Sunday, 15 January 2017

WhatsApp Messages Can Be Snooped

A new WhatsApp vulnerability that allows Facebook and others to read the encrypted conversations has been found within the WhatsApp messaging service.Even though the company claims that WhatsApp is secure, this particular vulnerability shows that its messages can be read by Facebook due to end-to-end encryption protocol.The governments can easily use these kinds of vulnerabilities to snoop on users who believe their messages are secure. 

WhatsApp encryption protocol depends on the encryption keys using the acclaimed signal protocol generated by Open Whisper Systems assures that the conversations are secure and cannot be interpreted.WhatsApp has the ability to force the creation of new encryption keys for offline users which is unknown to both sender and receiver.This makes the sender to re-encrypt the messages and send them again for any messages that is not yet delivered.The recipient is not notified about this and the sender is notified only if the sender has opted-in encryption warnings in Settings.This re-encryption allows to read the WhatsApp conversations effectively.

This vulnerability was discovered by Tobias Boelter,a cryptography and security researcher at the University of California,Berkeley.WhatsApp implementation automatically resend the message which is not yet delivered by generating new keys without notifying the sender and not giving chance to prevent it.The security researcher Boelter has already reported this vulnerability before but he was told by Facebook that they were aware of the issue and that its an expected behavior and was not being actively worked on.So it was verified by other specialists that the threat is still active.

Since WhatsApp is not capable of securing the messages and by re-generation of encryption keys the conversations can be interpreted and read by others,it provides an insecure platform.This vulnerability questions the privacy of the users across the world who trusts WhatsApp.

WhatsApp responded to this in a way that says that they does not give governments a backdoor into their systems and would fight against any request form governments to create a backdoor.There is an option in Settings->Account->Security->Show Security notifications which notifies when a contacts security code is changed.This is important because people constantly change mobile phones and sim cards which changes the security codes.Facebook assures that the messages will be secure and users won't be betrayed because of this vulnerability.

Friday, 23 December 2016

Rakos Malware To Build Botnet Army

Rakos is a new malware detected recently which attacks vulnerable devices via brute force to SSH login attempts.It is a common method found in various linux threats.This program targets both embedded devices and servers which has open SSH port. It preys on their weak credentials with a purpose of building a large botnet.This malicious program is written in Go language and has a binary compressed with standard UPX tool.

Another malware was also recently found named Mirai which is an Internet of things botnet which searches for less secure devices and it has attacked many systems successfully in 164 countries.The difference between Mirai and Rakos is that mirai targets telnet ports instead of SSH.

The malware searches for a limited set of IPs and spreads it incrementally to more targets.Rakos keeps sending details of host machine to its command and control [C&C] centers from time to time.The Rakos is not yet capable of Distributed Denial Of Service[DDoS],but researchers believe that it might receive such capability because of its level of control over infected devices.
When the malware is able to access a device with its credentials it runs two commands (id, uname -m). Then the malicious code checks whether if it is possible to upload to the new victim and goes on.
The backdoor is able to update the configuration file (from https://{C&C}/upgrade/vars.yaml) and also to upgrade itself.

The devices with strong password are not safe too.To secure the devices change the default password.
The malware doesn't feature persistence capabilities,but rebooted devices can be attacked and compromised repeatedly.The effected users should connect to SSH/telnet and search for a process named .javaxxx and verify it is an unwanted connection and kill it.To avoid future problems the SSH credentials should be well protected.

Thursday, 15 December 2016

Combating Software And Hardware Piracy

What is piracy?The unauthorized use or reproduction of someones work is piracy.Software piracy is the illegal distribution,copying or use of an unlicensed software.Now it is such a profitable business in this world.It has mainly caught the attention of organized crime groups in
many parts of the world.While on the other side of the coin hardware piracy is also increasing.Hardware piracy deals with usage of sub-standard,refurbished and used components in a new PC rather than putting licensed components.This piracy ranges from  microchips to motherboards.

Most important point of piracy is that it is impossible to stop piracy.It is not possible to check every system whether the software or hardware used is pirated or not in every companies.There are many organizations that are working hard to prevent piracy.BSA is the leading advocate for global software industry before governments and and in the international market place.Their members are among world's most innovative companies to improve modern life.BSA offers a software management guide and GASP which is a set of programs that will help to identify whether the installed program is pirated or not.

Even though it is said that piracy cannot be stopped there is also another
way of stopping it called prevention.There are many ways in which piracy can be prevented.The companies creating software should create a clear software policy statement and a copy of the policy statement should be given to the employees.The employees should be made to sign an anti-piracy agreement which specifies the penalty for pirate activities.Unannounced audits should be performed.Know all the permissions that the licenses allow and identify which are permitted and not permitted for the employee and delete any illegal software.

So the only way in which piracy can be stopped is through the people.No machine can decide whom we can trust and whom not.The people has to decide whether to use pirated software or not.
Just because its free does not mean its safe.