Infiltrator

$150.00 dollars not bad at all, obviously the more hit your website gets the more I assume you would make. That's what I want to get out of my website. Anywayz, how much would Google Ads charge you per month?

Good point, I shall do that! Now is there any fees involved when signing up with Google Ads. At what point would they start charging you?

Don't know what this people want, but before was Samsung now its Avast. These stories never seize to amaze me.

Rogue Android app sent personal info to legit version's developer, claims AVAST Computerworld - A malicious Android app that shamed users for pirating software transmitted personal information to a URL controlled by the legitimate app's developer, a security company said today. The developer of "Walk and Text," the app whose code was recompiled and re-released on numerous file-sharing sites, denied the claim by AVAST Software, an anti-virus firm based in Prague. Walk and Text, which costs $1.54 to download from the official Android Market, uses the smartphone's camera to show what's in front of users as they simultaneously walk and text, theoretically preventing them from slamming into signposts or stepping off curbs into traffic. The Trojanized version of the app includes malicious code that texts an embarrassing anti-piracy message to each contact in the phone's address book. "Hey, just downlaoded [sic] a pirated App off the Internet," the message reads. "Walk and Text for Android. Im [sic] stupid and cheap, it costed [sic] only 1 buck. Don't steal like I did!" The rogue app -- which Symantec yesterday named "Android.Walkinwat" and identified as a Trojan horse -- also pilfers personal data from the phone, including the phone number and the device's unique identifier, and sends it to a remote server. According to AVAST, that data was sent to a URL controlled by Georgi Tanmazov, the CEO of Incorporate Apps, and the developer of Walk and Text, as well as other Android apps. "It was very obvious that the information went to his URL," said Vincent Steckler, the CEO of AVAST in an interview Friday. "Was there something receiving the information? [Tanmazov] said there was not. But from what we could see, yes, there was something there receiving the information." Tanmazov flatly denied that he created the malicious version of Walk and Text. "AVAST has indeed claimed there is a link to our servers, but there was no such file on our servers, and logs could probably prove this," said Tanmazov in an e-mail interview, also on Friday. "There is also no personal information being saved on our servers and this could also easily be proven." Steckler said that he has yet to see that proof, and called on Tanmazov to share his server logs. When asked if he would share the logs, Tanmazov agreed, but said he wasn't sure that such logs exist. "The Web site is on a really cheap shared server and they delete stuff after three days I think," he said. "You understand that if we do have logs those are text files that could be altered so this will also not prove anything." AVAST and Tanmazov have been at odds for more than a week, when AVAST blogged about the malicious version of Walk and Text that researchers found on the Internet. Since then, Tanmazov has threatened to sue AVAST and accused the company of publicizing the Trojanized version of his app to promote its mobile security software. "We haven't heard from any lawyers," said Steckler. "But it's a common threat against security companies." Today, Tanmazov said he was "still looking into options" that included a lawsuit, but acknowledged that the route would be expensive. "It is a very sorry situation that AVAST is trying to provoke us in such a way," he said. Steckler denied that AVAST will shortly release a security app for Android, or warned users of the malicious edition of Walk and Text for publicity. "What we care about is malware out there that takes personal info and incurs costs to users," he said. Installing the Trojanized app could result in higher texting bills, depending on the number of contacts in a victimized smartphone, and where those contacts lived. "This could cost you some money," John Engles, a group product manager with Symantec's security response team, said in an interview yesterday. The back-and-forth between AVAST and Tanmazov is unusual, Steckler admitted. "There's still a lot of private pushback from adware and spyware makers, which remains a very gray area. But this is the first case we know of where a developer of a legitimate app has gotten so angry. What makes this different is that data was being sent to his URL." This isn't the first time that malware-filled Android apps have cropped up. Last month, Google yanked more than 50 infected applications from the Android Market. In that case, no complaints from the legitimate developers of those purloined apps surfaced publicly. According to Google, Walk and Text on the Android Market does not contain the malicious code and features of the Trojanized copycat. Hackers have turned to the tactic of taking a legitimate app, then recompiling it to include malware or malicious features because of Android's success, said Steckler. And the practice won't stop anytime soon. "This isn't a security deficiency of Android, but a philosophical choice by Google," said Steckler. "What makes Android so successful is also what makes it vulnerable here. Unlike the Apple ecosystem, Android is pretty much wide open, and users can get apps from almost anywhere." Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com. Source: http://www.computerworld.com/s/article/9215437/Rogue_Android_app_sent_personal_info_to_legit_version_s_developer_claims_AVAST?taxonomyId=77&pageNumber=1

Was thinking in doing that, but when I read the content policy it turned me down. They said it must not contain any illegal content, such as hacking. Well I do not plan on providing illegal contents, I plan on doing something similar to IronGeek, Security Info or Hak5. Do you think that would be in direct violation of Google's terms and Agreements?

FBI could always turn to a hacker's help to try and crack the code, in addition to paying then well or cleaning any past criminal record they may have.

AEROPLANES could be taken over by remote control and forced to crash with the use of newly invented computer software. Cyber attacks are now viewed by experts as the second-biggest risk to aviation behind natural disasters. Representatives from Qantas and Virgin Airlines were warned of the threat at the Asia-Pacific Aviation Security Conference in Hong Kong. Australian cyber-security expert Ty Miller, from Pure Hacking, told the conference whole fleets of planes could be affected. "The stereotypical Die Hard 2 airport attack, where aircraft controls can be taken over, is no longer just a movie script. It's an actual reality," Mr Miller said. "Depending on what information was accessed... the control of the aircraft themselves could be compromised. "You could deal with planes so that when they're in the air they all of a sudden start dumping all of their fuel, or force the planes to take a nose-dive. And it's not necessarily one plane — it could be a whole fleet of planes." Mr Miller's firm engages in "ethical hacking", which involves testing the security of a network by trying to crack its systems. Posing as a rogue employee with general access to an airline's systems, Mr Miller was recently able to take over the airline's entire network within a day. "That would give us full administrator access to the whole computer system and access to potentially sensitive documents and data," he said. He cited the Stuxnet worm incident, where an unknown attacker last year used the software to sabotage one of Iran's uranium enrichment plants. The Stuxnet attack overwhelmed the nuclear facility's internal network, causing it to go offline. "The analysis of the Stuxnet attack (on Iran) showed that it would have required a team of five or ten people working for at least six months," Mr Miller said. "It would have been extremely well funded, and the culprits would have had access to intelligence to conduct several multi-staged attacks on a number of different companies to perform industrial espionage. "To compromise the avionics of an aircraft, hackers would have to have the same level of information and potentially need to hack into Boeing, the specific airline and the airport systems." A rogue employee was in fact more of a threat than terrorists, Mr Miller said. Source: http://www.news.com.au/technology/remote-control-computer-programs-pose-terror-risks-to-aeroplanes/story-e6frfrnr-1226033003093

Before posting something so alarming as this article, they should have considered performing other tests to verify the information is valid. Like using different AVs as suggested.

I do have to agree with Digip on this one, it would be a lot safer to use a VM, other than using a personal desktop computer. Image someone uploading a Trojan with hardware exploitation capabilities. I wouldn't want this to happen to my desktop computer, so it makes perfect sense to run a penetration test on a virtualized environment. At least you have a degree of control when running these tests on a VM.

Yeah, It does sounds too good to be true but until someone come forward providing enough evidence to convince me that they made money from this website, it will continue a scam. I would say the Nigerians or the Chinese are behind all this.

Thought so and no I will never disclose any real information about myself. The credit card thing, was only a test I did to find out more about the website. Another thing I noticed, was whenever I entered a fake credit card number, the website warned me about the cradit card numbers not being valid. I then checked my email to see if I had received any notifications from the website and to my supprise nothing arrived. Furthermore the website supports HTTPS, the interesting thing tough was the SSL certificate, did not state by whom it was issued, it only stated that it supported 256 bits of encryption nothing else. Its amazing how this fucking scammers are getting so sophisticate and how important it is for users to be alerted of these issues.

Or upgrade the current firware to the latest release, that could have support for WPA encryption.

Nice will check it out later, thanks Comodo.

There was an article on Computerworld before, on Yahoo.com migrating some of their servers to IPv6. Aparatenly only IPv6 enabled platforms would be able to view websites hosted on these servers. So anyone who was on an IPv4 network would experience difficulties reaching those sites. So I wonder how they are going to address this problem, if someone is on an IPv4 network trying to access an IPv6 network. Don't know if there will be a NAT like protocol implemented as a workaround, until every one is fully migrated to IPv6.

Can't argue with that! It was an antivirus problem. Thread is now closed.

Hi, Has anyone ever signed with a website like this. Or is this actually a scam, to try to get people to enter their credit card details. I mean it looks very promising, working from home and making nearly $6000.00 a month. But there is a voice inside my head telling me not to do it. I even faked some of my credit card numbers, to see if they would accept it but didn't work. So what do you guys think? http://www.news7dailyjobs.com/?t202id=630303&t202kw=cpa

Since it takes time for the RAM to wipe its contents off, there is a small program that you can load onto an USB and copy all the contents from RAM into it. By simply booting the computer off the USB. Darren did a segment on that, but I can't remember what the utility is called. Besides there is also another utility called "The Volatility Framework" which takes samples from RAM but it doesn't do a complete copy of what its in RAM.

Be welcomed IPv6. Your journey has just began.

Internet policymakers officially handed out the last five blocks of IPv4 address space to each of the Regional Internet Registries (RIRs) at a ceremony held in Miami Thursday morning. BACKGROUND: IPv4 exhaustion predicted The ceremony marked the depletion of the free pool of addresses for IPv4, the main communications protocol that underpins the Internet. The ceremony's goal was not only to celebrate this historic milestone in the Internet's 40-year history, but also to demonstrate that this precious resource of IPv4 addresses was doled out in an equitable fashion around the globe. Policymakers -- including the Internet Assigned Numbers Authority (IANA) and the Internet Corporation for Assigned Names and Numbers (ICANN) -- used the ceremony to underscore the need for network operators and content providers to migrate to IPv6, the long-anticipated upgrade to IPv4. "This is one of the most important days of the Internet," said Rob Beckstrom, ICANN's President and CEO. "A pool of more than 4 billion Internet addresses has been emptied ... This marks the opportunity to shift to a version of IP that is so large it is difficult to even imagine ... and that can carry us into the future.'' IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices -- 2 to the 128th power. PANIC TIME QUIZ: How prepared are you for IPv6? Each of the RIRs was given what is called a /8 block of IPv4 addresses, which is around 16.7 million addresses. Experts say it will take anywhere from three to seven months for the registries to distribute the remaining IPv4 addresses to carriers. Once the registries hand out all of the IPv4 addresses, network operators must either deploy complex, expensive network address translation (NAT) technologies to share IPv4 addresses among multiple users, or adopt IPv6. COMPARISON: IPv6 vs. Carrier-Grade NAT The Internet engineering community used the Miami event as an opportunity to encourage network operators and content providers to quickly adopt IPv6. "Today begins the final chapter of IPv4," said Lynn St. Amour, president and CEO of the Internet Society. "The sooner we all move to adopt IPv6, the better and brighter our future will be ... The fundamental key to the Internet's success is the unification of networks through globally addressing. That is why so many have stepped up to deploy IPv6." Olaf Kolkman, chairman of the Internet Architecture Board, warned that network operators and content providers need to adopt IPv6 because the available technical workarounds will become increasingly difficult to support. "The next 2 or 3 billion Internet users will use IPv6 only," he warned, but he added that coexistence between the two protocols will continue for decades. "As long as there will be people that have legacy equipment with IPv4, there will need to be a reason to communicate with IPv4." Source: http://www.networkworld.com/news/2011/020311-ipv4-ceremony.html

Interesting, what if the user is not advanced enough, I think the experience level also counts. I know people who has been using computers for a while, and basic stuff like opening task manager or keeping the AV updates lacks in them.

Before you buy a high Dbi antenna you need to investigate a few things. 1) Is there any other wireless device, operating on the same channel as your wireless router or AP. To find out you need to fire up either netstumbler or kismet on a pc with wireless enabled. If you find a particular device operating on the same channel, I would recommend changing to one of the following channels, 1, 6 or 11, since they do not overlap with each other. Smallnetbuilder has an excellent article explaining what channel overlapping means and how they affect wireless performance. http://www.smallnetbuilder.com/wireless/wireless-howto/31190-when-wireless-lans-collide-how-to-beat-the-wireless-crowd 2) How to improve wireless speeds, http://www.smallnetbuilder.com/wireless/wireless-basics/30664-5-ways-to-fix-slow-80211n-speed 3) If none of the above works try updating your router firmware. Edit: By the way what wireless router are you using?

The government wouldn't be making as much as money, as they are right now with fines.

10-4 on that, I forgot to realize that part. However, the OP could create an image without pre-loading the key and distribute it as it is. Anyone who downloads it, will need to install the key and then make a bootable CD. It may be add bit of work, but in the end the CD will be bootable and the license legit. What do you think?

That is a good idea, it can be locked and chained to your ankle.

For network pen-testing I use Backtrack 4. For normal desktop usage, I use both Windows/Ubuntu. I find Ubuntu very user friendly compared to other distros. If you want to learn Linux, Ubuntu would be a good starting place.