Monthly Archives: April 2013

Google Now Talks Its Way Onto iPhones

Yesterday – Google’s predictive search and voice recognition tool has arrived as an app on Apple’s iOS platform.

Having debuted at last year’s Google I/O conference, the Now-enabled Google Search 3.0 for iOS brings the same robust search features and visual style, called cards, to iPhones and iPads. Google Now’s product manager, Tamar Yehoshua, said that Google Now will compete well against Apple’s personal assistant Siri because of its superior accuracy.

“We think we’ve built a great experience,” she said during a conversation at Google’s headquarters in Mountain View last week. “We’re giving you an answer before you’ve even asked,” she explained. Google is “able to predict knowledge that you want before you know you want it.”

Google Now does that by taking advantage of several different technological areas. It leverages the text-to-speech output, the Knowledge Graph, and the technology stack to provide its voice recognition and predictive search combo.

Unlike Google Now on Android, which you can start using as long as your device is running Android 4.1 or later, the Google Now app on Apple’s iOS will require you to log in to your Google account first. But the defining features of Google Now, the voice recognition and the predictive search, remain intact.

The predictive search in Google Now will use your calendar, for example, to determine what information it should show you. That info can change depending on where you’re going, so it might show you traffic on your route home, or tourist sites near your hotel.

Google Now’s Voice Recognition has made some significant improvements. People got used to using keywords to search because they had to, but it’s not the best way to search. Google Voice has now implemented just the beginning phases of context and conversation, such as following a question like “How tall is Barack Obama?” with “And how tall is his wife?”

And an even more complex scenario as a future goal for Google Now would be to follow “What happened in the Red Sox game?” with “Who’s pitching? When are they playing tomorrow?” and the tricky integration of other digital services that could conclude with “Record the game for me.”

Google executives were quiet about possible plans to port Google Now to other platforms, such as Chrome. But it’s apparent that the service is big deal for Google, as evidenced by the attention that co-founder and CEO Larry Page paid Google Now during last week’s quarterly earnings call.

The goal of Google Now, he said, “is to get you the right information, at just the right time.” He noted the key features of the service, including that it provides people with their boarding passes and delivery updates as well as traffic conditions, local sports scores, and upcoming weather conditions without prompting.

“Looking for the nearest pharmacy? Just ask Google for directions, and we’ll deliver them instantly,” Page said. “No typing needed. And you can now ask conversational questions like ‘Do I need a jacket this weekend?'”

While it’s clear that Google Now is growing in its importance to Google Corporate, especially as a strong customer-facing tool for its Knowledge Graph, it’s less obvious how many people with iPhones will abandon Siri and its automatic start features in order to jump into Google’s competing app.

DropSmack Using Dropbox to Steal Files and Deliver Malware

Around 50 million Dropbox users might soon need to give a second thought to continuing using the popular file hosting service, thanks to recently uncovered security issues.

Questions have been raised over the service regarding file security in the past, but the convenience it offers seems to have overcome security considerations.

The online storage service is offered by Dropbox Inc which provides cloud storage, file synchronization, and client software. With Dropbox users can create a special folder on each of their computers, which it then synchronises so that it appears to be the same folder (with the same contents) on all computers used to view it. Files in the folder can also be accessed through a website and mobile phone applications.

According to an article in TechRepublic by Michael Kassner, who runs IT publication consultancy MKassner Net, while perusing this year’s Black Hat EU seminar briefing website, he came across a briefing note titled ”DropSmack: How cloud synchronization services render your corporate firewall worthless.”

Penetration tester Jake Williams gave an impressive and amusing presentation at this year’s Black Hat Europe revolving around how he ended up gaining access to a client’s network via Dropbox.  There’s a link to Jakes presentation at the end of this article

After being continuously stymied in all of his traditional pen testing efforts, he was able to gain access to the CIO’s laptop through some open source (Facebook) reconnaissance, and ultimately discovered corporate documents in a Dropbox folder. Score!

This led to the development of DropSmack. DropSmack leverages the Dropbox synchronization services on an owned (infected) system to act as a Command and Control (C2) channel to the internal corporate network.

In a nutshell – here’s how DropSmack works:
DropSmack is designed to monitor the Dropbox synchronization folder. The hacker creates a file using a .doc extension, puts a legitimate file header on the first line, and then adds the desired macro commands. These files won’t open in Word (MS Word says the file is corrupted); but that’s good, it makes the file less prone to investigation by a snoopy user.

When the doctored file is placed in the owned (hacked) computer’s Dropbox folder, Dropbox does it magic synchronizing all associated Dropbox folders. DropSmack detects the file meant for it, and executes the command. BAM!

DropSmack would give a hacker the ability to spread malicious code or exfiltrate sensitive data from internal systems that synchronize with the infected system via Dropbox. All of this would bypass traditional security defense mechanisms such as Firewalls, Intrusion Detection Systems, Data Loss Preventions, and AntiVirus solutions both at home and on corporate networks.

The best chance at defense?
Williams says that application whitelisting “won’t let the new application (DropSmack) execute.” The process of whitelisting every application that is allowed to execute on a computer system would be a HUGE undertaking. However, just the fact that this communication channel exists by design remains the major challenge. Companies and individuals must ask themselves if the use of Dropbox is worth the potential risk?

A few more interesting tidbits for business owners:

 • More often than not, Dropbox is loaded on corporate networks whether it is approved or not — most of the time it’s not.

 • It’s a good bet the bad guys know this technique, and are already using it.

The article may make it seem that DropSmack is more of a corporate concern, but that is not necessarily so. Once DropSmack or similar malware becomes mainstream in the bad-guy circles, it’s everyone’s concern.

Read the full article on TechRepublic here:
http://www.techrepublic.com/blog/security/dropsmack-using-dropbox-to-steal-files-and-deliver-malware/9332

Direct Link to the BlackHat conference briefing presentation
https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf

 

Bogus IRS Emails Swamp The Internet

The deadline for filing federal taxes was yesterday and Massachusetts residents have today as an extra day to file their state taxes, but cybercriminals impersonating the IRS in e-mail scams designed to steal your tax refund are just getting warmed up.

An estimated 95% of the e-mail moving across the Internet in the last three months — and purporting to come from IRS.gov — was fraudulent, according to results of an e-mail traffic survey supplied exclusively to USA TODAY.

Just like the sun rises in east and sets in the west, every year, come April, phishers who specialize in tax fraud come out to try to get you.

What’s more, cyber security experts warn that e-mail messages crafted to look like official IRS inquiries, but designed to steal personal information and reroute tax refunds to accounts controlled by organized theft rings, will continue at a high rate through May and June.

They’ll send an e-mail confirming they’ve received your tax return and need more information or that your online tax payment has been rejected and you need to log in and respond immediately.

Cybercriminals are well-versed in local, state and federal tax rules throughout the U.S. and in other nations. They use bogus forms that look authentic in order to trick a victim into divulging log-on credentials for tax authority websites and bank accounts. Or they’ll entice the victim into clicking a malicious attachment or Web link that turns control over to the attacker.

Tax scammers can find out if a tax return has already been filed, note the refund amount and modify where the refund should be sent. If the opportunity arises, they’ll file a faked return and route the refund into their hands.

Part of the reason bogus IRS e-mail continues to swamp the Internet this time of year is because the agency has not yet adopted a year-old technical standard called DMARC, an acronym for Domain-based Message Authentication, Reporting & Conformance.

DMARC standardizes how major online companies, such as Facebook and Netflix, prove the authenticity of legitimate e-mail sent to customers. Major Internet Service Providers as well as the major providers of free Web mail — Microsoft, Google, Yahoo and AOL — all support DMARC.

Any “phisher” that attempts to send a bogus Facebook or Netflix e-mail that uses the free e-mail services or ISPs supporting DMARC, gets blocked. DMARC has been lobbying the IRS to adopt the standard stating that companies and organizations need to take a proactive approach to protect their consumers from phishing attacks by implementing the DMARC standard. Until that happens, these types of attacks will continue to occur.

Remember the IRS will not attempt to contact you via email. Always verify the authenticity of the “sender” of any email request before complying and potentially opening yourself up to identity theft.

 

Google Chrome Using Reputation To Detect Malicious Downloads

Google Chrome is using data about websites, IP addresses, and domains to detect 99 percent of malicious executables downloaded by users — outperforming antivirus and URL-reputation services

The system, known as Content Agnostic Malware Protection (CAMP), triages up to 70 percent of executable files on a user’s system, sending attributes of the remaining files that are not known to be benign or malicious to an online service for analysis.

While Chrome’s system uses a blacklist and whitelist on the user’s computer to initially detect known good or bad files, the CAMP service uses a number of other characteristics, including the download URL, the Internet address of the server providing the download, the referrer URL, and any certificates attached to the download.

CAMP bridges the gap between blacklists and whitelists by augmenting both approaches with a reputation system that is applied to unknown content. The approach should improve the security of Google Chrome users because it’s interfering with one of the primary ways that cybercriminals attempt to infect systems.

Google’s own real-world test — deploying the system to 200 million Chrome users over six months — found that CAMP could detect 98.6 percent of malware flagged by a virtual-machine-based analysis platform. In addition, it detected some 5 million malicious files every month that had escaped detection by other solutions.

In many ways, CAMP is an answer to Microsoft’s SmartScreen, a technology that Microsoft built into its Internet Explorer and the latest version of its operating system, Windows 8. SmartScreen is largely responsible for Internet Explorer 8’s and 9’s superior performance in blocking malicious downloads. Yet SmartScreen has worried some privacy-conscious users because it sends characteristics of every file it evaluates to Microsoft’s servers.

Unlike Microsoft’s solution, CAMP attempts to detect locally whether any downloaded file is malicious, before passing characteristics of the file to its server-based analysis system. First, the system checks the binary against a blacklist — in this case, Google’s Safe Browsing API. If that check doesn’t returns a positive result, and if the file has the potential to be malicious, CAMP will check a whitelist to see whether the binary is a known good file.

The CAMP service renders a reputation — benign, malicious, or unknown — for a file based on the information provided by the client and reputation data measure during certain time windows, including daily, weekly, and quarterly measurements. Information about the download URL, the Internet address of the download server, any referrer information, the size and hash value of the download, and any certificates used to sign the file are sent to Google to calculate a reputation score.

CAMP’s 99-percent success rate surpassed four antivirus products, which individually detected at most only 25 percent of the malicious files and collectively detected about 40 percent (Google has chosen NOT to mention the Antivirus products tested). Other detection services — such as McAfee’s SiteAdvisor, Symantec’s Safe Web, and Google’s own Safe Browsing — fared even worse, detecting at most only 11 percent of the URLs from which malicious files were downloaded.

The relevance of this solution may be limited to consumers and small businesses. While the Google Chrome results are impressive, most companies should not be allowing employees to download and run executables anyway. The weakest link in security protection is the end user!

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: