How-To Geek

Week in Geek: Evernote Account Used as a Command and Control Structure for Malware

Our last edition of WIG for March is filled with news link coverage on topics such as the Google Translate app for Android has received offline support, outdated Java weak spots are widespread, secure API omission is rendering Android password managers insecure, and more.

Weekly News Links

Image courtesy of Alan Buckingham (BetaNews).

Security News

  • Evernote: So useful, even malware loves it
    Your average workaday botnet uses a command and control server to give the malware bots on infected PCs their marching orders. But as network security tools begin to block traffic to suspicious domains, some enterprising hackers are turning to communications tools less likely to be blocked by corporate firewalls, using consumer services to deliver their bidding to their digital minions.
  • Outdated Java weak spots are widespread, Websense says
    Researchers say the latest version of Java is only in use by a dismal 5 percent of users, and many versions are months or years out of date — just begging to be exploited.
  • API omission renders Android password managers insecure
    A study by students at the University of Hannover has found that password managers on Android smartphones are not particularly secure. The researchers analysed 13 free and 8 proprietary password managers on a Galaxy Nexus running Android 4.0. They found that Android does not make it easy for developers to write a genuinely secure password manager, as it lacks a secure API to deliver passwords between applications.
  • Anonymized Phone Location Data Not So Anonymous, Researchers Find
    Anonymized mobile phone location data produces a GPS fingerprint that can be easily used to identify a user based on little more than tracking the pings a phone makes to cell towers, a new study shows.
  • Many Amazon S3 cloud storage users are exposing sensitive company secrets, claims report
    Approximately one in six Amazon S3 storage buckets are full of holes, leaking sensitive data and company secrets, claims a new report.
  • Your WiFi-enabled camera might be spying on you
    Every networked sensor package in your immediate vicinity can be used to spy on you unless it is well-designed and transparent to you and the wide community of security researchers. (Post includes demonstration video.)
  • Tibetan phishing attack now comes with Android Trojan
    The researchers at Kaspersky Lab have noted a new attack on Tibetan activists that is now targeting their smartphones. According to a report, a recent spear phishing attack, launched from the hacked email account of a “high-profile Tibetan activist” skipped the usual payload of malicious files and instead had an APK file attached.
  • Cash Claws, Fake Fascias & Tampered Tickets
    Credit and debit card skimmers aren’t just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are turning up on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.
  • Lost+Found: A get-out-of-jail-free card, a free book & Facebook hacking
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar over the last seven days: the NSA’s Cryptolog archive, “Wipe the drive”, piracy in armament circles, keeping phishers busy, a crusade against malware, and chatty encryption checking.
  • Lost+Found: Plain text spooks, AV charts and crypto answers
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar over the last seven days: AV popularity, Crypto answers, plain text spooks, encrypted iOS chat and asking Mozilla’s security anything.
  • The largest DDoS attack didn’t break the internet, but it did try
    A 300Gbps distributed denial-of-service attack thought to be the largest in the world has put key internet infrastructure to the test, and, so far, the attack has failed.

TinyHacker Links

Image courtesy of Ars Technica.

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

How-To Geek Weekly Trivia Roundup

One Year Ago on How-To Geek

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 03/31/13

Enter Your Email Here to Get Access for Free:

Go check your email!