Windows 8 gets automatic updates, enforced restarts after 72 hours of polite harassment originally appeared on Engadget on Tue, 15 Nov 2011 11:33:00 EDT. Please see our terms for use of feeds.

Permalink WM Power User  |  MSDN  | Email this | Comments

Ever plopped your cellular down next to your laptop? According Georgia Tech researchers, that common scenario could let hackers record almost every sentence you type, all thanks to your smartphone’s accelerometer. They’ve achieved the feat with an impressive 80 percent accuracy using an iPhone 4, and are dubbing the program they’ve developed, spiPhone. (Although the group initially had fledgling trials with an iPhone 3GS, they discovered the 4′s gyroscope aided in data reading.) If the software gets installed onto a mobile device it can use the accelerometer to sense vibrations within three-inches, in degrees of “near or far and left or right,” allowing it to statistically guess the words being written — so long as they have three or more letters. It does this by recording pairs of keystrokes, putting them against dictionaries with nearly 58,000 words to come up with the most likely results.

The group has also done the same with the phone’s mics (which they say samples data at a whopping 44,000 times per second vs. the accelerometer’s 100), but note that it’s a less likely option given the usual need for some form of user permission. Furthermore, they explained that the accelerometer data rate is already mighty slow, and if phone makers reduced it a bit more, spiPhone would have a hard time doin’ its thing. The good news? Considering the strict circumstances needed, these researchers think there’s a slim chance that this kind of malware could go into action easily. Looks like our iPhone and MacBook can still be close friends… For now. You’ll find more details at the links below.

Georgia Tech spies on nearby keyboards with iPhone 4 accelerometer, creates spiPhone originally appeared on Engadget on Fri, 21 Oct 2011 11:47:00 EDT. Please see our terms for use of feeds.

Permalink Physorg  |  Georgia Tech  | Email this | Comments

Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary “code of conduct” for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June “Green Paper” on cybersecurity, in which the Department of Commerce’s Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it’s giving special consideration to two models adopted overseas. Australia’s iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan‘s Cyber Clean Center, which has installed so-called “honeypot” devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers’ personal information, while others are openly wondering whether OS-makers should be involved, as well. The code’s public comment period will end on November 4th, but you can find more information at the source link, below.

US government to beat back botnets with a cybersecurity code of conduct originally appeared on Engadget on Fri, 23 Sep 2011 14:34:00 EDT. Please see our terms for use of feeds.

Permalink Ars Technica  |  Federal Register  | Email this | Comments

Wow, has it really been a year a year since we first witnessed the arrival of SMS.AndroidOS.FakePlayer.a? It seems like only yesterday when everyone was first scrambling to describe the text message manipulating bit of Android malware. We’ve come along way and seen plenty of malicious bits of software since August 2010. Remember the porn-bundled SMS.AndroidOS.FakePlayer.b trojan from October? Or how about the bible-packing Android.Smspacem? Relive all of the handset hijacking memories in the source link below.

Continue reading Looking back at a year of Android Malware

Looking back at a year of Android Malware originally appeared on Engadget on Fri, 12 Aug 2011 16:11:00 EDT. Please see our terms for use of feeds.

Permalink Twitter  |  Il Blog Di Paolo Passeri  | Email this | Comments

New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk originally appeared on Engadget on Tue, 02 Aug 2011 11:41:00 EDT. Please see our terms for use of feeds.

Permalink Pocket Now  |  CA Technologies  | Email this | Comments

Beware, malware. The Windows AutoRun updates for Vista and XP SP3 that Microsoft released in February have so far proven successful in thwarting your file corrupting ways. Although Windows 7 was updated to disable AutoPlay within AutoRun for USB drives — freezing the ability for a virus to exploit it — the aforementioned versions had remained vulnerable up until right after January. Fast-forward to the period between February and May of this year, and the updates have reduced the number of incidents by 1.3 million compared to the three months prior for the supported Vista and XP builds. Amazingly, when stacked against May of last year, there was also a 68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft’s Malicious Software Remove Tool. There’s another fancy graph after the break to help illustrate, and you’ll find two more along with a full breakdown by hitting the source link down under.

Continue reading Microsoft to malware: your AutoRunning days on Windows are numbered

Microsoft to malware: your AutoRunning days on Windows are numbered originally appeared on Engadget on Sat, 18 Jun 2011 21:17:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  Microsoft  | Email this | Comments

Tired of getting swamped with spam and malware? Just pack your things and catch the next flight to Japan, where computer viruses are now considered illegal. Under the country’s new legislation, anyone convicted of creating or distributing viruses could face up to three years in prison, or a maximum fine of ¥500,000 (about $6,200). It’s all part of Japan’s efforts to comply with the Convention on Cybercrime — an international treaty that requires member governments to criminalize hacking, child pornography, and other terrible things. Privacy advocates, however, have already raised concerns over some stipulations that would allow investigators to seize data from PCs hooked up to allegedly criminal networks, and to retain any suspicious e-mail logs for up to 60 days. In an attempt to quell these fears, the Judicial Affairs Committee tacked a resolution on to the bill calling for police to exercise these powers only when they really, really need to.

Don’t bring your computer viruses to Japan, because they’re illegal now originally appeared on Engadget on Fri, 17 Jun 2011 13:33:00 EDT. Please see our terms for use of feeds.

Permalink Slashdot  |  The Mainichi Daily News  | Email this | Comments

More malware in the Android Market: Google removes 26 deleterious app doppelgangers originally appeared on Engadget on Wed, 01 Jun 2011 18:19:00 EDT. Please see our terms for use of feeds.

Permalink The Inquirer  |  The Lookout Blog  | Email this | Comments

Preconceptions aside, Apple products do occasionally spread viruses, and not just the biological kind, which is why Cupertino saw fit to equip Mac OS X 10.6 Snow Leopard with a quarantine function to safely set malware aside. This week, however, Apple’s kicking those digital white blood cells into high gear, updating that quarantine list daily with a new background process. The company’s primarily got its crosshairs on the recent MacDefender scare, of course, but on the off-chance malware starts coming out of the woodwork, it sounds like you won’t have to wait for a formal security update to be forewarned of the dangers. If privacy’s your primary concern, however, you can also opt-out — take a gander at our source links to see how it’s done.

[Thanks, Jake]

Apple cracks down on MacDefender, prevents malware downloads with daily quarantine list originally appeared on Engadget on Wed, 01 Jun 2011 08:22:00 EDT. Please see our terms for use of feeds.

Permalink   |  Apple (1), (2)  | Email this | Comments

The Skype forums are a hive of panic and abuzz with accusations that either the company is bundling crapware with its VoIP app or has a serious security problem. Users are reporting that a strange, new, and difficult to uninstall program is finding its way on to their PCs called EasyBits GO. EasyBits is the company that has powered Skype’s games channel since 2006, but at least until now its wares have not been standalone software. One moderator has declared EasyBits Go is not part of Skype and suggested customers immediately run a malware scan, but mods are volunteers and not official representatives of the company, so we’re taking it with a grain of salt. Another (later) post from a forum admin simply states that Skype is looking into the issue and will release an official statement, though we have no idea when that might actually happen and we’re awaiting reply to our own request for comment.

It appears that a rep from EasyBits Media has taken to the forums to quell some of the outrage, but to no avail. Posts from the team are painfully vague, saying that it was part of an update to the gaming platform and apologizing for the misunderstanding, before linking directly to an .exe that it claims will remove the offending software. To say that forum users are wary of the executable would be an understatement (most responses have involved torrents of profanity). Reports are that the suspicious app is installing itself without any approval from users, but we can’t confirm this since any attempts to install in our lab of doom resulted only in errors while downloading. For now, we’ll just have to wait for word from Skype, and the company better move quick — the pain of the recent outage is still fresh in many customers’ minds.

[Thanks to everyone who sent this in]

Skype taken to task by angry users over claimed crapware payload originally appeared on Engadget on Sun, 29 May 2011 14:23:00 EDT. Please see our terms for use of feeds.

Permalink   |  Skype Forums (1), (2), Avast Forums  | Email this | Comments