MediaCenter Panda Security http://www.pandasecurity.com/mediacenter Just another WordPress site Thu, 30 Oct 2014 12:55:43 +0000 en-US hourly 1 http://wordpress.org/?v=4.0 Have you got a WordPress blog? Watch out, plugins are their Achilles’ heelhttp://www.pandasecurity.com/mediacenter/security/got-wordpress-blog-watch-plugins-achilles-heel/ http://www.pandasecurity.com/mediacenter/security/got-wordpress-blog-watch-plugins-achilles-heel/#comments Thu, 30 Oct 2014 12:50:54 +0000 http://www.pandasecurity.com/mediacenter/?p=12450 Attacks on Dropbox, leaks of Snapchat images, nude photos of celebrities published on the Internet… You’ve probably read about some of these high-profile IT attacks that have taken place over the last few weeks. All websites that have carried these or similar stories have a ‘B-side’. Everything you see is built on a content management […]

The post Have you got a WordPress blog? Watch out, plugins are their Achilles’ heel appeared first on MediaCenter Panda Security.

]]>
Attacks on Dropbox, leaks of Snapchat images, nude photos of celebrities published on the Internet… You’ve probably read about some of these high-profile IT attacks that have taken place over the last few weeks.

All websites that have carried these or similar stories have a ‘B-side’. Everything you see is built on a content management system, otherwise known as CMS. Today, the most popular of these is WordPress. No doubt you’ve heard of it, or perhaps you have even used it as a tool to venture into the blogosphere. There are now some 75 million pages running on WordPress. And of course, they are also vulnerable to cyber-attacks.

button-badge-wordpress

Being the most popular CMS also makes it the most vulnerable. Not because WordPress has more security holes than others, simply because it is the one that has been most targeted and researched by cyber-criminals.

In recent months, tens of thousands of pages built on WordPress have been hacked. Needless to say this CMS is not perfect and has vulnerabilities, but that still doesn’t explain these mass attacks. “WordPress has been around for a long time, and during that time they’ve had the chance to patch a lot of vulnerabilities and change the way that they develop software in a secure manner,” says researcher Ryan Dewhurst. “They’ve got a great team that knows what they’re doing, and even though vulnerabilities are still found in WordPress, it is less common for them to be found in their core code.”

Dewhurst has published a database of WordPress flaws over recent years, though don’t expect a long list of security holes.

So, what explains the hacking of 50,000 websites last summer? The answer lies not in the WordPress CMS, but in the seemingly inoffensive ‘plugins‘.

chalk-wordpress

Plugins are small additional tools that add new functions to those offered by WordPress by default.

They have however become a real Trojan horse. The problem is similar to the one that has affected Snapchat or Dropbox in the last few weeks. As it is a third-party service, WordPress has no control over the security holes that could be present in the plugins.

There are more than 30,000 of them and monitoring all of them would be a Herculean task for the company. And this is where the cyber-criminals have entered the scene.

What’s the solution?

It would seem then that preventing future attacks is not in the hands of the CMS, though a bit of care on the part of the user could help avoid future problems

In theory at least, one of the solutions is to avoid WordPress altogether. If this CMS is being attacked due to its popularity (according to a report by Imperva, the number of attacks on WordPress websites is 24% greater than those on pages using other CMS), it may be sufficient to stop using it. However, don’t be fooled by the numbers: WordPress suffers more attacks, but other tools like Joomla or Drupal are just as vulnerable.

For now, the best thing is to tread carefully when using WordPress plugins (and other CMS): Running a search to check whether the plugin you want to use is secure or if it is prone to attacks could save you problems in the future.

The post Have you got a WordPress blog? Watch out, plugins are their Achilles’ heel appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/got-wordpress-blog-watch-plugins-achilles-heel/feed/ 0
The origins of the new Panda Free Antivirushttp://www.pandasecurity.com/mediacenter/interviews/origins-new-panda-free-antivirus/ http://www.pandasecurity.com/mediacenter/interviews/origins-new-panda-free-antivirus/#comments Wed, 29 Oct 2014 15:39:12 +0000 http://www.pandasecurity.com/mediacenter/?p=12444 The launch of Panda Security’s 2015 product lineup comes with a surprise. Panda Cloud Antivirus has become Panda Free Antivirus. But what are the differences between the products? What can you expect from the best FREE antivirus? What does the future hold in terms of IT security? Our colleague Herve Lambert, Consumer Product Marketing Manager […]

The post The origins of the new Panda Free Antivirus appeared first on MediaCenter Panda Security.

]]>
The launch of Panda Security’s 2015 product lineup comes with a surprise.

Panda Cloud Antivirus has become Panda Free Antivirus. But what are the differences between the products? What can you expect from the best FREE antivirus? What does the future hold in terms of IT security?

Panda Free Antivirus

Our colleague Herve Lambert, Consumer Product Marketing Manager at Panda, has been answering our questions…

  • Where has Panda Free Antivirus sprung from?

Panda Free Antivirus is an evolution of our first cloud-based antivirus: Panda Cloud Antivirus. Free AV was really created five years ago when we launched our first cloud-based antivirus. That decision illustrated our commitment to innovation and broke with the traditional protection model based on local signature files.

  • And what about downloads?

Over the last five years we’ve had around 45-50 million downloads and in 2014 we’re heading towards eight million. What’s more, our indicators suggest that there is a loyal product user base that is satisfied with the product, and that’s the best thing of all.

  • What was the impact of Panda Cloud Antivirus five years ago?

The first thing we saw was the enormous potential of cloud architecture as this new model of communication, detection and disinfection significantly improved all our ratios.

On the other hand, it also reduced the time needed to discover, detect and disinfect any malware, collectively and automatically. The impact was incredible and it had an immediate effect on our position in the market. This was a great step forwards for us.

However, these five years have flown by, and our colleagues in the lab and the technicians responsible for developing this new model never cease to include new and more efficient protection systems and technologies, which at the same time are less intrusive.

The result of these efforts is called ‘XMT’, a new detection engine included in all Panda’s consumer antivirus solutions.

  • What is XMT and what does the new engine offer?

XMT stands for “Extreme Malware Terminator”. This is how we refer to the whole set of new technologies that drive the new engine in Panda’s products. It’s lighter, more efficient and easier to use.

There’s no doubt that this is a reference point for the industry. XMT is many things in one. We’re talking about:

  1. New technological architecture
  2. New interception technologies
  3. New heuristic technologies
  4. New contextual technologies
  5. New means of detection, disinfection, informing and protecting Panda Security users

So what does this mean for our users? It means more security and more protection against known and unknown threats.

XMT allows us to take an aggressive stance against malware. We have built it from scratch, thinking of the most important things: our customers and what they need:

  1. Protection
  2. Resource friendly
  3. Ease of use

XMT antivirus

  • Why does this engine represent a change in terms of security?

Everything would suggest we are going in the right direction. The latest comparative reviews and studies from independent laboratories such as AV- Comparatives, AV- Test and Virus Bulletin have highlighted the excellent results of the Panda technologies.

Moreover, we offer excellent security and protection without affecting device performance (PCs, laptops, tablets), one of the great advantages of cloud-based protection.

  • We’ve spoken about the past and the present. What about the future?

The future is full of promise and we certainly won’t be bored J.The bad guys are getting badder and their goal is to get very, very rich.

The era of the ‘Internet of Things’ has opened new opportunities for them to achieve this goal and we will have to adapt IT security approaches to face new eras and change protection systems to tackle new problems.

One such example is multi-device protection. Nowadays this is a basic need, yet many users don’t think about it until something goes wrong, and the truth is that this happens everyday.

All our users -whether children, parents, lawyers or teachers- have to be aware of the new threats. They have to think about the level of security they want for their digital lives and put a value on their digital identity and the protection they need.

At Panda we still have much to do. Every day represents a new challenge. The bad guys won’t let up… and neither will we.

The post The origins of the new Panda Free Antivirus appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/interviews/origins-new-panda-free-antivirus/feed/ 0
10 Tips to Avoid Viruses on Halloweenhttp://www.pandasecurity.com/mediacenter/malware/10-tips-avoid-viruses-halloween/ http://www.pandasecurity.com/mediacenter/malware/10-tips-avoid-viruses-halloween/#comments Tue, 28 Oct 2014 08:18:15 +0000 http://support.pandasecurity.com/blog/?p=8425 Halloween is one of the most celebrated holidays, and cybercriminals always want to be part of it. As we get closer to Halloween, hackers take advantage of the most popular Hollywood titles to launch so-called BlackHat SEO attacks, i.e. false Google and other search engine results with keywords related to popular topics of the time […]

The post 10 Tips to Avoid Viruses on Halloween appeared first on MediaCenter Panda Security.

]]>
avoid-halloween-viruses

Halloween is one of the most celebrated holidays, and cybercriminals always want to be part of it.

As we get closer to Halloween, hackers take advantage of the most popular Hollywood titles to launch so-called BlackHat SEO attacks, i.e. false Google and other search engine results with keywords related to popular topics of the time to trick users into clicking on their links.

Another popular form for hackers that we see distributed during these days is spam. They use typical Halloween characters to trick users and bring them to where they want. This way, in addition to obtaining personal data and revenue through clicks achieved, they redirect the user to other websites selling fraudulent or prohibited products.

As always, education, common sense and being forewarned is our best advice. We must be aware that they will try to deceive us with practical jokes, introducing real malware to our equipment which will lead us to a lot of headaches.

10 Tips to Avoid Viruses on Halloween

  1. Do not open emails or messages received from social networks that can come from unknown sources
  2. Do not click a link you get by email, unless they’re from reliable sources. It is suggested to type the URL directly into the browser bar. This rule applies to messages received through any email client, such as those that come via Facebook , Twitter, other social networking, instant messaging programs, etc.
  3. If you click on one of these links, it is important to look at the landing page. If you don’t recognize it, close your browser
  4. Do not download attachments that come from unknown sources. During this time we must pay special attention to the files that come with issues or Halloween-related names
  5. If you do not see anything strange on the page, but it requests a download, be wary and do not accept.
  6. If, however, you begin to download and install any type of executable file and the PC starts to launch messages, there is probably a copy of malware
  7. Do not buy online from sites that do not have a solid reputation, and much less on pages where transactions are not made ​​securely. To verify that a page is secure, look for the security certificate that is represented by a small yellow lock at the bar of the browser or in the lower right corner
  8. Do not use shared computers to perform transactions that require you to enter passwords or personal data
  9. Make sure you have an installed and updated antivirus
  10. Keep up with all the security news 

What about you? Have you ever been infect on Halloween?

The post 10 Tips to Avoid Viruses on Halloween appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/malware/10-tips-avoid-viruses-halloween/feed/ 0
White House wants to replace passwords with selfieshttp://www.pandasecurity.com/mediacenter/news/white-house-wants-replace-passwords-selfies/ http://www.pandasecurity.com/mediacenter/news/white-house-wants-replace-passwords-selfies/#comments Mon, 27 Oct 2014 15:25:09 +0000 http://www.pandasecurity.com/mediacenter/?p=12431 There’s one question that appears on any Internet platform on which you have to verify your identity with a password: “Forgotten your password?” Companies nowadays know how forgetful we users can be. Particularly when it comes to remembering a complex sequence of letters and numbers that we’ve had to conjure up. And that’s not all. […]

The post White House wants to replace passwords with selfies appeared first on MediaCenter Panda Security.

]]>
selfie-girls

There’s one question that appears on any Internet platform on which you have to verify your identity with a password: “Forgotten your password?” Companies nowadays know how forgetful we users can be. Particularly when it comes to remembering a complex sequence of letters and numbers that we’ve had to conjure up.

And that’s not all. There are the PINs for your cell phone, your credit card… There are now so many things to commit to memory that it sometimes seems that we just don’t have enough neurons to deal with it all.

As the technology giants are well aware of this human limitation, some are now including fingerprint sensors in devices, so owners confirm their identity simply by placing a finger on the screen. Many mobile devices also include a voice recognition option, though this is rarely activated by users.

fingerprint

These methods of identification however are still not entirely practical. At least this is what the President’s cybersecurity coordinator, Michael Daniel, believes. He wants to get rid of passwords from the White House forever.

One of the more unusual alternatives suggested by Daniel is for the President’s staff to use selfies.

It would seem that these snap shots could now be used for something other than just posting on social networks. Daniel’s plan would involve installing a series of sensors around the building which could recognize the faces of those entering certain areas of the President’s residence.

Instead of having to stand right in front of the sensor, staff could just show the screen of their cell phones displaying a clear and recognizable selfie.

selfie-obama

Daniel believes that technology companies have begun to realize that security measures must not only be functional, they must also take into account how users behave. If these measures are too complicated or difficult, people just won’t use them, he warned.

That’s why selfies could be the perfect answer, as even world leaders have taken to this latest digital craze.

The post White House wants to replace passwords with selfies appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/white-house-wants-replace-passwords-selfies/feed/ 0
419 scam. How to recognize ithttp://www.pandasecurity.com/mediacenter/security/419-scam-how-to-recognize/ http://www.pandasecurity.com/mediacenter/security/419-scam-how-to-recognize/#comments Mon, 27 Oct 2014 13:00:26 +0000 http://www.pandasecurity.com/mediacenter/?p=12427 If you have an email address no doubt at some time or another you have received an email from some friendly soul claiming that you’ve won a large sum of money. Inevitably, in order to receive the money, you’ll first have to stump up a certain amount of cash. This type of message, which often […]

The post 419 scam. How to recognize it appeared first on MediaCenter Panda Security.

]]>
junk-mail

If you have an email address no doubt at some time or another you have received an email from some friendly soul claiming that you’ve won a large sum of money.

Inevitably, in order to receive the money, you’ll first have to stump up a certain amount of cash.

This type of message, which often finds its way into users’ junk mail tray, is a variation of the scam known as the Nigerian letter, or the 419 scam (as they violate section 419 of the Nigerian criminal code).

Though this is one of the oldest scams on the Web, such emails are still commonplace for the simple reason that people still fall for it.

Variations of the 419 scam

  • The classic scam: Someone contacts you asking for help to get a large amount of money out of the country, in exchange for a decent commission. Sometimes the scammers even claim to represent a company that needs to get cash out of the country.
  • Animals: The criminals advertise cats, dogs, etc. for sale or even adoption. If you want one however, you are asked to forward the shipping costs first.
  • Lottery: Perhaps one of the funniest scams is the one that informs you that you have won the lottery… even if you didn’t buy a ticket! As usual, to receive your prize you have to send some cash up front.
  • An inheritance. You have inherited a sum of money from someone you didn’t even know, though of course, in order to receive it you must first hand over a small deposit.
  • Love: Someone you have never seen has fallen in love with you and has contacted you as they desperately want you to reciprocate. Once they have stolen your heart, they will need money in order to come and see you.

As we mentioned before, incredible though it may seem, people still fall for these scams.

Needless to say, you should never send money to someone who contacts you via email and neither should you reveal personal or financial information via email or over the phone.

The post 419 scam. How to recognize it appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/419-scam-how-to-recognize/feed/ 0
How to boost security on your Facebook account with two-step verificationhttp://www.pandasecurity.com/mediacenter/security/boost-security-facebook-account-two-step-verification/ http://www.pandasecurity.com/mediacenter/security/boost-security-facebook-account-two-step-verification/#comments Thu, 23 Oct 2014 14:18:15 +0000 http://www.pandasecurity.com/mediacenter/?p=12416 No doubt you’ve heard about two-step verification used on various social networks. Having this option enabled lets you increase security on your account and helps prevent unauthorized and potentially malicious access. In the case of Facebook, the process is simple, and all you need is your cell phone handy to confirm access from a new device. In Facebook, a […]

The post How to boost security on your Facebook account with two-step verification appeared first on MediaCenter Panda Security.

]]>
two-step-verification-facebook

No doubt you’ve heard about two-step verification used on various social networks.

Having this option enabled lets you increase security on your account and helps prevent unauthorized and potentially malicious access.

In the case of Facebook, the process is simple, and all you need is your cell phone handy to confirm access from a new device. In Facebook, a new device is one that you haven’t used previously to connect to the platform.

This way, what you have to do is approve logins to prevent others from accessing your account.

Here we explain step-by-step how to enable login approvals.

How to boost security on your Facebook account with two-step verification

In your Facebook account, go to Settings.

facebook-settings

Go into Account Settings and select Security. There you will see “Login Approvals”.

facebook-login

From there click “Require a security code to access my account from unknown browsers”.

facebook-login-approvals

facebook-security-code

When you enter the code that they send to your phone, you will have to enter your Facebook account password.

facebook-password

Now you have enabled login approvals.

facebook-complete

Facebook also gives you the option to print security codes in case at some time you don’t have your phone handy. It’s easy, right?

The post How to boost security on your Facebook account with two-step verification appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/boost-security-facebook-account-two-step-verification/feed/ 0
Apple Pay: Apple’s new payment system.http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/ http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/#comments Wed, 22 Oct 2014 14:15:17 +0000 http://www.pandasecurity.com/mediacenter/?p=12410 On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express […]

The post Apple Pay: Apple’s new payment system. appeared first on MediaCenter Panda Security.

]]>
iphone6

On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express in October in the U.S. before  being extended to other countries.

This innovation will allow user to pay for goods in stores as well as through other applications. Many already wonder whether in the not too distant future this type of payment may become commonplace, and if so, whether it will be secure. Having your hard-earned money passed from one online digital application to another without ever physically having your hands on it is still a concept many of us are yet to feel entirely comfortable with. And with good reason, any cyber-criminal that accesses your device could have access to your money.

The experts however, believe that this could be a secure option for the transactions of the future. So what type of security does it use?

ApplePay

Apple Pay security methods

1. Tokens

Apple has explained that transactions with this system will be secure because it uses a method known as ‘tokenization’. This is a system often used by financial institutions because it replaces the traditional digits of credit and debit cards with a complex code (‘token’) generated at random, which only keeps that last four digits from the real number and is transmitted between devices.

The great advantage of these numbers is that on their own they are useless and they are only used once. Every time a payment is made a new number is generated. So even if they are intercepted, they can’t be used for anything. This means there is no trace of the data on the credit cards. Even the stores don’t save this data on their servers. The credit card number isn’t stored anywhere, rather the number is associated with a device ID that is saved on a chip inside the terminal.

The exchange of data required for the transaction is carried out with near-field communication (NFC) wireless technology. This is an open platform whose strong point is that it enables fast wireless communication over distances of less than 20cm. However, there are those who question its security: the data can be intercepted, although this is precisely the reason that there are stronger security measures.

apple-credit-card

2. Touch ID

The transaction is completed with Apple’s Touch ID fingerprint sensor. The user doesn’t have to enter a password: the payment process is completed when the user authorizes it by placing a finger on the iPhone ‘Home’ button.

3. CVV

Yet besides the ‘tokens’ and Touch ID, there’s another layer of security. Whenever a user goes to pay, their mobile device sends a CVV. This is normally the three-digit number found on the back of a credit card but this time it’s a number randomly generated by the payment application. Consequently, the device identifies itself to the receiver, which verifies that the ‘tokens’ have been created on the order of the card owner.

The way the application works is simple: All you need is one of the Apple devices mentioned above and to place it close to the store’s payment terminal.

The process is as follows: when the application is launched, the device connects securely to the payment system and selects a credit card stored on the chip integrated in the phone and whose number is associated to an identifier in the device.

The identifier is combined with the ‘token’ and then the application asks the user to identify themselves through the Touch ID fingerprint scanner. The information is then sent to the bank by the store and the transaction is confirmed. And that’s it. Secure transactions can be as simple as that.

The post Apple Pay: Apple’s new payment system. appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/feed/ 0
Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrencehttp://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/ http://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/#comments Mon, 20 Oct 2014 14:41:37 +0000 http://www.pandasecurity.com/mediacenter/?p=12401 Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission. […]

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.

]]>
girl-with-computer

Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission.

Since last September, more than 100 celebrities have been victims of this type of invasion of privacy. After having uploaded compromising photos to the Apple iCloud, they discovered these images posted on the Web. Someone had accessed and leaked the pictures.

All eyes then turned to Apple. The attack was caused by a security flaw on its mobile devices. A cyber-criminal claimed to have hacked the company’s services to get hold of the images, although the company has rejected this claim on several occasions.

Nevertheless, here we offer six tips to help protect your photos… just in case!

1. Be careful about what you store in the cloud

If these actresses and models hadn’t uploaded compromising images, it would have been considerably harder for the hackers to get hold of them. Even if you are not a public figure, it’s always a good idea to think about what kind of things you want to store on your phone.

2. Don’t share your account user names or passwords with others

Even though a friend or colleague may have your complete trust, the fewer people who know your credentials, the less chance there is of others finding out. Most online platforms (Facebook, Apple, Google and Yahoo) allow you to boost security with two-factor authentication. If available, it is always a good idea to use it. It basically involves another step in the verification of the user’s identity. This could involve generating a code that the page sends to your phone or another means of contact to verify your identity.

3. Strengthen your passwords to make sure they can’t be guessed by cyber-criminals

One useful tip is for them to contain a mix of numbers, special characters and upper and lower case letters, i.e. make them has complex and varied as possible. The same goes for your Wi-Fi password. It’s also a good idea to change them frequently.

apple-id

4.  With email, it’s wise to have different addresses for different purposes

Use different accounts for professional, personal or financial affairs. If somebody manages to gain access to one, at least all your data won’t be at risk.

5. Take care with your profile on social networks

Check the privacy options from time to time as sometimes they can be changed or the default settings are re-established without notice. And be careful with what you post online.

6. Use a good antivirus

It will not only keep your computer virus-free but will also identity and help keep Internet fraudsters at bay when, for example, you’re shopping online. Find the antivirus that best meets your needs from out 2015 product lineup.

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/feed/ 0
iPhone 6. The fingerprint reader securityhttp://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/ http://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/#comments Thu, 16 Oct 2014 09:42:12 +0000 http://www.pandasecurity.com/mediacenter/?p=12397 Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in […]

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

]]>
Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in the new devices.

In the end, vulnerabilities emerge and obviously their impact is far greater than with other brands (especially if it is a new device). Apple has already suffered a few embarrassing errors discovered by users. You don’t have to go too far back to see: the aluminum case of the iPhone 6 Plus was said to be too flexible, meaning that the phone can even bend under certain conditions.

A secure iPhone?

While the tech world looked on in amazement at this problem in the new Apple device, a second rather more difficult issue emerged: Apple’s ‘Touch ID’ fingerprint identification system is not entirely secure.

Apple-security

This technology has already been used in iPhone 5s and as with iPhone 6, a few days after the launch an error was discovered: there was a relatively simple way to get past Apple’s fingerprint ID system.

“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” claimed the European hacker group, Chaos Computer Club, a year ago. This was something that could be performed by anyone with a bit of skill and patience.

So despite the company’s claims that with the new biometric system your fingerprint is one of the strongest passwords in the world, once again such claims might be premature.

History has repeated itself, and this time surprisingly, it has done so quite literally. Even though the Touch ID flaw was discovered a year ago, Apple has launched two new iPhones with the same problem.

This is confirmed by security expert Marc Rogers. “Sadly there has been little in the way of measurable improvement in the sensor between these two devices,” he claims. Although he underlines that the same fake prints that could deceive the Touch ID in iPhone 5s are no longer viable in the latest Apple device.

iPhone-fingerprint

According to Rogers, the difference is that the company has improved the scan resolution to improve the reliability of the system. However, this doesn’t mean that the same technique used to unlock the iPhone 5s couldn’t be used for iPhone 6. The difference is that the fake print would need to be a better quality.

This new flaw in Apple’s security system is serious, and even more so given the launch of Apple Pay, the company’s new mobile device payment system.

Thanks to NFC technology, users of this service can pay for things simply by waving their iPhone at the point of sale (POS) terminal. Indeed, the tool used by Apple to secure the payment service is none other than the Touch ID technology which, as Rogers explains, is easily hacked.

Nevertheless, Rogers does point out that using fingerprints is an effective form of user authentication, though Apple should include two-factor verification to give users complete peace of mind.

What do you think? Would you activate this type of payment?

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/feed/ 0
Seven million Dropbox passwords may have been compromisedhttp://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/ http://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/#comments Wed, 15 Oct 2014 11:43:07 +0000 http://www.pandasecurity.com/mediacenter/?p=12392 Recently, it would appear that there is no Internet service whose users’ data hasn’t been compromised. Now it’s the turn of Dropbox, the cloud storage service, which has had hundreds of its users’ passwords leaked and it’s claimed that many more could be published. Specifically, up to seven million users’ data may have been hacked, […]

The post Seven million Dropbox passwords may have been compromised appeared first on MediaCenter Panda Security.

]]>
dropbox

Recently, it would appear that there is no Internet service whose users’ data hasn’t been compromised.

Now it’s the turn of Dropbox, the cloud storage service, which has had hundreds of its users’ passwords leaked and it’s claimed that many more could be published. Specifically, up to seven million users’ data may have been hacked, with the consequent threat to the privacy of the users who store their data on the platform.

These claims come from a user of Pastebin, a text sharing site used by hackers and IT security specialists, who boasts to have obtained seven million Dropbox passwords and, supposedly as proof, has published some of them on the site.

On its official blog, Dropbox was quick to deny that its services have been hacked, claiming that the passwords had been stolen from other services and then used to access the file storage platform.

Dropbox urges users not to employ the same password for various services and to enable two-step authentication.

Gmail: Five million passwords stolen

What has happened to Dropbox also happened to Gmail in September, when 5 million passwords were leaked. Neither Dropbox nor Gmail were hacked. The data was taken from other websites.

With this data in their hands, cyber-criminals can try the same password for other services such as Facebook, Dropbox, Gmail or Twitter.

More | How to create strong passwords

The post Seven million Dropbox passwords may have been compromised appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/feed/ 0