Consumer Electronics Daily News: Security

February 27, 2014

ESET Issues Warning About Mac Malware Disguised as Cracked Versions of Angry Birds, Pixelmator and Other Top Apps

ESET is warning Mac® users not to download pirated software from file-sharing peer-to-peer (P2P) networks in the wake of a new malware discovery. Researchers have discovered a Bitcoin-stealing malware called OSX/CoinThief being spread via cracked apps, apps often obtained by over-riding Apple's standard security settings.

The OSX/CoinThief trojan infects computers running the Mac OS X platform®, stealing login credentials related to various Bitcoin exchanges and wallet sites by installing malicious browser add-ons.

ESET malware experts have discovered that CoinThief is being spread via P2P file-sharing networks, disguised as cracked versions of the following popular Mac OS X applications:

BBEdit – an OS X text editor
Pixelmator – a graphics editor
Angry Birds – a game where players use a slingshot to launch birds at their targets
Delicious Library – a media cataloguing application

"The hackers behind the CoinThief trojan are trying to cash in on the current Bitcoin craze and fluctuating exchange rates by breaking into users' digital wallets," said Security Researcher Graham Cluley, who wrote about the threat on ESET's WeLiveSecurity blog. "As ESET's research team has shown, Mac users who download and install pirated software from torrent sites are not only depriving developers of their rightful income, but are also putting their computers and finances at risk."

According to detection statistics gathered by the ESET Live Grid, the threat is mostly active amongst Mac users based in the United States. CoinThief was first spotted earlier this month by SecureMac researchers, who found it had been distributed via popular download sites, such as Download.com and MacUpdate.com, disguised as trojanized versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker.

ESET researchers strongly recommend that all Mac users protect their computers with an up-to-date anti-virus product and resist the temptation to download cracked and pirated software.

For more information on the CoinThief malware and how to clean infected devices, visit ESET's WeLiveSecurity blog here.

Posted at 09:40 AM in Security | Permalink | Comments (0)

January 15, 2014

Blackphone Promises Privacy, Control

Silent Circle and Geeksphone today announced a new Switzerland-based joint venture and its inaugural product, Blackphone, the world's first smartphone placing privacy and control directly in the hands of its users.

Blackphone, powered by a security-oriented Android™ build named PrivatOS, is a carrier- and vendor-independent smartphone giving individuals and organizations the ability to make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy on the device.

It is the culmination of several careers' worth of effort from leading figures in the industry, including Phil Zimmermann, creator of PGP; Javier Aguera, co-founder of Geeksphone; Jon Callas, co-founder of PGP Inc. and CTO of Silent Circle; Rodrigo Silva-Ramos, co-founder of Geeksphone; and Mike Janke, CEO of Silent Circle and former US Navy SEAL.

"I have spent my whole career working towards the launch of secure telephony products," said Zimmermann. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect."

Blackphone may be seen at https://www.blackphone.ch and visitors may join a mailing list to be kept informed of updates as the launch date approaches. Blackphone will be available for pre-order beginning February 24, 2014, at Mobile World Congress, in Barcelona, Spain.

For more information or to contact Blackphone visit: https://www.blackphone.ch

Posted at 10:09 AM in New Products, Security, Smartphones | Permalink | Comments (0)

December 13, 2013

Excitement Growing Around the Globe As Data Privacy Day 2014 Nears

Widespread support for Data Privacy Day (DPD) 2014 is growing in the U.S. and abroad as the annual January 28th awareness day that promotes the protection of privacy and data stewardship draws closer. Officially coordinated by the National Cyber Security Alliance (NCSA), Data Privacy Day is celebrated by hundreds of organizations and individuals who raise awareness about data privacy around the world and promote its universal theme Respecting Privacy, Safeguarding Data and Enabling Trust.

Since 2008 Data Privacy Day has been made successful through support and participation from corporations, governments and organizations large and small. Nearly two months remain until Data Privacy Day and already more than 70 organizations have signed on to become official DPD Champions, including the Federal Trade Commission, Brown University, International Association of Privacy Professionals (IAPP), The Council of Better Business Bureaus, McKenna Long & Aldridge and JIPDEC (Japan Institute for Promotion of Digital Economy and Community). Intel, one of the founding organizations of Data Privacy Day, has played a continuing role in building global awareness about privacy and engaging a diverse array of stakeholders in privacy awareness and action.

"Intel is proud to play a role in such a pivotal awareness effort. Data Privacy Day is an opportunity and a reminder for all organizations to hold themselves to strong data stewardship practices and prove they are accountable to individuals," said David Hoffman, Intel's director of Security Policy and Global Privacy Officer.

"Protecting privacy and data are key ways we can build a safer, more trusted Internet," said Michael Kaiser, executive director of NCSA. "The reach of our messages are amplified exponentially because of DPD Champions and supporters elevating the importance of protecting personal information and privacy." Many Data Privacy Day supporting organizations will unveil unique data privacy offerings. NCSA's newly launched DPD Web Portal is a one-stop shop to get started participating in Data Privacy Day.

Learn how to become a champion, get ideas for awareness activities, see events happening around the world and find a list of links to privacy settings at the popular websites at http://www.staysafeonline.org/data-privacy-day/. National Cyber Security Alliance will officially kick off Data Privacy Day 2014 by hosting a global privacy forum at The Pew Charitable Trusts in Washington, DC on January 28. Intel and Microsoft are leading sponsors of Data Privacy Day, while ADP and AT&T are contributing sponsors. Small business sponsors include PRIVATE WiFi, Reputation.com and SpiderOak. Every Wednesday in January NCSA will feature a Twitter Chat at 3 p.m. EST using hashtag #ChatDPD.

Posted at 09:37 AM in Security | Permalink | Comments (0)

November 04, 2013

Wondershare's New SafeEraser Stops Identity Thieves in Their Tracks by Permanently Deleting Everything from an iPhone(R)

Identity theft is on the rise as more people are using their iPhones for online shopping, making payments and even banking. Often times, identity theft can be traced to information recovered from mobile phones. When disposing of an old iPhone, many users will simply use iTunes to do a "restore" on the iPhone with the belief this erases everything, but the truth is in many cases personal data can still be retrieved using sophisticated data recovery technologies used by criminals. Wondershare's new SafeEraser gives users peace of mind by ensuring permanent removal of all personal information.

SafeEraser is a simple yet effective Windows® application, which permanently deletes all personal information by physically over-writing the iPhone's memory with random data and restores the iPhone to original factory setting while ensuring safety of the system and the device. Afterwards, there'll be no other data recovery tools that can recover any personal data from the device. Users can select fast 1-pass overwriting which overwrites the memory blocks 1-time, medium strength 2-pass overwriting, or maximum strength 3-pass overwriting which meets the US Department of Defense DOD 5220-22M standard for secure data destruction on digital devices.

Deeper dive on Wondershare SafeEraser's features:

Peace of mind - 100 percent permanent data deletion with zero chance of recovery by hackers and identity thieves. Wipes out user names, passwords, photos, text messages, emails, call history -- everything stored on the iPhone;
Works with all iPhone models running iOS version 5.0 and higher. Also works on all models of iPad® and iPod® Touch. Works on iPhones that have been jail-broken too;
Three modes for secure erasure: 1-pass (fastest, but least secure), 2-pass (slower but smarter deletion, others won't know your phone was erased), and 3-pass which meets the US military standard for data destruction;
Option for erasing an entire iPhone or just shred the free-space on the phone, a good safeguard to make sure deleted content stays deleted without having to wipe out the entire phone.

Wondershare SafeEraser is currently available for $19.95 for "one-time" use on a single iPhone, and $39.95 for use with up to five iPhones.

Learn more about Wondershare's entire lineup of award winning multi-media, mobile, business productivity, PDF, and system utility software products at Wondershare.com.

Posted at 09:28 AM in Security | Permalink | Comments (0)

September 13, 2013

Leviton Releases OmniTouch 7 Touchscreen

Leviton announced today the OmniTouch 7 Touchscreen. The latest capacitive touch, glass front touchscreen from Leviton features a 7 inch high resolution screen for controlling security, energy and entertainment settings in a residential setting.

Featuring large, recognizable icons, the new touchscreen allows users to arm or disarm their Leviton security system, alert emergency personnel, lock or unlock doors and view crisp IP or analog surveillance video footage. Additionally, the device features slider bars that adjust individual light levels from zero to 100 percent; control up to 64 thermostats to manage humidity settings and additional systems like irrigation, ventilation; and monitor or adjust window coverings. The OmniTouch 7 also acts as an interface to Leviton's Hi-Fi 2 Distributed Audio System or a compatible system from a connectivity partner.

Developed using Leviton's new user interface engine and featuring high processing power, the device allows users to customize and incorporate their connected devices-– such as additional lights, thermostats or cameras-– with a swipe on the screen. Two digital MEMS microphones along with a built-in amplifier and speaker improve noise and echo cancellation. In addition, the light sensor allows automatic dimming of the display backlight on the glass front capacitive OmniTouch 7.

"The user-friendly OmniTouch 7 allows for simple setup and intuitive customization for integrators," said Jay McLellan, president of Leviton Security & Automation. "The new always-there, always-on Touchscreen is plug-and-play, but affords users a variety of options, including showing only necessary icons, the ability to name the building and rooms, separate devices by area and quickly adjust settings like brightness and volume levels."

The OmniTouch 7 is the seventh-generation touchscreen offering from Leviton Security & Automation, building on the success of the company's first in-home dedicated device, the original OmniTouch, released in 2003. The new device is the most capable touchscreen Leviton has produced while also maintaining the lowest price point.

The new Leviton OmniTouch 7 Touchscreen, part numbers 99A00-1 (White) and 99A00-2 (Black), is now available in all markets. Foreign languages are in-development and can be implemented in the field with a free firmware upgrade.

PRNewswire

Posted at 08:36 AM in Mobile Electronics , New Products, Security, Tablets, Wireless | Permalink | Comments (0) | TrackBack (0)

September 12, 2013

Black Hat Announces First Ever West Coast Trainings Event

Today, Black Hat, the world's leading family of information security events, announced the first ever West Coast Trainings. Over the course of four days, the security community's brightest researchers will unleash highly technical, hands-on Training courses to attendees in downtown Seattle, Washington. These Trainings include many of the most popular courses from Black Hat's events, as well as several new sessions on today's latest research and intelligence. The event will take place December 9 – 12, 2013, at the Washington State Convention Center. For more information and to register, please visit http://www.blackhat.com/wc-13/.

"At the core, Black Hat's mission is to encourage growth for information security enthusiasts at all levels in their professional careers," explained Trey Ford, General Manager, Black Hat. "These Trainings are not for the faint of heart and offer an unprecedented opportunity for hands-on learning with some of the best in our community."

Some highlights of the upcoming West Coast Trainings include:

Advanced C/C++ Source-Code-Analysis: Leaf SR will teach students how to dive into large C/C++ source code projects to find exploitable memory corruption vulnerabilities armed with nothing more than a text editor.
Advanced OSINT Target Profiling AKA OSINT Target Profiling Like a Pro: Shane MacDougall of JL Bond Consulting, will outline a gamut of tools, websites, and procedures that every penetration tester/attacker should have in their toolkit, while showing that proper profiling can yield a huge lift for the attacker, all without sending a single packet to the target network.
Hands-On Hardware Hacking and Reverse Engineering: Joe Grand of Grand Idea Studio, Inc., will teach hardware hacking and reverse engineering techniques commonly used against hardware products, including proper use of tools, circuit board analysis, embedded security and more.
Pentesting with Kali Linux: Offensive Security, the team behind Kali, has re-written this course from the ground up to reflect the most modern and effective techniques that all penetration testers need to know.
The Exploit Laboratory: Red Team: Saumil Shah will provide participants a hands-on approach to exploiting modern day operating systems, bringing students up to speed on the complexities of the exploit writing required.

As with all popular Black Hat courses, the West Coast Trainings will undoubtedly fill up quickly, as they were selected due to the high demand for their content. Be sure to reserve a spot in the Training course(s) of your choice while they are still available. You can find the full list of Trainings available here. Please visit the registration page for additional information.

PRNewswire

Posted at 08:55 AM in Breaking CE News, Conferences and Trade Shows, Security | Permalink | Comments (0) | TrackBack (0)

September 10, 2013

Apple's iPhone 5S, 5C Announcement Satisfies and Excites

Today at 10:00 Cupertino Time, Apple held an intimate meeting in their 200-seat theatre at 4 Infinite Loop to introduce the new iPhone 5c, 5s, and iOS 7.

Some highlights from the announcement:

iOS 7

Siri has “higher quality male and female voices” and a more seamless integration with twitter, Safari, and other apps.
Safari now has a 3D tabbing interface-- similar to what iTunes did with "Album View"
The iOS 7 Camera has built-in instagram-y filters.
Airdrop, the P2P sharing found on iMacs, is now part of iOS 7.
iOS 7 will be a free upgrade for existing iPhone users (4 or later), iPad (2 or later), iPad Mini, and iPod Touch (5 or later) on September 18.
iWork comes free with iOS 7-- they are immediately downloaded with the update.

iPhone 5C

"The entire back and sides are made from a single part, its front one glass, multi-touch surface. As close as you look, you wont see joints or seams"
Each device comes with a color-matched wallpaper
4-inch Retina Display
Higher-capacity battery than other iPhones and an A6 chip
8MP iSight Camera
16gb model will be $99 and 32GB for $199 on a 2-year contract
On Sale September 20.

iPhone 5S

Features the A7 performance chip-- the biggest and first smartphone CPU of its kind.
Graphics are two times faster and the computing power is two times as fast with its 64-bit re-engineering. "It’s got a new 64-bit kernel, libraries, and drivers. All built-in apps have been reengineered. It’s a seamless dev transition, with full backwards compatibility."
The M7 Motion Coprocessor continuously measures motion data, accelerometer, and gestural data. It can determinine whether you’re walking or driving.
The battery life is even better than the iPhone 5-- it has an estimated 250 hours of standby time.
iSight camera now has an f/2.2 aperture and a 15 percent larger active sensor area (1.5 micron pixel sensor)
There are two flashes in the 5S-- one white LED, one amber, and the camera has auto-image stabilization.
Videos can now record in Slo-Mo.
TOUCH ID: The fingerprint sensor "is capacitive, 170 microns thin, has a 500 ppi resolution, scans sub-epidermal skin layers, and has 360 degree readability"
With the Touch ID, you only need to touch the home screen and iTunes purchases can be made with the tap of a finger
$199 for the 16GB model, $299 for 32GB, and $399 for 64GB on a 2 year contract
On sale September 20.

For a complete blow-by-blow, check out Techcrunch's live update stream.

Posted at 11:51 AM in Apple, Breaking CE News, CE Retailing, Communications, Emerging Technology, Hardware, Mobile Electronics , New Products, Security, Smartphones, Software, Trends, Wireless | Permalink | Comments (0) | TrackBack (0)

September 03, 2013

Silent Circle Announces Silent Text For Android

Silent Circle, the global encrypted communications firm revolutionizing mobile device security for organizations and individuals alike, today announced the availability of its Silent Text secure messaging and file transfer app for Android devices via Google Play. With the addition of Silent Text for Android, Silent Circle's apps and services offer unmatched privacy protection by routing encrypted calls, messages and attachments exclusively between Silent Circle users' iOS and Android devices without logging metadata associated with subscribers' communications.

Silent Text for Android's features include:

Burn Notice feature allows you to have any messages you send self-destruct after a time delay
Send map locations encrypted and controlled
Peer-to-peer key management -- keys are on each device, not on Silent Circle's servers
No one but you and the person you are texting can decrypt and read the information
Send any file up to 100MB
Revolutionizes secure business and personal communications with a tap of the finger

Silent Text for Android adds to Silent Circle's comprehensive set of private, peer-to-peer encrypted communications services including Silent Phone for secure mobile voice and video calling and encrypted voice and video communication on Windows PCs with Silent Circle Desktop for secure calls and conferencing.

About Silent Circle's encrypted peer-to-peer communication services:

Silent Phone: Encrypted mobile VoIP calling with ability to seamlessly switch to high-quality, secure video calls, on-demand. Currently available for iOS and Android, it can be used with Wi-Fi, 3G or 4G LTE cellular anywhere in the world.
Out-Circle Access: Enables calls between one Silent Phone subscriber and a non-subscriber.*
Silent Text: Encrypted text messaging with support for almost any attachment up to 100MB and "Burn Notice" feature for permanently deleting messages from senders' and receivers' device registries. Messages can include map locations and multimedia recorded in the app. Currently available for iOS and Android.
Silent Circle Desktop: Encrypted VoIP audio and video calls and conferencing from Windows laptops and desktops through Silent Circle's custom HD network. Compatible with Silent Phone. Currently available for Windows PC's.

*Currently limited to PSTN calls in U.S., Canada and Puerto Rico.

PRNewswire

Posted at 09:35 AM in Android , Apps, CE Retailing, Mobile Electronics , New Products, Security | Permalink | Comments (0) | TrackBack (0)

August 30, 2013

Skydog Ships on Time to More than 1,000 Kickstarter Backers

PowerCloud Systems, a pioneer in cloud networking, has announced that Skydog™ is shipping on time this week to more than 1,000 Kickstarter backers. Skydog is an easy-to-use wireless home router and companion mobile application that provides unprecedented visibility and control of the home network. With Skydog, parents can manage their children's online experience, as well as the security and performance of the devices, applications and users connected to their home network. Skydog will be available to the general public via www.Skydog.com in October.

Before Skydog, parental and security controls on home networks were largely limited to blanket settings made on the router or an individual PC. Skydog changes that paradigm by allowing parents to set individual network access controls for each user, covering all of his or her devices. Moreover, Skydog allows users to optimize the performance and security of their home networks.

The innovation of Skydog lies in its patented cloud-powered platform. Skydog includes a powerful Wi-Fi router and a cloud-based application that can be accessed from any connected smartphone, tablet or PC. This allows home network administrators, who are often busy parents, to see and control home Internet usage, even when they are away. Skydog revolutionizes home networking in three key areas:

Real-Time Visibility:
- Monitors the network, including who is online, which devices are being used, usage tracking of specific sites and how much bandwidth is being used.
- Sends text alerts when specified issues arise, such as an Internet outage, or a new guest seeking to access the network. Skydog also speeds the diagnosing of problems such as poor Wi-Fi signals of devices.
- Notifies the administrator or individual user when time limits on specified websites have been reached, even when those websites are accessed across multiple devices.

Easy and Powerful Home Network Management:
- Actively manages broadband usage by assigning priority bandwidth access to certain users, such as a work-at-home parent, or applications, such as a streamed movie to the family room television.
- Enables time limits for specific website access by user, covering all devices, and set on a flexible calendar that, for example, distinguishes school days from weekends.
- Provides firewalled guest access, granting an extra layer of security to the family network.
- Allows for remote network management, such as a parent's home or vacation property, using the same mobile application.

Ease of Set-up and Use:
- Installs quickly and easily using the Skydog app.
- Organizes attached devices by primary user to simplify and unify actions such as setting policies on applications or Internet use.
- Easily piggybacks on existing routers or broadband gateways, to provide the additional functionality only available with Skydog.
- Works on any connected mobile device using a powerful, yet simple HTML5-based app, allowing for anytime, anywhere visibility and control of users and devices on the home network.

For more information, please follow Skydog on Twitter and Facebook.

PRNewswire

Posted at 10:43 AM in Accessories, CE Retailing, Crowdfunding, Mobile Electronics , New Products, Security, Wireless | Permalink | Comments (0) | TrackBack (0)

August 19, 2013

Invisible Text Keeps Messages 100 Percent Secure

Invisible Text LLC, a developer of secure, mobile messaging, today debuts a new service to help guarantee that your text messages are open and read only by the people who are authorized to receive them-- keeping your text messaging conversations and data 100 percent private.

Unlike other mobile messaging privacy solutions, Invisible Text lives up to the promise that a text message will disappear after it is read by the person who receives it. The app automatically deletes a conversation after it is ended. Only a message's ID and status is then stored on the server-- not the message itself.

Using Invisible Text's remote wipe command, you can delete a message immediately after sending it to someone's phone. So even if you send a message accidentally to someone or change your mind afterwards, you can quickly pull back the message and delete it remotely - before it is opened.

Finally, an automatic locking feature kicks-in when the phone is put down, not positioned at the correct angle or left unattended for a pre-set amount of time. Invisible Text is then locked and messages are automatically encrypted.

"From posting to your Facebook timeline to tweeting and texting, all it takes to connect with friends and co-workers is just a few clicks," said Dez White, Head of Application Development for Invisible Text. "While that makes it easy for information to go viral within seconds, it's also making it impossible for people to keep their info truly private and confidential. We created Invisible Text to solve this problem - now people can easily enjoy electronic and mobile messaging in a secure environment and take back control of who sees their messages, videos, photos and more."

For more information, visit www.invisibletxt.com.

PRNewswire

Posted at 11:08 AM in Apps, Communications, Mobile Electronics , New Products, Security, Smartphones | Permalink | Comments (0) | TrackBack (0)