Archive for January, 2013

Windows RT hack Don’t sweat it, Microsoft says

January 3rd, 2013

Windows RT can be hacked to run unsigned desktop apps, but Microsoft sees no reason to worry.

As described yesterday, the hack allows someone with a certain amount of savvy to change code in the Windows RT kernel so the tablet-based OS can run desktop apps. Officially, the only desktop programs that Windows RT supports are Microsoft’s own Internet Explorer and Office suite. Otherwise, the OS can run only Windows Store apps.

But the hack isn’t geared for the average Windows RT user.

Besides requiring the necessary programming chops, the hack can only change code in memory. So a user would have to modify the code each time the device boots up.

Further, desktop applications would have to be recompiled for ARM processors, so users couldn’t just run their existing desktop programs, which are designed for Intel x86 processors.

In a statement sent to CNET, Microsoft cautioned that the hack poses no security threat and actually applauded the people who discovered the hack. But the company also hinted that the hack may be eliminated in a future update to RT.

The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure that apps from the Store are legitimate and can be acquired and used with confidence. We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

The hack was uncovered by someone dubbed clrokr, who described how he was able to change a certain value in the RT kernel to expand the types of apps RT can run. Through his efforts, the hacker also discovered that Windows RT isn’t that differentfrom Windows 8, calling Windows RT “a clean port of Windows 8.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

BEWARE OF A NEW dangerous Facebook phishing scam!

January 1st, 2013

A very convincing scam that spoofs Facebook verification pages is being used to steal users’ personal details and credit-card information before taking user to the real Facebook, leaving many victims none the wiser that they’ve just given their sensitive details to criminals.

The scam, outlined by Australian software architect Troy Hunt on his blog, starts out as a link to a viral video or other Internet meme, perhaps in a friend’s tweet. It’s a shortened link that obscures its real destination, but users will be relieved to land on what looks like the standard Facebook login page.

After the visitor logs into his Facebook account, the phony site asks victims to update their Facebook account security and provide additional information — a security question, a mobile-phone number and full credit-card details, right down to the expiration data and card security code. There’s even an “overall protection” graph that mimics password-entry forms.

Unless they pay close attention to the address bar, the nearly perfect spoof page is likely to make users feel perfectly safe. Although the page looks exactly like Facebook, it’s actually faceboourk.com.

Once users have given “Faceboourk” their Facebook login credentials, phone numbers and credit cards, the site’s work is done. It takes them to the real Facebook login page, stealing their personally identifiable information and dumping them at Facebook’s front door in one seamless motion.

Scams like this aren’t new or uncommon, but this one’s level of sophistication and lack of spelling mistakes makes it especially noteworthy.

Hunt tried to look up the Internet registration information for the phony site, but was only able to glean that information entered into the faux Facebook pages was redirected to a “parked” (unused but registered) porn URL, and from there sent elsewhere.

Hunt said he thinks the scam may have abated for now. Still, Internet users should always treat links with skepticism and pay close attention to the URL, especially when entering sensitive information.

Scammers’ likely use the information gleaned from such phishing scams to sell on the black market or commit identity theft and financial fraud.

Their unscrupulous activities can lead to days, weeks and even months of financial headaches as victims attempt to sort out the financial havoc that’s been wreaked on their lives.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta