Home Tags Cross-platform

Tag: cross-platform

The true purpose of a security suite isn't to secure your computer.
It's to protect you, your privacy, and your data. With customer protection in mind, McAfee Internet Security (2017) installs on all of your devices. However, most of what it offers comes with McAfee's antivirus, and the additional suite-specific components don't add enough value, especially if you don't need antispam or parental control. At $79.99 per year, McAfee looks like it's right in line with the competition, price-wise.

Bitdefender and Kaspersky charge the same, within a nickel or so.

But look again. With a Bitdefender or Kaspersky subscription you can install protection on three PCs. McAfee is unlimited, and lets you protect every Windows, macOS, iOS, or Android device in your household. In fact, the Home screen in this product is a list of all the devices you've protected, along with a button that scours your network to find unprotected devices and bring them into the fold.

A panel at the top summarizes the status of your current device, and clicking Manage Security opens the local installation's main window. The main window looks, for the most part, like that of McAfee's antivirus.

Both have four squarish green-edged panels representing Virus and Spyware Protection, Web and Email Protection, McAfee Updates, and Your Subscription.

To the right of these, the antivirus displays smaller panels for Data Protection and for PC and Home Network Tools.

Those appear in this suite too, along with Parental Controls and the True Key password manager.
It should look reassuringly familiar to existing users. Shared Antivirus FeaturesAs is often the case, this suite's antivirus protection is precisely the same as that of the corresponding standalone antivirus, McAfee AntiVirus Plus.

That review goes into greater detail than the summary that follows. Lab Test Results ChartAntiphishing Results ChartMalware Blocking Results Chart McAfee's scores in independent lab tests are generally mediocre.
It received an A-level certification from Simon Edwards Labs, which sounds good until you realize that AA and AAA are even better. Of three tests by AV-Comparatives, it earned one passing grade and two grades a notch above passing.

The three-part test by AV-Test Institute maxes out at 18 points; McAfee got 16, and in particular scored only 4.5 of 6 points for protection.

Finally, in the banking Trojan test and all-types tests by MRG-Effitas, it simply failed. My lab test score aggregation algorithm yields 7.9 of 10 possible points for McAfee. Kaspersky took a perfect 10, while Norton and Bitdefender Internet Security 2017 came out at 9.7 and 9.3 respectively. This year's McAfee products use an entirely new antivirus detection method called Real Protect. Real Protect is focused on behavior, so as to catch even zero-day malware. Like Webroot SecureAnywhere Internet Security Plus, when it sees an unknown file behaving suspiciously, it starts journaling that file's actions and queries the cloud for advice.
If cloud-based analysis red-flags the file, McAfee rolls back all of its actions.

The new engine has been rolling out piecemeal over the last few months, so we can't know whether these tests included the new engine. Perhaps McAfee will score better going forward. In my own hands-on malware-blocking test, McAfee scored 9.2 of 10 possible points. However, among the samples it missed were two well-known ransomware threats.
I watched one of them as it busily encrypted documents on the test system, without a peep from McAfee about its behavior. Webroot scored a perfect 10 against this same malware collection. McAfee also protected against 85 percent of the 100 malware-hosting URLs I threw at it, mostly by diverting the browser from the dangerous URL.

The average score among current products is 75 percent, so McAfee is above average here. I score phishing protection by matching a product's detection rate against that of Symantec Norton Security Premium and of the protection built into Chrome, Firefox, and Internet Explorer. Last year, McAfee came very close to matching Norton's score.

This year it lagged 44 percentage points behind Norton.

Chrome and Internet Explorer beat out McAfee, as well.

Don't turn off your browser's phishing protection! Other Shared FeaturesThere's a lot more to the nominally standalone antivirus; hence "Plus" in the name.

For starters, it includes a firewall.
In testing, the firewall correctly stealthed all ports and fended off Web-based attacks. Rather than bombard the user with queries about network permissions, it handles program control internally. When I tested its ability to withstand direct attack, I found that I could terminate and disable more than half of its essential Windows services. The WebAdvisor component identifies dangerous downloads and steers the browser away from malicious or fraudulent sites.
In addition, it marks up search results with icons identifying safe, iffy, and dangerous links.

This edition adds protection for typosquatting, and it works. When I entered www.paypla.com it asked if perhaps I really wanted PayPal. Using the My Home Network feature, you can set up a trust relationship between any and all of the PCs on your network that have McAfee installed.
It doesn't even have to be the same version of McAfee. Once you've taken that step, you can use one PC to remotely monitor others, and even remotely fix configuration problems. Mac and mobile support is the same across all of the McAfee product line. Mac support is little more than antivirus, firewall, and WebAdvisor.

There's no antivirus under iOS, but you can do things like locate and wipe the device, back up contacts, and capture a photo of someone who found or stole your phone. On Android, you get a full-featured security utility with antivirus, app ratings, anti-theft, call and text filtering, and more.

And once again, there's no limit on how many devices you can add. Other shared bonus features include the QuickClean tune-up tool, a vulnerability scanner, and a secure deletion file shredder. You can also access a number of security-related online resources directly from the program. See How We Test Security Software True Key Password ManagerWith your McAfee subscription you also get a license for the True Key password manager. Read my review for a full description of this password manager and its unusual collection of authentication options. True Key's biggest claim to fame is its comprehensive multifactor authentication choices.
It does support the expected strong master password, but you have many other options. You can have it send an email each time you log in.

Clicking a link in the email allows login to proceed. More conveniently, you can associate a mobile device with True Key, and authenticate by swiping a notification. Even better, if you're using a device with a camera, you can authenticate using facial recognition, and if a finger print reader is available, you can add that, too.
If you worry that James Bond might spoof facial recognition with a photo of you, just enable enhanced facial recognition, which requires turning your head. Most password managers warn that if you lose your master password, you're hosed; you have to start over.

That's actually good, as it means that the company can't access your data even if subpoenaed.

True Key retains that same zero-knowledge benefit, but doesn't leave you in the lurch if you forget the password.

As long as you've enabled Advanced authentication, which requires a trusted device plus two other factors, you can authenticate using all the other factors and then reset your master password. True Key is a separate download, but getting it installed is easy.

After you run the installer, it adds itself as an extension to Chrome, Firefox, and Internet Explorer.

At this time, it can import passwords stored insecurely in the browsers.
It can also import from LastPass 4.0 Premium and Dashlane 4. As with most password managers, True Key captures credentials as you log in to secure sites and plays back saved credentials as needed.

The first time, it actively walks you through the process. You can also click on tiles for Google, Facebook, PayPal, and so on, entering your credentials directly.

Clicking the TrueKey toolbar icon doesn't bring up a menu the way it does with many other products. Rather, it displays the main True Key window, from which you can launch any of your saved sites. You can save personal details in the Wallet, but True Key doesn't use these to fill web forms.

The main reason to do this is that the Wallet items sync across all your devices.

The same is true of secure notes. Here's a rare feature.
If your PC has a forward-facing camera, you can configure it to unlock your Windows account using True Key's facial recognition.

True Key doesn't have advanced features like secure sharing, automatic password updates, or password inheritance, but it's far ahead of the pack when it comes to multi-factor authentication. Tepid Parental ControlsOne bonus you get by upgrading from McAfee's antivirus to this suite is a parental control system, but it's limited.

For each child's Windows account, you can choose content categories for blocking, set a schedule for Internet use, and view a report of activity for each child or all children.

That's the extent of it. The reviewer's guide for this product notes that parental controls may not work properly in a virtual machine.

That's unusual.
I made a point of testing on a physical system to give it a fair shake. To get started, you set a password, so the kids can't just turn off monitoring.

The configuration window lists all Windows user accounts and invites you to configure parental control for each one that belongs to a child.

As with previous versions, setting up parental control for a child's account that has Administrator privileges triggers a big warning.

And yet, many parents do give older children Administrator accounts, so as to avoid constantly having to jump and supply an admin password any time the child wants to install a new game. Most other parental control systems don't have this limitation. To configure the content filter, you first choose one of five age ranges.

Doing so pre-configures which of the 20 content categories should be blocked. Rather than the usual list with checkboxes, McAfee displays a list of blocked categories and another list of allowed categories, with arrow buttons to move items back and forth between the lists. I couldn't disable the content filter with the three-word network command that neutered parental control in Total Defense Unlimited Internet Security and Alvosecure Parental Control . However, I found quite a few truly raunchy sites that the content filter didn't block. McAfee replaces naughty content in the browser with a warning message that explains why the page was blocked.

For HTTPS sites, or in unsupported browsers, it displays that warning as a popup, leaving the browser to show an error message.

The kids won't get past it by using a secure anonymizing proxy. Note, though, that Check Point ZoneAlarm Extreme Security 2017 goes even further, with the ability to filter content even over an HTTPS connection. In addition to categories, McAfee offers to block sites with "inappropriate images or language" from appearing in child's search results.

A similar feature in Trend Micro Internet Security covered up many such images. However, I couldn't find a single instance where McAfee did anything to block erotic images in search. The time scheduler is as awkward as ever.
It does let you create a weekly grid-style schedule of Internet access, in half-hour increments. Most parental control systems that use a scheduling grid let you block out rectangles on the schedule by dragging.

For example, with one drag you could block from midnight to 6am every day of the week. McAfee's system forces you to drag on just one day at a time.

The grid is so tall that you can only select about seven hours at a time, and it doesn't auto-scroll when you hit the edge.

This feature could be so much easier to use! On the bright side, time-scheduling doesn't rely on the system clock, so the kids can't fool it. The simple parental report lists all domains blocked, along with their categories.
It also logs all attempts to use the Internet when the schedule doesn't allow it. And there you have it.

That's the totality of parental control in this suite.
It's limited, awkward, and not entirely effective.
If you actually need a suite that includes high-end parental control, look to ZoneAlarm, Kaspersky Internet Security, or Norton. Broad-Spectrum Spam FilterWith so many users getting spam filtered by the email provider, the value of local spam filtering is on the decline.

But if you're one of that diminishing group whose email provider doesn't offer spam filtering, a local filter can be essential. McAfee's spam filter integrates with Outlook, Windows Mail, and Windows Live Mail.
In these email clients, it adds a handy toolbar and automatically tosses spam messages in their own folder. You can still use it if you're a fan of Eudora or The Bat!, but you'll have to define a message rule to sift out the spam. McAfee filters spam from POP3 and Exchange email accounts.
It doesn't handle IMAP accounts in your email client the way ZoneAlarm does. However, in an unusual twist, it has the ability to filter webmail accounts directly. Webmail filtering was a pretty amazing feature when first introduced years ago, but these days it's hard to find a webmail provider that doesn't implement its own spam filtering. You can view messages filtered out by this feature right in the application and, if necessary, rescue any valid mail that was misfiled. There are quite a few options for configuring the spam filter.

To start, there are five levels of protection, from Minimal, which allows more spam but doesn't throw away valid mail, to Restricted, which blocks all messages unless the sender is on your Friends list.
I'd advise leaving it set to the default Balanced level. You can define custom spam filtering rules, but I can't imagine why any user would take the time to do this.

The Friends list identifies addresses or domains that should always reach the Inbox. You can manually edit this list, add friends from the email client toolbar, or add all your contacts to the Friends list.

There's also an option to automatically block messages written using character sets for languages you don't speak. Just to see how it works, I set up filtering for the Yahoo mail account I use in testing. When I filled in the address, McAfee automatically selected the correct mail server and port. However, after I entered my password and tried to add the account, McAfee reported that it was the wrong password. In fact, the password was correct, but Yahoo rejected the login and sent me an email warning about an attempt to connect by a "less-secure app." In order to let McAfee do its job, I had to dig into Yahoo settings and enable access by less-secure apps. If you do need spam filtering at the local level, McAfee can handle it. Where many products limit protection to POP3 accounts, McAfee can filter Exchange accounts and even pull spam from your webmail. Minor Performance HitDuring my extensive testing, I didn't get any feeing that McAfee was slowing me down.

That's not surprising; these days its uncommon for security suites to exhibit a noticeable performance impact. My hands-on test did reveal some actions that took longer with McAfee installed. Most of us don't reboot often—perhaps never except when an update requires it. My boot-time test showed just a 3 percent increase in the time from the start of boot until the system was ready for use, so if you do have to reboot, you'll hardly notice McAfee's presence. Performance Results Chart Given that the new Real Protect real-time antivirus scans files when they try to execute, not on just any file access, I expected minimal impact in my file move and copy test.

This test repeatedly times a script that moves and copies a mammoth collection of various-sized files between drives.
I was surprised to see a 44 percent increase in the time required for this test. On the bright side, another test that zips and unzips the same file collection didn't have any measurable impact. While there's some variation in the results of this test, a couple products come out on top. Webroot and Trend Micro exhibited almost no slowdown in the performance test. Stuck in the Middle With YouFor $20 per year more than McAfee's antivirus, McAfee Internet Security gives you innovative password management along with parental control and antispam features that you may not even need.

Everything else—firewall, remote management, support for macOS, iOS, and Android, and more—is present in the antivirus.

For another $10 you could upgrade to McAfee's top-of-the-line suite.

This suite remains stuck in the middle, with no compelling reason to buy it rather than one of McAfee's other products. Other than the cross-platform bonus, this suite is comparable to Bitdefender Internet Security 2016 and Kaspersky Internet Security.

These two suites earn fantastic scores from the independent testing labs, their components are capable across the board, and they offer a comparable smorgasbord of bonus features.

They're our Editors' Choice winners for entry-level security suite. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
With a single subscription, you can protect up to 10 devices at once. Looking for a security suite that can help keep you and your family safe on all of your devices? Check out today's deal from Symantec, and get a year of Norton Security Premium for...
Security researchers have been warning for years that poor security for internet of things devices could have serious consequences. We're now seeing those warnings come true, with botnets made up of compromised IoT devices  capable of launching distributed denial-of-service attacks of unprecedented scale. Octave Klaba, the founder and CTO of French hosting firm OVH, sounded the alarm on Twitter last week when his company was hit with two concurrent DDoS attacks whose combined bandwidth reached almost 1 terabit per second. One of the two attacks peaked at 799Gbps alone, making it the largest ever reported. According to Klaba, the attack targeted Minecraft servers hosted on OVH's network, and the source of the junk traffic was a botnet made up of 145,607 hacked digital video recorders and IP cameras. With the ability to generate traffic of 1Mbps to 30Mbps from every single Internet Protocol (IP) address, this botnet is able to launch DDoS attacks that exceed 1.5Tbps, Klaba warned. The OVH incident came after krebsonsecurity.com, cybersecurity journalist Brian Krebs' website, was the target of a record DDoS attack that flooded the site at a rate of 620Gbps. The attack eventually forced content delivery and DDoS mitigation provider Akamai to suspend its pro bono service to Krebs, pushing the site offline for several days. According to Krebs, the attack was nearly twice the size of largest attack Akamai had seen before, and would have cost the company millions of dollars if it had been allowed to continue. "There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called 'Internet of Things,' (IoT) devices -- mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords," Krebs said in a blog post after his website came back online under the protection of Google Project Shield. On Thursday, antivirus and security vendor Symantec published a report warning that insecure IoT devices are increasingly hijacked and used to launch DDoS attacks. The company has seen the number of cross-platform DDoS malware programs that can infect Linux-based systems soar in 2015 and continue this year. These threats are designed to run on Linux-based firmware for CPU architectures commonly used in embedded and IoT devices. Symantec's data shows that most of these systems are not compromised through sophisticated or device-specific vulnerabilities, but due to a lack of basic security controls. Attackers typically scan the internet for devices with open Telnet or SSH ports and try to log-in with default administrative credentials. That's unfortunately all it takes today to build a large IoT botnet. And while IoT-powered DDoS attacks have now reached unprecedented size, there have been warning signs for several years that they were coming. In October 2015, security firm Incapsula mitigated a DDoS attack launched from around 900 closed-circuit television (CCTV) cameras and in June DDoS protection provider Arbor Networks warned that there are over 100 botnets built using Linux malware for embedded devices.
reader comments 1 Share this story A recently fixed security vulnerability that affected both the Firefox and Tor browsers had a highly unusual characteristic that caused it to threaten users only during temporary windows of time that could last anywhere from two days to more than a month. As a result, the cross-platform, malicious code-execution risk most recently visited users of browsers based on the Firefox Extended Release on September 3 and lasted until Tuesday, or a total of 17 days.

The same Firefox version was vulnerable for an even longer window last year, starting on July 4 and lasting until August 11.

The bug was scheduled to reappear for a few days in November and for five weeks in December and January.

Both the Tor Browser and the production version of Firefox were vulnerable during similarly irregular windows of time. While the windows were open, the browsers failed to enforce a security measure known as certificate pinning when automatically installing NoScript and certain other browser extensions.

That meant an attacker who had a man-in-the-middle position and a forged certificate impersonating a Mozilla server could surreptitiously install malware on a user's machine. While it can be challenging to hack a certificate authority or trick one into issuing the necessary certificate for addons.mozilla.org, such a capability is well within the means of nation-sponsored attackers, who are precisely the sort of adversaries included in the Tor threat model.
Such an attack, however, was only viable at certain periods when Mozilla-supplied "pins" expired."It comes around every once in a while," Ryan Duff, an independent researcher and former member of the US Cyber Command, told Ars, referring to the vulnerability. "It's weird.
I've never seen a bug that presented itself like that." Certificate pinning is designed to ensure that a browser accepts only specific certificates for a specific domain or subdomain and rejects all others, even if the certificates are issued by a browser-trusted authority.

But because certificates inevitably must expire from time to time, the pins must periodically be updated so that newly issued certificates can be accepted. Mozilla used a static form of pinning for its extension update process that wasn't based on the HTTP Public Key Pinning protocol (HPKP).

Due to lapses caused by human error, older browser versions sometimes scheduled static pins to expire before new versions pushed out a new expiration date. During those times, pinning wasn't enforced.

And when pinning wasn't enforced, it was possible for man-in-the-middle attackers to use forged certificates to install malicious add-on updates when the add-on was obtained through Mozilla's add-on site. Mozilla on Tuesday updated Firefox to fix the faulty expiration pins, and over the weekend, the organization also updated the add-ons server to make it start using HPKP.

Tor officials fixed the weakness last week with the early release of a version based on Tuesday's release from Mozilla. Duff has a much more detailed explanation here. The vulnerability was first described here by a researcher who goes by the handle movrcx and who complained that his attempts to privately report the weakness to Tor were "ridiculed." Duff eventually confirmed the reported behavior.

The irregular windows in which the vulnerability was active likely contributed to some of the skepticism that initially greeted movrcx's report and made it hard to spot the problem. "I’d be lying if I said luck didn’t play a significant role in the discovery of this bug," Duff wrote in the above-linked postmortem. "If movrcx had tried his attack before 3 Sept or after 20 Sept, it would have failed in his tests.
It’s only because he conducted it within that 17 day window that this was discovered."
Researcher revealed Tor flaw after initially being ignored Mozilla will patch a flaw in its Firefox browser that could allow well-resourced attackers to launch man-in-the-middle impersonation attacks that also affects the Tor anonymity network. The flaw was first noticed by researchers describing the attacks against Tor ahead of the publication of a patch in version 6.0.5. "That vulnerability allows an attacker who is able to obtain a valid certificate for addons.mozilla.org to impersonate Mozilla's servers and to deliver a malicious extension update," Tor developer Georg Koppen says. "This could lead to arbitrary code execution. "Moreover, other built-in certificate pinnings are affected as well. Obtaining such a certificate is not an easy task, but it's within reach of powerful adversaries such as nation states." Security researcher Movrcx detailed the then-zero-day flaw in analysis estimating attackers would need to burn US$100,000 to launch the multi-platform attacks. "This attack enables arbitrary remote code execution against users accessing specific clearnet resources when used in combination with a targeting mechanism; such as by passively monitoring exit node traffic for traffic destined for specific clearnet resources," he wrote. "Additionally this attack enables an attacker to conduct exploitation at a massive scale against all Tor Browser users and to move towards implantation after selected criteria are met - such as an installed language pack, public IP address, DNS cache, stored cookie, stored web history, and so on." The need to obtain a legitimate TLS certificate for addons.mozilla.org was the cause of the high cost of entry to the attack, something Movrcx says was "difficult to accomplish but not impossible". He claimed members of the Tor Project did not accept his initial private disclosure. Independent security researcher Ryan Duff who maintains an interest in cross-platform remote code execution says Firefox used its own weaker version of key pinning which created the attack vector, adding Mozilla had fixed the flaw in the nightly version of its browser. "Firefox uses its own static key pinning method for its own Mozilla certifications instead of using HPKP.

The enforcement of the static method appears to be much weaker than the HPKP method and is flawed to the point that it is bypassable in this attack scenario." Mozilla will push the fix into its stable release version on 20 September. ®
Enlargereader comments 3 Share this story Mozilla officials say they're investigating whether the fully patched version of Firefox is affected by the same cross-platform, malicious code-execution vulnerability patched Friday in the Tor browser. The...
In a nutshell Backdoor.OSX.Mokes.a is the most recently discovered OS X variant of a cross-platform backdoor which is able to operate on all major operating systems (Windows,Linux,OS X). Please see also our analysis on the Windows and Linux variants. This malware family is able to steal various types of data from the victim’s machine (Screenshots, Audio-/Video-Captures, Office-Documents, Keystrokes) The backdoor is also able to execute arbitrary commands on the victim’s computer To communicate it’s using strong AES-256-CBC encryption Background Back in January this year we found a new family of cross-platform backdoors for desktop environments.

After the discovery of the binaries for Linux and Windows systems, we have now finally come across the OS X version of Mokes.A.
It is written in C++ using Qt, a cross-platform application framework, and is statically linked to OpenSSL.

This leads to a filesize of approx. 14MB. Let’s have a look into this very fresh sample. “Unpacked” Backdoor.OSX.Mokes.a Its filename was “unpacked” when we got our hands on it, but we’re assuming that in-the-wild it comes packed, just like its Linux variant. Startup When executed for the first time, the malware copies itself to the first available of the following locations, in this order: $HOME/Library/App Store/storeuserd $HOME/Library/com.apple.spotlight/SpotlightHelper $HOME/Library/Dock/com.apple.dock.cache $HOME/Library/Skype/SkypeHelper $HOME/Library/Dropbox/DropboxCache $HOME/Library/Google/Chrome/nacld $HOME/Library/Firefox/Profiles/profiled Corresponding to that location, it creates a plist-file to achieve persistence on the system: After that it’s time to establish a first connection with its C&C server using HTTP on TCP port 80: The User-Agent string is hardcoded in the binary and the server replies to this “heartbeat” request with “text/html” content of 208 bytes in length.

Then the binary establishes an encrypted connection on TCP port 443 using the AES-256-CBC algorithm. Backdoor functionality Its next task is to setup the backdoor features: Capturing Audio Monitoring Removable Storage Capturing Screen (every 30 sec.) Scanning the file system for Office documents (xls, xlsx, doc, docx) The attacker controlling the C&C server is also able to define own file filters to enhance the monitoring of the file system as well as executing arbitrary commands on the system. Just like on other platforms, the malware creates several temporary files containing the collected data if the C&C server is not available. $TMPDIR/ss0-DDMMyy-HHmmss-nnn.sst (Screenshots) $TMPDIR/aa0-DDMMyy-HHmmss-nnn.aat (Audiocaptures) $TMPDIR/kk0-DDMMyy-HHmmss-nnn.kkt (Keylogs) $TMPDIR/dd0-DDMMyy-HHmmss-nnn.ddt (Arbitrary Data) DDMMyy = date: 070916 = 2016-09-07HHmmss = time: 154411 = 15:44:11nnn = milliseconds If the environment variable $TMPDIR is not defined, “/tmp/” is used as the location (http://doc.qt.io/qt-4.8/qdir.html#tempPath). Hints from the author The author of this malware again left some references to the corresponding source files: Detection We detect this type of malware as HEUR:Backdoor.OSX.Mokes.a IOCs Hash:664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c Files:$HOME/LibraryApp Store/storeuserd$HOME/Library/com.apple.spotlight/SpotlightHelper$HOME/Library/Dock/com.apple.dock.cache$HOME/Library/Skype/SkypeHelper$HOME/Library/Dropbox/DropboxCache$HOME/Library/Google/Chrome/nacld$HOME/Library/Firefox/Profiles/profiled$HOME/Library/LaunchAgents/$filename.plist$TMPDIR/ss*-$date-$time-$ms.sst$TMPDIR/aa*-$date-$time-$ms.aat$TMPDIR/kk*-$date-$time-$ms.kkt$TMPDIR/dd*-$date-$time-$ms.ddt Hosts:158.69.241[.]141jikenick12and67[.]comcameforcameand33212[.]com User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Microsoft has expanded its bug bounty programs to cover the open-source .Net Core and ASP.Net Core application development platforms. The .Net Core and ASP.Net Core technologies are used to create server applications that can run on Windows, Linux, and Mac.

The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers. Microsoft will pay monetary rewards between $500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms. Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.Net Core templates provided with the ASP.Net Web Tools Extension for Visual Studio 2015 or later. The supported platforms are the Windows and Linux versions of .Net Core and ASP.Net Core, and higher quality reports will be rewarded with a higher bounty, Microsoft said in a blog post. The company has ongoing bug bounty programs for Office 365, Azure, and Microsoft Edge.
It also rewards researchers for finding novel exploitation techniques against the protections built into Windows, as well as for defensive ideas that can lead to new exploit mitigations. By expanding the vulnerability rewards program to software development tools, Microsoft will draw attention to their security and indirectly benefit companies who use these technologies for their custom applications. According to the latest State of Software Security report from application security vendor Veracode, .Net is the second most popular programming language in the enterprise space after Java. Moreover, while Java's popularity has been on the decline for the last few years, the adoption rate for .Net has steadily increased, according to Veracode's data.
If you’ve ever hacked for a living -- wearing a white hat, I hope -- you probably can’t stand the unrealistic light most shows and movies shine on hacking and hackers. On the big and small screens, supergenius hackers enjoy instantaneous success and always manage to stay one step ahead of the law. Typically they’re portrayed in one of two views: Either they dress like refugees from a cyberpunk fashion show and have hot model girlfriends, or they’re solitary fat guys juiced up on energy drinks hacking away in their trashed bedrooms. The dirty secret is that hacking tends to be tedious work -- not exactly Hollywood fare. Yet Hollywood has worked its magic on the minds of the masses. Many times I’ve had friends get upset that I couldn’t instantly crack their wireless network or Facebook account when they forgot their passwords. I’ve even seen newbies on a penetration testing team surprised that we don’t immediately break into every server we come across without a little research first. In real life, hacking is 95 percent monotony and 5 percent excitement, where focused dedication is more than a virtue. It’s almost the only trait that matters. So much for the reality-based community. Courtesy of Hollywood, here are the hacking misfires that bug me most. 1. Instant password guessing Many if not most movies with hacking scenes show the protagonist under lethal pressure to crack the master password in less than a minute. A perfect example is 2001’s "Swordfish," in which the evil character played by John Travolta holds a gun to the head of the hacker leader, Stanley, played by Hugh Jackman. Stanley sweats bullets under threat, typing different passwords so fast it’s obvious he can’t be typing anything coherent at all. At the last second, after trying hundreds of different passwords, he pulls the right one out of thin air. Has any computer system in any movie ever locked out an attacker after a certain number of password tries? In other hacker movies, the protagonist seems to guess the correct password right off the bat. The hacker looks around the office, sees a picture of the CEO playing golf, and seems to know that “Titleist” is the right password. While trying words associated with the victim’s hobby is a well-known guessing technique, I’ve never seen anyone get it right on the first pass. Real password guessing usually takes hundreds (if not hundreds of thousands) of attempts. If account lockout isn’t enabled, hackers can use automated dictionary-hybrid programs to do all the guessing. Today, because most passwords are complex and run eight characters or more in length, manual guessing isn’t very fruitful. In fact, today, most password “guessing” is really password cracking. Cracking starts by capturing the password hashes first (which takes superadmin access), then using a brute-force or dictionary automation program to convert the hashes into their plaintext equivalents. Or to be truly modern about it, the passwords aren’t guessed or cracked at all. Instead, the attackers use the captured hashes, with no conversion necessary, to authenticate to other computers. 2. Cross-platform hacking One the most cringe-inducing moments of all time appeared in 1996’s “Independence Day," when Jeff Goldblum’s character writes and inserts a computer virus into the mothership’s computers, which then brings down the shields and leads to the aliens' downfall. When I first saw that scene, I wondered: "Gee, did he use Cobol or C++?" It’s ridiculous to think an alien race would use computer systems that could run our programs. Their systems wouldn’t use the same character sets, language conversion tables, or built-in instructions on their CPUs. In real life, most malware programs have a hard time running on different versions of the same operating system, much less on different operating systems or platforms. I’ve seen movies in which a hacker on a Unix computer writes code for a Microsoft Windows victim. While that could actually be done, it would be 99 percent wasted effort. Real malware writer codes their creations on the same platform as the target system. 3. All systems are interconnected Another incredibly unrealistic portrayal: One malware program or command manipulates dozens of disparate systems all at once. Sandra Bullock’s nemesis in 1995’s “The Net” provides a case in point. After spurning a would-be paramour turned murderer, Bullock’s character suffers an attack that erases her online life (no mortgage record, no driver’s license, no credit cards, no paycheck). The best part? Her antagonist does it with a couple of commands! He even erases all paper trails and backups, not to mention everyone’s memory of her. It’s laughable on many levels, not the least of which is how interconnected the movie seems to think all these systems are. With minimum effort, dozens of unrelated systems are accessed and manipulated. In real life, you can’t find a single environment where all such systems talk so well together. Go to any organization -- a government department, a corporation, a bank, a hospital -- and you’ll invariably find a hodgepodge of systems that IT wishes could seamlessly talk to each other. In real life it takes months for a company to erase the trail of a single entity, and that’s when they own the systems, have the passwords, and know what they’re doing. If the bad guy really could do what he seems to be doing in “The Net,” he could earn millions working for corporations. He would be a data god! 4. All information pops up instantly When any information is requested, the “computer nerd” types in a single command, and the answer comes back in seconds. This seems to happen several times a week on crime shows. The protagonist will ask something like, “Where is the bad guy using his ATM card right now?” Ta-da, the screen immediately returns the exact address. Or “How many murders were committed in the upper boroughs by a guy using a knife and wearing pink shorts?” Voila, the answer is 12. Contrast this with asking your own log management system how many logons Roger had today. You can easily wait two to three minutes for the answer -- with no guarantee the answer will be accurate. 5. Every program is a hacker’s dream program Almost every hacker movie shows s great, custom-made program with an incredible graphical UI perfect for whatever the hacker is doing. In real life, almost all the programs used by hackers are created by someone else, used by millions of other hackers, and have a horrible UI. You get a CLI and a set of commands that demand an unnatural amount of human memory to recall. The commands often wrap around from one line to the next. Fact is, you don’t even need the most up-to-date program. Most successful hacks target vulnerabilities and exploits many years old. When I was a full-time penetration tester, rarely did I break in using a brand-new vulnerability. It was far more common to find a flaw from five to 10 years ago that had never been patched. One show gets hacking right You can always tell when a show cares about how it portrays hacking, but there’s nothing quite like the USA Network’s "Mr. Robot." Although the protagonist is a supergenius -- who, yes, frequently enjoys instantaneous success -- every typed command or program is a real typed command or program. What he does could really happen, albeit with the normal Hollywood hyperbole. I remember when I saw the first few episodes. I was filled with glee to see all the realness. It proved that Hollywood could produce a hacker-driven drama using actual hacker commands and tools. Not only that, but the show is a wild success. I hope others follow the path blazed by "Mr. Robot." Think of those hardcore contingents of loyal, upscale fans! I’m not holding my breath, though. Reality always demands more tedious work than most people want to watch.
It's common practice for security suite vendors to offer three levels of protection: a standalone antivirus, an entry-level security suite, and a mega-suite with additional features. Recently we've seen the rise of another level, the cross-platform multi-device suite. Kaspersky's entry-level suite is itself a cross-platform offering, with support for Windows, Mac, and Android.

To that suite's bountiful feature collection, Kaspersky Total Security adds a backup system, enhanced parental control, a password manager, and an excellent cross-platform parental control system, as well as data encryption and secure file deletion. Most of its components are great, some are good, none are bad.
It's a winner. You can get a three-license subscription for $89.99 per year, but as with the entry-level suite, a five-license subscription costs just $10 more.

Do you need more than five? For $149.99 per year you can install Kaspersky on 10 systems. Note that this specifically refers to the Windows, Mac, and Android security suites. You can install the parental control system and password manager on as many Windows, Mac, iOS, or Android devices as you like. Like the antivirus and entry-level suite, Kaspersky Total Security got a minor makeover with this release.
Its main window still displays two rows of four icons, but the icons and text have been flattened and simplified in the current edition, and the additional explanatory text below each icon is gone.

The green banner at the top remains, indicating that the suite is operating correctly.
If something needs attention, the banner turns yellow or red.

Clicking the Details button both lets you know what's wrong and helps you fix it. Getting the suite installed starts at the My Kaspersky online portal. Here you can download the installer for the suite and also download installers for Kaspersky Safe Kids and Kaspersky Password Manager.

The portal also lets you email installation links, which is more convenient if you're installing on a smartphone. Shared Antivirus FeaturesAs with Kaspersky's entry-level suite, the antivirus protection in this mega-suite is identical to what you get with the standalone Kaspersky Anti-Virus.
I'll keep my summary of antivirus features brief, since you can refer to that review for full details. I follow test results from five independent antivirus testing labs and also note whether vendors have received non-scored certification from two additional labs. Kaspersky doesn't bother with the certifications, and has recently stopped participating in the RAP (reactive and proactive) test at Virus Bulletin.

Three of the other four labs give Kaspersky their best possible scores across the board.

Tests by the remaining lab, MRG-Effitas, are extremely tough, with the majority of products simply failing.

From this lab, Kaspersky got one top score and one next-to-top score.
In my aggregate scoring system, Kaspersky gets a phenomenal 9.9 of 10 possible points. In addition to tracking scores from the major testing labs, I run my own hands-on antivirus tests. Kaspersky earned 8.4 of 10 possible points in the malware blocking test and 64 percent protection in the malicious URL blocking test. Webroot SecureAnywhere Internet Security Complete (2016) earned a perfect 10 points for malware blocking. Norton and McAfee LiveSafe (2016) managed to block 91 percent of the malicious downloads. However, when my scores don't jibe with what the labs report, I give more weight to the labs and their massive testing resources. For years I've used Symantec Norton Security Premium as a touchstone for rating phishing protection, reporting how badly other products lag behind Norton's detection rate. Webroot and Bitdefender Total Security 2016 scored slightly better than Norton in this test, but Kaspersky beat all competitors, with a detection rate 4 percentage points better than Norton's. Kaspersky packs plenty of bonus features into the standalone antivirus. Notable among them are the bootable Kaspersky Rescue Disk and an On-Screen Keyboard designed to foil keyloggers, even hardware keyloggers.

For full details about those bonus features, read my review of the antivirus software. Shared Suite FeaturesBesides the features shared with Kaspersky's standalone antivirus, this suite shares quite a few elements with the entry-level Kaspersky Internet Security suite.
I'll refer you to that review for the details on these shared features. Here's a summary. The typical third-party firewall puts your PCs ports in stealth mode, making them invisible to the outside world. Kaspersky's designers stopped bothering with stealth mode years ago, reasoning that, since they can fend off all attacks, there's no need to expend resources stealthing ports.

Firewalls also typically control how and whether other programs can use your Internet and network connections. Kaspersky eschews the confusing popup queries spewed by lesser firewalls, choosing instead to handle program control internally.
Its Automatic Exploit Prevention fends off exploit attacks against system or application vulnerabilities, even zero-day attacks.

And it didn't yield to direct attack in testing. If your email provider doesn't filter out spam automatically, you should turn on Kaspersky's spam filter.
It handles both POP3 and IMAP accounts and integrates with Microsoft Outlook, but you can use it with any email client.

Controls are simple—just a big three-position slider for security level.
In testing, it didn't slow the process of downloading mail, and it didn't discard any valid mail at all.
It did miss 16.1 percent of undeniable spam, more than in last year's test, but that's still quite a decent score. New for the 2017 product line, Secure Connection is an easy-to-use VPNt hat you can use to protect your network traffic when on untrusted networks.

The version supplied with the suite gives you 200MB of traffic per day on unlimited devices.
If you pay for a subscription, there's no limit on traffic, and you get to choose which country your server is in. However, the paid edition is limited to five devices. Safe Money has been a Kaspersky feature for many years. When you try to visit a financial website, it offers to launch that site in the Safe Money browser instead, which isolates the transaction from other processes.

A glowing green border identifies the Safe Money browser. New in this edition, Software Updater works in the background to identify important applications that aren't fully up to date.
In most cases it can apply the updates for you automatically.

All you need to do is click Update all.
Software Cleaner, also new, scours your system looking for programs with sneaky installation behaviors, hidden programs, and other probably unwanted software, and offers to uninstall them.
It also finds programs you hardly ever use. Trusted Application Mode locks down your system by suppressing all programs that aren't among the 1.6 million trusted programs in Kaspesrsky's online database.

Application Control warns you before permitting suspicious changes to things like browser settings; digging deeper lets you control what programs launch at startup. Webcam access control and a tool to catch sneaky installers that jam unwanted crapware onto your PC are among the other suite-specific bonus features. Kaspersky Safe KidsParental control in the entry-level Kaspersky suite is unchanged since last year.

Those who spring for Kaspersky Total Security get parental control handled by Kaspersky Safe Kids.
It's a very good parental control utility; please read my review for full details. Note that Kaspersky Safe Kids (for iPhone) is an Editors' Choice for iOS-based parental control. Safe Kids doesn't impose any limits on the number of children or devices it manages. You start by creating a profile for each child using the My Kaspersky online console. Next, you install it on every Windows, Mac, iOS, or Android device in your household, associating a child profile with each.
In the case of Macs and Windows boxes, you can associate a profile with each user account. You can set Safe Kids to block access to websites matching 14 content categories, or you can have it simply warn the child (and notify you if your child ignores the warning).

This isn't a static database.

The content filter analyzes pages in real time.
In testing, it permitted access to a short-story site in general, but blocked erotic stories on the site.
I did find that Safe Kids, like the basic Kaspersky parental control system, doesn't lock down secure anonymizing proxies when used in off-brand browsers.
If that's a concern, parents can prohibit the browsers category in general and then make exceptions for the ones the kids use. That application-blocking feature is pretty elaborate. You can block 14 app categories, or block access to specific applications. You can even put time limits on certain apps.
It's also possible to limit the use of each of the child's devices, with the option to block access when time's up or just display a warning. Parents can log in to the Web console to check the child's current location (or rather, the location of the child's mobile device.

There's also an option to define geofences, identifying where the child should be at specific times of day. You get a notification when they cross into or out of those spaces.

Extensive alerts and detailed reporting round out this impressive parental control package. Kaspersky Password ManagerLike Safe Kids, Kaspersky Password Manager is a cross-platform tool.
It syncs your saved passwords across all of your Windows, Mac, iOS, and Android devices. Read my review to learn the nitty-gritty details, or you can just read my summary here. On installation, the password manager prompts you to create a strong master password, something you can remember but nobody else would guess.
It also offers to import any passwords stored insecurely in Chrome, Firefox, or Internet Explorer, and optionally turns off password capture in Firefox and IE. Password management works as expected. When you log in to a secure site, Kaspersky offers to save your credentials. When you return, it fills in what it saved. You can also pick from a browser menu of your secure sites to visit a site and log in.
If you have a lot of saved sites you can organize them into groups, or simply use the built-in search function. You can create one or more identities, storing personal information and separately record credit cards and bank accounts. When I reviewed this product last year, I found that it would not fill Web forms in Windows using that saved information.
Since then, the form-filling feature has been removed. Kaspersky does let you save secure notes and application passwords, but it lacks other advanced features like two-factor authentication and secure sharing.
It handles basic password management tasks well enough that it wouldn't make a lot of sense to pay separately for a standalone password manager.

But you might consider relying on one of the best free password managers. Backup and RestoreSecure online backup is a common feature in high-end security suites, but the way it's handled varies widely.
Some suites don't give you anything you couldn't get for free from Mozy or IDrive. Others, Norton and Webroot among them, offer 25GB of hosted secure storage. Kaspersky takes an unusual approach, letting you link its backup to a folder on your Dropbox account. Note that the files aren't encrypted in any way.

They're protected only by the security of your Dropbox account.

That being the case, I'd advise enabling two-factor authentication for Dropbox. A wizard walks you through the process of configuring a backup job. You start by choosing which files to back up.
If you accept the default configuration, it backs up everything in your Desktop and Documents folders, and their subfolders. You can also create backup jobs for pictures, videos, or movies, or create a custom backup job. Next, you choose the backup destination.

As noted, this can be your Dropbox account. You can also back up to any local, removable, or network drive, or to an FTP server. However, backup to optical media isn't supported. By default, your backup job runs on demand. You can choose instead to have it run daily, on weekdays, on weekends, or on a weekly or monthly schedule.
Some backup tools include elaborate scheduling systems to, say, run a backup on the third Wednesday of every month. Kaspersky keeps it simple. You can choose the day of the week for a weekly backup, but monthly backups always run on the first of the month. Restoring files is equally simple. You start by choosing the backup set you want to restore, then select the files and folders you want restored.

The default is to restore them all. You can choose to restore them to their original location or restore to a new location, retaining the folder structure.

By default, the restore operation prompts you before overwriting an existing file, but you can set it to always overwrite, never overwrite, or keep both versions. Subsequent backups only upload changed files, naturally.

And Kaspersky retains multiple versions.
If today's edits accidentally scrambled an important document, you can restore yesterday's version. Overall, it's a simple, effective backup system, and linking with Dropbox lets Kaspersky avoid having to maintain a fleet of online backup servers. Data Encryption and File ShredderKaspersky's antivirus should fend off any data-stealing Trojans, but your files could be vulnerable to a less-subtle attack, like a coworker sitting down at your desk while you go for coffee.

That's where Kaspersky's Data Encryption comes in. To get started with the encryption feature, you create a data vault, an encrypted storage location that holds your sensitive files. When the vault is open, it looks just like a disk drive.

After you lock the vault, its contents are totally inaccessible.

Bitdefender and McAfee, among others, offer a similar feature. The vault wizard lets you drag and drop files or folders to be encrypted. Next, you choose a name for the vault and a location for the file that represents it.

At this point, you set the vault size, which can't be changed after vault creation.

Finally, you enter a password for opening the vault.

As you type, Kaspersky rates password strength.

Don't lose this password, as there's no way to recover the files without it. Of course, copying files into the vault does nothing to protect the unencrypted originals.

As a final step, Kaspersky offers to securely delete the originals. You can also use the File Shredder tool to securely delete arbitrary files and folders, preventing forensic recovery of sensitive items.

By default, this tool overwrites files once before deletion. You can choose from a number of other secure deletion algorithms, some performing as many as seven overwrite passes, but for anything but world-shattering secrets, it's probably unnecessary. Some Impact on PerformanceThe modern security suite avoids putting a drag on system performance by keeping all of its components integrated into one smoothly running system.

This suite breaks that mold, with its separate installation of Safe Kids and Kaspersky Password Manager.
Indeed, while the average suite occupies around 400MB of disk space, Kaspersky Total Security weighed in at 865MB, as determined by measuring free disk space before and after installation. According to my tests, it does affect performance more than the entry-level suite. On my first round of testing, its boot-time numbers were terrible, because at each boot both Safe Kids and the password manager popped up asking me to set their initial configuration.
I halted the test, got those components configured, and tried again.

Averaging repeated measures of boot time from before and after installing the suite, I found it took 42 percent longer for the computer to fully boot up, or about 32 seconds longer.

The entry-level suite added just 18 percent. To measure a suite's effect on day-to-day file management activities, I time a script that moves and copies a large file collection between drives.
I also time a script that repeatedly zips and unzips that same file collection.

Both Kaspersky suites exhibited no performance drag at all on the zip test, and both added 29 percent to the time for the file move/copy test. Even though Kaspersky is on the low side in the chart above, that doesn't mean it has a serious effect on performance. Yes, it slowed the boot process, but you probably don't reboot more than once a day. On the flip side, other products have done much better in this test. Webroot in particular had no measurable effect on any of my three tests. See How We Test Security Software Multi-Device FeaturesTo install Kaspersky's protection on your Windows, Mac, iOS, and Android devices, you log in to the online My Kaspersky portal.

The downloads page lists all of the components that are available as part of your license, with links to download an installer for the appropriate operating systems. You can also send these download links to an email address, which is probably easier than navigating My Kaspersky on a smartphone. Kaspersky Internet Security for Mac isn't as feature-rich as the Windows edition.

Certainly it doesn't compare to Kaspersky Total Security.
It does include antivirus and a Network Attack Blocker.
Safe Money, phishing protection, and webcam protection are among the other shared features.
Safe Kids and Kaspersky Password Manager are fully available and functional on the Mac platform.
Installing the security suite uses one of your licenses; the other two components don't. Android fans can use one license to install Kaspersky Internet Security (for Android), which PCMag's Max Eddy found to be good, but not great. Read Max Eddy's review for the full details.
In summary, the Android app's malware and phishing protection are very good.

Antitheft features go beyond simple remote locate, lock, and wipe, adding the ability to snap a mug shot of the thief.

The app can block unwanted phone calls, and notify you when someone swaps out the SIM card.

As with Mac installations, you can install Safe Kids and Kaspersky Password Manager on as many Android devices as you like. Like many security vendors, Kaspersky doesn't offer an antivirus or security suite for iOS devices, but you can install Safe Kids and the password manager on all of your iOS devices. Features GaloreKaspersky Total Security has something for all your devices, be they Windows, Mac, Android, or iOS.
It's definitely a cross-platform multi-device suite, though iOS users only get parental control and password management.

The password manager won't match its top competitors, and the spam filter slipped a little this year, but most of the many suite components are excellent. It does get a bit pricey for full coverage; a 10-device license lists for $149.99 per year.
Symantec Norton Security Premium protects 10 devices, including iPhones and iPads, for $89.99 per year, and throws in 25GB of secure hosted online backup.
Its parental control system is on par with Kaspersky's.

That same price lets you protect unlimited devices with McAfee LiveSafe, and McAfee also includes a password manager. Kaspersky Total Security is a very worthy contender, but Norton and McAfee are our Editors' Choice honorees for cross-platform multi-device security. However, Kaspersky boasts an amazing collection of extremely useful security features.
It's a rock-solid mega-suite on Windows, definitely comparable with Editors' Choice Bitdefender Total Security. Kaspersky joins Bitdefender as a security mega-suite Editors' Choice winner. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Antispam: Privacy: Parental Control: Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
Researchers claim they can stop malware before it executes Black Hat EndGame vulnerability researchers Cody Pierce, Matt Spisak, and Kenneth Fitch have created a defence framework to protect against deeper modern attacks. The security trio with roots in the HP Zero Day Initiative, the National Security Agency, and the Department of Defence, have extended a hardware defense tool already in use for some Microsoft assets to apply to common programs. Pierce, Spisal, and Fitch will demonstrate the processor-based Hardware-Assisted Control Flow Integrity protection at the Black Hat conference in Las Vegas this week in work they say will "raise the [exploitation] bar significantly". Their cross-platform Intel platform framework moves the focus of defence from increasingly-obsolete post-exploitation return-oriented programming to attacks that hit close to memory. It introduces runtime performance overheads some three times greater than those Redmond endures to apply the protection to Visual Studio on Windows 8.1 and 10, the team told ThreatPost, yet the impact remains "acceptable". The team say in a synopsis of their work that the security industry has gone to "great lengths" to complicate exploitation without much effect, pointing their fingers at code re-use attacks such as return-oriented programming. "Unfortunately, the reality is that once attackers have control over code execution it's only a matter of time before they can circumvent these defenses, as the recent rise of EMET bypasses illustrates," they say. "Our approach blocks exploits before they gain execution, preventing the opportunity to bypass mitigations." Earlier work has demonstrated the effectiveness of using chip Performance Monitoring Units to detect return-oriented programming attacks.

The trio's work generalises the approach to help detect attacks in real time and guard COTS binaries from control-flow hijack attempts stemming from use-after-free and memory corruption vulnerabilities. The trio will demonstrate their work defending against exploits that otherwise would defeat lauded but perhaps dated tools like Microsoft's enhanced mitigation toolkit. ® Sponsored: Global DDoS threat landscape report
You know the drill, people: patch and push Developers using Intel's Crosswalk SSL library: it's time to patch and push out an upgrade. Crosswalk is a cross-platform library that supports deployment to Android, iOS and Windows Phone, but the bug is Android-specific. The library has a bug in how it handles SSL errors, and as a result, end users on Android could be tricked into accepting MITM certificates. As consultancy Nightwatch Cyber Security explains, if a user accepts one invalid or self-signed SSL certificate, Crosswalk remembers that choice and applies it to all future certificates. In other words, if an attacker tricked a user into accepting a bad cert from (for example) a Wi-Fi hotspot, Crosswalk would retain that choice forever, so a future MITM attack would pass without presenting any certificate warning to the end user: “This applies even to connections over different WiFi hotspots and different certificates”, the advisory states. As with all toolchain bugs, its impact is as big as the reach of the downstream apps that use it: the number-one app in Crosswalk's showcase, “Pirate Treasures”, claims 10 million downloads, and all off the top fifteen have more than 500,000 downloads. All three branches of Crosswalk for Android – stable, beta and “canary” – need to be upgraded, and fixed apps pushed to users. ® Sponsored: Global DDoS threat landscape report