How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog

How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog 



Lately a lot of attention has been payed to software like Superfish and Privdog
that intercepts TLS connections to be able to manipulate HTTPS traffic.
These programs had severe (technically different) vulnerabilities that
allowed attacks on HTTPS connections.



What these tools do is a widespread method. They install a root
certificate into the user's browser and then they perform a so-called
Man in the Middle attack. They present the user a certificate generated
on the fly and manage the connection to HTTPS servers themselves.
Superfish and Privdog did this in an obviously wrong way, Superfish by
using the same root certificate on all installations and Privdog by just
accepting every invalid certificate from web pages. What about other
software that also does MitM interception of HTTPS traffic?



Antivirus software intercepts your HTTPS traffic



Many Antivirus applications and other security products use similar
techniques to intercept HTTPS traffic. I had a closer look at three of
them: Avast, Kaspersky and ESET. Avast enables TLS interception by
default. By default Kaspersky intercepts connections to certain web
pages (e. g. banking), there is an option to enable interception by default. In ESET TLS interception is generally disabled by default and can be enabled with an option.

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute  



I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.

Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint

Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint 



Security flaw in Android
version 5.0 and below makes it possible for hackers to take fingerprint
copies and unlock Samsung Galaxy S5. This could lead to obtaining and
exploitation of victim’s personal data.


FireEye experts Yulong Zhang and Tao Wei have exposed a critical Android flaw, which makes Samsung Galaxy S5 smartphone highly vulnerable to attacks.


Experts revealed that hackers can easily obtain fingerprint data and steal personal info, thanks to the flaw and use personal data for malicious purposes.

GoodDeals Advertisements Removal Guide

GoodDeals Advertisements Removal Guide 



GoodDeals is an adware program that displays deals,
offers, or coupons when browsing certain online shopping sites. When
browsing sites such as BestBuy or Target, the GoodDeals adware will
display a rectangular banner at the bottom of the web page that provides
offers or deals based on the particular site you are visiting.
Unfortunately, these advertisements are done so in an intrusive manner
that overlay the content you are trying to read.

Hackers can potentially hack WIFI systems on aircrafts to commandeer the plane | Emsisoft Blog

Hackers can potentially hack WIFI systems on aircrafts to commandeer the plane | Emsisoft Blog 



Flying thousands of feet in the air can be a scary event for most
people; but, now it seems that airway travel may be more dangerous than
it has ever been. Potential flaws have been discovered in several new
model airplanes that could allow hackers to commandeer the plane by
hacking into a single WIFI system using their laptop computer. It is a
scary thought to think that a hacker may be sitting next to you on a
plane.




According to news Giant CNN,
hundreds of the planes flying commercially today could potentially be
vulnerable to having their on-board computers hacked and taken over by a
plane passenger or even someone on the ground. One of the authors of
the report told CNN that the Boeing 787 Dreamliner, the Airbus A350, and
the A380 aircraft’s all have cockpits that are wired into the same WIFI
system that passengers use.