Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

A new randomware was doing the rounds, but rather than paying to unlock, it’s asking for a high score in a bullet-hell (think Touhou Project) game. The game is fun anyway, but would you be willing to play it to get your files? High stakes 🙂

 

Creator apologizes for a “joke” that really requires expert play to unlock files.

Source: Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

OpenSSL after Heartbleed | Linux.com | The source for Linux information

Despite being a library that most people outside of the technology industry have never heard of, the Heartbleed bug in OpenSSL caught the attention of the mainstream press when it was uncovered in April 2014 because so many websites were vulnerable to theft of sensitive server and user data. At LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team did a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

Source: OpenSSL after Heartbleed | Linux.com | The source for Linux information

Time is running out for NTP | InfoWorld

A lot of projects are corporate, but some, like NTP are small, or even solo projects. When these small projects become really important and still not have enough resource to maintain, the security issues can’t be patches as fast as, say Oracle, Microsoft or Google.

Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives

Source: Time is running out for NTP | InfoWorld

No, 900 million Android devices are not at risk from the ‘Quadrooter’ monster | Computerworld

You’ve probably seen articles inducing panic around the number of android devices vulnerable to this Quadrooter bug. But read through the below first.

 

 

Another day, another overblown Android security scare. Who’s ready for a reality check?

Source: No, 900 million Android devices are not at risk from the ‘Quadrooter’ monster | Computerworld

Guys, gals, aardvarks, fishes: I’m running out of ways to say this. Your Android device is not in any immediate danger of being taken over a super-scary malware monster.

It’s a silly thing to say, I realize, but we go through this same song and dance every few months: Some company comes out with a sensational headline about how millions upon millions of Android users are in danger (DANGER!) of being infected (HOLY HELL!) by a Big, Bad Virus™ (A WHAT?!) any second now. Countless media outlets (cough, cough) pick up the story and run with it, latching onto that same sensational language without actually understanding a lick about Android security or the context that surrounds it.

To wit: As you’ve no doubt seen by now, our latest Android malware scare du jour is something an antivirus software company called Check Point has smartly dubbed “Quadrooter” (a name worthy of Batman villain status if I’ve ever heard one). The company is shouting from the rooftops that 900 million (MILLION!) users are at risk of data loss, privacy loss, and presumably also loss of all bladder control — all because of this hell-raising “Quadrooter” demon and its presence on Qualcomm’s mobile processors.

“Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place,” the company says in its panic-inducing press release.

Well, crikey: Only an advanced mobile threat detection and mitigation solution can stop this? Wait — like the one Check Point itself conveniently sells as a core part of its business? Hmm…that sure seems awfully coincidental.

TL;DR: A “mobile threat detection and mitigration solution” is already present on practically all of those 900 million Android devices. It’s a native part of the Android operating system called Verify Apps, and it’s been present in the software since 2012….. Android has had its own built-in multilayered security system for ages now. There’s the threat-scanning Verify Apps system we were just discussing. The operating system also automatically monitors for signs of SMS-based scams, and the Chrome Android browser keeps an eye out for any Web-based boogeymen.

Kali Linux Pentesting Distribution — Now Runnable in Browser

Everyone loves hearing about pentesting and ethical hacking distros these days, and it looks like it is even becoming a trend among aspiring security professionals.

Therefore, today we have some good news for those who want to try one of the best penetration testing and security auditing operating systems based on the Linux kernel, Kali Linux, the successor of the popular BackTrack, and don’t have the resources to run the Live CD or install the OS on their computers.

Network security specialist Jerry Gamblin has created a project called KaliBrowser, which, if you haven’t already guessed, it allows you to run the famous Kali Linux operating system on a web browser, using the Kali Linux Docker image, Openbox window manager, and NoVNC HTML5-based VNC client.

Source: http://news.softpedia.com/news/you-can-now-run-backtrack-successor-kali-linux-pentest-os-in-your-web-browser-504809.shtml

Tor Messenger Beta: Chat over Tor, Easily | The Tor Blog

What is it?

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enablesOff-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

Source: Tor Messenger Beta: Chat over Tor, Easily | The Tor Blog