Monday, July 28, 2014

When stealing is NOT in the news

There is a phrase in Spanish, no English version: "It's sad (to) beg, but even harder (to) steal". Experience teaches us that cybercriminals do not stop if they have to steal (indeed, that is why they are criminals). However, they are not sad. So if they can get their precious target ('show me the money'), without having to steal, surely they will.

That's the conclusion from two researchers who will show at the next Black Hat conference how to use free cloud services, mainly for storage, to place into them automated networks (botnets), specializing in mining virtual coins. The two researchers, Rob Ragan and Oscar Salazar, commented in a previous note to the conference that their tools allow them access to a "vast amount of cloud computing, storage and pre-made hacking environments", and that they had to "violate the hell out of some terms" of these cloud services. Please, understand the irony.

Ragan and Salazar warn: if anyone can do it, everyone will try to do it. The old dream of "free money". Will it help announcing that? In his Cybernews from the dark side, the renowned Eugene Kaspersky believes that people is getting tired of the news on new hacks, targeted attacks and malware outbreaks. But all that never ever came to imagine that it could be hacked will continue to be news. For example: a car ("never ever"? We wonder). So Eugene starts his last post on recent industry news talking about how some Chinese hackers have achieved to penetrate the heart of the most famous electric out in the market: Tesla. By the way, and while we're reviewing industry news, like every Monday is useful to look at one of the most well-made compilations: Security By Default and its Secmana links (likely SecWeek links).

Kaspersky Lab's CEO do not forget the "controversy" created by Microsoft and its recommendations for use of simple passwords. An issue which also dealt with one of the most recent posts from other writing "from the side of evil" (according to his blog): the Spanish hacker Chema Alonso. He said a few weeks ago that accurate authentication systems make the password complexity being not a relevant factor. And today he is back in the saddle claiming that, for example, to skip locking systems in Google accounts is a "child's play". And it is explained step by step, like he was writing for children.

Since we are on Google, and returning to the initial idea, if steal is a sad thing, to let be robbed is even harder. And that's what we do if we do not care, every time we install something on our Android device from alternative markets to Play Store. A recent report by Cheetah Mobile warns of 24.4 million file samples containing malware applications for Android, and it also clarifies: only 0.14% of them are in the Google's official store. Really, you have to be unlucky to install just one, as long as you are moving into the "clean circuit".

Finally ... What browser besides Google Chrome uses Safe Browsing technology made in Big G? Exactly, Mozilla Firefox. Well, its developers have already told that the next version of this browser (scheduled for September) will be highly specialized in blocking malicious downloads. It may not be news, as expected Eugene Kaspersky. And maybe it's better that way: malware no longer in the news... because malware stopped making life impossible for users around the world.

We do not like to be sad robbers, even we believe that stealing is useless, so we dare to ask you to vote and share our posts. At the sidebar you have the links to our social networks, and sharing options at the bottom of each post. Regards from the side of good boys :-)


Post a Comment