Category Archives: Security

Spy Cobra Deluxe

The article will educate a user about Spy Cobra Deluxe.  The Supplied Flash Drive contains a completely undetectable monitoring program offering an array of features. It logs key strokes (every key that his struck on the keyboard), takes screen snapshots, remembers all websites visited and detects encrypted password keys. On top of this the software will install in less than 15 seconds and has the facility to enable information to be sent out to a specified email address, so that there should be no need to return to the PC once it has been installed. After installation has been completed, the Spy Cobra Deluxe USB stick can be simply removed and taken away.
Setup and operation is very easy and straightforward. All a user needs is to do is link it to an email address to activate the undercover function.

The Spy Cobra Deluxe has other additional features and functions too. A user can assign the frequency of emails to be sent, program hot keyword activation and set the quality of the screenshots taken.  The Spy Cobra Deluxe will not conflict with any other existing programs or any others that maybe introduced after the event. It is compatible with all Windows operating systems and will not interfere with speed of operation.

Features

Let’s have a look at the features of Spy Cobra Deluxe software.
• Discreetly installs onto any Windows PC (not Mac compatible)
• Super-fast installation takes just 15seconds
• Monitors every keystroke
• Takes screenshots at user set intervals
• Detects phrases and sends screenshots via email
• Allows a user to set interval time of monitoring emails
• Stamp email sending/monitoring with the date & time
• Key word detection; when a key word is typed, a screen shot will be taken
• Remembers all websites visited
• Detects encrypted password keys
• Detects special characters and function keys
• Locally stored data is strongly encrypted with a unique key for each device
• Future proof design
• No specialist knowledge required for use
• Can be used to monitor remotely via email or user can insert key to retrieve information manually and view the information later

Specifications

Let’s have a look at the specifications for Spy Cobra deluxe.

• Records keystrokes exactly as they are typed (case sensitive)
• Records screenshots at either set intervals, or when certain keywords are typed
• Compatible with Windows XP, Vista, Vista SP1, and Windows 7
• Undetectable by most anti-spyware software
• Locally stored data is strongly encrypted with unique key for each device
• Internet Connection Required to Email Logged Data
• Drive Capacity: 4GB
• Not Macintosh Compatible

If a user has read the article then he/she would have learnt about Spy Cobra Delux.

Microsoft Releases ‘Faster’ Windows

The brand new Windows 7 operating system (OS) is set to deliver “better battery life and quicker boot times,” according to Microsoft and Intel.

The statement was made during a press conference in San Fransisco, where engineers gave the new OS a stringent test.

Microsoft will be expecting Windows 7 to avoid the negative exposure generated through the release of Windows Vista, and joined Intel in saying they have never worked as closely and have released a product that “they are proud of”.

Mike Angiulo from Microsoft told the BBC, “we both made a larger investment than ever before on the engineer side to improve on the hardware and software.”

Collectively known by some as Wintel, the two companies began the day after Windows Vista was released over two years ago and used hundreds of engineers in the process of development.

Steve Smith, the vice president at Intel’s digital enterprise group “we have spent 20 years getting to know each other and have businesses that are very well aligned.”

Dean Takahashi from VentureBeat, the popular internet technology blog, believed that Windows Vista needed drastic improvement.

He went on to say, “the collaboration was in the name of making Windows 7 better and more bug-free than the January 2007 launch of Windows Vista, which was broadly criticised in the industry and was one of the best advertisements for buying a Mac in history.”

Engineers have looked into the technological advances made by Microsoft and Intel, such as improved energy efficiency, security and performance.

One demonstration involved two identical Lenovo T400 laptops playing the same video, one using the Windows 7 OS and the other using Vista. Microsoft reported that the machine that ran Windows 7 experienced a 20% improvement in power efficiency due to “timer coalescing,” a design that extends battery life by holding the processor in low power states.

Ruston Panabaker, Microsoft’s head programme manager wouldn’t comment on how much battery power Windows 7 would save computers, stating “we’re achieving a very significant amount of battery savings.”

Engineers at Microsoft and Intel believe that end performance was dependant upon how manufacturers configured their machines.

Engineers were capable of boot up a system running Windows 7 in just 11 seconds. Intel’s Mr Smith told that “what we showed today was real capability in actual scenarios.”

CNET’s Ina Fried had reported on Microsoft for over 5 years and felt that this was a hurdle that both Microsoft and Intel needed to cross.

Ms Fried insisted, “in order for the computer users to get the benefit of all this work, it’s down to what choices the PC maker makes. It requires them all to be talking to one another all the time.”

“In the Vista time-frame, we saw not necessarily the kind of communication that leads to happy users and I think they have really tried to address that this time.”

“We will see how far they have really got when we see those Windows systems shipping in October.”

Why Microsoft Needs Windows 7 to Succeed

Thursday, 22 October sees the highly anticipated arrival of Microsoft’s Windows 7 operating system, with many believing that the future of the world’s largest software company will depend on its success.

The enormous scale of Microsoft’s grip on the market becomes clear when told of the 90% of computers relying on its Windows operating system, and over 1 billion people using it.

Microsoft’s last financial year saw a £35.7bn turnover with a net profit of approximately £9bn. Over half the profits generated were reliant upon Windows.

Experts have predicted that Microsoft’s stranglehold over the market was due to drop, with competitors Linux and Apple waiting to jump in. Many experts predict that software will be shifted to the “cloud,” where people connect to remote servers to access their software in a revolution to worldwide computing.

Microsoft brought about the attention of regulators at the US Department of Justice and the European Commission with ruthless actions towards competitors.

The release of its Vista operating system 3 years ago rendered many of its first users with unusable hardware and software; a crushing blow and seriously damaged its reputation with software developers and customers alike.

Most people still prefer Windows XP, Vista’s eight-year-old predecessor, with estimates suggesting that Vista has between 18.6% and 35% hold on the market.

Annette Jump, research director at technology firm Gartner, believes that “Vista is the worst-adopted operating system” whilst Microsoft International’s Jean-Philippe Courtois thinks “we don’t feel great about Vista adoption.”

This could be the only chance for Microsoft to regain the confidence that took a blow during the Vista period. Many Microsoft executives feel that they learnt a lot from what went wrong with Vista.

Windows 7 looks set to be released in good time, just 3 years after the release of Vista. Those that have tested it have reported it to be fast, secure, reliable, and easy to use. Microsoft have made big steps to avoid making the mistakes experienced with Vista, and prepared its partners for the release.

Mr Courtois believes that “the Windows ecosystem is the broadest in the world, and we have to take care of that,” with Alex Gruzen from Dell Computers surprised at how “the preparations for Windows 7 have been a remarkable step up from the days of dealing with Vista.”

He continued by revealing that “in the past, Microsoft looked at its operating system in isolation, and gave it to [manufacturers] to do whatever they wanted. Now they collaborate, help to figure out which third-party vendors are slowing down the system, help them improve their code.”

Sidekick Loss Hits T-Mobile Phone Sales

T-Mobile has had to withdraw the Sidekick in America, after being made aware that customers could lose personal data through its server.

The designer of Sidekick’s software, Danger (a subsidiary of Microsoft), confirmed the fault, with the mobile phone industry condemning the issue as one of the biggest failings in recent years.

Microsoft are also coming out of the situation look bad, after promoting cloud or online services as a means of less expensive solution to enterprise storage.

Harry McCracken, editor of Technologizer.com told BBC News “this is the most spectacular loss of data on the web to date.”

“There have been other examples, but always from small companies. For this to involve a big name like Microsoft is a major embarrassment and a big worry for consumers and Microsoft.”

Data back-up

It is understood that Microsoft’s company Danger, experienced a technical hitch which caused major data loss, with Sidekick users seeing disruptions for the past week. Investigations are underway to find the cause of the faulty server, with Microsoft yet to offer an explanation.

Sidekick uses an online service to provide back-up contacts, calendar appointments, photos and other personal information saved to the mobile phone. Some of the one million subscribers to Sidekick have “almost certainly” lost personal data as a result of this glitch according to Microsoft.

Those most at risk of losing their personal information are those who let their battery fully drain or removed it completely, causing all local copies of data to be cleared from the phone.

“I had 411 contacts, now they are all gone. I had five e-mail accounts set up on the phone as well which are also gone, address book and all,” complained 17 year old high-school student Kayla Hasse from New Jersey.

“I am extremely upset not only due to the fact I lost everything, but also because I pay 20 some dollars a month for THIS? It’s ridiculous.”

Mr McCracken feels it’s a “real wake-up call for customers.”

“In the past we have always tended to assume that big companies are better at backing up our data than we are. While this is true in most cases, a lot of people are going to say you can’t trust third parties, whether it’s Microsoft, Google, Apple or whoever.”

The future of cloud computing

Whilst Microsoft and T-Mobile may experience the immediate fall-out from this problem, experts fear that it may cause long term damage to customer confidence in cloud computing.

Will Strauss, president of Forward Concepts is concerned. “Microsoft has been beating the drum for the idea of cloud computing where we all trust our stuff on some server up in Washington State,”

“This is going to throw a little cold water on that idea for the moment. Microsoft is going to have to do some explaining and give good assurances that cloud computing is viable and that it won’t lose data in the future, otherwise people won’t trust it.”

Paris Hilton’s website suffers with Trojan troubles

It seems as though Paris Hilton has been attacked – not in the streets, not in her home, not in her car, but through her website.  Paris Hilton’s website has been infected with a virus which prompted users of the site to install a mysterious ‘update’.  Whether the user then decided to install the update or not, the update plants itself onto the users computer and then goes about doing the virus dance.

The virus was discovered by the web security company ScanSafe on January 9, however didn’t actually get around to fixing the issue until a few hours after the news about the virus broke, four days later.

In a statement, ScanSafe announced that the website had been attacked by the virus, claiming that, “Hilton’s popular website, ParisHilton.com, has been outfitted with malware prompting site visitors to ‘update’ their system in order to continue navigating the site.  When the bogus pop-up box appears, users have the option to click ‘Cancel’ or ‘OK.’ Regardless of which option they choose, destructive malware will be downloaded to the user’s computer.”

The senior security researcher at ScanSafe, Mary Landesman, stated that although the virus had compromised the website’s security, such attacks needed to be expected when the celebrity is so famous.  “Paris Hilton’s site is currently compromised.  We first encountered it on [Jan. 9]. We don’t know when it happened.”

“Their sites, because of their celebrity, are going to enjoy pretty heavy traffic. And they have an obligation to their fan base to keep it safe,” claimed Landesman.

According to figures released by Alexa.com, a total of 164,000 users have visited the site since the virus was found, however, the total number of users that have been affected cannot be known.

Paris Hilton has been a victim to other technical issues in the past, as her mobile handset was hacked back in 2005 and a number of private pictures and other such information were found and shown around the world.  Again, in 2008, Paris’s Facebook account was broken into, again causing a bit of an upset.

To make the matter worse for visitors to the site that have been infected by the virus, the Trojan in question does not actually show up on many Antivirus software’s.  Therefore, there will be a lot of computers out there that have the Trojan floating around their systems.  The Trojan in question is the Trojan-Spy-Zbot.YETH which implants itself onto the user’s computer and then steals the user’s private online banking details and then also opens a door to allow other malicious codes to be downloaded onto the computer.

Landesman went on to discuss how the Trojan operates on the user’s system once either OK or Cancel had been clicked and the Trojan had been downloaded.  “These exploit frameworks generally include a cocktail of potential compromises.  The exploit being used appears to have been patched in November, but that has not been confirmed.”  Landesman claims that way around downloading the virus is to perform a hard quit.

Data Theft: Just another day at the Office for one Exec

An IT executive from a Canadian marketing business stands accused of stealing a computer backup tape that holds the personal details of 3.2 million customers, which if sold on the lucrative black market could make as much as $10 million.

The man accused of the crime is one Nick Belmonte, the (now) ex-vice-president for C-W Agencies, who are based in Vancouver. He asked one of his employees to deliver three backup tapes to his office for copying, however only returned two of them when the employee went back for them.

The details stolen not only include names and addresses, but also credit card details and the banking information of around 800,000 customers. Belmote was accused of the theft, and promptly went on leave.

“The information in the customer library is highly confidential to the plaintiff and its clients,” a C-W executive wrote in to the courts. “If the customer library data is sold, it cold have a devastating effect on CW’s business and that of CW’s clients worldwide.”

To this point its unclear how many of the company’s customers have been informed of the data theft. In America businesses must inform its customers of any threat to their data, so one would assume that it’s the same in Canada. However, executives have known of the theft since November 4th.

This sheds light on areas in businesses that do not guard our data properly. Banks and the National Health Service are expected to follow stringent rules on data security, but low level marketing companies and other ‘media’ businesses tend to be a bit less security conscious.

In related news, a hi-tech credit card from a company called CryptoCard has designed new security measures in an effort to cut down on credit card fraud.

The CD-1 Credit Card Display token uses two-factor authentication to safeguard against online fraud, namely phishing scams. The company wants to develop the technology further so that it may provide more watertight security for customers using their cards online.

Cardholder Not Present (CNP) fraud, is becoming more common, so the new card, which combines a payment can and authentication, is due to ship at the start of 2009. CryptoCard said that the new card is already being tested in a number of banks across Europe and the Middle East.

The company’s chief executive, Neil Hollister, said that the card “integrates long-established key-fob token two-factor authentication technology into a credit card”.

Users have to press a button on the card to receive a one-time password, that when used with a traditional PIN code, will be used to authenticate access to their online backing accounts via a back-end authentication server. The server technology can be built in to bank call centres to allow for phone customer verification.

CrytoCard’s technology will sell for around $30 each, which is much less than the Emue designed Visa card currently being trialled by many banks across the world.

Emue cards can digitally sign transaction, and a designed to replace passwords and the “Verified by Visa” scheme when customers buy something online. The digital signature would cut the chances of fraud dramatically.

Emue are lucky enough to have Visa working with them, so they have a distinct advantage in the credit card designing industry right now. Hollister argues that in this economic climate, and with people worried about spending money, there is room for his company.

CryptoCard’s Hollister said: “I don’t want to criticise to technology of Emue card but it’s too expensive for the extra benefit it offers. I don’t expect you’ll see large volumes. It’s further up the technology curve than banks want to go.”

*UPDATE*

C-W Agencies CEO, Gloria Evans, contacted us to “set the record straight” on some of the issues in the above article.

“We noted your interest in recent events at our company and wanted to provide the correct facts:

  • The tape stolen from our premises on Nov. 4 has been recovered.
  • The recovered tape is being examined by forensic experts who will determine whether the information has been accessed.
  • Because of encryption, the requirements for specialized equipment, knowledge and facilities, it is our hope that the data has not been compromised.
  • We informed our customers of the theft immediately.
  • The criminal and civil matters that have arisen from this situation are before the courts and we cannot comment further.

“We are determined to protect our data and are very confident we are taking all reasonable measures to ensure the security of our customers.  Our ability to protect our customer data is at the core of our ability to sustain our company. “

Government Officials continue push for IMP: Big Brother Watches on

A band of home office officials are still pushing for the big brother style central database of emails, web browsing, phone data  and location tracking, even though the government said that they won’t consider reviewing the scheme until at least 2010 – and possibly not at all.

A spokeswoman for the Home Office has confirmed that they have a small team that is “working on maintaining our capabilities in this area”.

The scheme is called that Interception Modernisation Programme (IMP) and is aimed at clamping down on acts of terrorism. In a meeting earlier this month with the Internet Service Providers Association (ISPA), counter terrorism minister Vernon Coaker refused to let other members of parliament (MPs) to see a presentation on the scheme.

“The results of the public consultation will be used to inform any decisions on the programme’s preferred solution and safeguards and to determine whether future legislation is needed,” he said

The government assures us that no decisions have been made regarding the scheme, and reports revealed last week said that the Communications Data Bill (CDB) – which was due to include details on IMP – will not be included in the Queen’s Speech in four days time.

The scheme has already cost tax payers around £1 billion when it began in 2007, and the team involved has grown alongside the level of communication with ISPs.

The scheme is strongly opposed by many MPs, and many discussions have been held at Whitehall causing delays to the CDB.

The Home Office said: “The Government is committed to maintaining the communications data capability and we intend to bring forward proposals to achieve this. We recognise however that this is a highly sensitive issue and because of that there is sufficient time to hold a proper public debate”.

The IMP is backed by the UK’s intelligence services GCHQ and MI6, however leading voices in the Treasury and Cabinet Office think the £12 billion set aside to pay for the scheme is outrageous, and whether that amount of money is justified in relation to the difficulties cause to the law through the illegal communications activities.

The Home Office wants to have everyone understand what the scheme will do, and hopes to reach an amicable agreement so they are bringing forward a “consultation paper, outlining the challenges the UK faces, setting out how we believe these challenges can be overcome, and seeking views on the proposals and the safeguards proposed,” it said.

New report predicts massive increase in malware and phishing in 2009

Reports from security provider MessageLabs suggest that virus writers are highly likely to release increasingly sophisticated strains of malware over the course of next year in an effort to get back in to the game after some high-profile botnet shutdown operations in 2008.

The organisation predicts that hackers will set off a series of attacks in which malware will exists as a virtualization layer running directly on the hardware and hidden by the operating system.

Senior analyst Paul Wood from Message Labs explained further: “The operating system does not know it’s there, and the malware will be intercepting low-level operating system calls.”

“The problem will be in realizing it’s there and understanding how to clean up, because it’s so low-level and tangled up in the operating system that sometimes the only recourse is to reinstall the machine from scratch.”

He believes that cyber criminals will concentrate of infecting systems with sophisticated malware that can switch between different tasks as appropriate. He gives the example that if a piece if malware determines that the spam it is sending out is being blocked, it could then be told to launch denial-of-service attacks instead.

Also according to MessageLabs, mobile malware is set to increase in 2009, but not with the goal of infecting devices to create botnets – instead attackers will try to make money by subverting the phones so that they dial premium rate lines set up by the criminals – “thank you for holding, your cash is important to us”.

The company predicts that phishing scams will increase massively, and increase in cleverness, as the criminals target weaknesses in Domain Name Server (DNS) system to launch phishing websites by creating sub-domains in exposed accounts. This method could be used to find a way round the traditional URL filters that can detect when criminals use type-squatting techniques, which rely on the mistakes of users typing in the wrong address in a browser.

“We have seen legitimate businesses with good domains being taken over in some way,” said Wood. “The criminals gain access to the admin function of their DNS console, add sub-domains to their records and then use these domains in phishing e-mails.”

Upset IT Manager Causes Server Chaos for Media Company

An IT manager from California was sent to prison for 356 days for the crime of hacking in to his ex-employers computer system, and releasing the company’s mail server to the public.

Steven Barnes was charged with computer intrusion charges against streaming media company Akimbo Systems (previously known as Blue Falcon Networks). Mr Barnes worked at the company as its IT manager from September 2002, until he was sacked in April 2003.

In a grovelling letter to the judge presiding over the case, Barnes claimed that pain killers for his bad back had relapsed his addiction to alcohol and cocaine, which was why the company had to give him the boot.

Barnes pleaded guilty to hacking in the company’s systems, not once but twice on September 30th, and October 1st, 2003.

On his first illegal intrusion to the company, Barnes said he changed the company’s mail server into an open mail server, which allowed anyone to be able to send mail to it. The company’s servers were clogged up with spam messages rapidly, causing the company’s traffic to be blacklisted and shutting down employee communications internally and externally. He also took it upon himself to delete the company’s Microsoft Exchange email database and the mail server’s core boot files.

After his initial attack, Barnes decided to cause some more damage to the company. He entered the mail servers again and changed the domain name, halting any outside email communication. He then deleted the company’s mail database again, and removed the email server from the domain group. He then deleted the server’s core boot files once more.

The letter to the judge contained Barnes’ supposed motivation for causing the server chaos. He claimed that one of the company’s employees Robert Hammer, and hs son arrived at Barnes’ front door wielding a baseball bat. Ordering him not to move the pair allegedly took all of Barnes’ computers, and made him sign his dismissal paperwork.

Six months after this, Barnes heard that the company had moved its headquarters. He was curious to see if the company had also moved its servers, which is when he tried to connect, and succeeded.

“To my complete disbelief, I soon realized they did move their servers and they had no firewall and the passwords were not even changed!” he wrote.

Barnes was sentenced on Thursday in San Francisco, where he agreed to pay $54,006 in restitution. He starts his prison sentence in January.

Keeping your data secure is vital in today’s world. Click here for more information.

Highly Advanced Trojan Steals 500,000 Financial Accounts

A cyber-gang has stolen the details of over 500,000 financial accounts over the course of the past three years using a highly advance Trojan that remains undetectable to the majority of its victims.

The Sinowal Trojan has enabled one of the largest ever gathering of banks, credit and debit card details in history, and was spotted by researchers at the RSA FraudAction Research Lab. The program, also known as Torpig and Mebroot, as been operating constantly for almost three years, claim the team, which is an unusual amount of time in the cybercrime world.

“Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006,” RSA researchers wrote.

Even more impressive is that Sinowal has managed to become more productive over time. In the past six months, the Trojan has compromised over 100,000 accounts. Since February, the number of variants has jumped from less than 25 a month, to mover than 70, according to the RSA.

The figures are staggering. The research team reckons that at least 300,000 windows machines have been infected, stealing over 270,000 online bank account numbers and 240,000 credit and debit credentials.

Unlike most other Trojans, Sinowal spreads silently via websites that prey on unpatched vulnerabilities in the Windows OS or in third part apps like Adobe’s Flash Player or Apple’s QuickTime Media Player – a user doesn’t even have to click a link or file to have the Trojan installed.

“This particular trojan can get installed without even awareness of the end-user that they have agreed to anything or that anything has been installed,” Sean Brady, manager of identity protection at RSA, said.

The Trojan hides itself in the computers master boot record, making the infection very difficult to spot. The best way to remove the Trojan is by formatting their hard drive and reinstalling their operating system.

The RSA has shared the data it discovered with affected banks so that they can warn their customers.

Sinowal lays dormant on a system until a user looks at the website of a bank. An HTML injection engine adds fields to the website’s login page that prompts victims to enter in passwords, social security numbers and other details, This information is then carried to a server controlled by the cyber criminals. The HTML injection can be triggered by more than 2,700 web addresses.

Although no one can be totally sure, the trojan’s origin is likely to be Russia. Financial institutions in Europe, Asia and North American have seen the Trojan, but nothing was located in Russia.