These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Archive for the ‘Internet’ Category

IoT: What the Bad Guys Could Do with Your Hacked Devices

Thursday, February 11th, 2016

Following the third part “IoT: Your Personal Data May Not be as Private as You Think” of this series on the Internet of Things, here is part four focussing on what could happen when IoT private information (discussed in “IoT: Your World at Somebody Else’s Fingertips?”) falls into the hands of the bad guys or the cybercrime underworld.

Suppose the bad guys have access to your personal data or hack into your IoT appliances (worst-case scenario!), they could:

  1. Demand a ransom, threatening to sell your private health records to any interested party
  2. Hijack your appliances and render them non-operational, unless you pay a ransom “fee”
  3. Monitor your house by controlling your security cameras without your knowledge, thus determining your presence or, in fact, absence. Along with your ‘Going to Paris on vacation’ post on social media, it enables them to plan a robbery more accurately
  4. Sell your eating and food preferences to various food manufacturing companies or retailers or even to restaurants and hotels, just to provide an added advantage in targeted selling
  5. Sell your clothes-washing habits and clothing preferences to various fashion companies or retailers
  6. Use your device as part of a botnet of billions of hacked devices to conduct a Distributed Denial of Service (DDoS) attack against a specific target. It is interesting to note that this type of attack using IoT devices has already happened. The light bulbs at your home could well already be part of a botnet, consuming your power and internet bandwidth simultaneously!

Perhaps somebody with a vendetta against you could even resort to changing your refrigerator’s temperature settings so that your food goes bad.

We have been witnessing for years what bad guys are capable of doing, e.g. security breaches at big organizations and infamous ransomware. The same tactics might apply here too.

One other dangerous scenario is within the context of cyber warfare. During war time an enemy nation could launch a massive cyber attack on IoT devices in another nation, rendering every IoT device dysfunctional resulting in more chaos, damage and potential loss of life. To this effect, IoT appliances may also be prone to cyber attacks by terrorists.

Image credit:
www.wired.com/tag/iot

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

IoT: Your Personal Data May Not be as Private as You Think

Thursday, January 21st, 2016

Following the second part “IoT: Your World at Somebody Else’s Fingertips?” of this series on IoT, here is part three focussing on the privacy of the user’s sensitive information.

Privacy becomes a very important factor to consider when it comes to user-specific data that these IoT devices generate and store locally and/or remotely.

Suppose a user’s IoT enabled medical devices send important data about his/her blood pressure, sugar level and diet information (remember the smart refrigerator!), then the user might experience one or more of the following:

  1. one of the nearest hospitals in his/her city might offer attractive packages for health check-ups
  2. medical information might be shared with pharmaceutical companies for them to offer discounted rates on user-specific medicines
  3. medical information like blood pressure, sugar level etc., will be helpful for a fitness company to target the user for a custom-made discounted fitness package
  4. medical records would be useful for an insurance provider to either stop an insurance pay-out or increase the premiums paid based on direct access to the user’s health report

And much, much more!

In addition one’s TV or set-top box might inform the dish service provider about the type of channels one often watches, such that the service provider could offer you a tailored package to renew the provider’s service. You might not even consider finding out what their competitors can offer! Of course, their competitors might well be following the same strategy with their own customers.

All of a sudden you might get an email from a famous detergent company about a discount sale on their brand of washing powder. That’s right, your IoT-enabled washing machine could have given away some information about your usage habits without your knowledge.

“So what?” “It is good anyway since we would save money and time.” You might say. Hold on one sec! There is also the annoyance factor … unsolicited messaging … spam!! That’s apart from the general leakage of personal information unbeknownst to you.

…to part4: IoT: What the Bad Guys do…

Image courtesy of:
internetmedicine.com

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

IoT: Your World at Somebody Else’s Fingertips?

Thursday, January 14th, 2016

Continuing from our previous blog ‘IoT: The World at your Fingertips’ that described the concept of IoT, here is the second part of this blog series that explains the security risks associated with IoT.

Already there are instances where numerous types of IoT devices have been successfully hacked and have been proven to contain security weaknesses. This information demonstrates the point that bad guys can own insecure IoT devices at will or at least retrieve sensitive data easily. Hence it becomes mandatory to be aware of the risks that are associated with IOT enabled devices.

Any device (mostly home appliances) that can be remotely controlled or monitored from the Internet is called an Internet of Things (IoT) device.

Before getting to know the risks of adopting IOT devices, it is important to know what information these devices could hold. One’s

  1. fitness tracker can hold important medical data about one’s health such as blood count, sugar levels, blood pressure, etc., and of course, in turn, one’s general fitness level
  2. pacemaker could carry data about one’s heartbeat
  3. microwave can hold information about cooking patterns and styles; what kind of dishes are cooked in general or on specific days; what food products are used most
  4. washing machine would hold information about clothes-washing patterns, usage of detergents, types of clothes, etc.
  5. TV will know most-viewed programmes, the type of advertisements watched often, the number of hours spent watching movies, etc.
  6. refrigerator can scan the barcodes of the items placed inside. And by scanning the drugs or medicines, the refrigerator could know one’s health profile. It would certainly know one’s eating habits

And much, much more! These are only a tip of the iceberg. The more IOT enabled devices one uses at home, the larger the quantity of private data to be stored on these devices or reported back to a remote repository.

If a stranger has access to Mr X’s IoT devices, he/she can find out Mr X’s lifestyle, Mr X’s food and diet preferences, the programmes Mr X watches often, the movies Mr X likes, the kind of clothes Mr X buys often, whether Mr X has high blood pressure, how Mr X’s health is likely to be next year. And what not?

In recent days this type of personal, private user information definitely yields money when sold on the market! How? Targeted advertising! This implies that IoT users need to be aware of good security hygiene and implement good security practices regularly in order to avoid potentially unpleasant situations post the loss of sensitive data.

…to part3: Privacy

Images courtesy of:
allinclusivemarketing.com
dreamstime.com

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

IoT: The World at your Fingertips

Thursday, January 7th, 2016

Following the success of our blog series on cyber security, we would like to start a brand new blog series describing the concept of the Internet of Things (IoT) security to create and spread awareness among the general public on being secure in the world of IoT. This is the first part of this series that talks about the basic concepts of IoT to help people to handle IoT in a secured way.

As per Gartner predictions, 6.4 billion connected things, with 5.5 million new things per day, will get connected by 2016. The number of people that can connect to their home appliances remotely and control them from anywhere will increase. Ten years back, connecting to a home microwave or turning on the air conditioner while travelling back home were only part of James Bond movies. Well, these days we can all be 007.

With the advent of mobile operating system technology such as Android and nanotechnology, anyone can control any kind of device remotely using the Internet. Some of the possibilities are:

  1. The air conditioner at home can be switched on/off, and set to a specific temperature while returning back from the office. By the time you reach home, your house will be just as cool as you like it to be.
  2. The washing machines can be turned on so before you reach home the water is filled for you.
  3. The microwave can begin the process of cooking or heating your dinner so that it’s ready to eat at the time of your arrival.
  4. Your fitness tracker can monitor your body blood pressure, sugar levels and body temperature; etc. Your babies can also be monitored with the same fitness devices.
  5. The cameras at your house will let you know the movements inside and outside your home. You can keep watch as required from the comfort of your office … although your boss may not be too pleased with that.

The possibilities and benefits are unlimited but, unfortunately, so are the risks. If you are able to access these appliances remotely, it is also possible for unauthorised parties to access them, if adequate security measures have not been implemented. We will see more about this later in the upcoming parts of this blog series.

Your car, washing machine, pacemaker, microwave, furnaces, refrigerator, household cameras, smoke detectors, light bulbs, and even your watch can play a part in IoT. All of these can be controlled remotely at your fingertips. Interesting, isn’t it?

“With great power comes great responsibility”, applies perfectly to the people who will control their IoT enabled home appliances.

If you think a little bit about how one uses technology to control and command home appliances, it becomes apparent that a single device or app can be used to control them. You only say what needs to be done to these applications and they in turn communicate with the appliances to control them. For example, if you purchase an IOT enabled washing machine, the manufacturer will provide you with an application that can be used to operate your washing machine remotely. You simply install the app on your mobile device (that has an internet connection) and using the buttons within the application, you start operating your washing machine while travelling!

Now, if somebody compromises this application it means they own the IOT appliance. Owning one or more of your home appliances could mean owning your house. Sometimes it could even mean owning you and your family! The “benefits” of controlling your home remotely!

The advertisements generally downplay the risks that are associated with this concept.

The primary benefit of IOT is the ability to manage time more efficiently, given the ability to control and monitor various household stuff remotely. Let’s take the health benefits that these devices are intended to bring. Monitoring blood level, blood pressure etc., were big tasks ten years back, so much so that they required a hospital visit. Now tests can be done everyday, and the results monitored so that you may plan your diet accordingly. Your family physician may also be able to monitor your health parameters and sound the alarm if things go wrong. Fabulous.

However, there is a major problem. If someone compromises the IOT enabled devices, then there is a serious impact on personal privacy and safety for the owner of the device and his/her family. We are going to have around 6.4 billion connected things by 2016! All the better to hack with.

The objective of this blog series is certainly not to spread panic about IoT. IoT is here to stay. However it is important to create and spread awareness on being secure in the world of IOT!

…to part2: Security risks with IoT

Images courtesy of:

1. www.3g.co.uk/g_phones/large/internet-of-things-everything-you-need-to-know.jpg
2.gkapteina.files.wordpress.com/2015/08/efergy-com-blog-iot-explosion-of-connected-things.png

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Scareware, Rogue AV & Ransomware

Thursday, December 31st, 2015

This is the third part of the blog series on cyber security, continuing from its second part on mobile security, focussing on the malware type that utilizes a user’s fear of data loss to extort monetary benefits, and a few precautionary steps to follow to avoid being a victim of this type of malware.

Scareware


In the modern day most malware are written for monetary gain. Scareware is a generic term to describe a category of malware which use the strong emotion of fear to force alarmed victims of an attack to pay an amount of money, typically tens to hundreds of US Dollars, to the attacker to restore normality on their computer/device.

Examples of scareware include malware which:

  1. display fake messages to the user about virus infections or system errors on the computer for which the fixing solution requires payment of a sum of money
  2. lock-down or claim to have locked-down access to some aspects of computer functionality such as use of the screen or personal documents, for which regaining access involves payment of a sum of money

Scareware typically infect users’ computers through downloading malicious attachments or clicking links in spam, or through accidentally visiting hacked websites.

As always it is important to ensure that you:

  1. Do not open emails from strangers, including fake messages from well-known companies such as FedEx or DHL
  2. Keep your operating system and third-party software, e.g. browsers and document readers, completely up-to-date with security updates. Avoid pirated software
  3. Use top-rate, genuine, up-to-date Anti-Virus software such as K7 Internet Security with strong Internet Security features such as malicious spam blocking, malicious website-blocking and browser-exploit protection

Scareware can affect both PCs (typically with a Windows operating system) as well as mobile devices (typically with an Android operating system which can be protected by K7 Mobile Security).

Rogue AV

Rogue AV or Fake AV is a subset of the scareware category of malware. Rogue AV pretends to be a legitimate Anti-Virus program which proceeds to display fake warnings of numerous virus infections on the computer.The fake warning window may steal the computer’s focus and then remain persistent with the malware preventing attempts to close it. Users are made to believe that only if they fork out a sizeable sum of money would the virus infections be cleaned up and the computer restored to a good state.

Historically Rogue AV has been associated with the use of Search Engine Optimization (SEO) poisoning which ensured that hacked websites controlled by the attackers ranked highly when trending topics were searched for in a web search engine such as Google. When the user clicked on one of these attacker-controlled links the user’s computer would get infected. Rogue AV is most commonly found on Windows PCs, but has also been known to infect MacOS computers.

Ransomware

Ransomware is a type of malware, becoming more common by the day, which denies access to your computer resources until a hefty sum is paid to the criminal gang which caused the infection.

The typical resources held to ransom are as follows:

  1. Personal documents, images, and other files – In this case the files are encrypted so that they become unusable. After the files are encrypted the ransomware displays a splash screen informing the victim of this action and demanding a ransom payment to restore the files. Recovering these files requires obtaining the decryption key from the malware syndicates for a fee amounting to hundreds of US Dollars. Payment is made through guaranteed anonymous channels such as the BitCoin network. The first major ransomware family of this type was called Cryptolocker.
  2. Device screen – In this case the screen is frozen by the malware with a ransom demand visible. The user is allowed to make the payment to unlock the screen. One prevalent family of ransomware which locks the screen is called Reveton.

Users are advised to avoid paying this type of ransom demand for the following reasons:

  1. Generating income for cyber crooks would only serve to incentivise their criminal activities, and would fuel their future attacks
  2. There is absolutely no guarantee that paying up the ransom of potentially hundreds of dollars would actually restore your files or unlock your screen

In addition to the recommendations above, to guard against Scareware in general, it is also important to ensure that you back up your important files in a disciplined fashion on external media and/or on online repositories. If you are not in the habit of backing up your files, this practice is highly recommended since data loss from a failed hard disk at a future date is a probable event, far likely than a ransomware infection.

Happy New Year!

…to part4: Passwords – Hashes to Ashes

Images courtesy of:

Adeevee.com
Huffingtonpost.com
Cloudave.com

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Mobile Security

Thursday, December 24th, 2015

Here is the second part of the blog series on secure computing, following on from part one “Dealing with Spam”. This blog talks about the possible security threats to smartphone users, the need for awareness about these security threats and a few smart steps to adopt in choosing the application market place and downloading an application.

There is a huge increase in smartphone usage year-on-year because it:

  • is trendy
  • helps in easy communication, both business and personal
  • provides portable and easy internet access

Nowadays, almost everything is mobile. A smartphone user is now comfortable in carrying out all his/her day-to-day commercial activities like paying bills, booking tickets, shopping, etc., through the smartphone.

The available major operating systems for the smartphones are Android, Windows Phone, iOS, Blackberry and the growing Tizen.

The security threat level to a smartphone user is increasing at a rate equal to the surge in smartphone usage. Each of the above-mentioned mobile operating systems has had security threats. Android is the one that dominates other mobile operating systems in terms of malware count. Android malware’s growth rate is comparable to that for desktop Windows malware.

Generally, a mobile malware reaches a user’s smartphone through one of the following ways:

  • Social engineering tricks
  • Social networking sites
  • Bundled applications (malware packed with good applications)

As there is a financial transaction involved in many user activities, it is advised to download the concerned applications from the recommended official market rather than downloading from any other third-party market. The reason behind this is that there are many malware or fake applications, especially in third-party markets that steal a user’s personal information like credit card details, contacts list, call logs, etc.,which ultimately result in a financial loss to the user by sending out premium-rate SMS messages that cost money or by downloading other malware applications.

For example, the supposed first iOS malware FindandCall hacks the contacts list from the victim’s device and sends it to a remote hacker. The hacked contacts list is used for sending out spam messages. Adding to this, the recent “Inception” malware identified with Blackberry devices attacks other operating system like iOS, Android and windows computers as well. This malware also collects various device specific information including call logs, contact information, etc.

It is also identified that there are a few malware applications that come pre-installed on new smartphones as well, as in the case of the Android malware “DeathRing”.

A few advertising applications (adware) identified in the third-party markets install themselves as system level applications. After their installation, the adware apps display unwanted advertisements irrespective of the application currently being accessed by the user. There is a possibility that clicking on such advertisements could download a malware application.

Here are a few of the steps to follow before downloading an application:

  • Think twice before you download an application whether you really need it
  • Check any documented usage of the application to ensure that it does not perform any functionality separate from your expectations
  • Verify the reputation of the application by checking the reviews available
  • Avail of the possible application verification feature(s) like “verify apps” in recent Android OSs to identify a malware before installation

In addition the following practices are advised to improve mobile security hygiene:

  • Avoid using free Wi-Fi hotspots, in particular those that are not password protected, especially when conducting sensitive transactions such as online payments
  • Always password-protect access to your smartphone to protect better against data theft if the phone is lost or stolen
  • Install a reputed Mobile Security software such as K7 Mobile Security to stop a malware from infecting your mobile and acting silently in the background.

…to part3: Scareware,Rogue AV & Ransomware

Images courtesy of:

mobileinquirer.com
appmobile.co.za
techmoneyblog.com

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Dealing with Spam

Thursday, November 26th, 2015

In the interest of educating the general public about secure computing, we would like to share a blog series that intends to explain the various types of security threats over the Internet and a few precautionary steps to avoid falling prey to these security threats. This is the first part of the blog series that talks about the basic concepts of spam emails, their dangers and a few preventive measures to adopt to deal with them.

The message or email which we receive over the Internet but we never asked for is called spam. Mostly such messages are sent from unknown email addresses, using computer programs called spambots, to a bulk number of users for marketing a product or cheating the user, typically for financial gain. Spam uses social engineering tricks on victims to trick them into performing an action specified in the message.

In recent years the number of spam messages has considerably increased so much that one cannot differentiate them from legitimate messages in one’s inbox.

Spam includes unwanted messages using varied themes like:

  • a person requesting for help
  • being told that we have become a lucky winner of a prize or a victim of blackmail
  • a newsletter that is never subscribed to
  • fake job offers
  • malware
  • obscene material
  • a huge bounty is promised out of the blue from an individual from a different country
  • someone offering a business partnership
  • a claim that we need to prove our identity by logging in or resetting the password of our bank account, email account, etc. This dangerous attack is called “phishing”
  • causing a social issue with fake news
  • offers on weight-loss products, medicines, drugs, etc.,

Spam consumes lots of storage space, internet bandwidth and other resources on a user’s computer or device. It can defame a brand and the products advertised are mostly illegal or banned. Some spam messages may also try to steal the victim’s personal information as in the case of phishing attacks. Apart from exhausting one’s time, and spreading malware, the above-mentioned points provide several other reasons to declare spam to be dangerous. Filtering out spam from our inbox helps us to use email services at ease.

How do we deal with spam? When we suspect an email to be spam, we can:

  • Mark it as spam through the feature available in most of the email service providers

  • Create filters to move emails to a spam folder, thus preventing them from polluting one’s inbox. Filtering is also possible by adding specific email addresses to the ignore list, specific contents in the subject line of the email, etc.
  • report such messages to various spam control authorities
  • use anti-spam software which can block a spam email based on previously recorded spam activities, suspicious titles or content, spam score and various other factors. K7 products contain in-built anti-spam features and also block malware which harvest email addresses from the computer

Additionally, the following safety guidelines are recommended when dealing with spam:

  • Do not open emails that you never expected or suspect to have come from an unknown user. Most certainly don’t respond to such emails
  • Avoid using the “unsubscribe” option that sometimes comes in spam emails as this would intimate to the spammers that your email address is a valid one
  • Do not forward chain emails and suspected spam emails
  • Do not publish your email addresses in public forums and comments sections. Use of temporary email addresses can help to some extent in these cases

We need to realise that changing our email address is not a long-term solution to the spam problem, as email harvesters can obtain one’s email address through various ways. Unless and until, we habituate better Internet practices, we can never learn to safeguard ourselves from spam.

…to part 2: Mobile Security

Images courtesy of:
Marketingland.com
Gfi.net

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Social Networking Abuse – Potent Threat

Thursday, August 20th, 2015

This blog intends to highlight some of the dangers faced by the general public associated with an ever expanding use of social networking sites, all set to grow at an even greater rate post the launch of government initiatives such as the Digital India campaign.

Social networking sites such as Twitter and Facebook provide an efficient interface for communication with multiple people in a user-friendly manner. People are connected to their friends, family and followers in real-time, on-the-go using mobile devices. The ugly side to this increasing use of social networking sites is the potential for controlled, targeted abuse within a very short space of time. Recently the Hindu newspaper reported the abuse of Twitter in the recruitment programme of banned organisations.

Users of social networking sites do not appear to think twice about sharing large amounts of their private Personally Identifiable Information (PII) online. This freely available PII, which includes date of birth, phone number, address, and so on allows malevolent actors to hone their attacks’ penetrative function. In addition, given the speed of transmission, it is possible for attackers to reach a large number of victims very quickly, potentially triggering a mass panic scenario, or spreading malware, or increasing recruitment for banned organisations, etc.

There is at least one documented case of the use of social networks to trigger mass panic in India through the use of doctored images and targeted, threatening messages. In August 2012 thousands of Indians from some North-Eastern states of the nation were made to feel threatened to the extent that they decided to flee in large numbers to their home states from other parts of the country; a grave situation indeed.

The above real-world example provides a stark reminder about the havoc that can be caused when malicious content goes viral, either intentionally or otherwise. Legislation related to IT in many countries provides for monitoring of online content, inclusive of social networking sites, especially given that national security could well be at stake. In the documented case mentioned above, the attack vectors were neutered and some semblance of normality restored only after the offending sites were temporarily blocked and bulk SMS/MMS were banned for a short time as per the provisions in law.

Some images (adapted to suit the article) are courtesy of several sites.

Samir Mody
Senior Manager, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed

Gone in 60 Seconds: Is the Internet Becoming Volatile?

Friday, August 14th, 2015

This blog intends to inform the general public about the impact on the Internet of an increase in the prevalence of self-destructing messaging services.

Almost everyone of us is so happy with more than one genie at hand; as we own a smartphone, tablet, laptop, etc … and a click of a button or a screen-touch can satisfy our cravings from food to knowledge. Also the communication world is never running short of new stuff popping up now and then with tweets, pokes, chats, likes, posts and so on.

Don’t we enjoy a twist in the movies we watch? One has to wonder if the Internet is the next ‘anterograde amnesia’ victim, where an unforeseen whirl takes over social networking services silently.

On one hand, Hadoop technology is booming to handle the exponential growth of data, and spiders are crawling over the internet to feed search engines. But there is a potential balance created by self-destructing communication methods important enough to discuss, as the number of apps and services providing this functionality are increasing with more number of users everyday. In addition the social networking giants’ competing feature is shifting focus from providing nearly unlimited storage space to providing an expiry time on demand. A silent balance is inching toward creating major chunks of the lost internet.

When communicating confidential information over the internet, there is a jolt in us. We think several times, whether we can trust the internet and its services. And for one reason or another, we compromise ourselves with the communication services we get online.

Now, the privacy jolt is taking a noticeable turn because it seems to give more power to the users like data wiping, evidence shredding, and “suicidal messages”. It is not strange for us to regret sending a wrong file or a message to an unintended recipient, for liking a wrong post or comment by mistake too. But it is also important to note that these auto-timed or customisable self-expiring messages are redefining secretive communication.

This trend seems to cure the privacy fever of social media with email bombs, ephemeral messages, auto-expiring tweets, timed chats, self-deleting pokes and much more; from its suffering to hold itself together with features like ‘recall’ or ‘undo’ a sent email, off the record chats, etc.

Such self-destructing email services promise to destroy their path traversed over the servers and the email itself in a prescribed amount of time. These promises are not new to us as we have been relying for years on strong encryption and secure channels.

There is always more than one solution to a problem. Few apps use temporary hyperlinks. Some provide a one-time password to access the timed webpage. The passwords and the websites are not available after the expiry time. Some store the contents temporarily in servers until the message is delivered to all the intended recipients and delete the contents from the servers and from the recipient’s inbox once the message is read. Some use external apps and browser extensions too.

Some apps face issues like screenshots being taken, accessed via different modes instead of viewing the content via the app, and message ID vulnerability hacks on related sites too. Some apps have already fallen victims to cyber forensic studies as they save the images and videos in hidden folders or rename the files to unknown file extensions; because researchers are ready to spend a number of hours and thousands of dollars for their research. But competitors release newer products with upgraded versions which offer more sophisticated artificially-intelligent communication systems.

Cyber criminals use such service widely to communicate their secrets or threaten victims. Of course anyone can use this service for having a legitimate conversation as well. One need not forget self-expiring attachments are also joining hands with this feature which prevents the messages from being copied, forwarded, edited, printed, or saved.

With competitors focusing on providing the self-destruction feature, the following questions certainly arise:

  • Will the internet become erasable?
  • Will social networking become the most secret communication method going forward?
  • Did we just discover invisible data or communication?
  • Will these mortal messages force cybercrime lexicology to accept its demise?
  • Will the expansion of SMS be changed to Short-lived Messaging Service?
  • Will the cyber crime investigators exclaim: “Eureka! But where did the evidence go?”?

Looks like we just have to wait and watch what surprises the future brings.

Images courtesy of:
cdn-media-1.lifehack.org/wp-content/files/2014/04/7557deec.jpg
blog.ericgoldman.org/wp-content/uploads/2014/08/shutterstock_167170781.jpg

Ayesha Shameena P
Threat Researcher, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Let’s Get Edgewise

Friday, August 7th, 2015

This article intends to inform the general public about ‘Edge’, the newest browser from Microsoft shipped with Windows 10. It sheds some light on what’s new, what’s changed and why Edge was considered necessary.

It has been more than a week since Windows 10 started hitting users’ PCs; it has however been around for a couple of months via the Windows Insider program as a public beta. Reviews on the operating system have been trending in the tech review sites. Opinions in general have been on the positive side for Microsoft’s la(te)st operating system. One of the features that is generating interest is the new browser “Edge” offered in Windows 10.

Microsoft finally bid goodbye to its ageing browser, Internet Explorer (‘IE’). Antiquated design, interoperability issues and security holes riddled IE, warranting a better, modernized browser. Codenamed as project Spartan it finally shaped up as Edge. Microsoft reworked its browser almost from scratch, borrowing bits of goodness from its competitors while being unique in its own way by having a personal assistant or being able to annotate on webpages and share them; most important of all, though, improvements to security were made.

Security was probably one of the main concerns that pushed Microsoft to reimagine its browser design. So from a security perspective, Microsoft has got rid of its ActiveX support, infamous for its security vulnerabilities. Added to the “gone” list were BHOs (Browser Helper Objects, which went on to be synonymic to toolbars) and VBScript support. Over the years support for these three features caused numerous security headaches for Internet Explorer.

Edge would remain sandboxed from the rest of the Operating System, hence attempting to prevent any malicious scripts or code from affecting the OS itself. SmartScreen introduced in IE8 is also a part of the Windows 10 shell and is supported by Edge. This can filter out phishing sites by performing reputation checks and blocking them out. The new rendering engine would greatly eliminate interoperability problems for web developers, thereby allowing them to devote more time to security and stability.

Most security features that had been an opt-in in IE until now have been made mandatory and will always be on and protecting users. Though Edge looks promising it is a bit rough-edged at the moment. Microsoft is in the process of embracing the extensions model like its competitors, Google’s Chrome and Mozilla’s Firefox, which is said to roll out by the end of this year. Once this is done, Edge would be in a better position to handle the internet; at least way better than IE, one would hope.

A word of caution to our readers; while you may be impatient to upgrade your operating systems to Windows 10, beware of a new wave of spam emails doing the rounds. These are bogus emails offering users a free Windows 10 upgrade; even if you are not a Windows 7 or 8 user (free upgrades are given by Microsoft to genuine Windows 7 and 8 users only). These mails mostly come with a malware of the nasty ransomware category. Microsoft states that users will be informed of the upgrade on their screens and not via emails. Kindly refrain from clicking on such fraudulent emails.

Some images (adapted to suit the article) are courtesy of several sites.

Kaarthik RM
Threat Researcher, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed