Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks


Virus Infects US Drones

Posted by Andrew at 8:39 AM on October 8, 2011

Predator DroneWired is reporting that a virus has infected the flight systems controlling the Predator and Reaper drone aircraft in the Middle East. The systems have been infected for about two weeks and it appears to be a keylogger-type of virus. Further, the virus has resisted attempts to disinfect the system but the military think it’s benign.

You can read the full article yourself, but as an IT professional I read it with utter horror and dismay. Here we have a (potentially) armed aircraft apparently still operating with an unknown virus in its systems. Does this ring alarm bells for anyone else?

I work in a public sector organisation and our approach to a PC with a virus infection is to pull the plug on the infected equipment and disconnect it from the network until we are able to clean the PC, regardless of whether we think its benign or otherwise. We’re concerned that data might be wiped out. You’d think that the military might have concerns about people being wiped out by a malfunctioning drone but apparently not.

And then there’s the question of how the system came to be infected. Again there seems to be a remarkable lack of knowledge. No doubt we’ll find that the USB ports were unlocked, there was no antivirus software and anybody could plug in a memory stick at will.

Looks like there’s a market opportunity for an AV company…

Tags: , , ,

Posted in Information, Security, Virus

Comments Comments Off

Democracy, Security and Social Media

Posted by KL Tech Muse at 9:45 AM on August 16, 2011

Egyptian Revolution In the last six months we have cheered the use of Twitter and Facebook during the Egyptian revolution. How they were both used to get and spread information about what was happening and where, allowing the opposition to organize. When the Egyptian government tried to shut them down, the western press and government accused it of denying the Egyptians their rights. At the time few questioned how the west would react under similar circumstances. Lately the answer to this question is started to become clearer and the picture in the mirror is a bit ugly.

Unfortunately last week London and several other cities were rocked by violence. Riots broke out in several parts of the city, according to multiple stories Blackberries phones along with Twitter and Facebook were used to coordinate the rioters. Blackberries were used because messages are encrypted and even RIM doesn’t have the key. Blackberries are also cheap compared to iPhones or Android phones. Prime Minister David Cameron, suggested that social media including Twitter and Facebook maybe limited during riots. Leaving aside technical issues of trying to do this, which there are many, is this the right thing to do and does it cause more problems than it solves. Now you could argue as Prime Minister Cameron did that the rioters were a bunch of thugs and hoodlums and you don’t have the right to use technology to commit criminal acts. However isn’t this what governments like China and Syria label opposition and democracy protestors. If this policy is implemented in Britain, then what credibility does it have to protest a similar action in China, couldn’t the Chinese say we’re just following your lead. Not to mention the fact that if you limit social media (what ever that means) during unrest you are not only punishing the guilty but also the innocent. In fact those who are less tech savvy are more likely to be hurt. Tech savvy users can usually can find their way around government’s attempt to block services using various methods including Tor or VPN services.

Clearly blocking social media in a whole city or even a neighborhood is difficult both technically and socially. However what if you just want to block a single building, like a train station or a subway, well Bart, the San Francisco rapid transit system found a way, they simply shut down the cellular services in the subways. They did this when they heard rumors there would be a protest against the shooting of an unarmed passenger by a Bart policeman They simply shut down the system base station, disabling the wireless network. They did this without informing the various wireless carriers in the area or making any public announcements. So for about three hours there was no cellular service. Commuters couldn’t make calls to home, or work or even 911. Nor could you surf the web or doing any work that was online. The FCC is now investigating the shut down as a possible violation of the Communication Act of 1934, which bans radio or cellphone jamming.

Clearly social media has become a thorn in the side of both democratic and undemocratic governments. The issues are not only technical but also political. The ongoing battle between activist and various governments will continue well into the future as they continually leap-frog each other.

Tags: , ,

Posted in Information, Security, Social Media

Comments 2 Comments

How To Hack Mobile Phone Voicemail

Posted by Andrew at 2:44 PM on July 11, 2011

As the fall-out from the News of the World scandal continues, many sources continue to inaccurately refer to “mobile phone hacking”. The truth (as far as is known) was that it was the voicemail of the mobile phone that was hacked rather than the phone itself. There are two ways to do this – the first is to simply guess the PIN of the voicemail and the second is to use Caller ID spoofing.

In the mid-2000s, most mobile phone voicemail systems were poorly protected as they typically came with a default PIN which was often easily guessed and only varied  according to the mobile phone company. Most users didn’t bother to change the PIN. Say the phone was on Orange, then the default PIN was 1234. If it was Vodafone, then 0000.  Typically, the villain then makes two simultaneous calls to the victim. One will be picked up, the other will go to voicemail.   By then pressing “*” or “#” while listening to the voicemail prompts, the individual can gain access to the voicemail system using the default PIN. Computeractive has article covering this scenario and how, in theory, it would be harder (but not impossible) to take this approach today.

As for Caller ID spoofing, this technique makes a call look like it’s coming from a different number than it actually is. It can be used legally to make someone calling from a mobile to actually appear to be coming from a company office, so that the person’s mobile number is not divulged. However, in some instances it has been used to gain access to voicemail boxes as many voicemail systems do not ask for further identification if the system recognises the inbound Caller ID as one of its own. PC Mag and c|net have short articles on how this is done and worryingly, this is still a threat. The Wall Street Journal covered the problem in 2010 before the current scandal broke.

It would appear that the best protection to both these attacks is (a) to change your PIN on your voicemail and (b) require your PIN even when calling from your own mobile phone. That way, even if your Caller ID is spoofed, the caller can’t get in without knowing your PIN.

Tags: , , , ,

Posted in Crime, Hacker, mobile, Security

Comments Comments Off

Security: The Weakest Link

Posted by KL Tech Muse at 7:32 PM on July 1, 2011

In one of my more paranoid moments  last month I started using Google’s 2 step verification. Now anytime I want to connect an application or Web site with my Google account I not only have to enter my user name and password, but also a code that is sent to my iPhone. For those applications that don’t take the codes, Google generates application specific passwords. Having listen to Security Now for over 306 episodes I have no doubt this method is more secure then just a user name and password. Well, it would be if I was willing to stick with it, but to be honest I probably will not. It would be all right if I was using it on sites that I thought needed extra security on like shopping, bank and other similar sites. However do I really need two step verification for a site like Goodreads, at that point it just becomes annoying. I have a choice to make I can be secure but constantly annoyed or less secure but happier. I sure you can guess which road I am headed down. I do not think I am unique either I think I am pretty normal. Lets face it most of us want to be secure on-line, we just do not want to work to hard at it.

The problem with most security methods is the better they are the more difficult they are to use.  I do not care how great your security system is, if it is not easy for people to use it is useless. It needs to be as effortless as possible. The more effort it takes to use it the less likely users are to stick with it. Unfortunately the more human friendly security is the more likely it is to be insecure. Security and ease of use tend to work against each other. Somehow we need to find the middle ground between security and ease of use, and as more of our information resides in the clouds this becomes more and more important.

Tags: ,

Posted in Information, Security

Comments Comments Off

Competition Time – G Data AntiVirus 2012

Posted by Andrew at 4:59 PM on June 21, 2011

G Data have kindly supplied a copy of their AntiVirus 2012 to give away to Geek News Central’s loyal UK members. I reviewed the next product up in the range, InternetSecurity 2012, a couple of weeks ago and was quietly impressed. AntiVirus 2012 comes with antivirus (obviously) plus phishing, spyware and rootkit protection for a year on the PC and on Android smartphones or tablets.

To be in with a chance of winning, simply leave a comment below saying how you think GNC could be more relevant to a British audience. Don’t forget to leave your email address and I’ll draw at random from the comments in a week’s time. Remember, this is only for people with a UK postal address.

Tags: , , ,

Posted in Android, Security, Virus

Comments 3 Comments

G Data InternetSecurity 2012 Review

Posted by Andrew at 1:00 AM on June 9, 2011

G Data’s 2012 range of security products cover basic antivirus through to specialised protection for laptops and notebooks. Depending on the version purchased, the features build-up from antivirus and safe surfing, through firewalls and spam protection, to backup and data recovery, with additional features in the notebook versions.

On test here is InternetSecurity 2012 which sits between AntiVirus and TotalCare and the main features are antivirus, firewall, safe surfing and spam protection. Parental controls and file shredder are included too. The graphic here shows the main differences between each version.

The software can be purchased and downloaded directly from G Data but in this instance, it was the boxed retail product. Not unexpectedly, the main contents of the box are a CD and a user manual, which generally explains the software quite clearly and simply. A bonus for people who aren’t familiar with security software and as the licence key is stuck on the back cover, it’s easier to keep safe.

A further benefit of the boxed copy is that the install disk also doubles as an emergency disk which can be booted from. This is great for those really nasty viruses which block AV software and being able to boot outside of Windows to get at them is great. If you downloaded the software rather than buying the boxed copy, there’s an option in the SecurityCenter application to create a boot disk but it’s an extra step you’ll probably forget to do.

Installation is straightforward and it’s by the numbers with clear prompts. During the install, G Data clearly explains its privacy policy when it requests permission to send data back for analysis: nothing is hidden away in the EULA. As usual, you have to register with G Data, but the software offers a quick registration of just name and email address. There’s still the option to enter fuller details if you want. As you’d expect, the installation finishes with a reboot.

On rebooting, the G Data icon is now sitting pretty in the system tray and initially InternetSecurity contacts its servers and starts downloading fresh AV signatures. This takes a few minutes but once done, you can go into the main SecurityCenter overview to see the status of the main features.

As you might imagine, each section in the SecurityCenter has further actions and settings. For example, in Virus Protection you can request scans for specific folders or drives. Or you can go into the Settings and change which of the two scanning engines are in use. Without going into every section and being thoroughly boring, all I can say is that the options are comprehensive and give the opportunity for tweaking to your particular circumstances. All of the G Data security products are available as trial downloads so you can check whether they fit your needs before buying.

Performance-wise, InternetSecurity did not seem to have a significant impact on the computer. One touch that I did like was that virus signature updates are scheduled for a particular time rather than automatically updating as soon as you log into Windows. On older computers, this allows you to get using your computer faster than you might with other competing AV products.

Not having a set of viruses handy, I wasn’t able to actually test the AV features of the product but when I did a scan of my local disk, it did pick up a trojan that I wasn’t aware of in some downloaded files. With two antivirus engines built into the product, you’d expect it to catch most of the nasty stuff as each engine takes a different approach to detecting viruses

Overall, G Data InternetSecurity is a comprehensive and competent product with lots of features and a couple of value-adds, such as parental controls. I’d be perfectly happy to entrust my on-line security to this tool.

Prices are £30 for AntiVirus, £35 for the version tested here InternetSecurity and £40 for TotalCare. There are also specialised versions for notebooks and if you have an Android phone, you get AV protection for free with any of these products. All the details are on G Data’s website.

 

Tags: , , ,

Posted in application, review, Security, Virus

Comments 1 Comment

G Data MobileSecurity for Android

Posted by Andrew at 3:31 AM on June 4, 2011

Continuing the battle with the bad guys, G Data has released its MobileSecurity product for Android smartphones and tablets. MobileSecurity is designed to protect the data on phone from viruses, malware and spyware. Apps have to gain authorisation from the user before the app can make calls, send text messages or transfer data. Other features include app blacklisting and app checking during installation. Of course, there are regular updates to the software to keep the protection up-to-date.

Eddy Willems, Security Evangelist at G Data commented: “Malware writers are entrepreneurs: always looking for the best return on investment. According to analysts, Gartner and IDC, Android seems to be the market leader in mobile operating systems, so it is logical that cyber criminals will target the platform. Android malware can be easily spread through apps, which is another reason the platform is targeted. Not only did the beginning of 2011 see the emergence of this trend, but it also saw Android take the lead as the most targeted mobile operating systems in terms of malware. So it is the perfect time to introduce a solution for the protection of Android devices, as we expect a large increase in this area.

Marketing puff aside, as we’ve seen in the past few weeks with the Mac malware and the Gmail spearphishing, there are criminals out there working out how to attack every major platform. And f they can’t beat the platform directly, they’ll go after the user, which is often the weakest link.

G Data’s MobileSecurity is available for £9.99 from a range of Android app stores or is free with G Data’s 2012 range of security products.

Tags: , , , , , ,

Posted in Android, application, Security, smartphone, Virus

Comments 2 Comments

« Older Entries
Newer Entries »