Yet another stunning revelation fetches no less fear of vulnerability in the cyber world forcing the security experts to step in. A recent programming error has suggested a zipper down, a new vulnerability that could infect the App Store applications. After careful experiments, Pangu Team has jumped in to this conclusion where the use of the code in question might erase the users data. The experts at the Chinese iOS jailbreakers who had an in-house research and analysis found 10 per cent iPhone apps in the store to be affected by the bug--responsible for overwriting an app’s data. Without any details they precisely claimed to have discovered that the bug in question, beyond doubt, might infect the Andriod Smartphones.
E Hacking News - Latest Hacker News and IT Security News
News Tom's Guide
StalinLocker / StalinScreamer sample: https://t.co/turcpk4oVx— MalwareHunterTeam (@malwrhunterteam) May 14, 2018
When run, it drops and plays in the background a file called "USSR_Anthem.mp3".
It gives 600+60 seconds to enter the key, else, it will wipe all it can (code for that on 2nd screenshot).@BleepinComputer @demonslay335 pic.twitter.com/bDpIKbS1ja
There is no help on that picture about the key as I see...— MalwareHunterTeam (@malwrhunterteam) May 14, 2018
See screenshot for how the key is calculated.
n = current date when the sample is executed
dt = 1922.12.30
So the key is: n - dt in days. pic.twitter.com/aRQbPZis9m
E Hacking News - Latest Hacker News and IT Security News
In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, Ruslans Bondars and Jurijs Martisevs, were arrested in Latvia and extradited to the U.S. by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom.
The Trend Micro Forward-Looking Threat Research (FTR) team started to look into Scan4You’s operations in 2012, and have been in close contact with FBI investigators assigned to the case since 2014. Our research on Scan4You spanned more than five years, passing some of our findings to the FBI until the service went offline.
What is Scan4You?
Scan4You is a counter antivirus (CAV) service that lets cybercriminals check the detection of their latest malware against most modern antivirus (AV) engines. This service helps cybercriminals make their malware campaigns more effective because they can tweak and test their malware to reduce detection rates.
Since CAV services like Scan4You make it easier for a budding actor to climb the cybercriminal career ladder, stopping such a large CAV service is an important preventive measure to make it more difficult for young actors to venture into cybercrime. Stopping these services also helps increase the costs of malware campaigns of more experienced actors who appear to be using CAV services. Finally, putting a stop to these types of services also sends a strong message to the underground that facilitating cybercrime can lead to arrests and prosecution.
Scan4You’s operators were also involved in other cybercriminal activities
Using a CAV service means that a malicious actor trusts it. It is therefore not a surprise that Scan4You’s owners had an established reputation as cybercriminals themselves. Scan4You’s operators have been around since at least 2006 and were affiliated with some of the longest-running cybercriminal businesses.
They did not just run a CAV service. They were also involved in one of the largest and oldest pharmaceutical spam gangs known as Eva Pharmacy. The group is infamous for the illegal sales of prescription drugs that they carefully marketed through spam and search engine optimization. They were also involved in the spread of banking malware like SpyEye and ZeuS. Scan4You used the corporate network of a Latvian Internet Service Provider (ISP) for many years and Ruslans Bondars worked for a Latvian software development company related to a variety of websites, including one that got fined for misleading advertisements and fraud in 2010.
Delving into Scan4You’s activities
Scan4You’s website claims that they don’t share information on the scans with internet security companies like Trend Micro. Evidently, this wasn’t entirely true. While Scan4You made sure feedback loops to Trend Micro’s servers about file scans were turned off, Scan4You also performed reputation checks of URLs, IP addresses, and domains. The way Scan4You set this up meant that all reputation scans against Trend Micro’s web reputation service were visible to us for years. Since 2012, we have collected a wealth of information on Scan4You’s operations, and in particular, information on the many reputation scans that they performed each day. A malware author would usually check the reputation of his landing pages or command and control (C&) servers on Scan4You just before he starts a new campaign. We were able to observe these checks, and in many cases, we could preemptively block the new malicious domains before they could use them.
Other large CAV services like VirusCheckMate and AVDetect also turned off feedback loops on file scans, but we received their reputation scans of IP addresses, URLs, and domain names. This made it possible for us to estimate their market shares. Throughout the years, Scan4You was always the biggest known CAV service.
Proactive collaboration with law enforcement
This is the second time Trend Micro has helped stop a CAV service. Trend Micro also assisted with the investigation against Refud.me, a medium-sized CAV service that used Scan4You’s application programming interface (API). Refud.me’s owner was arrested in 2015, and the court case was concluded in 2018.
Scan4You was the largest known CAV service. When it went offline, we expected to see a lot of its users to move to the only major CAV that was still online: VirusCheckMate. However, our data shows that there was no significant growth in the number of web reputation scans done at VirusCheckMate after May 2017. It appears most of Scan4You’s users stopped using a public CAV service.
The arrests of Scan4You operators Ruslans Bondars and Jurijs Martisevs send an important message to the cybercriminal underground. Not only is deploying or authoring malware that victimizes innocent targets a crime. In at least some jurisdictions, it’s also a crime to help others carry out these offenses. Thanks to the years of work done by Trend Micro and the FBI that led to their arrests, we take one more step forward in securing today’s connected world.
Read more about our research about the largest CAV service in the underground, its operators, and the ties that bind Scan4You to other cybercriminals: The Rise and Fall of Scan4You.
The post Operators of Counter Antivirus Service Scan4You Sentenced appeared first on .
TrendLabs Security Intelligence Blog
I believe that it is imperative that we invest in developing more liquid information environments in order to deliver more freedom of mental movement; to help us be better equipped to understand issues and to question them as well as being more able to communicate more clearly and credibly (through citing references in an accessible way) with the rest of our community.
The goal of my software development effort in my Liquid Information company work is to provide the means by which the user can become ever more deeply literate, resulting in having a wider access to information and richer ways to interact with the information in ways which truly ‘extends’ and augments the human intellect, to borrow a phrase from my friend and mentor Doug Engelbart.
- Liquid | Author is a word processor, with particular support for students since student writing should focus on clarity and veracity and use citations well, and is therefore a good model for much knowledge work
- Liquid | Flow is a text utility which works in any application through selecting text and issuing a keyboard shortcut followed by further keyboard commands (also visible on screen) to issue commands in less than 1 second
- When citing a book Author provides an Amazon Book search for the bibliography information and does the same for academic documents by searching Mendeley
- When citing a web page Author intercepts a copy from Safari and asks if it should apply the bibliography information automatically (apart from the name of the author, which the user must type or copy across)
- When citing from a video on YouTube, Author takes a copied URL and extracts the bibliography information (apart from the name of the author, since YouTube does not know who is speaking at any given moment)
- The result of the capabilities Liquid | Author provides is more focused work, through less strain through visual clutter or glaring screen, and less effort required to switch into and out of focus modes.
- The streamlined Publish process and the lack of font-playing options means that the user’s efforts will go more towards the writing rather than design or clerical work.
- The use of a streamlined and supportive citation creation system means that the user is more likely to cite sources and the means through which Author presents the citations means that they are more likely to be checked, resulting in documents with more transparency and more easily checked veracity.
- Functions such as instantly re-ordering the document to only show sentences with specific keywords and pinching to instantly collapse the document into an outline gives the user more of an overview and detailed view of the document being worked on.
- Liquid | Flow gives the user a more open mind by requiring so little effort to look something up, search for something or to see something that these actions allow for mental ‘sparks’ to be satisfied without any mental effort, with immediate effect.
My approach is to decrease the users cognitive load & maximise interaction in such a way that it achieves maximum bandwidth between the users brain and the computer’s representation. By far the biggest bandwidth between the human brain and the outside world is the hand for issuing commands and the eyes for capturing information. I therefore build software with as much keyboard and gesture support as I can, backed up by visual guides on the screen to help the user learn the hand-commands.
The opportunities for effective visual representation are vast and I have only started tapping in to the most obvious improvements and hope to be able to do the research, building, testing and production of this on an ongoing basis, using what we learn to bootstrap ever-better solutions.
Visually this is why Author has no visible commands apart from three which are at the least visually intrusive places on the screen; at the very bottom. This is where the button to toggle between optimised Read and Edit modes is and the user can quickly glance to see the word count to the left and, for visual balance, to the right there is a ‘Find’ command.
Author also employs typographical best practices for body and heading text, making reading more pleasurable on screen. This is also why the documents have a warm tone, to provide less eye-strain over prolonged use.
Furthermore, this is why in Author the ESC key does not only ‘Escape’ but allows the user to quickly toggle in and out of full-screen focus mode with a quick tap on the key, which is always top left on the keyboard, giving access to focus or context with absolute minimum effort.
Going out of a mode must always be as easy, or easier than going in to the mode to start with, in order to not give the user feelings of frustrations. Therefore, when reading someone else’s document or working on their own, the user can choose to see only sentences with a specifically interesting keyword just by selecting it and hitting cmd-f. The result is that all the sentences which do not have the keyword text are hidden and the user can read every instance easily, without the normal practice of having to go through the whole document by scrolling, stopping at text marked with a yellow highlight and thus loosing their position in the document. In Author the user can click ESC, do cmd-f again, or click in the margin to return–or click on an instance to jump to it in the document.
Making checking citations quick and easy is an ongoing effort, going far beyond the analog method of passively listing sources at the back of the document, to providing instant access to the source and information about the source. For example, Author allows the reader to watch a video citation from the specified moment right inside Author, reducing the mental load of going outside the application.
At the last step of the writing process, workflow considerations include streamlining the act of making the document Public/Publishing the document to include automatic handling of citation information and appending a References section at the end of the document.
Liquid | Flow was designed to increase the effective space of the users resources by providing a super-quick way to access references and searches which would mean that a relatively experienced user would feel that they have all the most important and relevant resources of the web available at ‘a thought’, where the ‘thought’ is the unit of effort needed to issue the command. Testing and use confirm that most commands in Flow can be issued comfortably within 1 second with no noticeable cognitive load.
This is where we take flight, when both eye and hand are employed to their best capacities. My former teacher Paul Cairns once said about Doug’s ’68 demo that he was flying through cyberspace and this is my interaction goal :-)
Whereas writing can be a simple transcription of a thought sentence from working memory to screen, authorship is an active process of thinking where the act of writing clarifies the highly connective and associate patterns in our brains, allowing us a clearer ‘view’ of our thoughts and assumptions than working memory alone is capable of.
This is why I am developing a dynamic view application called Liquid | View to take any document’s headings, keywords, glossary entries or other, and see them as a freely interactive concept map. External ‘nodes’ can also be employed, in what Christopher Gutteridge calls a ‘node server’.
The benefits of using the Liquid software then can be summed up as providing a clearer work environment with more powerful tools which allows the user to develop a deeper literacy to more efficiently write, think, cite and submit their work. A few bullet points to highlight specific benefits from features:
Much of what I have described for you here is quite obvious but it was not all obvious before–it has taken a lot of time developing, using and testing to add capabilities in a a way which really become extensions of the user rather than piles of menu items or buttons on the screen. This is part of the gradual evolution of the system in conjunction with the user becoming more experienced–I do not believe it is possible to design a perfect system and then implement it–it needs to grow with the user through experience. In order to do this I have been doing a huge amount more testing than ever expected. The old joke is true: When building software, first you do 90% of the work, then you do the next 90% of the work.
As Doug Engelbart pointed out, our capabilities are not isolated, they come about in a network of actors, from the technological world and the human world, connected to our basic sensory capacities: wordpress.liquid.info/capability-infrastructure/
There are two important large components or aspects to this famous map which is available at welchco.com/02/14/01/60/92/06/0103.HTM#015H which I feel is worth highlighting to extend the Engelbart model: Infrastructures and the Symbol Space. In Doug’s original work the infrastructure was largely internal since the ARC NLS system was the only game in town. Today there are myriads of standards and protocols with commercial, legacy and legal constraints which must be taken into account.
In order for real innovation to take place this gradual polishing needs to be accommodated for but it is even more important to support an ecosystem and the way to do that is through supporting a robust and open infrastructure. With ‘office’ products such as spreadsheets and word processing documents Microsoft held a near monopoly for decades because the document formats were proprietary. Though they have been opened up to a large extent since, there are no open document formats which can contain special information from specific innovations in software and be open to other applications. This is the reason why I support initiatives such as Rich PDF and working with Knowledge Graph systems and a hyperGlossary system for interchange as well. Much in the infrastructure space is political or economic, including the lack of ability to point to specific sections in commercial eBooks such as Amazon Kindle Books and I work to open these possibilities are well.
Addressing is a crucial issue since it is the means through which we point: http://wordpress.liquid.info/the-fine-art-of-addressing/
Doug Engelbart’s CoDIAK approach of Concurrently Developing, Integrating and Applying Knowledge might not work in every organisation for political and social reasons, but it should certainly be a goal for the universal, global knowledge space. This can only happen if the infrastructure, as discussed above, allows for it, by allowing the high resolution links between assertions in documents. Similarly, his notion of a Dynamic Knowledge Repository (DKR) is really an aspirational, global environment, not just a technical spec.
The notion of a symbol space concerns the actual work-stuff: the symbols, primarily textual, which holds much of the meaning in computer systems: wordpress.liquid.info/symbol-space
Much of what I have discussed above are relatively obvious opportunities for improving the digital knowledge work environment and can be achieved with a modest amount of funding and political will. How we then get to the next stage of mind-augmentation is not at all clear, only the ‘paradigm’ which will lead us there is clear. We need to accept that we know very little of the intellectual working of the single and group human mind and also very little of the nature of digital symbol representation. In order to find the big leaps we need to explore as deeply as we can and that takes guts, perseverance and safety of those who do the work. Can our society invest a tiny amount to pioneering teams to really go deep into these areas, with potential for both learning more about blind alleys but also for massive social good?
The work done can not simply stay in a lab or illustrate a point. It must be put into publicly available systems where they are demonstrably useful and that means that commercial principles of marketing, training and end-user ease of use will play a part in the ‘realisation’ of the research.
This part will also require experimentation so that the proposed strategy is to ensure that the infrastructure allows for competing solutions and that the individual software packages come with useful options for advanced users to change settings to feed back to the development what is more useful in actual workflows.
It is not enough to provide capabilities to those who are happily served by the current commercial offerings, we need to augment high-performance organisations, initially in academia, by building more powerful capabilities to those who want to invest the basic effort to use them, as I blogged about: wordpress.liquid.info/joe-sally/ The target user is, in Doug Engelbart’s language; serious amateur or pro level knowledge worker.
There will need to be an effort to also provide easy-entry systems for novice or only partly-involved users to be able to contribute to the environment however–though these users are not the primary focus of this high-performance effort to enable deeper literacies.
Universal Plug and Play Networking Protocols takes the centre-stage of yet another controversy forcing the Infosec fraternity to keep themselves away from the set of networking protocols. After a brief gap, many cyber security experts have found out more and more stunning facts raising doubts over the way UPnP works these days. The InoSec community is quick to target the networking protocol acting on the recent disturbing revelations by Imperva that provides cyber security software and services. The experts doing an extensive study on the cyber security related issues have, of late, devised an effective mechanism to exploit the UPnP protocol. Acting on the incident of 2017 DDoS attack, Imperva claimed to have attained a proof of concept which helped it decipher the UPnP technical tricks. It was Imperva only which spotted the DDoS attack. Imperva’s study and analysis are based on the amplification system with Domain Name System servers and Simple Service Discovery Protocol (SSDP).
According to what the cyber security experts say, blocking the packets with sources port 53 is an effective mechanism that can mitigate the DNS amplification assault. They further have observed an amount of SSDP payloads at an unspecified source other than UDP/1900. That’s how, they took on the unconventional SSDP amplification attack in April. Imperva has put in place a system to counter the 2017-like attack by UPnP. Another massive DDoS attack struck the cyber world in March where the worst-hit was GitHub with a sustained 1.3 tbps traffic which lasted for less than ten minutes. According to the researchers, the moment a rootDesc.xml file is spotted, the hackers can easily use it in a device to run. They keep saying that the scheme, a request can be made for forwarding rule that reroutes all UDP packets sent to the port of an external DNS server.
E Hacking News - Latest Hacker News and IT Security News
In Author you can quickly change from focused full-screen to regular view with the ESC key. When you settle down to write you have no formatting options to distract you with but you have control over your typeface to choose bold and italic which appear as they should, not as code which is how they appear in markdown.
Thinking is sometimes simply called ‘organising your thoughts’ and in Author you can pinch to see only the headings in your document, which you can re-organize to reflect your growing understanding of the topic you are writing about.
A very useful thing is to pinch into this view before you even start typing, where you can hit the + button (or the ‘enter’ key to add headings and move them around to prepare the outline of what you need to flesh out.
While you are writing a longer and more involved document you may question if you have used a word or phrase earlier. Just select it, cmd-f and only sentences with that text will appear-in full. Click on one to jump to it, cmd-f again or ESC or click in the margin to return to your regular view.
Liquid | Author’s companion Liquid | Flow allows you to select any text and instantly carry out useful operations. For example, look up a word in Wikipedia. You can also translate, convert, search copy in different experimental ways and share via email, and more.
To cite something you have read in a book you select the text in your document which contains the quote, or paraphrase, and cmd-t to get the citation dialog. Here you can press ‘a’ for Amazon and you can search Amazon for the book and it will auto-fill your citation.
If you copy something from a web page you will get the option when you paste to paste as Plain Text (default option, just press enter) or As Citation (hit ’t’). If you choose to paste as citation Author will capture additional information for you but you still need to type in the author’s name.
This brings up citing from a video on YouTube. You can ctrl-click inside the video to copy a URL to the exact time in the video you have frozen at and then in Author when you do cmd-t you have the option to cite using your YouTube URL. If you do, you will also need to enter the author’s name since different people can of course speak in a single video.
When you have written your work and you are ready to publish to a teacher or a journal, you can cmd-p which does not bring up a traditional Print dialog but a series of options for how to Publish your digital document; to .doc, .pdf and also to paper via Print.
When you choose what format you want to Publish in, you can also specify whether your citations should be automatically appended to the end of the document under the heading of ‘References’ or ‘Bibliography’. You can also specify how the citations should appear in the body of the document; as superscript numbers or authors names and dates in brackets.
[NEW] You may already have entered your name and organisation at the back of your document. If so, Author will have remembered and you only need to fill in the name of your course. This information will automatically become the document cover sheet.
Before you Publish you may want to share the Author document with someone to have a look at it and for this you can use the Share menu, which does not allow you to change format. A tip: cmd-shift-d will immediately take your document and put a copy in a new Mail message, with the subject of the message being the name of the document.
If you like, you can even use Liquid | Flow to post your work to your blog, in about a single second. Liquid | Flow also allows you to instantly create glossary terms for your blogging (show video) which is very useful but outside of the scope of this Author walk-through.
If you choose to Share or Publish your document as a .liquid document, which is the native Author document format, there are a few capabilities worth highlighting: Author features a Read Mode as well as an Edit mode which is toggle-able by clicking the button at the centre of the bar at the bottom of the screen. In the Read mode your reader can do the following:
In addition to pinching in in their trackpad to get the instant outline, the reader can pinch out to expand the text into flow mode, where dense sections can be easier to read, breaking the lines on command and double breaking on period [NEW]
Your reader can check your citations quickly and easily: If it’s from a book, they can click on the text and have that book open in Google Books, right in the section cited [NEW] or look the book up in Amazon to see its ratings.
If the citation is from a video, your reader can click on the video citation and the video will play from that moment of time right inside Author. This gives your writing more veracity through transparency and contextualisation.
But we at the Liquid Information Company are only getting started. These are early days and we thank you for your support in continuing to develop ever more powerful interactive text software: Thank you!