The Hacker News

on Friday, 25 October 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

South Korea hit by Android Trojan, Malware in Gaming apps and DDoS attack
10/25/2013 3:04:00 PM

Last Tuesday, The National Police Agency of South Korea warned the people that many Malware infected video games being offered in the South Korean markets with the purpose of launching Cyber attacks on the Country.

That Malware is collecting location data and IP addresses of infected users and according to experts, malware is sending data back to its master servers based in North Korea.

Just today the Korea's largest anti-virus software firm AhnLab confirmed that they have detected distributed denial-of-service (DDoS) attacks on local companies' websites.

According to the report, about 16 websites of 13 companies, including Daum, MSN and the JoongAng Ilbo newspaper had been affected.

AhnLab said that some 10-thousand computers have been hit, mainly because they failed to install a vaccination program or update an existing one since the last cyber attack in July.

The attack was detected around 4:00 p.m. on Thursday, infecting around 10,000 computers until Friday.

It is possible that same infected systems were used to launch DDoS attacks today. Police advise the public to do not download gaming programs from unverified sources and to keep their Antivirus up to date.

Yesterday, we reported about another malicious campaign against South Korean Android users, where a Banking Trojan is specifically targeting South Korean banking applications for stealing user credentials.

In March, North Korea was suspected as responsible for for a malware attack that simultaneously wiped data from tens of thousands of South Korean computers.

Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()

Popular Stories

 

'LinkedIn Intro' iOS app can read your emails in iPhone
10/25/2013 4:20:00 PM

Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro 'LinkedIn Intro'. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn.
Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown.
But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails.
Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a 'man in the middle' by intercepting your email to inject that HTML code.

"Normally your device connects directly to the servers of your email provider (Gmail, Yahoo, AOL, etc.), but we can configure the device to connect to the Intro proxy server instead. The Intro proxy server speaks the IMAP protocol, just like an email provider, but it doesn't store messages itself. Instead, it forwards requests from the device to your email provider, and forwards responses from the email provider back to the device. En route, it inserts Intro information at the beginning of each message body — we call this the top bar."

LinkedIn said that, during installation, the servers temporarily cache your password in order to add a new Mail account to your device, and your password is only cached for the length of time it takes to install Intro, and never for more than two hours.

But is it secure? Amidst this criticism, Senior Software Engineer for LinkedIn Martin Kleppmann wrote a blog post explaining how the service's security isn't something people should be worried about.

He said, in order to use the feature user have to Install 'Inro' app manually with his wish and Usernames, passwords, OAuth tokens, and email contents are not permanently stored anywhere inside LinkedIn data centers. Instead, these are stored on your iPhone.

Even, LinkedIn also sniffs the contents of users' iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers, which they then transmitted in plain text, not encrypted.

But in the future, Will they do not comply with so-called U.S Secret orders to intercept user emails for NSA intentionally under low pressure ? Obviously they are and they will !
Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)