Hacking & Security

Flash Patch Targets Zero-Day Exploit

Krebs on Security - 22 Leden, 2015 - 18:54

Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks. Compounding the threat, the company said it is investigating reports that crooks may have developed a separate exploit that gets around the protections in this latest update.

Early indicators of a Flash zero-day vulnerability came this week in a blog post by Kafeine, a noted security researcher who keeps close tabs on new innovations in “exploit kits.” Often called exploit packs — exploit kits are automated software tools that help thieves booby-trap hacked sites to deploy malicious code.

Kafeine wrote that a popular crimeware package called the Angler Exploit Kit was targeting previously undocumented vulnerability in Flash that appears to work against many different combinations of the Internet Explorer browser on Microsoft Windows systems.

Attackers may be targeting Windows and IE users for now, but the vulnerability fixed by this update also exists in versions of Flash that run on Mac and Linux as well. The Flash update brings the media player to version 16.0.0.287 on Mac and Windows systems, and 11.2.202.438 on Linux.

While Flash users should definitely update as soon as possible, there are indications that this fix may not plug all of the holes in Flash for which attackers have developed exploits. In a statement released along with the Flash update today, Adobe said its patch addresses a newly discovered vulnerability that is being actively exploited, but that there appears to be another active attack this patch doesn’t address.

“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,” Adobe said. “Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.”

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although as of this writing it seems that the latest version of Chrome (40.0.2214.91) is still running v. 16.0.0.257

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

I am looking forward to day in which far fewer sites require Flash Player to view content, and instead rely on HTML5 for rendering video content. For now, it’s probably impractical for most users to remove Flash altogether, but there are in-between options to limit automatic rendering of Flash content in the browser. My favorite is click-to-play, which is a feature available for most browsers (except IE, sadly) that blocks Flash content from loading by default, replacing the content on Web sites with a blank box. With click-to-play, users who wish to view the blocked content need only click the boxes to enable Flash content inside of them (click-to-play also blocks Java applets from loading by default).

Windows users also should take full advantage of the Enhanced Mitigation Experience Toolkit (EMET), a free tool from Microsoft that can help Windows users beef up the security of third-party applications.

Update 11:05 p.m. ET: Adobe just issued a bulletin confirming that this latest patch does not protect Flash users against all current, active attacks. The company says it plans to release an update the week of Jan. 26 to address this other security issue.

Kategorie: Hacking & Security

Chrome 40 Patches 62 Security Vulnerabilities, Pays Bounties Aplenty

Threatpost - 22 Leden, 2015 - 18:45
Google released version 40 of the Chrome browser, patching 62 vulnerabilities, including close to two-dozen critical memory corruption flaws.
Kategorie: Hacking & Security

Nejhloupější internetová hesla

Novinky.cz - bezpečnost - 22 Leden, 2015 - 18:34
Bezpečnostní experti pravidelně upozorňují na to, jak důležité je používat důmyslná hesla k ochraně svých internetových účtů. Přesto nejpoužívanějším heslem je několik let za sebou číselná kombinace 123456, jejíž odhalení je pro počítačové piráty otázkou pár sekund, upozornil server Engadget.
Kategorie: Hacking & Security

Details on Regin Malware Modules Disclosed

Threatpost - 22 Leden, 2015 - 17:55
Researchers at Kaspersky Lab today released a detailed analysis of two modules belonging to the Regin malware platform, one for lateral movement, the other a backdoor.
Kategorie: Hacking & Security

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week

Threatpost - 22 Leden, 2015 - 17:43
UPDATE–Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is […]
Kategorie: Hacking & Security

Kim Dotcom spustil šifrovaný MegaChat Beta. Umí i video

Zive.cz - bezpečnost - 22 Leden, 2015 - 17:20
Kim Dotcom a jeho tým okolo úložiště Mega spustil šifrovaný MegaChat . Zatím se ale jedná pouze o betaverzi, která neumí všechny funkce. Můžete tedy druhé straně zatelefonovat a spustit videohovor, zatím ale paradoxně chybí klasický textový šifrovaný chat. MegaChat zatím umožní hlasovou a ...
Kategorie: Hacking & Security

Bezpečnost především

Novinky.cz - bezpečnost - 22 Leden, 2015 - 17:00
Tři čtvrtiny šéfů informatik očekávají pro rok 2015 nárůst výdajů na informační bezpečnost. Konzultační firma Piper Jaffray zveřejnila výsledky svého každoročního globálního průzkumu mezi šéfy informatik velkých firem.
Kategorie: Hacking & Security

MegaChat — Kim Dotcom launches end-to-end encrypted Video Calling Service

The Hacker News - 22 Leden, 2015 - 16:56
Are you worried about your privacy? Its Obvious because of a Hacker or the government could be snooping in your emails, voice or video calls. The Famous Internet entrepreneur Kim Dotcom, who introduced legendary Megaupload and Mega file sharing services to the World, has now released its latest encrypted communication software for video calling, messaging and chat. Kim Doctom’s
Kategorie: Hacking & Security

Vyděračský virus požaduje výkupné v bitcoinech

Novinky.cz - bezpečnost - 22 Leden, 2015 - 14:36
Antivirová společnost Eset objevila novou podobu vyděračského viru zvaného CTB-Locker. Ten se šíří prostřednictvím nevyžádaných e-mailů a dokáže zašifrovat data uložená na pevném disku. Za jejich zpřístupnění pak počítačoví piráti požadují výkupné.
Kategorie: Hacking & Security

Antenna Theory for Wardriving and Penetration Testing

InfoSec Institute Resources - 22 Leden, 2015 - 14:15

Introduction Wardriving is an activity in which a person seeks wireless access points in moving vehicles with high gain antennas mounted on the top. Usually, this access point data is correlated with GPS positions and marked on publicly accessible maps such as WiGLE. On the other hand, wireless penetration tests [...]

The post Antenna Theory for Wardriving and Penetration Testing appeared first on InfoSec Institute.

Kategorie: Hacking & Security

POODLE: Not your typical walk in the park

InfoSec Institute Resources - 22 Leden, 2015 - 14:00

Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to [...]

The post POODLE: Not your typical walk in the park appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Password Re-use Fuels Starwood Fraud Spike

Krebs on Security - 22 Leden, 2015 - 13:54

Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the Web site for the popular travel rewards program.

The mass compromise of Starwood accounts began in earnest less than a week ago. That roughly coincides with a Starwoods-specific account-checking tool that was released for free on Leakforums[dot]org, an English-language forum dedicated to helping (mostly low-skilled) misfits monetize compromised credentials from various online services, particularly e-retailers, cloud-based services and points or rewards accounts.

The tool is little more than a bit of code that automates the checking of account credentials stolen from other data breaches, to see if the stolen credentials also work at Starwoods.com. These types of account checking tools work because — despite constant advice to the contrary — a fair number of Internet users will rely on the same email address (username) and password pair for accounts at multiple sites.

The release of the account checking tool caused numerous Leakforums denizens to run the tool against various username and password lists stolen in previous data breaches. In less than 24 hours after its release, there were more than a half dozen Leakforums members selling compromised accounts. One seller advertised a Starwood account with 70,000 points for sale at just $3, while accounts with about 40,000 points sold for $1.50.

The release of an account checking tool for Starwood credentials has prompted dozens of miscreants to sell and cash out hijacked Starwood reward points.

According to a tutorial posted on the forum, hijacked account buyers “cash out” their purchases by creating new Starwood accounts and then forcing the hijacked account to transfer its account balance to the new account. The reward points are then exchanged for gift cards that can be used as cash.

Starwood does offer customers the option to receive email or text message alerts when account changes are made. But the tutorial on Leakforums encourages buyers to change the email address, password and other contact information on the victim’s account, effectively locking out the legitimate user.

Chris Holdren, senior vice president of global and digital at Starwood Preferred Guest, said the attacks of the past week track closely to the fraud patterns that have hit other loyalty programs in recent months, including Hilton Honors.

“They appear to be using credentials from elsewhere and seeing how many of those match up to Starwood accounts to see how many hits they can get,” Holdren said.

Holdren added that Starwood users who have had their accounts hijacked will not lose points due to fraud, a claim that was backed up by at least one of the two readers who initially contacted KrebsOnSecurity about being victimized by fraudsters.

“Not one guest is going to lose even a single Starwood point through this activity,” Holdren said. “We have a very large team globally mobilized to combat it.”

Could companies like Starwood be doing a lot more to facilitate safer login procedures, such as 2-step authentication? Absolutely. Even so, far too many people re-use the same passwords at multiple sites that hold either their credit card information or points that can easily be redeemed for cash.

Kategorie: Hacking & Security

Whisper editor's out the door after scandal, internal investigation

Sophos Naked Security - 22 Leden, 2015 - 13:38
The internal investigation into the secret-sharing app's use and/or abuse of users' data didn't find any wrongdoing, but plenty of questions are still unanswered.

An analysis of Regin's Hopscotch and Legspin

Kaspersky Securelist - 22 Leden, 2015 - 10:00

With high profile threats like Regin, mistakes are incredibly rare. However, when it comes to humans writing code, some mistakes are inevitable. Among the most interesting things we observed in the Regin malware operation were the forgotten codenames for some of its modules.

These are:

  • Hopscotch
  • Legspin
  • Willischeck
  • U_STARBUCKS

We decided to analyze two of these modules in more detail - Hopscotch and Legspin.

Despite the overall sophistication (and sometimes even over-engineering) of the Regin platform, these tools are simple, straightforward and provide interactive console interfaces for Regin operators. What makes them interesting is the fact they were developed many years ago and could even have been created before the Regin platform itself.

The Hopscotch module MD5 6c34031d7a5fc2b091b623981a8ae61c Size 36864 bytes Type Win32 EXE Compiled 2006.03.22 19:09:29 (GMT)

This module has another binary inside, stored as resource 103:

MD5 42eaf2ab25c9ead201f25ecbdc96fb60 Size 18432 bytes Type Win32 EXE Compiled 2006.03.22 19:09:29 (GMT)

This executable module was designed as a standalone interactive tool for lateral movement. It does not contain any exploits but instead relies on previously acquired credentials to authenticate itself at the remote machine using standard APIs.

The module receives the name of the target machine and an optional remote file name from the standard input (operator). The attackers can choose from several options at the time of execution and the tool provides human-readable responses and suggestions for possible input.

Here's an example of "Hopscotch" running inside a virtual machine:

Authentication Mechanism (SU or NETUSE) [S]/N: Continue? [n]: A File of the same name was already present on Remote Machine - Not deleting...

The module can use two routines to authenticate itself at the target machine: either connecting to the standard share named "IPC$" (method called "NET USE") or logging on as a local user ("SU", or "switch user") who has enough rights to proceed with further actions.

It then extracts a payload executable from its resources and writes it to a location on the target machine. The default location for the payload is: \\%target%\ADMIN$\SYSTEM32\SVCSTAT.EXE. Once successful, it connects to the remote machine's service manager and creates a new service called "Service Control Manager" to launch the payload. The service is immediately started and then stopped and deleted after one second of execution.

The module establishes a two-way encrypted communication channel with the remote payload SVCSTAT.EXE using two named pipes. One pipe is used to forward input from the operator to the payload and the other writes data from the payload to the standard output. Data is encrypted using the RC4 algorithm and the initial key exchange is protected using asymmetric encryption.

\\%target%\pipe\{66fbe87a-4372-1f51-101d-1aaf0043127a}
\\%target%\pipe\{44fdg23a-1522-6f9e-d05d-1aaf0176138a}

Once completed, the tool deletes the remote file and closes the authenticated sessions, effectively removing all the traces of the operation.

The SVCSTAT.EXE payload module launches its copy in the process dllhost.exe and then prepares the corresponding named pipes on the target machine and waits for incoming data. Once the original module connects to the pipe, it sets up the encryption of the pipe communication and waits for the incoming shellcode.

The executable is injected in a new process of dllhost.exe or svchost.exe and executed, with its input and output handles redirected to the remote plugin that initiated the attack. This allows the operator to control the injected module and interact with it.

The Legspin module MD5 29105f46e4d33f66fee346cfd099d1cc Size 67584 bytes Type Win32 EXE Compiled 2003.03.17 08:33:50 (GMT)

This module was also developed as a standalone command line utility for computer administration. When run remotely it becomes a powerful backdoor. It is worth noting that the program has full console support and features colored output when run locally. It can even distinguish between consoles that support Windows Console API and TTY-compatible terminals that accept escape codes for coloring.

"Legspin" output in a standard console window with color highlighting

In addition to the compilation timestamp found in the PE headers, there are two references that point to 2003 as its true year of compilation. The program prints out two version labels:

  • 2002-09-A, referenced as "lib version"
  • 2003-03-A

In addition the program uses legacy API functions, like "NetBIOS" that was introduced in Windows 2000 and deprecated in Windows Vista.

Once started and initialized, it provides the operator with an interactive command prompt, waiting for incoming commands. The list of available commands is pretty large and allows the operators to perform many administrative actions. Some of the commands require additional information that is requested from the operator, and the commands provide a text description of the available parameters. The program is actually an administrative shell that is intended to be operated manually by the attacker/user.

Command Description cd Change current working directory dir
ls
dirl
dirs List files and directories tar Find files matching a given mask and time range, and write their contents to a XOR-encrypted archive tree Print out a directory tree using pseudographics
trash Read and print out the contents of the Windows "Recycle Bin" directory get Retrieve an arbitrary file from the target machine, LZO compressed put Upload an arbitrary file to the target machine, LZO compressed del Delete a file ren
mv
copy
cp Copy or move a file to a new location gtm Get file creation, access, write timestamps and remember the values stm Set file creation, access, write timestamps to the previously retrieved values mtm Modify the previously retrieved file timestamps scan
strings Find and print out all readable strings from a given file more Print out the contents of an arbitrary file access Retrieve and print out DACL entries of files or directories audit Retrieve and print out SACL entries of files or directories finfo Retrieve and print out version information from a given file cs Dump the first 10,000 bytes from an arbitrary file or from several system files:

advapi32.dll
kernel32.dll
msvcrt.dll
ntdll.dll
ntoskrnl.exe
win32k.sys
cmd.exe
ping.exe
ipconfig.exe
tracert.exe
netstat.exe
net.exe
user32.dll
gdi32.dll
shell32.dll

lnk Search for LNK files, parse and print their contents info Print out general system information:
  • CPU type
  • memory status
  • computer name
  • Windows and Internet Explorer version numbers
  • Windows installation path
  • Codepage
dl Print information about the disks:
  • Type
  • Free/used space
  • List of partitions, their filesystem types
ps List all running processes logdump Unfinished, only displays the parameter description reglist Dump registry information for a local or remote hive windows Enumerate all available desktops and all open windows view List all visible servers in a domain domains List the domain controllers in the network shares List all visible network shares regs Print additional system information from the registry:
  • IE version
  • Outlook Express version
  • Logon default user name
  • System installation date
  • BIOS date
  • CPU frequency
  • System root directory
ips List network adapter information:
  • DHCP/static IP address
  • Default gateway's address
times Obtain the current time from a local or remote machine who List the names of current users and the domains accessed by the machine net
nbtstat
tracert
ipconfig
netstat
ping Run the corresponding system utility and print the results tel Connect to a given TCP port of a host, send a string provided by the operator, print out the response dns
arps Resolve a host using DNS or ARP requests users List information about all user accounts admins List information about user accounts with administrative privileges groups List information about user groups trusts List information about interdomain trust user accounts packages Print the names of installed software packages sharepw Run a brute-force login attack trying to obtain the password of a remote share sharelist Connect to a remote share srvinfo Retrieve current configuration information for the specified server netuse Connect, disconnect or list network shares netshare Create or remove network shares on the current machine nbstat List NetBIOS LAN adapter information run Create a process and redirect its output to the operator system Run an arbitrary command using WinExec API exit Exit the program set Set various internal variables used in other shell commands su Log on as a different user kill Terminate a process by its PID kpinst Modify the registry value:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] System
This value should normally point to "lsass.exe". svc
drv Create, modify or remove a system service help
? Print the list of supported commands

The Legspin module we recovered doesn't have a built-in C&C mechanism. Instead, it relies on the Regin platform to redirect the console input/output to/from the operators.

Conclusions

Unlike most other Regin modules, Legspin and Hopscotch appear to be stand-alone tools developed much earlier. The Legspin backdoor in particular dates back to 2003 and perhaps even 2002. It's worth pointing that not all Regin deployments contain the Legspin module; in most cases, the attackers manage their victims through other Regin platform functions.

This means that Legspin could have been used independently from the Regin platform, as a simple backdoor together with an input/output wrapper.

Although more details about Regin are becoming available, there is still a lot that remains unknown. One thing is already clear – what we know about Regin is probably already retired information that has been replaced by new modules and techniques as time passes.

SSCC 182 - What would the Pirate Party do? [PODCAST]

Sophos Naked Security - 22 Leden, 2015 - 09:13
This week's episode of our quarter-hour security podcast. Entertaining as well as accurate and educational - why not give it a listen?

WhatsApp Web — New WhatsApp Feature Allows You to Chat From Your Browser

The Hacker News - 22 Leden, 2015 - 07:45
The most popular smartphone messaging service WhatsApp is now able to communicate with friends from their PC. No Rumours at all !! Enjoy WhatsApp from your desktop from now on. Last month, it was leaked that Whatsapp was working on a web client and finally from today they are introducing it to the public. The feature is called "WhatsApp Web," which gives its users the ability to read and
Kategorie: Hacking & Security

Attack for Flash 0day goes live in popular exploit kit

Ars Technica - 22 Leden, 2015 - 02:00

If you've been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits.

Prolific exploit sleuth Kafeine uncovered the addition to Angler, an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes. Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep.

Adobe officials say only that they're investigating the reports. Until there's a patch, it makes sense to minimize use of Flash when possible. AV software from Malwarebytes and others can also block Angler attacks.

Read on Ars Technica | Comments

Kategorie: Hacking & Security

Did feds mount a sustained attack on Tor to decloak crime suspects?

Ars Technica - 21 Leden, 2015 - 22:15

Last week's arrest of a man alleged to help run the Silk Road 2.0 online drug bazaar has touched off speculation he was identified using a controversial attack that for six months last year systematically worked to deanonymize users of the Tor privacy service.

In a search warrant affidavit filed earlier this month, a special agent with the Department of Homeland Security said the Silk Road follow-on site was accessible only as a hidden service on Tor, a measure that typically would have made it impossible to identify the IP addresses hosting the underlying servers, as well as IPs used by end users who accessed them. Despite the use of Tor, FBI investigators were able to identify IP addresses that allegedly hosted and accessed the servers, including the Comcast-provided IP address of one Brian Farrell, who prosecutors said helped manage SR2. In the affidavit, DHS special agent Michael Larson wrote:

From January 2014 to July 2014, a FBI NY Source of Information (SOI) provided reliable IP addresses for TOR and hidden services such as SR2, which included its main marketplace URL (silkroad6ownowfk.onion), its vendor URL (vx3w763ohd256iyh.onion), its forum URL (silkroad5v7dywlc.onion) and its support interface (uz434sei7arqunp6.onion). The SOI's information ultimately led to the identification of SR2 servers, which led to the identification of at least another seventeen black markets on TOR.

The SOI also identified approximately 78 IP addresses that accessed a vendor .onion address. A user cannot accidentally end up on the vendor site. The site is for vendors only, and access is only given to the site by the SR2 administrators/moderators after confirmation of a significant amount of successful transactions. If a user visits the vendor URL, he or she is asked for a user name and password. Without a user name and password, the vendor website cannot be viewed.

The timeframe of the information leak bears a striking resemblance to a deanonymization attack uncovered in July by Tor officials. For six months, the people behind the campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services. The decloaking effort began in late January 2014 and ran until early July when Tor officials shut it down. The Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who a few weeks earlier canceled a security conference presentation on a low-cost way to deanonymize Tor users. The Tor officials went on to warn that an intelligence agency from a global adversary also might have been able to capitalize on the vulnerability.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities

The Hacker News - 21 Leden, 2015 - 20:40
Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169
Kategorie: Hacking & Security

Windows 10 Preview and Security

Kaspersky Securelist - 21 Leden, 2015 - 20:25

Microsoft presented a preview of their newest "experience", Windows 10, over a live stream this morning. The release is expected later this year. This isn't envisioned as just an OS for desktops, but it brings support as a truly broad computing platform. They claim to have built Windows 10 with "more personal computing" in mind, and it's an ambitious push into seamlessly bringing together desktop computing, holographic computing (awesome!!!), mobile devices, gaming and IoT, a move to the "Store", productivity applications, big data services and sharing, new hardware partner technologies, and cloud computing for a "mobility of experience". They skimmed over "Trust" only in light of data privacy issues. From what I have seen, pushing aside security is a somewhat disappointing theme for all of the vendors at their previews, not just Microsoft. There is, however, a very long list of enhanced security features developed into this new codebase along with a massive amount of new attack surface introduced with this new platform.

Microsoft is attempting to better tighten down the new version of Windows the operating system by disallowing untrusted applications from installing and verifying their trustworthiness with their digital signature. This trusted signing model is an improvement, however, this active handling is not perfect. APT like Winnti's attacks on major development shops and their multiple, other significant ongoing attack projects demonstrate that digital certificates are readily stolen and re-used in attacks. Not just their core group's winnti attacks, but the certificates are distributed throughout multiple APT actors, sharing these highly valued assets, breaking the trust model itself to further their espionage efforts.

With seamless integration of all these data sharing services across computing resources, authentication and their underlying credentials and tokens cannot be leaked across services, applications, and devices. Pass-the-hash attack techniques frequently used by targeted attackers haunted corporate organizations using Windows for almost a decade. These types of credential theft techniques will have to be better protected against. And Flame introduced a whole new level of credential attack, so we may see Hyper-V and the newest container model for Windows 10 attacked to gain access to and abuse these tokens for lateral movement and data access. Defensive efforts haven't been terribly successful in their responsiveness in the past, and Active Directory continues to see new attacks on organization-wide authentication with "skeleton keys". So, their implementation of credential provisioning and access token handling will deserve security researchers' attention - Hyper-V technologies and components' attack surface will come under a new focus for years to come. And the DLP implementation for sharing corporate data securely is encouraging as well, but how strong can it be across energy constrained mobile hardware?

Considering that 2014 brought with it over 200 patch-worthy vulnerabilities for the various versions of Internet Explorer, a minimalist refresh of this code with the "Project Spartan" browser would be welcome. Simply put, the IE web browser was hammered in 2014 across all Windows platforms, including their latest. Our AEP and other technologies have been protecting against exploitation of these vulnerabilities in high volume this past year. Not only has its model implementing ActiveX components and its design been under heavy review, but the slew of newer code and functionality enabling "use-after-free" vulnerabilities led to critical remote code execution. The new Spartan browser brings with it large amounts of new code for communications and data sharing, which brings with it Microsoft's track record of introducing hundreds of patch-worthy vulnerabilities annually into their browser code. Hopefully their team won't bring that baggage with them, but the load seems pretty heavy with the new functionality. I didn't see any new security features, development practices, or sandboxes described for it and will wait to see what is in store here.

An unusually large amount of time was set aside to present their "intelligent assistant" Cortana, which started with a somewhat disconnected and bizarre conversation between the presenter and the actual Cortana assistant instance onstage. The devil is in the details when implementing security support for access to data across fairly unpredictable services like this one.

Of course, our products will be ready to go. Kaspersky Lab consumer products will support Windows 10 after its official launch. There will be no need for customers to reinstall Kaspersky Lab solutions for migration onto the new platform. All these products will be patched accordingly and will provide the same exceptional level of protection on the new Windows OS.

Syndikovat obsah