5 freaky but real application security threats – esecurity planet microsoft hyper v windows 10

5 freaky but real application security threats – esecurity planet microsoft hyper v windows 10 Wear a smartwatch and you could cause a data breach that brings your organization to its knees. Windows 10 download product key Install an anti-virus product on any one of your endpoints and you could compromise the security of key enterprise applications. Smartwatches and certain anti-virus products are just a small sample of the growing number of shocking application security threats. Microsoft windows 10 news Just like more familiar application security threats such as code injection, cross site scripting and buffer overruns, the threats they pose can be critical.

This article discusses five emerging


application security threats: So how can a smartwatch present an application security threat? The answer lies in the sensors such as accelerometers that are built into the device to detect the watch’s — and therefore the wearer’s — movements.

I didn’t get windows 10 update Thanks to these sensors, data about the wearer’s hand motions are captured every time they enter a password on a keyboard — perhaps to log in and administer a corporate database, or a PIN on a keypad. This risk isn’t theoretical.

Microsoft windows 10 security Researchers at Binghamton University and Stevens Institute of Technology have developed a piece of software that they call a “Backward PIN Sequence Inference Algorithm.” The algorithm takes data captured by smartwatches’ accelerometers and other sensors and works out what hand and finger movements must have taken place to generate that data. Windows 10 download not showing up It can then work out a PIN that has been entered with a 90 percent success rate or a password that has been entered with an 80 percent success rate on the first attempt, rising to a 90 percent success rate after three attempts. Of course, a would-be attacker can only run an algorithm like this and derive PINs and passwords if they can get hold of the data on the smartwatch.

Windows 10 upgrade requirements The bad news is, they don’t have to get the smartwatch to get the data. Windows 10 release date xbox one The smartwatch is a computer of sorts in its own right, and a connected one at that. • They can infect the smartwatch with malware that collects the data and forwards it on by email or some other means • They can infect the smartphone that the smartwatch is connected to in order to forward the data • If they can get close to the smartwatch wearer, they can intercept the data as it is transmitted – typically by Bluetooth – from the smartwatch to the smartphone Mitigation: The researchers suggest that device makers should inject a certain type of noise into the data so that it cannot be used to derive fine-grained hand movements and thus pose an application security threat, while still being effective for fitness tracking purposes.

They also suggest that access to sensor data should be regulated by the smartwatch to avoid leakage, and that better encryption of transmitted Bluetooth data be implemented. Internet explorer 10 download windows 8 On a more practical level, users can avoid entering PINs or passwords using only the hand that the watch is worn on. Windows 10 upgrade options Mobile App Collusion In theory at least it should be hard for an attacker to infect a smartphone with malware, even if a particular smartphone owner is specifically targeted – perhaps through a spearphishing attack designed to trick the owner into downloading a particular app. Windows 10 download file That’s because mobile device management systems should ensure that apps can only be downloaded from a corporate app store if there is one, or at the very least from official sources such as Google’s Play store rather than from unknown websites where no protections are in place. But anti-virus vendor McAfee Labs has detected a rise in “colluding apps” that can bypass malicious code scans.

Windows 10 update how long Colluding apps contain segments of code which are not malicious in themselves. Windows 10 download tool usb But when two or more such apps are installed on the same device these apps communicate with each other – or collude – and allow the different segments of code they contain to unite into a single piece of malicious code which is then executed. Such code could steal data (such as sensor information), carry out fraudulent transactions or install more malicious applications.

“It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group Mitigation: McAfee suggests a variety of user approaches to minimize mobile app collusion, including downloading mobile apps only from trusted sources, avoiding apps with embedded advertising, not “jailbreaking” mobile devices and always keeping operating system and app software up-to-date. Windows 10 upgrade assistant download Anti-virus Software Surely such a thing would be less likely to happen on a desktop machine or server, which would almost certainly have some form of endpoint anti-virus software running that could spot code displaying malicious behavior as soon as it was activated and before it could become an application security threat? The problem is that anti-virus software itself can pose a huge application security threat, as users of Symantec’s security products may have discovered recently. Microsoft lumia 535 windows 10 update Symantec uses its own unpacker in its security software to decompress executables, and security research Tavis Ormandy recently discovered a buffer overrun error in this unpacker.

The big problem was that rather than sandboxing the unpacker to mitigate any errors such as buffer overruns, Symantec’s software installs it right in the operating system kernel. Windows 10 free download As a result, an overrun can lead to kernel memory corruption. Windows 10 release date in usa And because anti-virus software like Symantec’s uses a filter driver to intercept all network traffic (in order to inspect it), simply emailing a malicious file to a victim or sending them a link to an exploit is enough to trigger it. “The victim does not need to open the file or interact with it in any way. Windows 10 download iso Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences …

,” Ormandy explained. This buffer overrun was not the only problem in Symantec’s security portfolio.

Windows 10 download usb tool Ormandy detected other flaws which affected its consumer and enterprise security products and posed serious application security threats. Microsoft windows 10 antivirus Perhaps the most worrying problem was that Symantec has been using code derived from open source libraries like libmspack and unrarsrc that haven’t been updated for at least seven years, despite the fact that dozens of vulnerabilities have been discovered in them – some with exploits publicly available that posed severe application security threats. Symantec may be at fault here, but other AV vendors’ products that are intended to detect and obstruct application security threats have also introduced critical vulnerabilities that actually end up increasing that risk.

Mitigation: “Network administrators should keep scenarios like this in mind when deciding to deploy anti-virus (as) it’s a significant tradeoff in terms of increasing attack surface,” Ormandy concludes. Windows 10 update please wait In other words, is running anti-virus software worth the risk? JavaScript Ransomware Avoiding anti-virus software, on the other hand, leaves you open to all kinds of malicious software that might otherwise be spotted and blocked.

Windows 10 upgrade app This includes malicious software like ransomware, software that encrypts the contents of all storage attached to a system. Microsoft windows 10 upgrade tool This can be downloaded by macros embedded in malicious word documents – perhaps purporting to be invoices – attached to emails.

Many organizations now block macros by default because they are such an obvious application security threat, but malicious hackers are now getting around this by delivering ransomware using JavaScript. Windows 10 upgrade assistant stuck at 99 That’s possible because Windows doesn’t show file extensions by default, so a file called invoice.txt.js will often be displayed as invoice.

txt. Windows 10 update help And since the JavaScript icon looks like a scroll of paper, a user could easily mistake the icon for a document instead of a program. Paul Ducklin, a senior security advisor at Sophos, points out that the JS/Ransom-DLL ransomware is entirely written in JavaScript. Microsoft windows 10 compatibility Since JavaScript runs outside a browser in the Windows Scripting Host it is not sandboxed or restricted, “so it can do anything a regular application could do,” he said.

Attackers can use freely available crypto source code, he added, so their job is made that much more easy. Windows 10 upgrade image “No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.” JS/Ransom-DLL is particularly nasty because even if you pay the ransom to decrypt your data, it also installs a hard-to-detect application security threat of its own: a password stealer that Sophos calls Trok/Fareit-AWR. Windows 10 upgrade image “This Fareit infection isn’t downloaded; instead it is encoded using base64 into a JavaScript string that is stored inside the ransomware file, and installed as a parting gift by the ransomware,” Ducklin explained.

Mitigation: Some anti-virus software (including Sophos’) will block JS/Ransom-DLL. Windows 10 download updates (But don’t forget the risks that running anti-virus software can introduce.) More generally, JavaScript can be prevented from running in the Windows Scripting Host. Windows 10 download language pack To do this, disassociate .js and .jse file types with the Windows Script Host, or use regedit to create a DWORD named Enabled and set to the value 0 in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings Voice Activated Attacks Researchers at Georgetown University and University of California, Berkeley have shown that mobile devices can be made to respond to “OK Google” and “Hey Siri” voice commands hidden in YouTube videos which are masked enough to make them hard for humans to notice or comprehend, but clear enough for smartphones to pick up on. Windows 10 update broken They have successfully demonstrated this in a video by making a smartphone left on a desk open a website; xkcd.

com was used, but a malware download or drive-by site could be substituted which would represent an application security threat. The potential damage may be limited on smartphones, but it could be far more serious if it proves possible to carry out similar attacks on Windows 10 machines that can accept voice commands using the “Hey Cortana” prompt, or Mac computers running the new macOS Sierra operating system which includes support for “OK Siri” voice commands.

Mitigation: Disable OK Google, Hey Cortana and Hey Siri to prevent this type of attack becoming an application security threat. Paul Rubens has been covering enterprise technology for over 20 years. Windows 10 upgrade microsoft In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.

Site: http://www.esecurityplanet.com/hackers/5-freaky-application-security-threats.html

banner