Thursday, March 27, 2014

'Dendroid' virus threatening Android phones in India

Indian cyber security sleuths have alerted users of Android smartphone about the malicious activities of a tricky virus called 'Dendroid' whose infection could "completely compromise" their personal phone device.
The virus of the deadly 'Trojan' family, once activated,  could change the command and control server of a user's personal Android phone and intercept private SMSes coming in or going out.
"It has been reported that a malicious toolkit called DENDROID is being used to create trojanised applications that infects Android-based smartphones.
 The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to Android phone users in the country.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defenses of the Indian Internet domain.
Security experts say the virus is street-smart because it has a striking resemblance to the name Android.
The agency said upon installation of this malicious application, a remote attacker could "completely compromise the affected Android-based smartphone and could control it remotely".
The virus can perform a number of malicious activities.
"It can change the command and control server, delete call logs, open web pages, dial any number, record calls and audio, SMS interception, upload images and video to remote location and open an application," the advisory said, categorizing the virus as an "attack toolkit".
It said the malware infected "is controlled by the attacker through Dendroid Toolkit. Dendroid is a HTTP RAT, having a sophisticated PHP administration panel and an application APK binder package."
The agency has suggested some countermeasures to thwart the ill-attempts of the latest virus including keeping a check on the overall usage and any unsatisfactory rise in the user's mobile phone bill.
"Do not download and install applications from un-trusted sources, install applications downloaded from reputed application market only, run a full system scan on device with mobile security solution or mobile antivirus solution, check for the permissions required by an application before installing.
"Exercise caution while visiting trusted/untrusted sites for clicking links, install Android updates and patches as and when available from Android device vendors, users are advised to use device encryption or encrypting external SD card feature available with most of the Android OS," the agency said.
Android phone users, the CERT-In said, are also advised to keep an eye on data usage (application-wise usage also) and unusual increase in mobile bills and keep an eye on device battery usage (application-wise usage also).
"Avoid using unsecured and unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications and make a practice of taking regular backup of Android device," the advisory said.
Source: Hindustan Times

Monday, March 24, 2014

Facebook's new programming language

Facebook just released a new programming language, aptly named Hack, that will let programmers write code faster while more easily avoiding errors.

Hack hits a sweet-spot by combining elements of both static and dynamic languages. Meaning, programmers can retain all the speed they'd have with a dynamic language (like PHP or Ruby), while also catching mistakes before run-time with early error detection traditionally only seen with static language.

The company has migrated almost all of its PHP-based site to Hack over the last year (one of the beauties of Hack is that it coexists seamlessly with PHP files). Facebook has now made the language open-source, meaning that any engineer can use it and help improve it.

Business Insider connected with Gabe Levi, one of the engineers who led most of Facebook's conversion to Hack, and he answered our questions via email:

How do you think that other companies / programmers will benefit from using Hack?

Hack helps you write correct code faster. Hack adds safety nets while avoiding slowing you down and adds language features that make coding in Hack more enjoyable. Converting PHP code to Hack is easy and can be done gradually, as PHP and Hack work together when run with HHVM. The use case can range from one person working on an app to a scale computing company like Facebook. We're putting Hack out there along with an improved HHVM because it can be relevant to everyone.

How does it feel to have completed a project that will increase speed for the entire FB engineering team?

It is immensely satisfying to build useful things for your friends, and that's what we've had the opportunity to do.

Any moments stand out when working on this project as particularly memorable breakthroughs?

I consider Hack the product of a lot of hard work and a tight feedback loop with our original users, the engineers at Facebook. There are many great, original ideas in Hack, but our success at Facebook was the result of a lot of fine tuning rather than large breakthroughs.

Why'd you choose New York instead of the Valley to work?

The standard reason: a girl. I worked for Facebook in California until I started dating a smart, beautiful Facebook NY recruiter who laughed at my jokes. She convinced me to move to New York, which was a pretty easy sell!

Source: TOI

Monday, March 17, 2014

Why do cellphones explode and how to prevent it?

Mobile phones may be treated like playthings these days. However, these flashy gadgets can prove dangerous if not handled with care. Several instances have been reported about the phones blasting off suddenly, the latest victim of which was a 14-year-old child of daily wage workers from Seoni. The blast was so bad that the boy narrowly escaped death and ended up with severe disfigurement to his jaw, nose, mouth and face.

What are the things to be kept in mind while buying mobile phones?

Buy a branded phone as far as possible. Ensure that the phone has a proper IMEI number, which is a code that identifies each phone. Check that the number on the phone corresponds to that on the box and receipts.

It is considered wise to check the accessories such as earphones, battery and charger. Make sure the battery description such as voltage value matches with that of the charger to avoid overcharging which sometimes lead to explosion of handset.

How and why do mobile phone blasts happen?

The most common reasons for a cell phone to explode are using it while the phone is being charged and 'call bombing'. Charging puts pressure on the motherboard of the phone, using it during charging increases this pressure manifold. This causes the cheap electronic components in some mobiles to explode. Call bombing refers to calls or missed calls received from international numbers. If one receives or calls these numbers back and the call exceeds a certain amount of time, the phone will blast. There is also a malware, or bug, found in some Android-based smartphones, that can also cause explosion by exerting extra pressure on the motherboard during charging.

What care should be taken to ensure not much pressure is put on the phone?

Avoid using the phone while the battery is being charged. If you wish to receive a call during this time, disconnect the phone from charger before connecting the call. Ensure it is not over-charged by removing the electric supply when the battery is fully charged. If your battery seems to have swollen, replace it immediately.

Why is it dangerous to buy cheap phones?

Most cheap models, like those of Chinese make, use hardware and components that are not branded and often substandard. The quality of vital accessories such as battery and earphones are compromised which can have disastrous outcome. Such components cannot be used continuously for as long as their high-quality substitutes. Their shelf life is also shorter.

Is it more harmful to surf internet or download anything on mobile phones?

Yes, because the anti-virus software for mobile phones are not as effective. That is why one should avoid downloading anything from a third party vendor, i.e directly from the internet browser. Instead use the in-built store or market application provided by the operating system. Malware, which is software that creates a bug in the operating system of the phone, often gets downloaded with third party tools. The sites that you visit using the phone must start with an https (which means they are encrypted or safe sites).

Avoid using public or unsecured Wi-Fi connections. A hacker could access the mobile device through a port that is not secured. Make sure the Bluetooth connectivity is not switched on in public places as it can be used to send malicious files which corrupt the operating system.

Are there certain precautions that must be practiced while using a mobile phone?

While communicating using your cell phone, try to keep the cell phone away from the body as this would reduce the strength of the electromagnetic field of the radiations. Whenever possible, use the speaker-phone mode or a wireless blue tooth headset. For long conversations, use a landline phone.

Avoid carrying your cell phone on your body at all times. When in pocket, make sure that key pad is positioned toward your body so that the transmitted electromagnetic fields move away from you rather than through you. Do not keep it near your body at night such as under pillow or a bedside table, particularly if pregnant. You can also put it on 'flight' or 'offline' mode, which stops electromagnetic emissions. Avoid using your cell phone when signal is weak or when moving at high speed, such as in car or train.

How to deal with a wet phone?

After removing the phone from water, dismantle it by removing battery, SIM and memory cards and switch it off (only SIM card in case of an iPhone). Dry each component thoroughly (but gently) with a towel until the phone is dry to the touch. Then put all components in a bowl of uncooked rice in a way that all components are totally covered. If you have any silica packets (the ones that come with products like new shoes), put them in to the bowl too. Leave it there for 12-24 hours.

Never use a hair dryer to try to dry the phone quicker. Drying it with a heated hair dryer can cause important parts to melt, while forcing water further into the phone. Drying it will a cold hair dryer will just force water deeper into the phone.

Why you shouldn't hold your mobile in your mouth?

Using mobile phones too close to your mouth regularly or holding cell phone in your mouth frequently could lead to malignant salivary gland cancer and tumors in mouth. Regular cell phone users who speak with the phone held too close to the mouth face the problems of sleep disturbance, migraine and headache.

Source : TOI

Tuesday, March 11, 2014

Tweet calling Google a scraper goes viral

NEW DELHI: Recently when Matt Cutts, the head of the web spam team at Google, tweeted against scraper websites, he was in for a big surprise.

While the tweet was made against scraper websites, which use the content generated by other people to make money, Cutts had no idea that a Twitter user would call Google a scraper, complete with a simple example showing how the search engine benefits from the content produced by others.

On February 28, Cutts said, "If you see a scraper URL outranking the original source of content in Google, please tell us about it." Google doesn't want scraper websites to rank high in its search engine and Cutts, as the man who fights spam on Google search engine, is interested in knowing offenders.

But the reply Cutts got must have left him speechless. Dan Barker replied, ".@mattcutts I think I have spotted one, Matt. Note the similarities in the content text. The tweet was accompanied by a screenshot that showed Google ranking the direct answer to "what is a scraper site" on top of the search results. The text of the answer, which was part of Google's search engine, was copied, or in other words scrapped, from the Wikipedia page on a scraper website. The link to Wikipedia page was listed below Google's answer.

Barker's tweet became viral within hours. It was re-tweeted over 34,600 times till 7 pm on March 10 and favored by over 3,700 users. Cutts did not reply to Barker's tweet.While for a long time Google just served a summary and links to web pages in response to search queries, in the last few years the company has started to provide "answers." The answers are part of a feature that Google calls Knowledge Graph.

For example, earlier if you searched for movie '12 Years A Slave', you would have got some links, including the IMDb link on top of the search page. But nowadays, you will not only get the links but also a brief summary of the film, people who acted in it and other relevant details on the search page itself. This means to know more about '12 Years A Slave', you may not have to go to the IMDb page anymore.

Most of these Google 'answers' use the content produced by websites like Wikipedia and IMDb. It is not clear how much, if at all, Google pays these websites for using their content.


Monday, March 3, 2014

Security flaw in Android Jelly Bean, KitKat: CERT-In

NEW DELHI: A "critical flaw" has been detected in the virtual private network offered by Android operating systems in the Indian cyberspace leading to "hijack" of personal data of users.
Internet security sleuths have alerted consumers of this web-based service to guard against the spread of this virus which affects computer systems and mobile phones using the Android system.
The suspicious activity has been noticed in two Android versions: 4.3 known as 'Jelly Bean' and the latest version 4.4 called 'KitKat'.
"A critical flaw has been reported in Android's (virtual private network) VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications," the Computer Emergency Response Team of India (CERT-In) said in a latest advisory to users of this network.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
VPN technology is used to create an encrypted tunnel into a private network over public Internet. Organisations and group of people use such connections to enable employees or acquaintances to securely connect to enterprise networks from remote locations through multiple kinds of devices like laptops, desktops, mobiles and tablets.
The agency said the current malicious application is capable of diverting the VPN traffic "to a different network address" and successful exploitation of this issue "could allow attackers to capture entire communication originating from affected device."
The lethality of the virus to disrupt a system is large.
"It is noted that not all applications are encrypting their network communication. Still there is a possibility that attacker could possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications," the advisory said.
Cyber experts said that this anomaly could only lead to capture and viewing the data which is in plain text and Android applications directly connecting to the server using SSL will not be affected.
Websites which use 'https' in their URL will also be safe.
The cyber agency has also suggested some countermeasures to beat this threat.
"Apply appropriate updates from original equipment manufacturer, do not download and install application from untrusted sources, maintain updated mobile security solution or mobile anti-virus solutions on the device, exercise caution while visiting trusted or untrusted URLs and do not click on the URLs received via SMS or email unexpectedly from trusted or received from untrusted users" are some of the combat techniques which have been suggested by the agency.
Source: TOI