News Posts matching "hack"

Return to Keyword Browsing

Secure Apple Macs Fall Prey To Linux DDoS Trojan

For years Apple Mac users have felt smug that their computers didn’t need any security software installed, unlike their poor Windows counterparts which were always coming down with a cold. This they believed is because their beloved operating system is inherently more secure than leaky old Windows (which it used to be). This smug feeling has been especially strong over the last decade, since the release of Mac OS X in 2001, as it's based on Unix which has always had security baked into it. They therefore felt safe from the multitude of viruses, keyloggers, trojans and various other nasties that the bad guys like to infect operating systems with. However, there have been successful attacks in the past on every Apple Mac operating system since the first one in 1984, just nowhere near the number of attacks as on Windows. Of course, what Windows users, Linux users and other OS users have also been saying for years is that Apple's operating systems simply weren't popular enough to bother with and aren't particularly secure. After all, the hackers do this for fun and financial profit, so why aim for a little teeny tiny target, when you can aim for a big, fat one like Windows?

Got A Virus? It's Your Fault Says Microsoft

Yes, that's right the maker of notoriously vulnerable software is now blaming you, the user, should you get a virus, trojan or other malware infection on your Windows computer. However, it does look like they have some justification for saying this. For those with long attention spans, Microsoft have just released their 168 page Microsoft Security Intelligence Report 6MB PDF, with the stated aim of providing:
An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011
The first thing to note about the report is that it is limited to its Malicious Software Removal Tool and Microsoft's other anti-malware products. Zero-day attacks that it can't detect are not included in the findings. So, surely it can't all be the user's fault then? It also means that the security angles from third party security vendors such as Kaspersky, Norton and McAfee aren't represented here.

Ditch The Restrictive DRM: Happy Customers Equals More Profit

Rice University and Duke University are the latest in a long line of educational institutions to fund research on the effect of using restrictive Digital Rights Management (DRM) to try and control levels of so-called "piracy", which is allegedly reducing sales of content-only, infinite goods/virtual products, such as music, movies, computer games and books. (Some observers writing about DRM replace the word "Rights", giving us the phrase Digital Restrictions Management, which seems a more accurate description of what it's really about and removes the veneer of legitimacy from it. When buying DRM'd content, you are buying digital handcuffs, nothing more, nothing less.) The universities sponsored a study called Music Downloads and the Flip Side of Digital Rights Management Protection and what it found is that contrary to popular belief amongst the big content companies, removing DRM can actually decrease levels of piracy and increase sales. The fact is that DRM is always broken by hackers and pretty quickly too, often within a day or two (there isn't a single one still standing) leaving legal users who work within its confinements with all the restrictive hassles that it imposes, while the pirates get an unencumbered product to do with as they please. How is this progress?

Leaked HDCP Master Key Legit: Intel

Earlier this month, it was reported that the master-key that overrides or unlocks HDCP-encrypted digital content may have been leaked. The worst fears of the HDCP team are coming true, with Intel, a main developer of HDCP, confirming that the master-key leak is genuine. High-bandwidth Digital Content Protection (HDCP) is everywhere, wherever there's commercial high-definition video content, such as Blu-ray movie titles, HDTV set-top boxes, PCs capable of Blu-ray playback, and so on. It is an encryption layer that protects the HD content in its natural audio-video quality from being ripped. Without HDCP one would still be able to watch HD content, albeit with degraded quality.

The immediate repercussions of the master key leak are directed at consumer electronics manufacturers, they might hesitate to adopt HDCP paying its royalty for making use of the protocol, there is technically no fidelity left in it. Grey-market and el-cheapo consumer electronic manufacturers can circumvent HDCP compliance to offer near-perfect video playback. What's worse, it's party-time for pirates. Devices that recover digital content while retaining perfect picture/audio quality by stripping out the encryption can be made. Whatever the consequences Intel maintains it won't affect HDCP much.

IPv6 Protection by OSes Inadequate, Potential Vulnerabilities Surface

Rudimentary software-level protection for IPv6 (Internet Protocol Version 6), a network protocol which comes pre-installed with several operating systems (OS) but poorly implemented in the real-world makes it a protocol ignored by security providers, and effectively a soft-target for hackers to compromise a system.

Several OSes including Linux 2.6 upwards, Windows Vista, Solaris, Mac OS X and mobile OSes such as Windows Mobile 5 and 6 come with IPv6 enabled by default, though the user would probably not use the protocol in a year 2008 setting where the networks haven't embraced the protocol to level that makes it an explicit requirement for all internet-enabled computers the way IPv4 is. Keeping this in mind, software level protection for IPv6 is close to non-existent, having strong intrusion detection-enabled protection might keep you safe at an IPv4 level that's still standard, but with IPv6 enabled and with protection that doesn't cover IPv6, the PC is as vulnerable as one without any firewall at all. With IPv6 'listeners' (programs that open ports and allow incoming connections) in place the PC becomes vulnerable to intrusions. All it takes is for a hacker to create an IPv6 listener program (malware) and plant it on a PC.

CPU Errata Turn Security Vulnerabilities

Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

U.S. Army Buys Macs to Curb Hacker Attacks

The United States Army is quietly integrating Macintosh computers into its systems to make them harder to attack. In an interview with Forbes Magazine, U.S. Army Lieutenant Colonel C.J. Wallington explains that fewer hack attacks have been designed to infiltrate Macs and adding more Macs to the mix makes it harder to destabilize their system. Jonathan Broskey, who once worked for Apple, argues that the Unix core at the center of Mac operating system makes it easier to lockdown. While the number of malicious software programs targeting Macs has been small in the past, it is beginning to grow. Charlie Miller, a software researcher with Security Evaluators, worries that the Army's diversification plan will not stop a determined intruder. He also explains that Apple's security is a myth and has been proven more vulnerable than Windows.Source: Forbes
Return to Keyword Browsing