Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'networks'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 13 results

  1. The CSIRO has found that the majority of Android VPN apps are not transparent enough about how a user's information and traffic is handled. The Commonwealth Scientific and Industrial Research Organisation (CSIRO) has warned users of virtual private networks (VPN) that they may not be as secure as the name suggests. The CSIRO recently looked at 283 Android VPN apps, investigating a wide range of security and privacy features to compile its report [PDF], An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps. The research organisation found that 18 percent of the apps probed fail to encrypt users' traffic, with 38 percent injecting malware or malvertising straight into the user's device, and over 80 percent requesting access to sensitive data such as user accounts and text messages. 16 percent of the analysed VPN apps deploy non-transparent proxies that modify a user's HTTP traffic by injecting and removing headers or performing techniques such as image transcoding. In addition, two VPN apps were found to be actively injecting JavaScript code on user traffic for advertisement and tracking purposes, with one redirecting ecommerce traffic to external advertising partners. "The very reason users install these apps -- to protect their data -- is the very function they are not performing and these apps have been installed by tens of millions of users," the report says. While most of the examined apps offer "some form of" online anonymity, the CSIRO said that some app developers deliberately sought to collect personal user information that could then be sold on to external partners. Less than 1 percent of users, however, had any security or privacy concerns about these apps. 18 percent of VPN apps were found to implement tunneling technologies without encryption, while 84 percent and 66 percent of apps were leaking IPv6 and DNS traffic, respectively. As a result, these apps do not protect user traffic against in-path agents performing online surveillance or user tracking, the report explained. The app descriptions on the Google Play Store, however, for 94 percent of the IPv6 and DNS leaking apps claim to provide privacy protection. Before publishing its report, the CSIRO reached out to developers whose apps displayed security shortcomings, noting that several took action to fix vulnerabilities, with some apps removed from the Google Play Store as a result. "Despite the fact that Android VPN-enabled apps are being installed by millions of mobile users worldwide, their operational transparency and their possible impact on a user's privacy and security remains 'terra incognita' even for tech-savvy users," the report concludes. Article source
  2. Google has rolled out an answer for those occasions when a bad mobile connection stops you using search. The Google app will now queue searches if there's no connection and deliver results when a connection is re-established. A new feature available on the Google app for Android removes the obstacle of beginning a search when there's no mobile signal or only patchy coverage. The updated app will now queue searches if there's no connection and deliver the result when a connection is re-established, Google says in a blogpost. The new offline capabilities for search join similar improvements to its other apps, such as Google Translate, Google Maps, and its lightweight search-result pages, which aim to patch up key features when a poor connection would otherwise break them. "Mobile networks can sometimes be inconsistent or spotty, which means that even if you have a connection when you start your search, it might fail before you get your results back. With this change, search results are saved as soon as they are retrieved, even if you lose connection afterwards or go into airplane mode," Google explains. While the feature doesn't enable offline search per se, it is a workaround to the problem of searching when there is no connection or if the signal is dropped, for example, while driving through a tunnel, in an underground train, or in a remote area. The updated Google app for Android will now monitor in the background for a decent network connection and once one is found, it delivers a notification detailing the number of results that are ready to view. Despite the additional background activity, Google says the feature "won't drain your battery", and since it features streamlined search-result pages, it shouldn't impact data usage. The feature is available in the latest version of the Google app for Android. Article source
  3. Last year, Microsoft held its second WinHec conference in Shenzhen, China. The event was attended by Microsoft executives like Terry Myerson, Alex Kipman, and more. Microsoft shared their vision for the hardware ecosystem with innovations in mixed reality, gaming, and other opportunities for partners powered by the Windows 10 Creators Update. In one of the sessions, Microsoft spoke about the multiple technologies that Windows 10 supports to enable docking scenarios ranging from USB-C to 802.11ac. Learn about the investments we are making in Windows 10 to enable great wired and wireless docking scenarios. In one of the sessions, Microsoft spoke about the multiple technologies that Windows 10 supports to enable docking scenarios ranging from USB-C to 802.11ac. They also revealed the investments they are making in Windows 10 to enable great wired and wireless docking scenarios. Windows 10 Creators Update will add 802.11d wireless support, WSB Dock Discovery and more. Find more information from the slides embedded here.
  4. IEEE Sets New Ethernet Standard That Brings 5X The Speed Without Disruptive Cable Changes IEEE sets 2.5/5G Ethernet Standard for 2.5GBASE-T and 5GBASE-T As expected the IEEE has ratified a new Ethernet specification -- IEEE P802.3bz – that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products. “As new 802.11ac Wave 2 wireless technology is being deployed the need to offload more and more data at higher and higher speeds from the wireless to the wired network has never been so critical,” wrote Sachin Gupta, vice president of product management in a blog celebrating the ratification. “Going beyond 1 Gb/s with existing Cat5e and Cat6 cables was little more than a talking point two years ago. But now with NBASE-T, we have the ability to extend the life of an enormous asset —your wired network. The Cat5e and Cat6 installed in just the last 15 years now exceeds an estimated 70 billion meters of cabling, which is more than 10 trips to Pluto,” Gupta added: “For some, a re-cabling isn’t even possible. For others, unfeasible. For the rest, re-cabling is just costly and disruptive. It is easy to imagine the value of delivering multi-gigabit speeds to the more than 1.3 billion Cat 5e/6 outlets worldwide if it doesn’t require the huge head-ache and expense of a major cable replacement. The promise of NBASE-T has to have nearly every CFO, CTO, building manager and IT group breathing a huge sigh of relief.” “The applications for NBASE-T solutions are vast and growing. Enterprise, small medium business, industrial and home networks can take advantage of this technology to enable higher capacity wireless access points and faster downloads to client systems such as medical imaging systems that work with large data files, upgraded industrial and home networks,” the NBASE-T Alliance wrote of the ratification. "Last quarter, NBASE-T switch and access point ports surged significantly as enterprises began to upgrade their campus networks to speeds beyond 1G," said Alan Weckel, vice president of Ethernet switch market research at Dell'Oro Group in a statement. "There will be a sizable upgrade cycle around NBASE-T technology with robust growth expected over the next several years. As a result, we expect 2017 NBASE-T port shipments to exceed three million ports." Hand-in-hand with adoption of a low-speed Ethernet standard by the IEEE, proponents of the technology will hold an interoperability plugfest in October to tout the readiness of 2.5GBASE-T and 5GBASE-T products. For the plugfest, which will be held the week of Oct. 10 at the University of New Hampshire InterOperability Laboratory in Durham, N.H., the two groups behind the new Ethernet speeds the Ethernet Alliance and the NBASE-T Alliance will work together and share post-event results of the interoperability testing performed. Related Video: Source
  5. Bufferbloat is high latency in packet-switched networks caused by excess buffering of packets. Bufferbloat can also cause packet delay variation (also known as jitter), as well as reduce the overall network throughput. When a router or switch is configured to use excessively large buffers, even very high-speed networks can become practically unusable for many interactive applications like Voice over IP (VoIP), online gaming, and even ordinary web surfing. Some communications equipment manufactures placed overly large buffers in some of their network products. In such equipment, bufferbloat occurs when a network link becomes congested, causing packets to become queued in buffers for too long. In a first-in first-out queuing system, overly large buffers result in longer queues and higher latency, but do not improve network throughput. The bufferbloat phenomenon was initially described as far back as in 1985.[1] It gained more widespread attention starting in 2009.[2] Buffering The rule of thumb for the network equipment manufacturers was to provide buffers large enough to accommodate a 250 ms (or more) stream of traffic passing through a device. For example, a router's 1 Gbit/s Ethernet interface would require a relatively large 32 MB buffer.[3] Such sizing of the buffers can lead to TCP's congestion-avoidance algorithms breaking, causing problems such as high and variable latency, and choking network bottlenecks for all other flows as the buffer becomes full of the packets of one TCP stream and other packets are then dropped.[4] The buffers then take some time to drain, before the TCP connection ramps back up to speed and then floods the buffers again.[5] A bloated buffer has an effect only when this buffer is actually used. In other words, oversized buffers have a damaging effect only when the link they buffer for becomes a bottleneck. When the current bottleneck on the route from or to another host is not contended, it is easy to check whether it is bloated or not using the ping utility provided by most operating systems. First, the other host should be pinged continuously; then, a several-seconds-long download from it should be started and stopped a few times. By design, the TCP congestion avoidance algorithm rapidly fills up the bottleneck on the route. If downloading (and uploading, respectively) correlates with a direct and important increase of the round trip time reported by ping, then it proves that the buffer of the current bottleneck in the download (and upload, respectively) direction is bloated. Since the increase of the round trip time is caused by the buffer on the bottleneck, the maximum increase gives a rough estimation of its size in milliseconds.[6] In the previous example, using an advanced traceroute tool instead of the simple pinging (for example, MTR) will not only demonstrate the existence of a bloated buffer on the bottleneck, but will also pinpoint its location in the network. Traceroute achieves this by displaying the route (path) and measuring transit delays of packets across the network. The history of the route is recorded as round-trip times of the packets received from each successive host (remote node) in the route (path).[7] Mechanism See also: TCP tuning § Window size, and Slow-start The TCP congestion avoidance algorithm relies on measuring the occurrence of packet drops to determine the available bandwidth. The algorithm speeds up the data transfer until packets start to drop, then slows down the transmission rate. Ideally, it keeps adjusting the transmission rate until it reaches an equilibrium speed of the link. However for this to work, the feedback about packet drops must occur in a timely manner, so that the algorithm can select a suitable transfer speed. With a large buffer that has been filled, the packets will arrive at their destination, but with a higher latency. The packets were not dropped, so TCP does not slow down once the uplink has been saturated, further filling the buffer. Newly arriving packets are dropped only when the buffer is fully saturated. TCP may even decide that the path of the connection has changed, and again go into the more aggressive search for a new operating point.[8] Packets are queued within a network buffer before being transmitted; in problematic situations, packets are dropped only if the buffer is full. On older routers, buffers were fairly small so they filled quickly and therefore packets began to drop shortly after the link became saturated, so the TCP protocol could adjust and the issue would not become apparent. On newer routers, buffers have become large enough to hold several megabytes of data, which translates to time amounts in seconds required for emptying the buffers. This causes the TCP algorithm that shares bandwidth on a link to react very slowly as its behavior depends on actually having packets dropped when the transmission channel becomes saturated. The problem also affects other protocols. All packets passing through a simple buffer implemented as a single queue will experience the same delay, so the latency of any connection that passes through a filled buffer will be affected. Available channel bandwidth can also end up being unused, as some fast destinations may not be reached due to buffers clogged with data awaiting delivery to slow destinations — caused by contention between simultaneous transmissions competing for some space in an already full buffer. This also reduces the interactivity of applications using other network protocols, including UDP or any other datagram protocol used in latency-sensitive applications like VoIP and games.[9] In extreme cases, bufferbloat may cause failures in essential protocols such as DNS. Impact on applications Any type of a service which requires consistently low latency or jitter-free transmission (whether in low or high traffic bandwidths) can be severely affected, or even rendered unusable by the effects of bufferbloat. Examples are voice calls, online gaming, video chat, and other interactive applications such as instant messaging and remote login. Latency has been identified as more important than raw bandwidth for many years.[citation needed] When the bufferbloat phenomenon is present and the network is under load, even normal web page loads can take many seconds to complete, or simple DNS queries can fail due to timeouts.[10] Diagnostic tools The ICSI Netalyzr[11] is an on-line tool that can be used for checking networks for the presence of bufferbloat, together with checking for many other common configuration problems.[citation needed] The CeroWrt project also provides an easy procedure for determining whether a connection has excess buffering that will slow it down.[12] Mitigations The problem may be mitigated by reducing the buffer size on the OS[10] and network hardware; however, this is not configurable on most home routers, broadband equipment and switches, nor even feasible in today's broadband and wireless systems.[10] Some other mitigation approaches are also available: DOCSIS was modified[13] to allow smaller buffers in cable modems[10] Using HTTP pipelining or HTTP/2 instead of plain HTTP protocol[10] Network scheduler Main article: Network scheduler The network scheduler arbiter is a program that manages the sequence of network packets. It has been successfully used to significantly mitigate the bufferbloat phenomenon when employing the CoDel or the Fair Queue CoDel queuing discipline, because these algorithms drop at the head. There are several other queuing disciplines available for active queue management, used in general for traffic shaping, but none of them fundamentally changes the situation, as although HTTP and VoIP may be buffered independently, each buffer will still be independently susceptible to bufferbloat. In practice, though, this may help mitigate,[10] for example as a result of one large buffer being split into multiple smaller buffers, or isolation of bufferbloat queues combined with prioritisation. CeroWrt is an open source project based on OpenWrt with AQM.[10] CoDel is the scheduler algorithm, with which a significant improvement can be achieved Source: Wikipedia
  6. A popular brand of smart electrical sockets is plagued by several serious vulnerabilities that expose networks to remote attacks, Bitdefender researchers reported on Thursday. The affected vendor has not been named since it has yet to release patches for the vulnerable product. The fix is expected to become available sometime in the third quarter of 2016. Smart electrical sockets allow users to create on/off schedules for their devices, monitor energy usage and prevent overheating. In many cases, these products can be controlled remotely using a mobile application. The product analyzed by Bitdefender researchers Dragos Gavrilut, Radu Basaraba and George Cabau is a smart socket that is installed, configured and controlled using iOS and Android apps available on the App Store and Google Play. During the setup process, the user is instructed to provide the Wi-Fi credentials needed by the device to connect to the local wireless network. The device is also registered with the vendor’s server through a UDP message containing the device’s name, model and MAC address. Experts discovered several vulnerabilities, including the fact that the socket’s hotspot is protected by weak, default credentials, and users are not warned about the risks of leaving them unchanged. Another problem is related to the fact that the mobile app transfers Wi-Fi credentials in clear text, allowing an attacker to intercept the information. Furthermore, communications between the device and the application go through the manufacturer’s server without being encrypted – the data is only encoded and it can be easily decoded. According to researchers, the security weaknesses plaguing the product can be exploited by a remote attacker who knows the MAC and default password to take control of the device. This includes making configuration changes (e.g. modifying schedules) and obtaining user information. While some might argue that a smart socket does not store any sensitive information, the product analyzed by the security firm includes an email notification feature that requires the user to provide their email username and password. If an attacker gains access to the device, they can steal the victim’s email credentials and hack their account. Experts also found that due to the lack of password sanitization, attackers can inject arbitrary commands into new password requests. This allows them not only to overwrite the root password, but also to open the embedded Telnet service and remotely hijack the device. The method can also be used to install malicious firmware, which gives hackers persistent access to the socket and from there to all the other devices on the local network. “This type of attack enables a malicious party to leverage the vulnerability from anywhere in the world”, said Alexandru Balan, chief security researcher at Bitdefender. “Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability, we could see botnets made up of these power outlets.” Article source
  7. Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks. Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver an aggregated view of global traffic and threats. ATLAS data has also been utilized recently in Cisco’s Visual Networking Index Report and the Verizon Data Breach Incident Report. Global DDoS activity DDoS remains a commonly used attack type due to the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack. This has led to an increase in both the frequency, size and complexity of attacks in recent years. ATLAS has observed an average of 124,000 events per week over the last 18 months. A 73% increase in peak attack size over 2015, to 579Gbps. 274 attacks over 100Gbps monitored in 1H 2016, versus 223 in all of 2015. 46 attacks over 200Gbps monitored in 1H2016, versus 16 in all of 2015. USA, France and Great Britain are the top targets for attacks over 10Gbps. As Arbor’s Security Engineering & Research Team (ASERT) recently documented, large DDoS attacks do not require the use of reflection amplification techniques. LizardStresser, an IoT botnet was used to launch attacks as large as 400Gbps targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions. According to ASERT, the attack packets do not appear to be from spoofed source addresses – and no UDP-based amplification protocols such as NTP or SNMP were used. When average is a problem A 1 Gbps DDoS attack is large enough to take most organizations completely off line. Average attack size in 1H 2016 was 986Mbps, a 30% increase over 2015. Average attack size is projected to be 1.15Gbps by end of 2016. “The data demonstrates the need for hybrid, or multi-layer DDoS defense,” said Darren Anstee, Arbor Networks Chief Security Technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour. On-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.” Time for reflection Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. As a result, the majority of recent large attacks leverage this technique using DNS servers, NTP, Chargen and SSDP. As a result, in 1H 2016: DNS is the most prevalent protocol used in 2016, taking over from NTP and SSDP in 2015. Average size of DNS reflection amplification attacks growing strongly. Peak monitored reflection amplification attack size in 1H 2016 was 480Gbps (DNS). Article source
  8. Protecting users without decrypting their traffic A group of researchers who work for Cisco* reckons malicious traffic in TLS tunnels can be spotted and blocked – without decrypting user traffic. That's good news in the corporate setting, because today's protection relies on the controversial approach of terminating the encryption to inspect the traffic. In this paper at Arxiv, switchzilla's Blake Anderson, Subharthi Paul and David McGrew explain that malware leaves recognisable footprints in the TLS flows. Their research covered thousands of samples across 18 malware families, and “tens of thousands” of malicious flows out of the millions of encrypted flows captured from an enterprise network (they note that this work might only be relevant to enterprise networks and not, for example, service provider networks). The main use of deep packet inspection in the researchers' data collection was to sniff out the clientHello and serverHello messages, and ID the TLS versions – but not user data. Network data alone, they reckon, is enough to attribute TLS flows to most malware families. Even when different families use the same TLS parameters, they can usually be distinguished by their “flow-based features”. The features they used included flow metadata (bytes in and out, packets in and out, network port numbers, and flow duration); the sequence of packet lengths and times; byte distribution; and TLS header information. The research included malware from the Bergat, Deshacop, Dridex, Dynamer, Kazy, Parite, Razy, Zedbot and Zusy families, among many others. The researchers reckon the right application of machine learning to the flow analysis got them “an accuracy of 90.3% for the family attribution problem when restricted to a single, encrypted flow, and an accuracy of 93.2% when we make use of all encrypted flows within a 5-minute window”. *Bootnote: Such research might be Cisco-sponsored, or the researchers might be publishing as individuals; the paper doesn't stipulate which. Article source
  9. How far did the Feds get into Tor? The Tor Project is claiming that researchers at Carnegie Mellon University (CMU) were paid a hefty bounty by the FBI to stage an attack last year aiming to unmask the operators of the network's hidden servers. "We have been told that the payment to CMU was at least $1 million," the group said in a blog post. In July 2014 the Tor Project revealed that it had been the victim of a six-month hacking campaign which sought to flood the network with relays that modified Tor protocol headers to track hidden servers. Within a week Tor updated its software and pushed out new versions of code to block similar attacks in the future. The attack was limited in that it didn't monitor entry and exit nodes to the Tor network, but could have been used to trace traffic patterns to hidden sites by the academics-for-hire. But the Tor Project is fuming that the FBI used the university to circumvent federal hacking laws. "Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users," said the group. "This attack also sets a troubling precedent: civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute." CMU's role in trying to hack the Tor network – an anonymizing internet network that was partially funded by the US Office of Naval Research – has been well known ever since researchers from the university pulled a talk from last year's Black Hat security conference about how they could break through its privacy protections. According to the Black Hat presentation's precis, some Tor traffic could be tracked using a few powerful servers and some fiber-speed connections. The researchers said that with a $3,000 budget they could use Tor design flaws to deanonymize traffic to hidden servers within a few months. Two months after the briefing was scheduled to occur, US and European cybercops announced the successful conclusion of Operation Onymous – a huge raid against dark net operators that took down Silk Road 2.0 and Cannabis Road. Police netted over $1m in Bitcoin, €180,000 (£141,200, $223,800) in cash, drugs, gold and silver, shut down 414 websites, and made 17 arrests. For Tor to go on the record with such a claim indicates pretty strong evidence, but CMU has yet to respond to comment on the matter at time of publication. News source
  10. There are a number of quick and easy ways to improve your personal privacy and safety when using public Internet services. Enable your firewall Let's start with the basics -- enabling your firewall is the first layer of protection for your PC. Firewalls can stop malware and intruders from compromising your system, and it takes no more than selecting 'On' to implement on both Windows and Mac systems. In the latest Windows 10 build, go to Search --> type Firewall, and select Turn Windows Firewall on or off. In Mac systems, go to System Preferences --> Security and Privacy, and then make sure the Firewall button is green and enabled. Use a VPN Virtual private networks (VPNs) are a popular way to disguise your Internet activity, but they can also be a way to protect your communication channels. VPNs, available for free and by subscription, provide a level of encryption which can prevent eavesdropping -- which is particularly important when using public networks. HTTPS While VPNs are a good start, using HTTPS, a protocol which encrypts requests sent to a domain, can also help keep your data safe. While usually found on sites which deal with financial transactions, using browser extensions such as HTTPS Everywhere activates encryption on websites which support the protocol. The add-on is available from EFF for the Chrome, Opera and Firefox browsers. Avoid accessing sensitive information The hotspot is public and you don't know how secure it is, nor are you in control. Therefore, you should avoid accessing any sensitive accounts -- such as financial services or online payment providers -- as a matter of caution. If malware is present and your keystrokes are being recorded -- or a man-in-the-middle attack has been performed -- you will be letting yourself in for heartache later. Wait until you get home. Check for spoofed hotspots Double-check for any spoofed hotspots before you connect, as they may look official but lure you to download malicious software. Spoofed hotspots may appear legitimate with names such as "Free Wi-Fi" or duplicating a retail store's hotspot i.e. "Starbucks WiFi." but are actually gateways for attackers to conduct phishing campaigns, MITM attacks and surveillance. If a hacker conducts a man-in-the-middle attack, any communication sent from your system to online services may be spied upon, leading to data theft or potential malware payloads being deployed. Patch regularly If you connect your device to a public Wi-Fi hotspot and your system is out-of-date, vulnerabilities may exist in your software which are avenues for hackers to infiltrate. Make sure all of your software is bumped up to the latest version to reduce the risk of exploit. Enable two-factor authentication Online service providers are rolling out two-factor authentication more widely as data breaches become more common. By linking accounts to a mobile device and requiring a second layer of authentication before being granted access to an account -- such as inputing a code sent to your smartphone -- even if credentials are stolen via public Wi-Fi networks, attackers still cannot compromise your account. Do not automatically connect to open hotspots While connection features offered by smartphone vendors which automatically switch from mobile roaming to open Wi-Fi networks can save you on your bill, they can also put you at risk if you're not careful. For the sake of security over convenience, consider turning these features off so you can control which networks your mobile connects to manually. Source
  11. Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The tool is capable of carrying out various attacks such as: MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.DoS (Denial of Service) on IPv4 networks with ARP Spoofing.DoS (Denial of Service) on IPv6 networks with SLAAC DoS.DNS Hijacking.Download: https://www.elevenpaths.com/labstools/evil-foca/index.html
  12. Vodafone has revealed the extent of government snooping on its networks around the world, in a long report that appears to confirm the worst fears of privacy campaigners. The firm reveals that authorities in 29 countries have approached it for information on users, and while some are fairly open about their demands, others do not permit the company to reveal anything. However, more worryingly for those who value privacy, the report shows that in six countries Vodafone is obliged to allow governments to listen-in to communications at will, without obtaining a warrant first. Vodafone said it complies with these requests because it has to abide by the laws of the countries in which it operates. "In every country in which we operate, we have to abide by the laws of those countries which require us to disclose information about our customers to law enforcement agencies or other government authorities, or to block or restrict access to certain services," it said. "Refusal to comply with a country's laws is not an option. If we do not comply with a lawful demand for assistance, governments can remove our licence to operate, preventing us from providing services to our customers. Our employees who live and work in the country concerned may also be at risk of criminal sanctions, including imprisonment." The UK is fairly open about its demands, according to the report, but other countries, such as Turkey, will not let the firm reveal anything about its data requests. According to the report, the UK government made 2,760 interception requests, or warrants, and over half a million communications data requests. In the report, Vodafone calls on all governments to allow greater transparency and to consider the impact the actions of their intelligence agencies is having on business and consumers. "In our view, it is governments – not communications operators – who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators," it said. "We believe that regulators, parliaments or governments will always have a far more accurate view of the activities of agencies and authorities than any one operator." In the meantime, Vodafone said it will continue to release all the information it can. "Whilst we have included factors relevant to national security powers in compiling this report, it is important to note that many countries prohibit the publication of any form of statistical information relating to national security demands," it said. "We think many governments could do more to ensure that the legal powers relied upon by agencies and authorities are fit for the internet age." Source
  13. Regardless that the fervor over the Heartbleed OpenSSL vulnerability has died down considerably, patching the bug should remain a top priority for enterprises because researchers continue to find new exploit vectors. The latest takes aim at Heartbleed over wireless networks. A researcher with Portugal-based consultancy Sysvalue has shared details of attacks he calls Cupid in which he has built patches that modify hostapd and wpa-supplicant, two programs that act as wireless access and authentication management points. Hostapd, for example, sets up a configurable access point; it’s supported on Linux. Hackers could create a wireless network configuration of their choosing that would allow vulnerable clients to connect to it. Wpa_supplicant, also supported on Linux and Android, is used to connect to wireless networks. “My Cupid patch is a series of modifications to those programs to trigger the vulnerability in order to check for vulnerable clients and servers,” researcher Luis Grangeia told Threatpost. Grangeia’s attacks exploit Heartbleed without establishing a full TLS handshake, sending an illicit heartbeat request right after Client Hello and before any crypto keys or certificates have been exchanged, he said. This behavior, meanwhile, is expressly forbidden in the TLS specification. Heartbleed is a vulnerability in certain OpenSSL implementations. Despite the availability of a patch and encouraging remediation numbers from several sources, attacks have been escalating against VPN infrastructure, critical industrial control systems and others, in addition to vulnerable web servers. Heartbleed is an exploit against a problem in OpenSSL’s heartbeat functionality, which if enabled, returns 64KB of memory in plaintext to any client or server requesting a connection. Already, there have been reports of attackers using Heartbleed to steal user names, session IDs, credentials and other data in plaintext if the attack is repeated enough times. More critically, researchers have also been able to piece together enough information to successfully reproduce a private SSL key. Grangeia said he has yet to analyze the memory dumps he was able to collect. “My point in releasing the [proof of concept] code is to get more people working on testing different configurations and analyzing the results,” he said. In Grangeia’s attack, the TLS connection is not made over TCP, but rather over EAP, a wireless network authentication framework. Some wired networks built on 802.1x and peer-to-peer connections also use EAP; EAP-PEAP, EAP-TLS and EAP-TTLS connect over TLS, he said. “To exploit vulnerable clients, hostapd (with the cupid patch) can be used to setup an ‘evil’ network such that, when the vulnerable client tries to connect and requests a TLS connection, hostapd will send malicious heartbeat requests, triggering the vulnerability,” Grangeia explained on his website. “To exploit vulnerable servers we can use wpa_supplicant with the cupid patch. We request a connection to a vulnerable network and then send a heartbeat request right after the TLS connection is made.” The attacks work on password-protected networks because the vulnerability is triggered before a user would have to authenticate, he said. Grangeia pointed out that the default installations of both wireless programs can be exploited on Ubuntu Linux running a vulnerable version of OpenSSL. He said that Android 4.1.0 and 4.1.1. also ship with a vulnerable version of OpenSSL and use wpa_supplicant to connect to wireless networks, and could be vulnerable as well. Grangeia said he was not able to test the vulnerable versions of Android. “This needs to be tested in practice, as Google (or other phone manufacturers) could have compiled OpenSSL with the heartbeat extensions turned off,” he said. In the meantime, enterprise network managers should be double checking their wireless deployments. “I actually believe the most serious attack vectors are vulnerable corporate wireless solutions and network access control solutions,” he said. “Vendors should double check their firmware and notify customers, because this vulnerability has the potential to give attackers an open door to their customer’s networks.” Source