Information Security Blog | Cyber Security Blog

Sreejith C

Information Security Blog | Cyber Security Blog
Read More

Brazillian prosecutor holds Facebooks' funds

Saturday, 30 July 2016 05:30

Facebook Inc.’s 38 million reais (approx. $11.6 million) of funds have been frozen by Brazilian federal prosecutors following a conflict over access to WhatsApp messages, according to a report published by the Wall Street Journal on Thursday.

Brazilian prosecutors blocked the funds after the social network giant declined to follow a court verdict to deliver information contained in certain user’s WhatsApp messages. Facebook hasn’t responded to the news so far.

Prosecutors said that the 38 million reais relates to one million reais for each day since the company’s noncompliance with a court order to hand over WhatsApp messages associated to a criminal inquiry.

A couple of weeks ago, a Brazilian judge terminated WhatsApp service in Brazil when a similar request for collaboration was refused. However, service was restored the same after a lower court’s verdict was overturned by Brazil’s Supreme Court.

It wasn’t the first time that local judges, having considerable power in the country, had shut down WhatsApp service in Brazil. Though, each time service was rapidly restored. Whenever the service is blocked, it leaves millions of people without access to the most famous app in Brazil, as over half of the country’s population is estimated to use WhatsApp and most of them solely rely on it for communicating with friends and family.

Facebook argues that WhatsApp does not store users’ messages and, therefore, it cannot offer what it doesn’t have.

Earlier this year, Brazilian federal police temporarily detained Diego Dzodan, who is vice president Facebook’s Latin America operations, for purportedly not fulfilling police requests for giving access to WhatsApp messages associated to a drug-trafficking and organized-crime case. At that time, Facebook condemned the arrest and claimed that the executive had no relation to the inquiry.

Read More

Now its safe....

Thursday, 28 July 2016 05:30

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past.

Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection.

For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account.

But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns.

Here's what the relevant paragraph of the latest DAG draft reads:
"If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Due to rise in data breaches, two-factor authentication has become a standard practice these days. Many services are offering SMS-based 2FA to its consumers, just to ensure that hackers would need both their passwords and mobile phone in order to hack their accounts.

However, NIST argues that SMS-based two-factor authentication is an insecure process because it's too easy for anyone to obtain a phone and the website operator has no way to verify whether the person who receives the 2FA code is even the correct recipient.

In fact, SMS-based two-factor authentication is also vulnerable to hijacking, if the individual uses a voice-over-internet protocol (VoIP) service, which provides phone call service via a broadband internet connection instead of a traditional network.

Since some VoIP services allow the hijacking of SMS messages, hackers could still gain access to your accounts protected with SMS-based two-factor authentication.

Read More

Yes....attacks are everywhere..

Wednesday, 27 July 2016 05:30

DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard.

The newest report shows that Russia has become the No. 1 victim country. Starlink – a Russian ISP supporting small, medium and large enterprises – received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Nexusguard’s researchers attributed this increase to nationalist hacktivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity.

“We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” said Terrence Gareau, chief scientist at Nexusguard.

Read More

Iphone 7 new design in market

Tuesday, 26 July 2016 05:30

National Security Agency whistleblower Edward Snowden announced Thursday that he is working with the prominent hacker Andrew “Bunnie” Huang to create a cellphone hardware that would protect journalists from government surveillance. The device, dubbed “introspection engine,” would be a plastic case designed to slide over an Apple iPhone 6, and will monitor the phone’s internal antennas to detect incoming and outgoing signals from the cellular, Bluetooth, Wi-Fi or GPS chips, alerting users of any snooping attempt.

“The introspection engine has the capability to alert a reporter of a dangerous situation in real-time. The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on,” Snowden and Huang said in a technical write-up released Thursday. ecommerce services “The introspection engine will be an open source, user-inspectable and field-verifiable module attached to an existing smart phone that makes no assumptions about the trustability of the phone’s operating system.”

The device would come with a small mono-color screen that will flash an alert when it detects a transmission that shouldn't be taking place. According to Snowden and Huang, the device, by maintaining a constant check on whether the cellphone's radios are transmitted, is a much more effective way of blocking unauthorized signals than a phone's "aiplane mode" — which can be hacked or spoofed.