Browsing Category: Social Engineering

From Sony’s DRM Rootkit to CarrierIQ: Why Commercial Rootkits Make Us So Mad

The half life of the CarrierIQ “rootkit” scandal proved to be a little more than a week. That’s about how long it took for Trevor Eckhart, a young, Connecticut-based Android developer to begin raising questions about some stealth software he discovered running on Android phones by HTC and speculation in the media and online to run rampant about what kinds of spying said software might be engaged in. It was time enough for CarrierIQ to issue a lawyer letter threatening to sue the Eckhart and the Electronic Frontier Foundation to come to his defense and even for Congress to get involved – each of which ensured even more news cycles would be taken up with the mini-controversy. And it was time, at long last, for more information to become available about what was really going on with CarrierIQs software, and for cooler heads to prevail on both sides. The question, now, is why incidents like this provoke our anger so – and what we can do to stop them from happening again. 

Read more...

Researchers Identify Serious Capability Leaks in Many Android Phones

Many of the apps that come pre-installed on a variety of Android devices from manufacturers such as HTC, Samsung, Google and others have access to more services and capabilities on the devices than they should or that users are aware they have, according to new research. These “capability leaks” can sometimes be inherited from other apps, but the researchers say that they constitute significant security weaknesses on the Android devices.

Read more...

Sen. Franken Demands Answers From Carrier IQ on Mobile Tracking

The fallout from the controversy surrounding the presence of Carrier IQ’s software on millions of mobile devices on several different platforms has now reached Washington. Sen. Al Franken on Thursday sent a letter to the company, demanding answers to a series of questions about the software and its capabilities, and saying that the data that Carrier IQ collects “may violate federal privacy laws”.

Read more...

Two Million Requests from Infected Systems In Week After Ghost Click Takedown

The FBI says that more than 2.5 million systems infected with the DNSChanger malware connected to DNS servers set up by the authorities in the week following a crackdown on a global criminal network dubbed Ghost Click.

Read more...

Demo of the Carrier IQ Agent on Android

Security researcher Trevor Eckhart discovered that many Android devices come pre-loaded with a piece of software made by Carrier IQ. In this video, he demonstrates how the software works and what it’s capable of monitoring. It’s since been revealed that versions of the app may have been on other devices, but likely don’t log users’ actions but provide analytical information for the carriers.

Read more...

Facebook Settles with FTC on Privacy Grounds

The Federal Trade Commission (FTC) proposed a settlement with social networking giant Facebook on Tuesday, requiring the site to take the privacy of its users more seriously and subject itself to privacy audits every two years for the next 20 years, according to an article in the New York Times.

Read more...

Report: Computer Hacking, Theft Of Government Secrets Alleged In News International Probe

A report from The Guardian claims that detectives working for Rupert Murdoch’s News International may have siphoned off classified intelligence documents from MI5, Britain’s domestic intelligence agency.

Read more...

Hacking Group TeamP0ison Leaks Email, Passwords for UN Staff, Government Officials

The e-mail addresses and account passwords for more than one thousand United Nations staff and other users of a UN development Web site were leaked online by the hacking group TeamP0ison, which has been linked to past attacks on governments in the U.S. and India. 

Read more...

Google Researchers Propose New Plan to Shore Up CA System

The security industry has no shortage of hard problems to solve, but the one that’s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate that’s issued.

Read more...

Facebook Worm Spreading, Installing Zeus Bot

Categories: Hacks, Social Engineering

A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims’ accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users’ machines, including a variant of the Zeus bot.

Read more...