pokemon go security issue

Pokémon GO, the mobile augmented reality game that has become hugely popular in record time, brings with it a lot of unexpected dangers.

Its popularity has been exploited by malware peddlers and scammers, but the game’s creators (Niantic Labs) have also inadvertently put users’ security and privacy at risk by failing to limit the permissions the app receives when users sign into it with their Google account.

The problem was first spotted by Adam Reeve.

After downloading and running the game, he was asked to log in. As he couldn’t create a separate account for it at the time, the only other option was to log in with his Google account, so he did.

The app did not note which permissions it asks, but Reeve proceeded anyway. After he logged in, he went to check which permissions the app was granted, and was shocked to see that it received full access to his Google account.

This means that the app, and the company behind it could read his emails and send emails in his name, access his search history, all the documents in his Google drive, photos in Google Photos, etc.

“What’s more, given the use of email as an authentication mechanism (think ‘Forgot password’ links) they now have a pretty good chance of gaining access to your accounts on other sites too,” he noted.

He posited that this situation was the result of “epic carelessness,” and not an attempt by the company to actually access players’ Google accounts.

Niantic effectively confirmed his theory with a public statement, saying that the problem was only found in the iOS version of the game, but made sure to note that the game only accesses players’ Google user ID and e-mail address.

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access,” they explained. “Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

With that problem out of the way, users still might want to know what information the app collects about them.

If they went through the game’s Privacy Policy carefully, they might already known, but too few users actually do that.

BuzzFeed reporter Joseph Bernstein has helpfully read through it and summarized the information.

“According to the Pokémon Go privacy policy, Niantic may collect – among other things – your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location,” he noted.

“It also may share this information with other parties, including the Pokémon Company that co-developed the game, ‘third-party service providers,’ and ‘third parties’ to conduct ‘research and analysis, demographic profiling, and other similar purposes.’ It also, per the policy, may share any information it collects with law enforcement in response to a legal claim, to protect its own interests, or stop ‘illegal, unethical, or legally actionable activity.'”

This should not come as a surprise, as most mobile/location apps collect similar info, and through the Privacy Policy legally regulate the sharing of this data with other parties and law enforcement.

source:

Jigsaw ransomware decrypter

If you are one of the victims of the Jigsaw ransomware there is a good news for you, experts from CheckPoint Security have defeated it once again.

Let’s start the day with a  good news, the Jigsaw ransomware has been decrypted again. The JIGSAW ransomware was first spotted in April when experts noticed that the threat slowly deletes victim’s files as he shilly-shally to pay the ransom. Jigsaw threatens to delete thousands of files an hour if the victim doesn’t pay 0.4 Bitcoins or $150, and if the victim restart the PC, 1,000 files will be deleted.

The BitcoinBlackmailer.exe reported that the JIGSAW ransomware will encrypt your files adding ‘.FUN’ extension. The author, in the Saw-movie style, displays the face of the character Billy the Puppet from the horror movie and then threatens to delete files if the ransom is not paid within a time limit.

Malware experts at Check Point published a fix for machines infected by the ransomware.

The researchers were investigating the latest Jigsaw Ransomware variant (SHA256: 61AA800584B170FFE9959ACD057CCAF784BF3088E1D3AAB39D07C0793F6C03DF) and its false claims to steal users’ credentials and Skype history, we discovered the mechanism implemented by the threat to check whether payments have been made by the victim.

Once the victim decides to make the payment he will press the “I made a payment, now give me back my files!” button that triggers an HTTP GET request to:

btc.blockr[.]io/api/v1/address/balance/

the response consists in the json structure:

{“status”:”success”,”data”:{“address”:”<bitcoin-account>”,”balance”:0,”balance_multisig”:0},”code”:200,”message”:””}.

The researchers decided to make some tests by changing fields of the json, for example submitting the address of a Bitcoin account that holds the necessary amount of Bitcoins to decrypt the files. The experts changed the variable “balance” in the response from 0 to 10, in this way the JIGSAW ransomware believes the payment was successfully completed and starts the process of decrypting the files and removing itself from the infected PC.

“This got us thinking – what if we change the request, so it queries a different account? Perhaps one that holds the necessary amount of Bitcoins to decrypt our files? Or even better- what if we change the response to say we have the necessary amount? So we did. And it worked.” reads a blog post published by CheckPoint.

Victims of the JIGSAW ransomware can download the decryption tool here and follow the instructions step by step:

1. Unpack the JPS.zip file.
2. In the Jigsaw Puzzle Solver folder, right click ‘JPS.exe’ and click ‘run as administrator’.
3. Follow the instructions displayed on the screen.

source:

Eleanor malware

A malicious application named EasyDoc Converter.app delivers a sophisticated malware dubbed Eleanor malware that opens a Tor backdoor on the victim’s machine.

Experts from security firm Bitdefender have spotted a new malware, dubbed Eleanor malware (Backdoor.MAC.Eleanor), that once compromised Macs set up a backdoor through Tor network.

The malicious application, dubbed EasyDoc Converter.app, pretend to be a file converter, unfortunately, it delivers a sophisticated malware on the victim’s machine. Once infected the target, the malicious code recruits it as part of a botnet or spies on the victim’s machine.

“The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.”  said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab.

Once infected a Mac, the malware grants full access to the file system as reported by Bitdefender.

“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” 

The Backdoor.MAC.Eleanor malware sets up a hidden Tor service and a PHP web server, it exposes a .onion domain that could be accessed by the attacker to control the bot.

The Eleanor malware is able to use the camera on the infected machine by using the open-source toolwacaw. The attacker is able to take pictures of the victims and blackmail them.

Every infected Mac is associated with a Tor address, all the addresses are stored on pastebin.com using a PasteBin agent. The addresses are encrypted with a public key using RSA and base64 algorithms.

The malicious app used to deliver the Eleanor malware is not digitally signed by Apple, this means that by downloading applications exclusively from official store and reputable websites.

source

Ransomware hit university

More than 2.3 million computer users have been targeted with ransomware during the last year, security researchers at Kaspersky Labs concluded in a report published last week.

It’s not just academic institutions and businesses which are targeted. On Friday, for example, Forbes reported that a NASCAR racing team recently agreed to pay an undisclosed amount after suffering from an infection.

Cyber insurance didn’t keep the University of Calgary from recently paying roughly $15,000 after being hit by hackers, but a college official said other schools should consider buying coverage after seeing first-hand how costly a cyberattack can be.

Speaking publicly about the incident Friday afternoon, Linda Dalgetty, the university’s vice president of finance and services, credited a cyber insurance policy purchased last year with helping the school bounce back after email and other services were suspended due to ransomware — an increasingly popular type of malware that encrypts compromised files and holds them hostage until a payment is made to cybercriminals.

“We can prevent as much as we can, but the reality is that cyber-criminals are very smart,” said Ms. Dalgetty according to the Calgary Herald. “They’re prolific, they’re everywhere and I don’t know of any entities that have not had some level of incursion.”

Global consulting firm PricewaterhouseCoopers has predicted the cyber insurance industry will be worth $7.5 billion by the end of the decade, and Rep. John Ratcliffe — who chairs the House’s Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies — recently called such policies a “valuable free-market tool in the ongoing effort to better defend ourselves against cyber risks.

source: 

india vs west Indies live links

http://www.hotstar.com/sports/cricket/icc-world-t20-semifinals-west-indies-vs-india/2001491638

bbc.in/1MVL9wO  

You are welcome in 5 country if trump wins

Every election season, it seems like everybody threatens to move to Canada if their preferred candidate doesn't win.
But, if Google searches are any indication, 2016 could be the year that people actually go through with it.
But why limit relocation options to Canada?
If the thought of being on the same continent as a President Trump is too much to stomach, there are plenty of other countries that also have a fairly easy immigration process, decent economies and English as a widely-spoken language.
Pray for a future America you want to live in. But if that doesn't work, start filing for immigration status.

New Zealand

The open road that leads somewhere where Donald Trump is not president (Wanaka, New Zealand).

Image: cameron spencer / Getty Images

For Americans that are considering deserting their country, New Zealand developed an entire webpage to make leaving as easy as possible.
First, wannabe Kiwis register their interest, then sign up on a website that will tailor an easy-to-follow checklist for each visa application process.
Public healthcare in New Zealand is free or almost free for citizens, residents or those with two-year work visas. Plus, New Zealand's cities rated less expensive that most major American cities, even though the standard of living was the same.

Ireland

The road to Dingle via the Connor Pass, a narrow, winding road through rocky glaciated mountains.

Image: john greim / LightRocket / Getty Images

Americans can stay in Ireland for up to three months without a visa. Any time longer than that will require going through immigrations.

The immigration process for Ireland is fairly easy — for those who can get a job there. The only other options are marrying an Irish person, having a baby on Irish soil, claiming refugee stats (Americans are not refugees), or becoming a student.
Or consider becoming an Irish citizen: It's easier than you might think. Even just having one great-grandparent who was born in Ireland and then moved to the states is qualification enough.
Why consider Ireland? The Irish are consistently ranked some of the friendliest people in the world — and Americans that are considering relocating will be in desperate need of friendship. Plus, a stroll on the moors is the ideal setting for brooding and cursing America.

Canada

Toronto, Ontario.

Image: roberto machado noa / LightRocket / Getty Images

The classic destination for exasperated Americans, the Great White North has been inundated with attention this week, and for good reason.
Canada has a very open immigration policy, with an express process for skilled workers. And they seem to be welcoming any and all to the country.
Cape Breton, an island in Nova Scotia, built an entire campaign off the fears of many Americans.
Canada's major cities are not that far removed from American cities, in terms of vibes. But Canada also offers plenty of wilderness for those need to drop off the grid for an entire four-year term. Also, immigrants to Canada will get a full year of free access to the country's national parks.
And hey, if Trump does get elected, maybe he'll build a wall on the Canadian border as well! Canadians can only hope.

Svalbard

Image: chris jackson / Getty Images

The unforgiving climate of Svalbard — a territory of Norway — may be more tolerable environment for some than Trump's America.
Also, it's probably the easiest place on Earth to relocate to: "No residence permit or visa is needed to settle on Svalbard," according to the government's pamphlet for foreigners.
However, disgruntled Americans that choose to take up in Svalbard are not entitled to social services. All residents of Svalbard must be able to provide for themselves financially and those who cannot may be "expelled or refused entry into Svalbard." You should also be able to defend yourself against polar bears.
Other than that, everybody who can handle living in the Arctic is welcome.

Sweden

Stockholm, Sweden.

Image: flickr Editorial / Getty Images

Sweden is often lauded for its generous immigration policies. About 15% of the Swedish population is refugees and immigrants — 36% of them are from high-income countries.
The process of applying to immigrate to Sweden can be done online. An offer of employment in Sweden is the first step to getting a work visa, but you can spend a few months in the country without a visa while looking for a job.
It's also been named one of the best countries to be a woman and has the most progressive views regarding gender equality.

India Vs pakistan live match

India Vs pakistan
http://matchcentre.starsports.com/cricket/asia-cup-2016-364/india-vs-pakistan-180927/live-video?__utma=231891677.2103072787.1456582900.1456582900.1456582900.1&__utmb=231891677.0.10.1456582900&__utmc=231891677&__utmx=-&__utmz=231891677.1456582900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=13129460

https://www.reddit.com/r/PakInmatchplay/ 

http://www.nfyi.org/afr207/_all_w_atch_india_vs_pakistan_t20_li_v_e_st_re_mi_ng

http://hdstream247.com/cricketlive/

https://www.youtube.com/watch?v=tg8Nj_MKRUY&index=64&list=PLU12uITxBEPHOJO1FU8qll6gQmKcXp5S7     (working youtube)

https://www.youtube.com/watch?v=8FfcAcNtxMQ   (another Working youtube)