Ransomware Just Got Worse By The Use of JavaScript

Ransomware is probably one of the peskiest and most annoying things that your computer can catch. Not only do you lose access to your files, you have to pay a criminal to release them again. Even if you should choose to pay, there is no guarantee what-so-ever that the criminal will release the files again or hide more malware to hit you again once you are “free”. If that wasn’t bad enough, a new version of Ransom32 has arrived that exploits JavaScript in order to infect you and worst of all, barely any anti-virus and anti-malware programs will catch it at this time.

While all this sounds bad, there are ways to protect yourself and if you use common sense while surfing the web, then you should be safe anyway. Stay away from dubious websites and don’t touch any archive or executable downloaded from anything but official manufacturer websites. But let us get back to the new malware in question, the ransomware called Ransom32.

Ransom32 is built on the NW.js-Framework which was developed to build desktop applications on a javascript base. A really cool framework by the way. That, unfortunately, means that where we usually only see Windows users that are at risk, those with Linux and MacOS are equally vulnerable to Ransom32. Thanks to the use of this framework, the ransomware is able to get past the sandbox environment that JavaScript runs in these days.

The security researcher Fabian Wosar from EmsiSoft discovered the new Ransom32 as a self-extracting RAR-Archiv. If that archive is unpacked, it will hide in your temp folder and disguise itself as the Chrome web browser and be visible as Chrome.exe. This is where advanced users already had noticed it and not used any automatic-unpack function. However, should the new chrome.exe be executed, then it will start to encrypt all your files with AES-128 bit CTR-mode and also place itself firmly in the systems autostart features.

The Ransom32 creators have also made it very easy for people to use their tool. Evil minded people can access the tool via a Tor address. When on the site, they can customize the tools features before downloading it. The creators reportedly also use the same network for their control servers and connections. To top the whole thing off, the creators take 25 percent of the accumulated ransoms for themselves, and everything stays anonymous thanks to the use of Bitcoins.

We can only hope that the virus scanners and anti-malware tools get an update soon so the less tech-minded people won’t get infected by this nasty new piece of software. You can also read a lot more details about this new piece of software on the EmsiSoft blog.

Linux Systems Targeted by New Ransomware

Ransomware is a particularly nasty piece of malware that has become even more popular in recent years. Initially, malware was designed to just disrupt or damage a person’s computers or files. Then came ransomware, designed to benefit the creator by either disturbing or denying access to their files the ransomware then offers to decrypt any nastily encrypted files using the only available key online by a set date if you pay them. It would seem that Linux users are the latest target with Linux.Encoder.1 targeting the operating system.

Targeted at a vulnerability in the Magneto CMS system, popular amongst e-commerce sites, and then once run with administrator-level privileges, will encrypt the user’s home directories and any files that could be associated with websites and hosting websites on the system. This is particularly lethal to stores which make their living through online selling, potentially knocking the site offline and costing them hundreds in one fell swoop.

After encrypting a directory, the system leaves a readme file, stating the terms for payment and offering a link to the Tor-protected gateway to make the payment of one bitcoin (a digital currency that comes in at around £250).

Once it has received the payment the malware will then decrypt the files, deleting both the readme file and the encrypted files during the process.

We would like to remind people to be careful when running any software or opening files sent or downloaded from the internet. Ransomware use is on the rise and we wish that our readers (and everyone else) never has to deal with being one of its victims.

iPhone Unlock Perused After Defendant Pleads Guilty

In recent years, technology has evolved in such a way that the law is often trying to catch up with the technology that comes out. In the last few months, technology companies have come to odds with the government regarding a range of topics but none more so than encryption.
Encryption is the process of messing up information in a logical way so if you just so happen to bump into it (or catch it on purpose), unless you were meant to read it you are unable to (or at least find it difficult). Apple has recently come at odds with the U.S. government as they have been asked to unlock (effectively disabling the protection and encryption on) an iPhone. The case just got more interesting though with them claiming that they should still unlock the phone after the defendant pleaded guilty.

The government quoted a law written in the 18th Century called the All Writs Act. A writ is essentially an order for a company or person to perform an action, and its use has displeased many people, with Ken Dreifach (the attorney representing Apple) clarifying why this is a worrying use of an old power,

“The government could seemingly co-opt any private company it wanted to provide services in support of law enforcement activity, as long as the underlying activity was authorized by a warrant. The All Writs Act does not confer such limitless authority.”

Even though the defendant, Jun Feng, has since pleaded guilty to one count of conspiracy to distribute and possession with intent to distribute methamphetamine, the prosecutors are still requesting that Apple unlock the phone just in case it contains information that could help other “ongoing” cases. The iPhone in question is running iOS7, as of iOS 8 Apple have enabled full encryption in an act it has stated would prevent them from complying with such orders.

Do you think Apple should unlock the phone? Should companies be forced to perform any action they can at the request of a court?

Guy Makes Device Which Can Open Combination Locks in a Matter of Seconds

Not really what you were looking to hear if you have a locker at work or school that relies on combination locks to keep people from snooping through your personal belongings, huh? Well, someone was bound to do something like this sooner or later and it’s not like combination locks were the best security option on the planet anyway.

This new high-tech process looks to follow the manual process used by experienced crackers, but drastically reducing the process with the help of computerized algorithms. The device is made out of a stepper motor, a servo motor, a 3D printed harness and an Adruino to help with the AI/computerized side of things.

But now to the real question… how useful is the process? Well, not that useful. Experienced crackers can open these type of locks in a matter of seconds too (not as fast as a robot, but pretty fast nonetheless). So that’s why combination locks are made to keep out nosy people from snooping through your personal stuff and not keep your family values safe.

Still, this can be useful when you really have no experience and desire to learn how to crack these things and want to prank your friends. You can watch the video below to see how it is made and tested.

Thank you TechCrunch for providing us with this information

Image courtesy of Amazon

You Can Now Unlock Your Chromebook With Your Android Phone

Google has just released Smart Lock – it basically turns your Android phone into one of those fancy ‘walk up’ keys for cars, but instead for your Chromebook.

Yes, being in close proximity to your Chromebook will unlock it without you really having to do anything else. The company has had the feature in testing for some time, but it is now available to all.

However, that doesn’t include tablets and your Chromebook must be running version 40+ and have Bluetooth connectivity. Your phone must be running Android 5 and also have Bluetooth.

The feature could be a sign of things to come for Android – Chromebook connectivity, with many suggesting that Google will be interested in bringing more interactivity between the two platforms. Apple’s OS X Yosemite introduced Continuity and Handoff, two features which allows users to continue their activities between the two devices seamlessly. Windows 10 will also bring a similar feature called Continuum.

Source: The Next Web 

3D Printed Skeleton Keys Can Pick High Security Locks in Seconds

Lock picking is something of an art form, while the basics can be learnt relatively quickly, there are locks out there that even the experts will struggle with, until now. Using 3D printing techniques, Jos Weyers and Christian Holler have been creating custom 3D printed key-esque strips of plastic and metal that can open high security locks in seconds, without ever needing to see the original key.

What they’ve created is known as a bump key, which slips into the lock and can be hit with a hammer in a certain way to pop the pins in the lock. Using software they created called Photobump, the two engineers now say they can easily bump a wide range of locks by printing 3D bump keys from a photograph of the keyhole! You don’t even need a high-end 3D printer to create these models.

[youtube width=”800″ height=”450″]http://youtu.be/2MCUXF84WuY[/youtube]

This technique isn’t perfect, it can be expensive to create and it won’t work on all locks, but it has made currently lock picking techniques easier than ever. The team say they’re also trying to raise this issue with key manufacturers and lock makers to create more secure locks to deal with these kind of problems.

Thank you Wired for providing us with this information.

Image courtesy of Wired.

Bluetooth Padlock TEO Lets You Share Unlock Permissions With Friends On The Fly

TEO is a bluetooth-enabled smart-lock produced by OckCorp and is already a week past its start in the Kickstarter campaign. Their target is to raise $151,000 and then start TEO’s production. TEO is not the first smart-lock on the market, there are also a variety of deadbolts that secure your doors wirelessly. However, TEO is a bit different by being more versatile, and can be unlocked via Bluetooth with your smartphone.

Gord Duncan, TEO’s inventor, says he came up with the idea while renting a car in Costa Rica. He was afraid of losing the keys to his vehicle and thought about a carabiner which the user could lock. The result was TEO, a carabiner which the user can lock and unlock with a dedicated iOS app.

The features TEO has planned are the ability to open more than one padlock with the same phone, a feature that can let the owner of a lock send time-constrained or permanent unlocking permissions to another app, and also a location tracker with an alarm to trigger if the lock is tampered with. OckCorp also points out to an Android app in the future as well.

[youtube]http://www.youtube.com/watch?v=JN84DsqbR4o[/youtube]

There are still a few things to think about before actually starting to develop TEO, as OckCorp mentions, such as the fact that TEO is still dependant on batteries. However, Duncan implies that the gadget is still a lock and “it has to do what a lock does really well” after all. If the Kickstarter campaign will be successful, TEO can start shipping in December.

Thank you The Verge for providing us with this information

Lockitron Smart Locks Means You Can Throw Out The Keys

Smart locks are starting to really become popular, last year I started following a company called Apigy Inc., which is planning to bring us Lockitron. Now I am starting to see information about a new startup called August which appears very much the same. After hearing about August, I looked up to see how many of these new locks are on the market, not looking very hard I was able to see that a big name lock producer, Kwikset. has also aimed to bring us a smart lock called Kevo. All of these locks using a bluetooth device, such as an iPhone or android phone you are able to use an app to unlock or lock a door. The lock is able to sense when you are near and automatically lock or unlock the door, or you can set it so that you need to tell it to unlock or lock from your device. With both setups you are able to log who enters and exits your house, you are also able to setup who is able to have access and for how long.

I haven’t found much information about how secure these new locks are, what kind of tests have been preformed on them. As far as I can tell though, Lockitron appears to just be an attachment to your current deadbolt while the August and Kevo appear to contain all of the hardware (Lock included)

There is no shortage of new smart locks that have been announced to come out soon. Are you interested in one? If so, which one would you prefer?

The Lockitron will start shipping July 15th. The August Smart Lock will cost $199 when it goes on sale later this year. And the Kwikset Kevo doesn’t appear to have a release date.

Source / Source / Source