Yesterday, Google unveiled the latest version of it’s renowned Android Operating System at an event in San Francisco.
Labeled as a “sweeter version of Jelly Bean”, Android 4.3 comes with a myriad of new features (including security updates), and is available as an upgrade now on Google Nexus devices. The updated version of Android will also be included on the 2nd generation Nexus 7 tablet that’s available on the 30th.
Of the improvements to security, the most notable is the implementation of SELinux, a Mandatory Access Control (MAC) system which grants users greater access control.
According to the wiki, “Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications.”
I was reading a fascinating blog entry by Ben Lincoln, a security professional, who in the course some security testing, stumbled onto some very troubling discoveries.
It would seem that a significant amount of his information is being sent by his older Motorola Droid x2 handset to an external server.
Some online sleuthing would indicate that it belongs to Motorola. This functionality isn’t apparent, and the standard Android components have been modified to perform this reporting in what can only be described as an opaque fashion. Even more troubling is that some of this information is sent “in clear”, as in not encrypted.
The whole post can be found here: http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html
I highly recommend reading it, even if it is on the technical side.
The implications are dire indeed. The handset is reporting a myriad of details on what the user is doing. Ben accurately points out that a determined attacker could breach the Motorola Blur servers, and access a trove of personal info for anyone using this model of handset, and presumably others as well. An unethical Motorola employee could also take advantage of his privileged access. This information would provide an incredibly granular timeline of usage of several digital services.
I have spoken about metadata previously here. As it is “data about data” without the actual content, it can very easily be taken out of context. This type of data can be made to tell any narrative, and it is why I find it so dangerous.
This functionality is reminiscent of the Carrier IQ fiasco. Even more alarming, is that this handset was chosen by its owner for what was believed to be a largely stock Android firmware. The sheer amount of information collected on this device and the fact that there is no option to disable this collection is very troubling. I am left to wonder how many other manufacturers have made these types of enhancements.
Opera Software, the Norwegian company that makes the Opera browser was hacked on June 19th and released a statement a week later:
Opera logo copyright of opera.com
The hackers breached the company’s network and used one of its code-signing certificate (an older and expired one mind you) to digitally sign a piece of malware and package it as an update for the Opera browser.
While it is not entirely clear what happened, it would appear as though the bad guys went as far as pushing the update for a 36-minute period, meaning they had access to Opera’s infrastructure during that time.
With the newest build of Malwarebytes Anti-Rootkit BETA, detecting and removing the nastiest malicious rootkits just became a whole lot better.
Malwarebytes Anti-Rootkit BETA 1.06 addresses a recent and particularly nasty ZAccess variant which breaks Windows Defender.
This new build removes the rootkit and automatically starts the repair process to patch up damages committed by the rootkit, including fixing Windows Defender.
Users infected with rootkits — or who suspect they may be infected by rootkits — are encouraged to use Malwarebytes Anti-Rootkit BETA as it has proven to be both stable and incredibly effective, not only at detecting and removing rootkits, but also replacing patched files and fixing the fallout these infections do to users’ operating systems.
This cutting edge technology is currently in BETA, so use at your own risk.
To download or learn more about Malwarebytes Anti-Rootkit BETA click here: http://www.malwarebytes.org/products/mbar
The Malwarebytes Enterprise Edition 1.2.1665 Maintenance Release is now live and ready for download!
In addition to the much-needed cosmetic face-lift in our program’s logo and icon, as seen above, the new Malwarebytes Enterprise Edition also features:
- Support for the installation of the management server on localized versions of Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012
- Client package has been updated to 126.96.36.1990 which introduces a new and exciting feature, archive scanning. Malwarebytes Enterprise edition now seeks out and destroys malware hidden deep in your .zip, .rar, and other archived files
Thanks to feedback from our corporate users, the Malwarebytes Enterprise Edition 1.2.1665 Maintenance Release contains overall improvement in usability including:
- Enhanced reliability of program signature updates with additional security checks
- Addressed database character limitation that prevented certain client computers from registering successfully to the management server
- Removed “Licensed Users” information on Admin tab/Overview pane as a short term solution to allow the purchase of additional user seats without having to enter a new license key
- Management server can now be installed using a remote database and then migrated over to another server with a different OS language/locale setting without any issues
- Eliminated the error “String was not recognized as a valid Date Time” during an attempt to update the signature database
The release can be downloaded using the link on the original email purchase order, if you do not have access to this purchase order please feel free to contact corporate support for assistance.
For more information or to inquire about Malwarebytes Enterprise Edition visit http://www.malwarebytes.org/business/enterprise/.