Thfire.com – iNews

Stay Safe!

Computer security firm Sophos has warned that hackers are spreading a nasty computer virus with a file promising a PowerPoint presentation of sexual positions from the Kama Sutra.

“Be careful what you do with that mouse,” Graham Cluley of Sophos said in an online post.

“When you click on the file you do get to see a real PowerPoint presentation, but in the background a backdoor Trojan called Troj/Bckdr-RFM is installed which allows hackers to gain remote access to your computer.”

Once a computer is infected with the malicious software, the hacker can steal personal information and spy on users’ activities or use the machine for nefarious deeds such as sending spam or attacking websites.

In scant consolation, the booby-trapped file did present slides of more than a half dozen lovemaking techniques illustrated from the ancient Indian text, Mr Cluley said.

Source: smh.com.au

A security bug has been detected and its real serious. Visiting a page and trying to read a simple PDF file can turn fatal and give full control of your iPhone or iPad to the hacker.

Your iPhone is wide open to hackers!

This security bug affects all iOS4 devices including the iPad.

The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required jailbreak solution for iOS 4 devices uses this same method to break Apple’s own security. But this is only to help the user.

How it works ?

It just requires the user to visit a Web address using Safari. The website can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.

The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod Touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions … anything can be done.

This is not the first time that something similar has happened. At the beginning of the iPhone’s life there was a problem with TIFF files that also caused the same security breach. Apple patched the bug after a while, but back then there were very few iPhones compared to the current installed base. Apple says that there are 100 million iPhones, iPod touches, and iPads in the world. Obviously, malicious hackers are racing to get a slice of that market.

How can you avoid it?

Right now, the easiest way to avoid this problem is by not going to any PDF links directly and not loading any PDF from any non-trusted source.
You can also jailbreak your iPhone and install a program that will ask for authorization every time your browser encounters a PDF (just look for “PDF loading warner” in Cydia).

Now this is called Web genius or hacking . But still he is a thief . Yep i am talking about  the recent theft identity involving Bank that rocked US.

Gonzales, 28, and two unnamed Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. and stole 130 million credit card and Debit card numbers.

Its a shame though for cops, not detecting the thieves earlier. All I can say is there is a flaw in the maintanence system that the Banks adopt. The method that the US theft used was simple “SQL Injection Attack”

The authorities should have foreseen it. Who knows how many people lost their money ????

Prosecutors say  If convicted, Mr Gonzales faces up to 20 years in jail for wire fraud and five years for conspiracy.

He would also have to pay a fine of $250,000 (£150,000) for each of the two charges

His corporate victims included Heartland Payment Systems – a card payment processor, convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DOJ said.

According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.

The data could then be sold on, enabling others to make fraudulent purchases, it said.

iPhone Vs Hackers

Apple’s aim to capture the enterprse market might not actually materialise, claims Joonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses. Zdziarski had gone on record saying that Apple won’t tell you, but the supported enterprise-friendly encryption included with the iPhone 3Gs is so weak it can be cracked in two minutes with a few pieces of freeware.

“It is kind of like next to the secret decoder ring, I don’t think any of us(developers) have ever seen encryption implemented so poorly before, which is why its hard to describe why it’s such a big threat to security.”

Now this is in complete contradiction with what Apple has said about its 3G iPhones and its encryption system. Apple said that its new iPhone 3Gs is more enterprise-friendly. Zdziarski has also said, “The new iPhone 3Gs encryption feature is broken when it comes to protecting sensitive information such as credit card numbers and social-security numbers.”.

Wonder how iPhone is going to react to this. After all this comes from someone within the company. They will either fire him and claim that he was trying to deframe Apple’s reputation or just release a patch that does nothing.

Dangerous CTRL+C

Oh yea, just using Ctrl+C shortcut to copy any sensitve information can put you at risk! With the combined help of Javascript and ASP or any server side programming languages the data from your clipboard can be sent through the web to a hacker. And we all surf with our javascripts enabled as majority of sites require javascript to be enabled in order to function properly. Hope that you haven’t copied a credit card number recently before surfing! I surely have done that mistake. But so far I didn’t have any problems.

Thinking that I am just lying or over-reacting  ?

here try this, visit http://www.sourcecodesworld.com/special/clipboard.asp

So, how do you fix this problem ?

Simple! just follow these steps:

1. Go to Internet Explorer’s options under tools.

2. Click the Security Tab.

3. Click Custom level.

4. Look for “Allow Programmatic Clipboard Access” under “Scripting”.

5. Disable it.

I am currently using Google Chrome and it doesn’t seems to have this issue. Looks like by default its fixed. I am pretty sure Firefox has also fixed this issue, anyway you guys can check it.

Stay Safe!