Mobile Malware Is on the Rise, but Is It a Real Threat?

Smartphones and tablets may be the hottest tickets in electronics today, but with that marquee status comes a dark side. Mobile viruses on the rise, and 2010 saw a huge increase in malware on mobile devices, up 46 percent from 2009, says a new threat report from security software maker McAfee.

The increase in mobile malware isn't unexpected, as smartphones have become more popular in the last year, with smartphones recently passing PCs in sales for the first time ever. Adam Wosotowsky, an engineer at McAfee, says Symbian is the most at-risk mobile platform, though Google Android devices and jailbroken iPhones are popular targets, too.

"I wouldn't call it unexpected," he says. "We've seen mobile malware growing exponentially year-over-year for a while. It's much more of a big deal now that smartphones are basically becoming little computers."

Besides being greater in number, mobile malware is getting more sophisticated, Wosotowsky says. Viruses that infect cell phones typically force the phone to do things like send texts or make calls to specific numbers and at specific times so the malware creator profits. Now that phones are capable of so much more, the viruses that infect them are following suit.

"There are a lot more ways for the criminal enterprise to make money," he says. "You have the ability to infect the phones and actually build some kind of botnet infrastructure. We have seen indications of ways to start to establish command and control [on phones]."

Seeing "indications" and seeing a virus are two different things, however. Ondrej Vlcek, CTO of Avast, a security software company that gives away its product, says the mobile malware threat, while a problem, isn't anywhere near as threatening as malware on PCs.

"It's still relatively small compared to the traditional platforms," Vlcek says. "Also, the payloads are usually less invasive—sort of like Windows malware ten, fifteen years ago."

Vlcek is on board with the McAfee report's conclusions about the vulnerabilities with Adobe products, however. The report says malware developers "heavily" exploited weaknesses in Flash and PDF applications. Flash videos are especially ripe targets, Wosotowsky says, since the application runs code on both the client and server sides.

"Flash is extremely popular and everybody's using it. That makes it a big target," he says. "I'm sure Adobe is going to re-architect some of the security that's associated with it."

Read more...

What Is Doxing? – Doxing And It’s Uses

Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.

You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl(http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.

The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.

Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.

Any hacker reading this, that didn’t previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.

Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).

So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

Read more...

How to Change MAC Address

In computer networking, the Media Access Control (MAC) address is every bit as important as an IP address. Learn in this article how MAC addresses work and how to find the MAC addresses being used by a computer...

What Is a MAC Address?

The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:

MM:MM:MM:SS:SS:SS

MM-MM-MM-SS-SS-SS

The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,

00:A0:C9:14:C8:29

The prefix

00A0C9

indicates the manufacturer is Intel Corporation.

How to find MAC Address?

Go to start -> Run ->Type cmd and press Enter

A DOS window will appear. This is also commonly called a Command Prompt

Now type IPCONFIG /ALL at the command prompt and hit ENTER. This window will now display the configuration of all of your network adapters. If you have multiple network adapters in your PC you'll see multiple addresses. The MAC Address you're looking for will be listed under the heading Ethernet Adapter

Now look for the Physical Address. It should look something like 00-50-BA-D1-BA-71

To close the window when you are finished, type EXIT at the command prompt and hit the ENTER key

How to change MAC Address?

Go to Start > Control panel > Network and Internet connections , then right click on the that network connection whose network card’s MAC address you want to change and click Properties.

In the General tab, click on the Configure button.

Then click on the Advanced tab.

In the Property section, you have to see an option saying Network Address or Locally Administered Address. Select it and change the radio button to Value ( Not present means that your network card will use the default MAC address programmed by the manufacturer ).

Now type in a new MAC address and click OK.

Restart the computer.

To make sure that the change is successful go to command prompt ( Start > Run, type in cmd and click OK ) then type in ipconfig /all.

Read more...