Archive for September 8, 2015

Porn Themed Android App Demands Ransom After It Snaps Your Picture

Posted in Commentary with tags , on September 8, 2015 by itnerd

I would like to direct you to this Stack’s report which details what researchers at security firm zScaler have discovered. They’ve spotted a clever new variety of Android-based ransomware which takes advantage of phones’ built-in cameras to add a personal touch. What it does is that it activates the camera to take a snapshot of the user, which is then incorporated into its blackmail note. Right after it locks your phone.

Pretty sneaky.

To avoid being a victim, I would suggest that you download apps only from trusted app stores, such as Google Play. I’d also suggest enforcing this on your device by un-checking the option of accepting apps from “unknown sources” in the security options of your device.

Leave a comment »

Millions Of WhatsApp Web Users Vulnerable To Hacking

Posted in Commentary with tags , on September 8, 2015 by itnerd

If you run the web extension of WhatsApp, you should make sure you’re running version 0.1.4481 or higher to ensure that you’re safe. Here’s the reason why via Help Net Security:

Check Point security researcher Kasif Dekel found that to exploit the vulnerability, an attacker simply needs to send a WhatsApp user a seemingly innocent vCard contact card, containing malicious code. Once opened in WhatsApp Web, the executable file in the contact card can run, further compromising computers by distributing malware including ransomware, bots, remote access tools (RATs), and other types of malicious code.

To target an individual, all an attacker needs is the phone number associated with the account. WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application, including images, videos, audio files, locations and contact cards.

This doesn’t sound good. I’d be taking immediate steps to update to the latest version if I were you. What’s really scary is the scope of this problem. It could in theory encompass 200 million users. That’s not a trivial number of users.

Leave a comment »

Possible Backdoor Discovered In Seagate Wireless NAS Drives

Posted in Commentary with tags , on September 8, 2015 by itnerd

If you have a Seagate Wireless NAS drive, I’d strongly suggest updating your firmware right away. As in drop everything that you’re doing and do it now. Why do I sound so melodramatic? Here’s why via Betanews:

An undocumented Telnet feature could be used to gain control of the device by using the username ‘root’ and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others.

The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014. The problems were discovered way back in March, but a patch has only recently been published, along with an advisory notice from US CERT.

That’s an epic fail on a variety of levels. Anyone with an affected device is advised to update to firmware version 3.4.1.105 which addresses the issue.But I have to ask, who wrote the code for this? What explanation do they have for inserting such features in a supposedly secure storage device? It may have been left in for debugging purposes, which would imply that Seagate’s QA department who would be responsible for catching this really dropped the ball. Thus it would be incompetence at work. However, in the age of Edward Snowden, you cannot help thinking if there is something sinister at work. Either way, Seagate has some explaining to do so that they can regain the trust of their user base.

Leave a comment »

Review: Parallels Desktop 11 For Mac

Posted in Products with tags on September 8, 2015 by itnerd

It’s late summer and the universe is expecting a new Apple OS to hit the streets. That means it must be time for Parallels to drop a new version of the visualization software Parallels Desktop for Mac onto the world. This year it’s Parallels Desktop 11 and as usual it brings a bunch of new features to the table.

The biggest piece of news is full support for Windows 10. That includes support for Cortana which is Microsoft’s virtual assistant that competes against Apple’s Siri. One cool thing is that you can run Windows 10 in Coherence mode which integrates Windows apps inside OS X so that they are seamless. That means you can run Cortana in OS X and it works perfectly. I’m sure that once some people at 1 Infinite Loop see this, they will make a concerted push to get Siri onto OS X sooner rather than later.

Next up are multiple editions of Parallels Desktop. You now get three versions to choose from. There’s a Parallels Desktop Pro Edition and a Business Edition that give you the ability to create a virtual machine with up to 64 GB virtual RAM and up to 16 virtual CPUs. That’s perfect for power users such as developers. Plus they support the Microsoft Visual Studio Plug-in as well as for popular development, design, and test tools including Docker, Jenkins, and Chef. Support for Business Cloud Services is also included in these editions. One thing that is unique to the Pro Edition is complimentary Parallels Access support which means that you can remotely access the virtual machine from anywhere. Finally, both the Pro Edition and Business Edition have unlimited licenses. However, while the “normal” Parallels Desktop which only lets you have five licenses is a one time fee. The other additions are yearly subscriptions.

What you really care about is performance. Here’s what Parallels promises along my thoughts:

  • For Windows 8.1 and Windows 10, boot time and shut down time can be as much as 50% faster: Part of my problem in terms of judging this is that I have recently moved to a MacBook Pro that has screaming fast storage. But I can see that starting and shutting down up my Windows 10 virtual machine is way faster than what it was before on this machine. But I cannot confirm that it is 50% faster:
  • Battery life is extended by up to 15%: There’s a new trick that Parallels has added called Travel mode that does extend battery life based on my testing. Again I cannot confirm that it does so by 15%. But you do notice it.
  • Virtual machines suspend up to 20% faster: This might sound familiar, but while I found that virtual machines do suspend faster than before, I cannot say that it is 20% faster.
  • Many tasks in Windows are up to 25% faster: I did find that Windows virtual machines were faster from my “seat of the pants” testing. But my Windows Experience scores on either my Windows 7 virtual machine or my Windows Vista virtual machine did not change so I am unable to quantify that.

Another thing that Parallels did add is the ability for virtual machines to get location services from OS X. It does prompt you when the requests happen so that you can make a choice about whether you want to provide that info or not. Finally, this version of Parallels Desktop is ready for Apple upcoming version of OS X which is El Capitan.

Oddities? I had my Windows 10 virtual machine crash a couple of times on boot after I first installed Parallels Desktop 10 which caused the application to send an error report to Parallels. Then it behaved normally. Bug? That’s possible. This version of Parallels Desktop has only been out for a few days so that’s possible. Temporary gremlin? That’s possible. I couldn’t tell you, but I thought I would mention it.

In terms of pricing, it depends on the version:

  • Parallels Desktop: $79.95 USD. Upgrade available for $49.95 USD.
  • Parallels Desktop Pro Edition: $99.95 per year USD. Upgrade available for $49.95 USD.
  • Parallels Desktop Business Edition: $99.95 per year.

Parallels Desktop 11 is a winner on all fronts. It is fast, it works, and it is a pain free way of running Windows on your Mac. Consider this a must get if you are in need of running Windows on your Mac.

Leave a comment »