MEN FOR MEN
october 2015 Russian researchers expose 'NSA's secret weapon': Outrage at program that enables America to spy on EVERY home computer in the world is uncovered The NSA has figured out how to hide spying and sabotage software deep within hard drives, according to cyber researchers and former operatives The group said it found personal computers in 30 countries infected with one or more of the spying programs The most infections were seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria The infections started in 2001, but increased drastically in 2008, the year President Barack Obama was elected The tools are designed to run on computers even when they are not connected to the Internet, and even the makers of some of the hard drives are unaware that these programs have been embedded The spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on The National Security Agency has figured out how to hide spying software deep within hard drives, allowing them to monitor and eavesdrop on the majority of the world's computers - even when they are not connected to the internet. The Moscow-based security software maker Kaspersky Lab said it has found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists. october 2015 APPLE’S IOS HAS had a good run in terms of security. For more than eight years it’s been wildly popular and yet virtually malware-free, long enough to easily earn the title of the world’s most secure consumer operating system. Now that title has a new, growing asterisk: China.
Over just the last month, Chinese iPhone and iPad owners have been hit with two distinct iOS mass malware infections. Unlike previous spates of iOS-targeted malware, many of those victims hadn’t jailbroken their phones to install unauthorized apps. The two back-to-back attacks—one far more sophisticated than the other but both unprecedented in iOS’s history—suggest that complacent iPhone users around the world could be in for the same nasty shock. And if they are, how can they avoid the mistakes that led to China’s outbreaks?
“iPhone users have gotten very used to living in a walled garden and very comfortable with their training wheels,” says Ryan Olson, the lead researcher for Palo Alto Networks, the security firm that first publicized both of the recent Chinese iOS malware epidemics. “They didn’t have to worry about falling over if they made a mistake. Now people are exploiting those mistakes to actually infect phones.”
In at least the most recent of these two attacks, victims did have to make an almost comical series of blunders to have their phone hacked. The malware, which Palo Alto Networks called YiSpecter in its detailed writeup, tricked users into circumventing Apple’s tightly controlled App Store to install a porn video player. (In some cases the hackers used local internet service providers in China, which are known to hijack traffic to insert ads on websites, to advertise the sexy video app in pop-up prompts.) If the user fell for that lure, the hackers managed to skirt Apple’s App Store and install the app by using a so-called “enterprise certificate,” a system that allows companies and agencies to install their own custom programs on employees’ phones without Apple’s signoff.
Careful users could easily avoid the malware, but the pursuit of porn seemed to inspire a special kind of cluelessness on the part of the victims. The malicious video player, called QVOD, then surreptitiously installed its own collection of hidden apps that exploited certain exposed APIs in the phone’s operating system that allowed limited visibility into the activities of other apps on the phone. When those other innocent apps launched, YiSpecter could then insert fullscreen ads over them. In jailbroken phones, it also swapped out Safari’s default search engine with the Chinese search engine Baidu, likely to take advantage of the company’s affiliate marketing deals. And if a phone owner located and deleted any of the three hidden apps, the other invisible apps were programmed to stubbornly reinstall them.
Search Engine Submission - AddMe Search Engine Submission - AddMe Search Engine Submission - AddMe