Comments None

Join together and clean malware on the Web! Let’s get started, NOW, until it’s too late!

The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics, orgs and others.

The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file. Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.

The portal, launched in August, is available to law enforcement officials right now, but Jonathan Burns, an FBI agent who works on cybercrime, said in a talk at the Virus Bulletin conference here last week, that the FBI is developing a separate portal for outside experts. That system will allow security researchers and others to upload suspicious files they’ve collected and get correlation information and any other data the FBI has on them or related files.

“We are essentially in this to collect samples. The more we can provide tools out to law enforcement and industry to fight cybercrime, the more we’re helping the government fight cybercrime,” Burns said. “This is a collection tool for the FBI.”

Right now, Malware Investigator is able to analyze Windows executables (NOTE: Typically, they include adware, spyware, hijackware, (semi-) fakealert/ security software, (potential) scareware and the likes), PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal’s reach in the near future.

“We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon,” he said.

Burns emphasized that private users of Malware Investigator won’t have to share any personal information in order to use the portal.

“You don’t have to share anything you don’t want to. No one will know who you are unless you want them to,” he said.

Hit here and read up the original post @ Express News Service.


Comments None

September 24, according to the British technology website PC Advisor magazine reported on Tuesday, after Sony terminated the the sale of Sony Vaio PC, Samsung has decided to withdraw from the European notebook market, stopped selling its Ativ Windows and Chromebook notebook market in this region.
Everybody knows PC market is declining. In February this year, Sony pulled out of the notebook market and sold its Vaio business. Although Samsung is a big giant in the technology industry, but now the Samsung is also stepping on Sony’s footsteps.

Samsung is one of the world’s largest mobile phone manufacturer, yet the performance in PC field is poor, and its products are mainly for the consumer market, which has have little effect to enterprise users. Previously, Samsung gave great support to Chromebook , but the benefits of this project are unknown. Overall, PC market has been in a state of contraction, global shipments fell by 3.7 percent in this year, down to 303 million units.

Samsung notebook products have been kept silence since this year, on the 2014 International Consumer Electronics Show in Berlin, Samsung did not launch any new equipment. the major notebook products Samsung recently released includes Ativ Book 9 Plus and Ativ Book 9 Lite, etc.

A spokesman for Samsung said: “We are rapidly adapting to market demand, we will temporarily stop selling notebook includes Chromebook in the European market, this decision is limited to Europe, do not necessarily reflects the situation in other markets.”

When Sony notebook withdrew from the European market, the company has taken measures of massive layoffs, and reorganized its television department. Although some employees were transferred to the new company which reorganized, but the Sony total number of layoffs at that time was reached about 5,000. So far, Samsung has not yet disclosed any information about the layoffs. However, this South Korean electronics giant may not be permanently withdraw from the European notebook market.

Samsung spokesman added:. “We will continue to fully assess the market situation and will make further adjustments in order to maintain our competitiveness in the new PC product category.”


Comments None

Recently, Apple launched Apple Pay (Apple to pay) at the press conference, Apple CEO Cook pointed out that according to the survey data analysis, annual credit card spending was $ 12 billion, credit transfers up to $ 200 million a day, but the credit card payment process is very tedious, such as: security authentication, data delivery and synchronization, etc. NFC-based Apple Pay with just one “press” to the terminal reader, you can easily complete the payment process. Meanwhile Cook said all payment information of Apple Pay is stored encrypted.

This is the first OS-level platform for payment services, more unique is that it is compatible with the current mainstream method of payment. This article is to interpret Apple Pay works and the changes brought to the developers from a developer’s view.

Network-Level Tokenization:
The primary thing is to understand the concept of a tokenization. Currently payment networks (Visa, MasterCard, Amex, etc.) have established a very busy token connection. Traditional token is worked on gateway side or trading platform end, network-level tokens can be said to be a new attempt.
E-commerce developers should be very familiar with the concept of a credit card key, the mode is to return a token based on a user encoded information for authentication. These key information usually comes from the electricity supplier payment gateway, but also used for credit card user’s archive information. We called this as a gateway tokenization. The characterized of this token is it only worked on a single merchant, the advantage is when a credit card records to be archived, the terminal don’t need information security review for a large load of user.

The following is the gateway token work flow chart:


Comments None

A router is a smart type of Ethernet hub, one that helps make decisions regarding where information goes and offers protection from the wiles of the Internet for computers on a local area network. My advice is to use a router even if you have only one computer connected to a broadband modem.

As a bonus, consider getting a router with firewall protection. That fixes two problems with one solution. There are many such routers. I personally use the NETGEAR line.

Routers are often configured by accessing the router’s Web page. (Yes, it has its own Web page.) From the Web page, you can further configure the router or assist in its automatic configuration. You want to tell the router to block unwanted incoming traffic while still allowing the computers on your local network to access
and use each other’s resources.

Also direct the router to assign local IP addresses to each computer on the network. (Refer to Chapter 16 for information on IP addresses.) It’s usually done via a feature named DHCP. That’s a good thing! Take note of the router’s own IP address. You want to enter it in each PC’s network setup window, by entering the router’s IP address as the gateway for your network. If you have difficulty with this part, call your ISP’s tech support line, and someone there can help you. (After all, you pay the ISP for this type of support.)

Most of what a router does is technical, so don’t let it bother you if you can’t understand half the options. Most of the time, the default or standard setup is best.


Comments None

Firefox 32 has implemented a feature known as certificate key pinning.

Mozilla has added a defense in its latest version of Firefox that would help prevent hackers from intercepting data intended for major online services.

Textpattern icon

The feature, known as certificate key pinning, allows online services to specify which SSL/TLS (Secure Sockets Layer/Transport Security Layer) certificates are valid for their services. The certificates are used to verify a site is legitimate and to encrypt data traffic.

The idea is to prevent attacks such as one that affected Google in 2011, targeting Gmail users. A Dutch certificate authority (CA), Diginotar, was either tricked or hacked and issued a valid SSL certificate that would work for a Google domain.

In theory, that allowed the hackers to set up a fake website that looked like Gmail and didn’t trigger a browser warning of an invalid SSL certificate. Security experts have long warned that attacks targeting certificate authorities are a threat.

Certificate pinning would have halted that kind of attack, as Firefox would have known Diginotar shouldn’t have issued a certificate for Google.

In Firefox 32, “if any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal,” wrote Sid Stamm, senior manager of security and privacy engineering at Mozilla, on a company blog.

Hit here and get the full article by Jeremy Kirk. Besides that, be careful when you install some popular apps, freeware, etc as some may include additional option to change your current browser settings, even install more other totally unwanted sponsorware to your system!


← Older Newer →