20120229

Avast Releases Fix Update Utility For Corrupted Installations


The release of Avast 7 has caused anger and confusion in part of the security software’s user base. Especially the fact that Google Chrome was installed in a sneaky way during updates or new installations fueled criticism of the new version. Some users on the other hand reported that the application did not install or update correctly. The installation basically hangs and exits with an error message.
Especially users who try to upgrade from version 6 to 7 are affected by corrupted installations of the security software. The core issue here is that it is not possible to update the program anymore. Some users have experienced other issues as well, like crashing third party applications, slow system starts or shutdowns or related issues.
avast corrupted installation
Experienced users may have resolved the situation already by running Avast’s Software Removal Tool which uninstalls all traces of Avast software on the system. A clean install of Avast 7 runs through without problems afterwards.
Avast has released a Fix Update utility for users of Avast 6 and Avast 7 who are experiencing issues with their antivirus.
Here are the instructions on how to use the program to fix Avast on the computer
  • Avast 7: Run Fix Update first, then go Maintenance > Update and click on Update Program. This should resolve the issue.
  • Avast 6: Run the Fix Update program as well. You will then be asked whether you want to update to Avast 7. Click Yes and the update will be installed. This can take a few minutes before the update completes. Restart the computer in the end to complete the update
The tool can be run on systems that are not affected by the particular issue. It will simply exit in this case telling you that the avast installation does not seem to have the problem that the fix is supposed to resolve. (Techdows)

Android Malware Spreading Via Facebook



While your are scrolling through Facebook pages on Android,it may occur to you that you are using a facebook app running on a Google's Mobile OS and the two hawks of Silicon Valley are working hard all the time to make your experience as secure as it could be. But hold on ! aren't you missing something ? Yup there is also a community of Malware writers whose sole purpose in life is to find new ways of sneaking into your systems and devices.
It seems that almost every day there is a new facebook scam geared toward persuading users to click on a link. Attackers are increasingly using social media to distribute malware by tricking users into visiting malicious sites.And this time target is the Facebook app on Android which according to Security firm, Sophos is found spreading malware in an entirely new way.

Bouncer : Google's scanner for Android Market

Meet Bouncer.Google's new and clever tool to scan every app that enters the android Market . When a developer submits a new app, Bouncer steps in and analyzes it for potential threats. It scans for malware, spyware, and trojans — as well as apps that “misbehave” in other ways. This is done through an Android emulator on Google’s cloud infrastructure. Though new apps are obviously the focus, Bouncer actually scans all apps — new and old.

How this recent Malware works ?

Well you may get a friend request and like everyone you would go to person's info page to get know of him/her and decide whether you should friend him or not .You may also want to visit any link on that page to know 'more' about that person.And here the Game starts ! , you visit the shortened link disguising as an Android app and after redirecting you a couple of times , the app starts downloading automatically .

A screenshot showing how any_name.apk's look like 



The malware package is named something like any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services.Although Android by default never allows apps to be downloaded without informing the user, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market.

Its not clear how bouncer will react to it ,but surely if you are reading this you should be alert not to become a victim of clickjacking. via[rafayhackingarticles]




Copyright Notice By Recording Industry - Latest Email SCAM


A few days ago i received an "official" email from Recording Industry Association of America (RIAA) stating :

Dear hereby we notify you that your IP address has been identified as distributing copyrighted content.Please see the attachment to this for illicit Internet traffic details.




At first it looked pretty much o.k. as i was rushing through the mail ,in the morning  ,half sleepy -half awake. I was just about to click the attachment ,then suddenly the list of recipients flashed across my eyes and I was like Thank God !! i didn't download that file.

I looked into the email header and found that it was generated from an account that had nothing to do with RIAA.

This is one of the latest forms of e-mail scam that can be sent by official or unofficial account of some record label or Media  regulation authority  that carries the potential of tricking you in downloading the attachment file containing Malware , keylogger or trojan. 

About doing a bit of research i found the following scams floating around these days on the web :
  • -Your IP is caught involved in Downloading copy righted content -By your Internet Service Provider 
  • -You are invited to event about to take place in ,Please download the attached file to see the schedule of the event Note: Events maybe real ,but invitations are fake
  • -Your Cell phone was caught indulged in criminal activity , you are required to report at
  • office ,find the attached document to note the papers you need to bring with you to prove your innocence
If you get any of such (or related) e-mail ,just think for a while ,why in the world would some institution like RIAA contact you in such manner !

(Source

Learn Ethical Hacking Basic: Session XIX

The Ethical Hacker’s Process
As an ethical hacker, you will follow a similar process to one that an attacker uses. The stages you progress through will map closely to those the hacker uses, but you will work with the permission of the company and will strive to “do no harm.” By ethical hacking and assessing the organizations strengths and weaknesses, you will perform an important service in helping secure the organization. The ethical hacker plays a key role in the security process. The methodology used to secure an organization can be broken down into five key steps. Ethical hacking is addressed in the first:

                                  Learn Ethical Hacking Basic: Session XVII

  1. Assessment
Ethical hacking, penetration testing, and hands-on security tests.
  1. Policy Development
Development of policy based on the organization’s goals and mission. The focus should be on the organization’s critical assets.
  1. Implementation
The building of technical, operational, and managerial controls to secure key assets and data.
  1. Training
Employees need to be trained as to how to follow policy and how to configure key security controls, such as Intrusion Detection Systems (IDS) and firewalls.
  1. Audit
Auditing involves periodic reviews of the controls that have been put in place to provide good security. Regulations such as Health Insurance Portability and Accountability Act (HIPAA) specify that this should be done yearly.
All hacking basically follows the same six-step methodology discussed in the previous section: reconnaissance, scanning and enumeration, gaining access, escalation of privilege, maintaining access, and covering tracks and placing backdoors.

Is this all you need to know about methodologies? No, different organizations have developed diverse ways to address security testing. There are some basic variations you should be aware of. These include National Institute of Standards and Technology 800-42, Threat and Risk Assessment Working Guide, Operational Critical Threat, Asset, fand Vulnerability Evaluation, and Open Source Security Testing Methodology Manual. Each is discussed next.

National Institute of Standards and Technology (NIST)

The NIST 800-42 method of security assessment is broken down into four basic stages that Include:

  1. Planning
  2. Discovery
  3. Attack
  4. Reporting

NIST has developed many standards and practices for good security. This methodology is contained in NIST 800-42. This is just one of several documents available to help guide you through an assessment. Find out more at http://csrc.nist.gov/publications/nistpubs.

Threat and Risk Assessment Working Guide (TRAWG)

The Threat and Risk Assessment Working Guide provides guidance to individuals or teams carrying out a Threat and Risk Assessment (TRA) for an existing or proposed IT system. This document helps provide IT security guidance and helps the user determine which critical assets are most at risk within that system and develop recommendations for safeguards. Find out more at http://www.cse-cst.gc.ca/publication.../itsg04-e.html.

Operational Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

OCTAVE focuses on organizational risk and strategic, practice-related issues. OCTAVE is driven by operational risk and security practices. OCTAVE is self-directed by a small team of people from the organization’s operational, business units, and the IT department. The goal of OCTAVE is to get departments to work together to address the security needs of the organization. The team uses the experience of existing employees to define security, identify risks, and build a robust security strategy. Find out more at www.cert.org/octave.

Open Source Security Testing Methodology Manual (OSSTMM)

One well-known open sourced methodology is the OSSTMM. The OSSTMM divides security assessment into six key points known as sections. They are as follows:

* Physical Security
* Internet Security
* Information Security
* Wireless Security
* Communications Security
* Social Engineering

The OSSTMM gives metrics and guidelines as to how many man-hours a particular assessment will require. Anyone serious about learning more about security assessment should review this documentation. The OSSTMM outlines what to do before, during, and after a security test. Find out more at 
www.isecom.org/osstmm. 


50 GB of storage box for Android users


Box you know, right? At the very Dest, if ye have here read along now and then. Box is one of the many vendors that offer online storage space. For this purpose there are then each quantity Apps and the possibility, are working to in the team together. At that time they had given to all users with iPhone and iPad 50 GB disk space , and only by means of tricks you could get the 50 GB as Android users. But the days of the tricks are over, now the box gives Android users 50 GB disk space "forever".
How do you get the 50 GB of memory? By means of new Android app login or create an account to share data and save - done. File sizes are 100 MB in box limited, just for info. ( via , via)

Google does "Do Not Track" button on the browser to Chrome

Google is like no other company, "a service is free, you yourself are the product," 
The Chrome browser features, for example, quite a lot of information about the surfing habits of users in order to ultimately accurate, relevant ads, advertising off and so it is no wonder that Google is exposed to frequent criticism here.
 what the Chrome browser has become much less, see here , but there are still frequent criticism.
( original  photo under CC license in FlickR of TopRankBlog)

Having been in the U.S., but kicked off just a small earthquake in this direction, a prosecutor against Google, Apple and Co. because of data protection a uf the drum is carved , privacy policies are introduced into the apps from Google, Apple and Co., and even U.S. President Obama a relevant consumer protection policy ( "Do Not Track" ) has pursued, leans to Google will integrate the pressure and "not Thurs track" in the Chrome browser a button.

"We're pleased to join a broad industry agreement to respect the 'do-not-track' header in a consistent and meaningful way that offers users choice and clearly explained browser controls"
At least, the statement of Google's senior vice president of Advertising Susan Wojcicki.How the button looks in the end, what it does and what data is actually still end up on Google's servers still unclear. Cut off times I suspect that it is hardly all advertising-related traffic - then Google would eventually return no more for the use of the browser - but will assume nothing and let myself be surprised by the results.
Basically, the residue of this goes straight through the industry is welcome in any case, after all, many look hardly even what information they reveal just all and the policy would be over completely ... 

I'm curious to see how far the current trend - whether Show Google, Facebook, Apple and Co. in the future either completely and without time-consuming inquiry procedure, the data must be collected and used, or even be limited in their collecting.