SVGA DLP PROJ 2800LUM 15000:1 CR HDMI 3DViewsonic Projector

ViewSonic PJD5134 - DLP projector - 3D - 3000 lumens - 800 x 600 - 4:3

The PJD5134 is a high-performance SVGA 800 x 600 DLP projector with 3000 ANSI lumens and 15000:1 contrast ratio. This projector is packed with features including HDMI, DynamicECO, multiple PC and video input options, 1.1x optical zoom, keystone correction and integrated speakers. With its HDMI input, the PJD5134 can display 3D content directly from a 3D Blu-ray player. Presenters can put the PJD5134 in "standby" mode reducing brightness down to 30% with DynamicECO technology when they need to shift audience's focus without restarting the projector. Filter-less design and energy-saving eco mode provide for virtually zero maintenance and enhanced product reliability. The PJD5134 portable design is ideal for tabletop use or mounting on a ceilingin both classrooms and corporate offices.

 

Quick Specifications


- 3000 ANSI lumens for clear and bright images

- BrilliantColor technology provides exceptional display quality

- Maintenance free, filter-less design

- Long-lasting reliable picture quality and superior color performance

- 3D Blu-ray ready with HDMI

- 6-segment color wheel design, auto source detection, support HD signals and integrated speaker

- DynamicEco technology for total control of audience's focus

- PC 3D ready and up to 120 Hz refresh rate powered by DLP Link technology

- Eco-mode saves money and power

- Small and light for easy mobility

 

Call (619) 325-0990 to order a ViewSonic 3D Projector today!


Buy of the Week offer valid through July 21, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Google, Microsoft, Yahoo Fight off Piracy





How many times do you get click happy when surfing the net and realize you’ve probably clicked on one too many eye catching ads? Google, Microsoft, and Yahoo are well know surf engine hubs we use everyday. Do you think these engines have made their mark by practicing ethical and straightforward methods? Maybe they veered off course a little, but times are a changing! I guess they can’t babysit every user with product…

The leading advertising companies have come up with a new plan to fight off sites that trade in pirated materials and counterfeit products.  AOL, Google, Microsoft, and Yahoo have decided to start “best practices for ad networks to address piracy and counterfeiting.”   The plan is created in cooperation with the Obama Administration, and allows the copyright stakeholders to cease supply ads that engage in copyright piracy or selling bogus goods.

Google Piracy

Usually websites rely on advertising to generate revenue.  What the companies are not happy about is where these ads are showing up.   This could lead to a poor image reflection upon the company.   Company’s have to be very careful in this situation,  negative marketing can easily ruin a businesses brand.

Best PracticesThe best practices have no specifications if copywriters are subject to any kind of false claims. Advertising networks usually don’t get into business with their advertising clients, so this is understandable. The Digital Millennium Copyright Act (DMCA), makes it easy to casually censor the Internet. Copyright holders file complaints with the advertising networks, when they believe their work is being exploited.

Piracy SourcesOnline advertising industries and pirated film, music and video content is evidence of the economic correlation between the ad agencies and phony content. Google and Yahoo are ranked at the top of the list for having the most online ads on pirated sites. These pirated ads rack up millions of dollars for these mega companies.

It makes you think twice about carelessly searching, doesn’t it?

References:
Tech companies try to put a chokehold on ad-supported piracy – PCWorld
http://www.pcworld.com/article/2044410/tech-companies-try-to-put-a-chokehold-on-ad-supported-piracy.html
Published July 15, 2013

Keen On… Piracy: How Online Ad Networks Are Supporting The Major Pirate Movie And Music Sites [TCTV] – TechCrunch
http://techcrunch.com/2013/01/03/keen-on-piracy-how-online-ad-networks-are-supporting-the-major-pirate-movie-and-music-sites-tctv/
Published Jan. 3, 2013

Image courtesy of [Stuart Miles] / FreeDigitalPhotos.net

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.



Friday, July 12, 2013

Android gets Attacked: Breaking Cryptographic Singnatures

The weakened Android apps allow hackers to break signatures


Android's vulnerability has affected more than a million devices allowing attackers to turn reliable apps into Trojan programs.   The Android app records digital signatures of applications and installs it into a sandbox when created.  The updates for the app are cryptographically signed by the same author in order to verify that they haven't been adjusted.  Researchers from the mobile security association Bluebox Security released the threat of the vulnerability that verifies digital signatures from the Android and allows attackers to modify them without breaking the signature code.  This has apparently been going on for the past four years!



Infected Android Apps

Tricky Tricky


Android's record digital signatures to match other signatures so it can verify that they came from the same author.  The Android security model ensures sensitive data is being stored by an application in its sandbox can be accessed by the latest versions of that application that are signed with the primary author's key.  So the attackers add malicious code to the already signed APKs and it doesn't break their signatures.

The Android security model safeguards the susceptible data stored by one application in its sandbox and can only be viewed by new versions of that application that are signed with the author's archetypal key.  The transparency of the Bluebox allows assailants to gain full access and manipulate signatures then using them for distributing Trojan apps, sending them via email, uploading them to a third-party app store, hosting them on any website, and copying them to the intended devises via USBs.

Pau Oliva Fora, a mobile security engineer who works at security firm ViaForensics, developed a proof-of concept Linux shell script that can be benefited by modifying an app in a way that exploits the flaw. This code operates with the APKTool program and was released this past Monday on Github.


"It's a problem in the way Android handles APKs that have duplicate file names inside," Oliva Fora said Tuesday via email. "The entry which is verified for signature is the second one inside the APK, and the entry which ends up being installed is the first one inside the APK -- the injected one that can contain the malicious payload and is not checked for signature at all."


Response from Google


Google made changes to Google Play to make sure it detects apps modified and patches it up, sharing the information with device manufacturers.  Users who install applications from sources other than Google Play is known as sideloading, this is an action potentially vulnerable to being tampered with.  However, if an adversary manually installs malicious updates for an app, it will be replaced and the new version will no longer interact with the app store.

It's confirmed that the third party device,  Samsung Galaxy S4, has the solution at bay.   Google is now working on arranging the Nexus devices, although nothing is completed.

The gradual distribution of patches in the Android ecosystem has been criticized by both security researchers and Android users.  Duo Security reported, the statics gathered through it's X-Ray Android  poor assessment app, more than half of Android devices are vulnerable to at least one of the known Android security flaws.

It's good to check the apps before you install them, do some research and look at the reviews.

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

Vulnerability allows attackers to modify Android apps without breaking their signatures - C World
http://www.pcworld.com/article/2043610/vulnerability-allows-attackers-to-modify-android-apps-without-breaking-their-signatures.html
July 3, 2013

Proof-of-concept exploit available for Android app signature check vulnerability - ComputerWorld
http://www.computerworld.com/s/article/9240645/Proof_of_concept_exploit_available_for_Android_app_signature_check_vulnerability
July 9, 2013

Researchers find another Android attack that can get past signature checks - InfoWorld
http://www.infoworld.com/d/mobile-technology/researchers-find-another-android-attack-can-get-past-signature-checks-222532
July 11, 2013

Quick & dirty PoC for Android bug 8219321 discovered by BlueboxSec - GitHub
https://gist.github.com/poliva/36b0795ab79ad6f14fd8
July 8, 2013



Image courtesy of [emptyglass] / FreeDigitalPhotos.net

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, July 11, 2013

Can you stop the NSA?

Microsoft and Skype Hand Over your Personal Information


image of person messaging another personDo you assume your Skype call is just between you and the person on the other side of the screen?  Think a little bit before you answer.   If you thought you had to sign a disclaimer for your audio or video to be released, that's just for the Joe Schmo next door.

The National Security Agency (NSA) is obtaining content of emails and video chats from Microsoft and Skype.  Even though Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."  These corporations are giving U.S. spy agencies everything they have with no question.  I mean, what can they really do?  These are the "Big Boy's" right?  It's not very clear if the data was intended towards specific subjects but the NSA is taking it all and hopefully for a good reason.  The documents indicate that the NSA doesn't need any kind of warrant for these requests.


"The NSA reportedly had access to pre-encrypted data, "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."



Apparently the NSA is very happy with the clarity of Skype's wiretap call quality.  Skype allows you to:  make calls to mobiles and landlines, have up to 10 video group calls at once, instant voice and text messaging, and share photos, videos, and files of any size.  Google and Yahoo are in a dispute with the NSA on knowing exactly what information is needed in order to answer questions from their users on the situation.

A document reported that the agencies do not need to specifically request the information from Microsoft, Apple and other Head Honcho companies.  Special Source Operations (SSO) .  NSA leaker Edward Snowden called the SSO the "crown jewel" of the NSA monitoring apparatus. -TechCrunch

The NSA was originally distressed with the ability to get around Microsoft's encryption for their web chats on Outlook.com.  Several months later Microsoft gave them a workaround so the decryption tactics came much easier.  Microsoft worked with the NSA to have access to communication between user on Skype, SkyDrive, Cloud-base, Hotmail, and Outlook data servers.

This 4th Amendment violation in our eyes is enough "probable cause" in the NSA's eyes to review and research our chats and phone calls for the rest of our lives.

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Images courtesy of [digitalart,Master isolated images] / FreeDigitalPhotos.net

References:

Report: Skype And Microsoft Handed Over Video And Emails To NSA
http://techcrunch.com/2013/07/11/report-skype-and-microsoft-handed-over-video-and-emails-to-nsa/
Published July 11, 2013

NSA's PRISM Given Access To Microsoft's Encrypted Data
http://www.redorbit.com/news/technology/1112895766/microsoft-gave-nsa-prism-special-access-encrypted-data-071113

Video Waivers and Releases For Recording People On Video: Legal FAQs
http://www.reelseo.com/video-waivers/

National Security Agency, Central Security Service
http://www.nsa.gov/index.shtml

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, July 10, 2013

America's Building Serious Cybersecurity Framework

Fighting Cyber SecurityEveryday in this country we rely on infrastructures to get us from point A to B.  The bridge we cross to get to work, the elevator we take to get to the doctors and the school we take our children to for their education and

refinement.  Critical infrastructures are made up of bridges, power supply, medical facilities, telecommunications networks, and more.   More so now, we rely on cyber infrastructures like working on our laptop from home to have a business meeting.  Or Skyping with the grandparents that are across the country so they can see how big their grandchildren are getting.

In this day, the critical infrastructure relies on digital systems of calculation and communication, most widely known as "cyber."  We've all heard of those cyber criminals hacking into our computers.  Gather our personal information, getting into our emails, stealing our identity.  Our cyber infrastructure is under attack and it seems like no one knows what to do about it or how to stop it.  We are helpless and lost, our computers are being invaded with malware and viruses while we watch.  No worries though,  America is taking charge and building a critical infrastructure cybersecurity framework.

 

Land of the Great


In February, President Obama issued an executive order to improve cybersecurity.  He intends to promote better protection of the country's infrastructure from cyber attacks that are growing in our economy and national security.  This week, that executive order is taking place here in San Diego-home of ESET North America at the University of California, San Diego (UCSD) and the National Health Information Sharing and Analysis Center (NH-ISAC) are hosting the 3rd Cybersecurity Framework Workshop today July 10 until Friday, July 12, 2013.  The intent is to work with stakeholder to organize a voluntary framework for reducing cyber risks.

 
Executive Order 13636, Improving Critical Infrastructure Cybersecurity, has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructures. This cybersecurity framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. - National Institute of Standards and Technology (NIST)

 

The San Diego event will have sessions that go into the depths of cybersecurity functions and it's workings.

  • Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals

  • Prevent – Categories of management, technical, and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.

  • Detect –Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.

  • Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.

  • Recover – Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.


The next chapter is to observe the key categories and subcategories for the above functions.  They will examine the standards, guidelines, and practices for each suite and lower groups alike.  The US business and government agencies are hyper focusing on criminal hacking attacks and acts of cyber warfare, which is believed to be the work of state sponsored foreign agencies and home-grown hacktivist groups.   Online registration for the San Diego workshop is closed and already under way.  You may still register today at Madneville Auditorium, University of California, San Diego, 9500 Gilman Drive, La Jolla, California.

So know that America is seeing this epidemic of cyber criminals on the rise and we are doing something about it.  We are taking charge and fighting.

 

Image courtesy of [Victor Habbick] / FreeDigitalPhotos.net

References:
A cybersecurity framework to protect digital critical infrastructure
http://www.welivesecurity.com/2013/07/08/a-cybersecurity-framework-to-protect-digital-critical-infrastructure/
Published July 8, 2013

3rd Cybersecurity Framework Workshop, July 10-12, 2013, San Diego, CA
http://www.nist.gov/itl/csd/3rd-cybersecurity-framework-workshop-july-10-12-2013-san-diego-ca.cfm

Monday, July 8, 2013

What Jay-Z and Beyonce don't want to share with you.

jay z hackedThe list of top celebrities and important political figures keep growing as their financial information is being compromised.  Jay Z, Beyonce, Britney Spears, Donald Trump, Kim Kardashian, Hillary Clinton, Joe Biden, and LAPD Chief Charlie Beck are among those unfortunate accounts.  This hacker posted detailed information about these VIP's giving up personal information and financial status.  The website in which all of the juicy info appeared with their social security numbers, mortgage amounts, credit card info, and other banking info available for the world to see.


The LAPD has already launched an investigation. The FBI is looking into it. - LAPD


They are giving viruses too


If you search for these celebrities watch out, they are giving out viruses too.  Cameron Diaz is the celebrity most likely to give you a computer virus.  You have a one in ten chance of stumbling upon these sites.  Here is a list of dangerous celebrities to research:

  1. Cameron Diaz - 19% of sites and screensavers were identified as malicious.

  2. Julia Roberts - 20% chance of downloading a photo or wallpaper burdened with malware.

  3. Jessica Biel - Last years Most Dangerous Celebrity to look up.

  4. Gisele Bundchen - Worlds highest paid supermodel, 15% results in spyware, malware or computer viruses.

  5. Brad Pitt - Files can put adware or spyware on your computer.

  6. Adriana Lima - Directs you to red-ranked sites.

  7. Jennifer Love Hewitt - Risky downloadable websites.

  8. Nicole Kidman - Take your chance if you want to but I wouldn't.

  9. Tom Cruise - After Knight and Day, he's trouble to look up.

  10. Heidi Klum - Cybercriminals used her to lure people to risky sites.

  11. Penelope Cruz - Be aware of red sites if you search for Penelope.

  12. Anna Paquin - Searching screensavers can lead you to tons of malware.
Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


Image courtesy of [chanpipat] / FreeDigitalPhotos.net

[via:Buzzfeed, TMZ]

Linux/Cdorked.A Malicious Malware

Malware blackhole

The investigation with Linux/Cdorked.A continues.  There have been significant discoveries that this subtle and sneaky backdoor is designed to drive traffic to malicious websites.

  • There are over four hundred webservers infected with the Linus/Cdorked.A. 50 ranked at Alexa's top 1000,000 hottest websites.

  • The backdoor has been applied to alternative webserver daemons.  Lighttpd and nginx binaries have already been documented Apache binaries.

  • The Linux/Cdorked.A threat is even more sneaky than thought.  The malicious content is not delivered to victim's IP address' that have long IP ranges.

  • If the internet browser's language is set to Japanese, Russian, Finnish, Ukrainian, Kazkh, or Belarusian, it will not be affected.

  • 1000,000 user's of ESET security products have browsed these infected websites by being redirected.  Even though the attack was blocked.

  • In some cases fo the configurations, the tendency to analyze specific re directions were designed for Apple iPad and iPhone users.

These victims are redirected to a malicious web server that is hosting a Blackhole kit.  The infrastructures use compromised DNS servers, that's how they are able to get into them.  There is belief that the infection vector is not unique.   It can not be attributed only to installations of cPanel as a result of solely a fraction of the infected servers square measure exploitation this management software system.  This malware doesn't propagate by itself and it doesn't exploit any vulnerability during a specific software system.  Linux/Cdorked.A may be a backdoor, employed by malicious actor to serve malicious content from legitimate websites.


Typical Linux/Cdorked.A configuration


Thanks to the system administrators and Sucuri, the code has been reviewed and analyzed.   The configurations so far are only with a single URL.  The redirect is served to people using Internet Explorer or Firefox on Microsoft Windows XP, Vista or 7.  iPhone and iPads are also victims, they are not directed to the exploit kit but instead pornographic websites.

IPhone malicious content
Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Redirection Stats


In analyzing web traffic of the targeted websites, over 400 were identified with being affected by Linux/Cdorked.A.  50 of those sites are in the 100,000 websites ranked by Alexa.  All of these re directions have something in common.  The efforts in keeping their operation under the radar are putting in as much resistance as possible.  These sites are more concerned with not being detected instead of infecting as many as possible.


Hijacking the DNS


The URLs on the Linux/Cdorked.A infected servers adjust often.  The domain usually looks like numbers or letters.  The sub domain also matches a 16 character hexadecimal string.   The numbers at the beginning of the domains were hosting sites and shared hosting servers.  The pages that show pornographic images and links contain an iframe leading to the Blackholde landing page.  There is no clarity on if the pornographic domains are malicious or referred.

It is recommended to keep browsers, browser extensions, operating systems, and third party software like Flash players and PDF's up to date to avoid these infections.  Antiviruses are always recommended.

[via:WeLiveSecurity]

Deal of the Week: Lenovo ThinkPad Twist S230u for only $947.00!

Lenovo Laptop



Help your business with the Lenovo ThinkPad Twist.  This laptop with Windows 8 Pro transforms your laptop into a stand-up tent for share presentations and close-up viewing. The USB 3.0 ports, mini-HDMI and 4-in-1 cardreader make connecting to other devices or transferring files easy.




Lenovo Specifications

 

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Call (619) 325-0990 to order a Lenovo ThinkPad Twist today!



Buy of the Week offer valid through July 14, 2013.


Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Friday, July 5, 2013

Phishing Scams: Think Before You Click

Cyber-criminals are installing malicious software onto your computer and taking everything they can with a click-of-the-mouse.  Phishing emails, scam websites, and suspicious phone calls are all designed to make them money at your expense.   With the use of social engineering, cyber-criminals are able to convince people to install malicious software without you knowing you are handing over your personal information.  So beware when you start seeing spam mail bombarding your accounts or annoying unknown numbers popping up on your phone.

Recognizing Phishing Phishing Email Example


Online banking and e-commerce are pretty safe, but giving out your personal information or financial material should be done with caution.

  1. Think before you click.

If something looks too good to be true, it most likely is.   Be aware of the websites you are on and information they contain so you don't get caught up in the glitz and glam of a thought out scam. If there are a lot of spelling errors or bad grammer, know that it might be a scam.



  1. Trust who you know, not their emails

Don't trust unsolicited files or embedded links, even if it's from your friend. Look at the subject line of your message or link to determine if it's unreadable or looks foreign. If you have no idea what is on the page, don't click on it just to satisfy your curiosity. Be smarter than the malware.



  1. Don't be fooled

Cyber-criminals are smart, they know ways to disguise a link to make it look as if it's something safe. Malicious links are sometimes disguised in phishing e-mails with known company's to make you think they are legitimate. Validate the page and roll your cursor over the link to see if another link shows up, you will know if this link will redirect you to another site or not.



  1. Short URL's

A technique for hiding malicious links are hiding it through a URL shortener. This is a service that Twitter uses to shorten long URL's. TinyURL, bit.ly, and t.co are all legitimate Short URL services that can be used.



  1. Don't be threatened

Be on top of your game. Cyber-criminals often use a threats to put you into a panic and catch you off guard. If you receive mail that you are being sued or an account is being closed, make sure you do some research before pulling out your pocketbook.



  1. Spoof websites

Scammers use graphics in emails that appear to be attached to a legitimate site. When clicking on these websites it will direct you to the real site but penetrate your screen with a mass amount of pop-up windows. Be wary ofirresponsible clicking when surfing the net.

Phishing Diagram



Fishy phone calls


Cyber-criminals might call you to offer help with solving computer problems, or sell you some kind of software license. Do not take these unsolicited phone calls. You might be persuaded into giving out your account information or personal information that could be the birth of identity fraud.


If you are a victim or are suspicious of any phishing activity, please report to Anti-Phishing Workers Group at www.antiphishing.org.

 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

http://www.welivesecurity.com/2013/05/29/phishing-the-click-of-death/

http://www.antiphishing.org/

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Tuesday, July 2, 2013

Instagram Bombarded with Fruit Attack

Instagram Fruit Spam

We all love showing the world our captured moments through Instagram.  This weekend many of you have noticed a plethora of fruit filled pictures popping up on the photo-sharing network.  Those photo's weren't all of your friends showing off the delicious seasonal fruit they were enjoying.  It was a mass spam attack that seized the network!  So don't give in to these photos with messages advertising for a great new miracle fruit diet.


The Juice


Fruit filled photographs began showing up in users' feeds, linking to fake BBC pages.  With headlines like, "Tropical Fruit Burns 17 Pounds in 22 Days. "  Or, "I saw it on the Dr. Oz show, this really works!"

These images were linked using the URL shortening service Bit.ly, disguising the real alias.  Now Bit.ly has issued a warning on the link, and Instagram confirmed the attack via email, according to a report on GigaOM.  Users have been experiencing the spam incident with the unwanted photos blasting on their accounts.  "Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted.” reports GigaOM.

The Facebook-owned company admitted that "a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts involved, and posted photos are being deleted."  The distorted view of a  "small portion" are more like 30,000 clicks to these deceiving photos.  There are over 130 million users on Instagram world-wide,  this photo-bomb is the first spam attack on the app.  A quick password reset and a little knowledge of who usually posts what kind of photos, can keep your personal information and computer safe.


Get the Facts



  •  The free photo sharing app allows users to "filter" their image and share with friends through social networks.

  •  When Instagram launched as an iPhone app, it hit one million users in two years

  •  April 2012 Instagram was aquired by Facebook for 1 million $ in funds and stock

  •  About 58 photographs are uploaded to Instagram each second

  •  One new user is introduced to Instagram per second
Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


References:

Instagram hit by fruity spam attack
http://www.welivesecurity.com/2013/07/01/instagram-hit-by-fruity-spam-attack/
Published on July 1, 2013

Beware of Fruit: Instagram Experiences a Massive Fruit Diet Spam Attack
http://petapixel.com/2013/06/30/instagram-experiences-its-first-massive-spam-attack/
Published on Jun 30, 2013

Facts about Instagram
http://www.seemycity.com/about/some-facts-about-instagram/

Image courtesy of [adamr,rakratchada torsap] / FreeDigitalPhotos.net

Monday, July 1, 2013

Buy of the Week: Dell PowerConnect 5548 Managed Switch for only $1370

dell-powerconnect

Help meet your network switching needs, no matter the size of your organization, with the PowerConnect 5548, featuring 48 ports of wire-speed GbE and robust security and enterprise management capabilities. USB configuration for rapid deployment and dedicated 40 Gb stacking interfaces and 10 Gb uplinks help you grow your wiring closets with your network.


Product Features


Includes:  48 Ports x 10/100/1000, +2x10 Gigabit SFP+, Desktop or Rack-Mountable

  • High performance

  • Rapid deployment and configuration

  • VoIP functionality



Help save time and deployment costs by simplifying your network rollout with PowerConnect 5500 series of Gigabit Ethernet switches. Automatically assign switch configuration and IP addresses via DHCP or local USB during initial rollout. You can configure up to eight switches in a stack without pressing a single key or setting up a console connection.


Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Call (619) 325-0990 to order a Dell PowerConnect Managed Switch today!


Buy of the Week offer valid through July 7th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Hacker uses Facebook Graph Search to Steal phone numbers

Keeping your Facebook data personal is obtaining tougher and tougher all the time—mostly as a result of Facebook keeps making an attempt to create it public. to assist you out, we've created a comprehensive guide to keeping your Facebook bolted down and in your management, and we're about to keep it updated whenever Facebook decides to feature a brand new feature or amendment its Facebook Privacyprivacy defaults...yet again.

Be cautious of giving Facebook your personal information.  A hacker has taken advantage of Facebook's Graph Search to compile thousands of Facebook users phone numbers.  This has ignited a privacy row with the social network.

Facebook issued the hacker a cease and desist after he continuously scraped data from the users'.  Brandon Copley, a mobile developer in Dallas Texas,  searched and downloaded 2.5 million phone numbers and contact information of Facebook users with ease.  Even though the privacy setting were set to public, this is still considered an invasion of users' privacy.  The Facebook row follows admission of a security breach that exposed the  privacy of users email and personal contact information.


The Argument


“Your privacy settings govern who can find you with search using the contact info you have provided, such as your email address and phone number,” the Facebook representative says. “You can modify these settings at any time from the Privacy Settings page.”

Copley confirms that these users have their contact information set to public, but argues that this is still a security issue.

On March 5, Copley reported a tip to Facebook security, writing, “There is a security invulnerability that allows someone to essentially create a database of phone numbers and Facebook users.”

A member of Facebook’s security team wrote back, in an email Copley shared with us, “I agree with you personally. We do have anti­scraping protections (rate­limiting, bad ip blocks, etc) but it comes down to people controlling their privacy, we can make the privacy tools available and we can encourage them to use them but we could never just switch their privacy settings for them. So there is not much more we can do”

Copley says Facebook told him the supposed security flaw was a feature of Graph Search.

On April 26, Facebook’s lawyers sent Copley a cease-and-desist letter, stating, “you are unlawfully acquiring Facebook user data. It appears that you are accessing Facebook through automated means and stealing Facebook access tokens in order to scrape data from Facebook’s site without permission.”


Be Vigilante


So if our information is being taken from Facebook and sold to spammer company's, could it be our own fault? There are privacy settings on Facebook that we modify, and if they are set to public, aren't we allowing everyone to do as they wish with our information? Maybe if the default setting on Facebook wasn't set to public, and was automatically set to private, this issue wouldn't be so prevalent.

Moral of the story is to double check your privacy settings, before you are a victim of stolen identity.


Privacy Setting Tips



  1.  Organize your friend list - organize your friends into family, friends, co-workers, and separate groups.

  2.  Make it private - go to your privacy settings page and click on "edit settings".  Change "everyone" to either "friends of friends" or "friends".

  3.   Hide from the search engines - in your "edit settings" edit "public search" and enable yourself from being searched by others.

  4.   Hide your posts - decide to make the posts on your timeline private.

  5.  Personalize - turn off instant personalization for partnering sites.

  6.  Don't trust anyone - limit your friends from personal information, edit "how people bring info to apps they use".
Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


References:

TechCrunch-Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search
http://techcrunch.com/2013/06/24/hacker-scrapes-thousands-of-public-phone-numbers-using-facebook-graph-search/...
Published June 24, 2013


WeLiveSecurity-Facebook privacy row as hacker uses Graph Search to list thousands of phone numbers

http://www.welivesecurity.com/2013/06/25/facebook-privacy-row-as-hacker-uses-graph-search-to-list-thousands-of-phone-numbers/...
Published June 25, 2013

Image courtesy of [chanpipat] / FreeDigitalPhotos.net



Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+