Saturday, October 22, 2016

One of the largest DDoS attacks was recorded: Twitter and PayPal shut down while CNN experienced problems

Hundreds of thousands of devices such as web cameras and other digital recording devices were infected on Friday with the so-called. Botnet in order to affect loading of some of the most visited websites in the world.

The attackers had an obvious goal - to block or slow down global sites using everyday devices. Among the affected sites to find are Twitter, Paypal and Spotify, and all three are belong to Dyn from the United States, which plays the role of switchboard for Internet traffic, according to Guardian.

The attack took place first in the eastern part of United States, then began to spread to the rest of the country, while the effects are registered in some of European countries as well.

In addition to these pages, users have had problems with access to portals such as: Mashable, CNN, New York Times, Wall Street Journal and Yelp, including several pages owned by Amazon.

Hackers attack used by the web cameras and DVRs infecting them with botnet that can be described as an assistant in the creation of DDoS attacks. This type of attack, busy with certain internet service artificial traffic which impedes access to "normal" users.

Dyn has issued a statement in which he confirmed that the DDoS attack came from the millions of sources, which is classified as the one of the largest carried on the attack so far.

After the first wave of attacks was followed by a second and then a third that was recorded Friday night. The problem lasted for several hours.

Thursday, October 20, 2016

Arm your Android device with an anti-keylogger

Checking your Android device, from time to time, for a secret keylogger that is able to record whatever you do, will certainly not harm you. But doing nothing and letting an app do everything for you sounds even better. 

Secret spy in your device

Having your data stolen is definitely not your dream scenario. If we go back in the near past, we can localize few keylogger attacks on Android devices that made the security alerts for Android users go high up! 

The scene with Flash Keyboard was definitely among them. The app was actually among the most popular apps on Google Play Store if we look at the download rate, until cyber security companies revealed that the app was stealing users' data without their permission and then sending the info (GPS location, email address and etc.) to various servers located in China, United States and the Netherlands. Once found out Google removed the app from the store. 
Another keylogger attack scenario happened with the perfect legitimate Android Keyboard application – SwiftKey that was infected with a Trojan that turned the app into a keylogger.

Anti-keylogger – let’s keep private as private

Having in mind the above scenarios, which are not the only examples of keylogging attacks, and the fact that more and more advanced versions of keyloggers are coming to the surface – a security shield is highly needed.

Anti-keylogger feature for Android devices keeps your private data as private and besides a usual malware scanner and real-time protection that most of the security apps have, the anti-keylogger is an additional layer of protection which is specifically designed to detect and block the keylogger that may be lurking around in your device. 

It detects malicious keyboard applications, password managers and SMS applications that track everything you type, even legitimate keyboard applications which are modified by hackers.

Wolf in sheep's clothing

Downloading a security app is the first step in securing your device but what is even more important is the human factor which in many cases leads to these attacks. Advanced version of keyloggers have the ability to trick users worldwide, like a wolf in sheep's clothing, in order to get what they want. Simply by putting a nice mask, something that we are familiar with, they are covering their real malicious face. It is always good to download an app from reliable sources and to always review what is the app asking us to do. By simply clicking next, next, next and agree can lead to many unwanted situations. 

Scan the below code to download the app:

Tuesday, October 11, 2016

Zemana Hackathon

Güncelleme (Tarih 12.10.2016)

15 Ekim Cumartesi günü düzenleyeceğimiz Hackathon aşağıdaki adreste düzenlenecektir:

Yer     : Difose Uygulamalı Eğitim Merkezi
Adres : Ümit Mah. 2481.Sok. No:6 Ümitköy 06810 Çankaya-Ankara (Koru Metro Durağına 250 metre)

Tüm katılımcıların dizüstü bilgisayarlarına aşağıdaki uygulamaları kurmaları gerekmektedir:
- Microsoft Visual Studio Community 2015
- Google Chrome
- Google Chrome Postman



15 Ekim Cumartesi günü Ankara/Ümitköy'de ekibimize yeni dahil olacak takım arkadaşımızı seçmek için 12:00 - 16:00 saatleri arasında 4 saat sürecek bir Hackathon düzenleyeceğiz.

Detaylar hakkında bilgi alabilmek için adresine email atabilirsiniz.

Çevrenizde ilgilenen arkadaşlara bilgi verebilirseniz çok mutlu oluruz.

NOT: Kontenjanımız 18 kişi ile sınırlı. Şu anda katılacağını bildiren 8 aday var.

Saturday, October 8, 2016

Zemana Mobile Antivirus protects you now from malicious SMS applications

Developers of Zemana Mobile Antivirus made certain improvements on the anti-keylogger feature. Now, the app protects you from malicious SMS applications.

What are malicious SMS applications?

Nowadays, almost all Android devices are vulnerable to any kind of attack that could allow hackers to access the vulnerable device without the owners being aware of it.

Malicious SMS applications look like a totally legitimate SMS application but it actually works on a spying manner. The attacker can easily install the malicious app directly into your device whereby they get your consent to monitor your messages. Once the software is installed into your device to be monitored, it logs activity such as SMS messages.

These malicious SMS applications are able to retrieve users' new text messages but it will also extract old and deleted text messages as well. It does this by scouring the memory of the mobile device and extracting all available old and deleted text messages that haven’t been overwritten.

Image: Zemana Mobile Antivirus detected SMS malware

Trust what you type in your short messages

With the ever accelerating presence of these malicious SMS applications, developers of Zemana Mobile Antivirus decided to improve its anti-keylogger protection feature and to enhance it with a special layer of protection from, above mentioned malicious SMS applications.

Stay safe and install Zemana Mobile Antivirus.

Thursday, September 29, 2016

Mozilla pushes to drop Certificates with SHA-1 based Signature Algorithms

A lot of secure websites are using certificates based on a hash algorithm called SHA-1.

Integrity of Certificates with SHA-1 are phased out

To any website, the veracity of this algorithm is essential in securing the website 100% cause security holes in these algorithms can cause tremendous problems where cyber attackers can obtain fraudulent certificates.

Mozilla and other browser vendors are now pushing to phase out the SHA-1 hash algorithm. Why?

This algorithm is in the market for twenty years but in the last few years successful attacks targeting properties of SHA-1 showed that it is more than only back-dated. In a report published by Mozilla is a list of various violations that go against CA/Browser Forum’s baseline requirements. 

After a deep investigation of WoSign and StartCom, besides the back-dating of SHA-1 certs, WoSign has been accused of miss-issuing certificates for GitHub to a customer, where arbitrary domain names have been included in certs without prior validation.

 “Mozilla’s CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA,” stated in the report by Mozilla.  “Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly-issued certificates issued by either of these two CA brands.” – Mozilla report.

If customers have no faith in the validity of CA certificate system, the Internet will experience big problems. 

Having trustful  CA certificate system is essential to keep the Internet up and running.

“Mozilla believes that continued public trust in the correct working of the CA certificate system is vital to the health of the Internet, and we will not hesitate to take steps such as those outlined above to maintain that public trust,” Mozilla said.

Even previously SHA-1 has been considered as a weak hash therefore Mozilla team advices Certification Authorities (CAs) and Web site administrators to upgrade their certificates that contain hash functions that are much stronger and reliable such as: SHA-256, SHA-384, or SHA-512.

“We consider the following algorithms and key sizes to be acceptable and supported in Mozilla products: SHA-1 (until a practical collision attack against SHA-1 certificates is imminent) …” NIST Guidance recommended that SHA-1 certificates should not be trusted beyond 2014. However, there are still many Web sites that are using SSL certificates with SHA-1 based signatures, so we agree with the positions of Microsoft and Google that SHA-1 certificates should not be issued after January 1, 2016, or trusted after January 1, 2017.”- Mozilla’s CA Certificate Maintenance Policy section

Therefore, stop everything you do and go check your SSL and Code Signing certificates and if they use the SHA-1 hash algorithm, replace it immediately and update it to a stronger one.

Moreover, in order to not experience any problems in the future install SSL security tool and stay worry free. 

Friday, September 23, 2016

MAJOR YAHOO HACK- 500 million user accounts are affected

In case you use any of the Yahoo services you should check your accounts and act immediately since the company confirmed the massive data breach from 2014 where 500 million users accounts were affected.

Yahoo gave an official statement where they mentioned that they will notify each affected user.
Each of the affected users accounts may include names, email addresses, telephone numbers, dates of birth, hashed password, security Q&A.

Nevertheless, in case you are affected or not you should immediately act and change your password and enable two-step authentication (instructions here) which gives you an additional level of security where you can even request to receive a text message or call to your phone that includes few numbers you have to enter prior to logging into your account.

Moreover, you can use Yahoo Account Key (instructions here) that eliminates the need to actually remember a password. Instead, you will just receive a notification on your mobile device and you just type yes and voila- you are sign in is done.

You should also update your security questions that you have stated once you created your e-mail address since those are potentially exposed now.

This is not the first and last massive data breach that happened over the past few years.

What you should do is to take a lesson from it and immediately install an anti-keylogging app that keep your mobile device or PC safe from any intruders.

Stay safe!

Monday, September 19, 2016

C# Web Developer İlanı (Ankara/Türkiye)

Aşağıda yer alan mülakat sorularını cevapladığınızda 10 üzerinden 8 soruya doğru yanıt verdiğinizi düşünüyorsanız, cevaplarınızı CV’niz ve daha önce geliştirdiğiniz örnek projeler ile birlikte adresine gönderebilirsiniz. Mülakat süreci, 2 aşamadan oluşmaktadır. İlk aşama, aşağıdaki mülakat soruları üzerinden devam edecek, ikinci aşamada ise daha detaylı bir soru grubu ile mülakat yapılacaktır. Soruları Google kullanmadan cevaplamaya özen göstermenizi rica ediyoruz.

Proje Detayları:
Proje adı:  Zemana Endpoint Security Control Center’dır. Görev alacağınız proje, merkezi bir web panel üzerinden çalışan, kurumsal AntiVirüs uç noktalarının kendisine bağlanarak yönetimini sağlayan bir Control Center uygulamasıdır. Bu web uygulaması sayesinde, uç noktalara task ve policy atamaları gerçekleştirilebilmekte ve uç noktalardan gelen uyarılar merkezi olarak kayıt edilerek raporlanmaktadır.

Projede Kullanılan Teknolojiler:
MVC 5, WebAPI, ASP.NET Identity, MongoDB, Background Jobs,  JQuery.

Aradığımız nitelikler:
-   Takım oyuncusu (Mümkünse “Forvet” tercihimizdir)
-   Programlamaya gönlünü vermiş,
-   Yazdığı kodları şiir gibi gören,
-   Gördüğü her sistemin arkasını merak eden,
-   Kaliteli kod yazmayı prensip haline getirmiş,
-   Çok uluslu bir şirkette kendisini gurbette hissetmeyecek derecede İngilizce bilen,
-   Kendisini öğrenmeye adamış, inisiyatif sahibi takım arkadaşları arıyoruz.

Mülakat Soruları:
1.  Compare JSON against XML as data exchange formats.

2.  How would you transfer binary data in JSON?

3.  What are value types and reference types in C#?

4.  What does NoSQL stand for? How does it differ from SQL?

5.  What does “Document Database” stand for? What is the maximum document size limit in MongoDB?

6.  What are the differences between MVC and WebAPI in .NET?

7.  What does CRUD stand for?

8.  What is Domain Driven Design? What role does Repository Layer play in Domain Driven Design?

9.  What is the best way to instantiate an Abstract Class?

10. Write a class implementing Singleton pattern.