MediaCenter Panda Security http://www.pandasecurity.com/mediacenter Just another WordPress site Wed, 22 Oct 2014 15:13:51 +0000 en-US hourly 1 http://wordpress.org/?v=4.0 Apple Pay: Apple’s new payment system.http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/ http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/#comments Wed, 22 Oct 2014 14:15:17 +0000 http://www.pandasecurity.com/mediacenter/?p=12410 On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express […]

The post Apple Pay: Apple’s new payment system. appeared first on MediaCenter Panda Security.

]]>
iphone6

On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express in October in the U.S. before  being extended to other countries.

This innovation will allow user to pay for goods in stores as well as through other applications. Many already wonder whether in the not too distant future this type of payment may become commonplace, and if so, whether it will be secure. Having your hard-earned money passed from one online digital application to another without ever physically having your hands on it is still a concept many of us are yet to feel entirely comfortable with. And with good reason, any cyber-criminal that accesses your device could have access to your money.

The experts however, believe that this could be a secure option for the transactions of the future. So what type of security does it use?

ApplePay

Apple Pay security methods

1. Tokens

Apple has explained that transactions with this system will be secure because it uses a method known as ‘tokenization’. This is a system often used by financial institutions because it replaces the traditional digits of credit and debit cards with a complex code (‘token’) generated at random, which only keeps that last four digits from the real number and is transmitted between devices.

The great advantage of these numbers is that on their own they are useless and they are only used once. Every time a payment is made a new number is generated. So even if they are intercepted, they can’t be used for anything. This means there is no trace of the data on the credit cards. Even the stores don’t save this data on their servers. The credit card number isn’t stored anywhere, rather the number is associated with a device ID that is saved on a chip inside the terminal.

The exchange of data required for the transaction is carried out with near-field communication (NFC) wireless technology. This is an open platform whose strong point is that it enables fast wireless communication over distances of less than 20cm. However, there are those who question its security: the data can be intercepted, although this is precisely the reason that there are stronger security measures.

apple-credit-card

2. Touch ID

The transaction is completed with Apple’s Touch ID fingerprint sensor. The user doesn’t have to enter a password: the payment process is completed when the user authorizes it by placing a finger on the iPhone ‘Home’ button.

3. CVV

Yet besides the ‘tokens’ and Touch ID, there’s another layer of security. Whenever a user goes to pay, their mobile device sends a CVV. This is normally the three-digit number found on the back of a credit card but this time it’s a number randomly generated by the payment application. Consequently, the device identifies itself to the receiver, which verifies that the ‘tokens’ have been created on the order of the card owner.

The way the application works is simple: All you need is one of the Apple devices mentioned above and to place it close to the store’s payment terminal.

The process is as follows: when the application is launched, the device connects securely to the payment system and selects a credit card stored on the chip integrated in the phone and whose number is associated to an identifier in the device.

The identifier is combined with the ‘token’ and then the application asks the user to identify themselves through the Touch ID fingerprint scanner. The information is then sent to the bank by the store and the transaction is confirmed. And that’s it. Secure transactions can be as simple as that.

The post Apple Pay: Apple’s new payment system. appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/apple-pay-new-payment-system/feed/ 0
Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrencehttp://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/ http://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/#comments Mon, 20 Oct 2014 14:41:37 +0000 http://www.pandasecurity.com/mediacenter/?p=12401 Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission. […]

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.

]]>
girl-with-computer

Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission.

Since last September, more than 100 celebrities have been victims of this type of invasion of privacy. After having uploaded compromising photos to the Apple iCloud, they discovered these images posted on the Web. Someone had accessed and leaked the pictures.

All eyes then turned to Apple. The attack was caused by a security flaw on its mobile devices. A cyber-criminal claimed to have hacked the company’s services to get hold of the images, although the company has rejected this claim on several occasions.

Nevertheless, here we offer six tips to help protect your photos… just in case!

1. Be careful about what you store in the cloud

If these actresses and models hadn’t uploaded compromising images, it would have been considerably harder for the hackers to get hold of them. Even if you are not a public figure, it’s always a good idea to think about what kind of things you want to store on your phone.

2. Don’t share your account user names or passwords with others

Even though a friend or colleague may have your complete trust, the fewer people who know your credentials, the less chance there is of others finding out. Most online platforms (Facebook, Apple, Google and Yahoo) allow you to boost security with two-factor authentication. If available, it is always a good idea to use it. It basically involves another step in the verification of the user’s identity. This could involve generating a code that the page sends to your phone or another means of contact to verify your identity.

3. Strengthen your passwords to make sure they can’t be guessed by cyber-criminals

One useful tip is for them to contain a mix of numbers, special characters and upper and lower case letters, i.e. make them has complex and varied as possible. The same goes for your Wi-Fi password. It’s also a good idea to change them frequently.

apple-id

4.  With email, it’s wise to have different addresses for different purposes

Use different accounts for professional, personal or financial affairs. If somebody manages to gain access to one, at least all your data won’t be at risk.

5. Take care with your profile on social networks

Check the privacy options from time to time as sometimes they can be changed or the default settings are re-established without notice. And be careful with what you post online.

6. Use a good antivirus

It will not only keep your computer virus-free but will also identity and help keep Internet fraudsters at bay when, for example, you’re shopping online. Find the antivirus that best meets your needs from out 2015 product lineup.

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/six-tips-make-sure-personal-photos-dont-end-web-like-jennifer-lawrence/feed/ 0
iPhone 6. The fingerprint reader securityhttp://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/ http://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/#comments Thu, 16 Oct 2014 09:42:12 +0000 http://www.pandasecurity.com/mediacenter/?p=12397 Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in […]

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

]]>
Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in the new devices.

In the end, vulnerabilities emerge and obviously their impact is far greater than with other brands (especially if it is a new device). Apple has already suffered a few embarrassing errors discovered by users. You don’t have to go too far back to see: the aluminum case of the iPhone 6 Plus was said to be too flexible, meaning that the phone can even bend under certain conditions.

A secure iPhone?

While the tech world looked on in amazement at this problem in the new Apple device, a second rather more difficult issue emerged: Apple’s ‘Touch ID’ fingerprint identification system is not entirely secure.

Apple-security

This technology has already been used in iPhone 5s and as with iPhone 6, a few days after the launch an error was discovered: there was a relatively simple way to get past Apple’s fingerprint ID system.

“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” claimed the European hacker group, Chaos Computer Club, a year ago. This was something that could be performed by anyone with a bit of skill and patience.

So despite the company’s claims that with the new biometric system your fingerprint is one of the strongest passwords in the world, once again such claims might be premature.

History has repeated itself, and this time surprisingly, it has done so quite literally. Even though the Touch ID flaw was discovered a year ago, Apple has launched two new iPhones with the same problem.

This is confirmed by security expert Marc Rogers. “Sadly there has been little in the way of measurable improvement in the sensor between these two devices,” he claims. Although he underlines that the same fake prints that could deceive the Touch ID in iPhone 5s are no longer viable in the latest Apple device.

iPhone-fingerprint

According to Rogers, the difference is that the company has improved the scan resolution to improve the reliability of the system. However, this doesn’t mean that the same technique used to unlock the iPhone 5s couldn’t be used for iPhone 6. The difference is that the fake print would need to be a better quality.

This new flaw in Apple’s security system is serious, and even more so given the launch of Apple Pay, the company’s new mobile device payment system.

Thanks to NFC technology, users of this service can pay for things simply by waving their iPhone at the point of sale (POS) terminal. Indeed, the tool used by Apple to secure the payment service is none other than the Touch ID technology which, as Rogers explains, is easily hacked.

Nevertheless, Rogers does point out that using fingerprints is an effective form of user authentication, though Apple should include two-factor verification to give users complete peace of mind.

What do you think? Would you activate this type of payment?

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/iphone-6-fingerprint-reader-security/feed/ 0
Seven million Dropbox passwords may have been compromisedhttp://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/ http://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/#comments Wed, 15 Oct 2014 11:43:07 +0000 http://www.pandasecurity.com/mediacenter/?p=12392 Recently, it would appear that there is no Internet service whose users’ data hasn’t been compromised. Now it’s the turn of Dropbox, the cloud storage service, which has had hundreds of its users’ passwords leaked and it’s claimed that many more could be published. Specifically, up to seven million users’ data may have been hacked, […]

The post Seven million Dropbox passwords may have been compromised appeared first on MediaCenter Panda Security.

]]>
dropbox

Recently, it would appear that there is no Internet service whose users’ data hasn’t been compromised.

Now it’s the turn of Dropbox, the cloud storage service, which has had hundreds of its users’ passwords leaked and it’s claimed that many more could be published. Specifically, up to seven million users’ data may have been hacked, with the consequent threat to the privacy of the users who store their data on the platform.

These claims come from a user of Pastebin, a text sharing site used by hackers and IT security specialists, who boasts to have obtained seven million Dropbox passwords and, supposedly as proof, has published some of them on the site.

On its official blog, Dropbox was quick to deny that its services have been hacked, claiming that the passwords had been stolen from other services and then used to access the file storage platform.

Dropbox urges users not to employ the same password for various services and to enable two-step authentication.

Gmail: Five million passwords stolen

What has happened to Dropbox also happened to Gmail in September, when 5 million passwords were leaked. Neither Dropbox nor Gmail were hacked. The data was taken from other websites.

With this data in their hands, cyber-criminals can try the same password for other services such as Facebook, Dropbox, Gmail or Twitter.

More | How to create strong passwords

The post Seven million Dropbox passwords may have been compromised appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/seven-million-dropbox-passwords-may-have-been-compromised/feed/ 0
200,000 Snapchat images leakedhttp://www.pandasecurity.com/mediacenter/news/200000-snapchat-images-leaked/ http://www.pandasecurity.com/mediacenter/news/200000-snapchat-images-leaked/#comments Tue, 14 Oct 2014 16:23:57 +0000 http://www.pandasecurity.com/mediacenter/?p=12389 After Celebgate, the leaking of private photos and videos of Hollywood actresses and models such as Jennifer Lawrence, now users of Snapchat have seen the security of their files compromised. Snapchat is a mobile app for sending images and messages that are automatically deleted between one and ten seconds after being read. Although Snapchat does […]

The post 200,000 Snapchat images leaked appeared first on MediaCenter Panda Security.

]]>
snapchat

After Celebgate, the leaking of private photos and videos of Hollywood actresses and models such as Jennifer Lawrence, now users of Snapchat have seen the security of their files compromised.

Snapchat is a mobile app for sending images and messages that are automatically deleted between one and ten seconds after being read.

Although Snapchat does not store users’ images, another app, Snapsave, which is available for Android and iOS, does store them. This is what has enabled 200,000 photos to be stolen, according to Snapchat.

According to The Guardian (UK), these include some 100 MB of nude images. It is as yet unknown whether these might include images of children, and it is important to point out that downloading of nude images of children under 16 is a jailable offense under child pornography legislation.

Images from ‘The Snappening’, as this leak has been dubbed, are already available on some Internet portals.

The post 200,000 Snapchat images leaked appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/200000-snapchat-images-leaked/feed/ 0
Hospitals targeted by cyber-criminalshttp://www.pandasecurity.com/mediacenter/family-safety/hospitals-targeted-cyber-criminals/ http://www.pandasecurity.com/mediacenter/family-safety/hospitals-targeted-cyber-criminals/#comments Mon, 13 Oct 2014 14:51:21 +0000 http://www.pandasecurity.com/mediacenter/?p=12383 The last few months have witnessed a rise in attacks on hospital IT systems with a view to stealing sensitive data. So far in 2014 there has been a 600% increase in such crimes. Despite the benefits for hospitals of sharing patient data, this trend is posing a serious security problem for the healthcare industry. […]

The post Hospitals targeted by cyber-criminals appeared first on MediaCenter Panda Security.

]]>
The last few months have witnessed a rise in attacks on hospital IT systems with a view to stealing sensitive data. So far in 2014 there has been a 600% increase in such crimes.

Despite the benefits for hospitals of sharing patient data, this trend is posing a serious security problem for the healthcare industry. The reason is simple, medical information can be highly valuable.

To give you some idea, while credit card details could be worth a few euros on the black market, someone’s medical records could fetch as much as 80 euros. That’s a big difference. The reason is that this information includes not just medical details but also detailed personal information (social security numbers, addresses, bank account details, etc.) that can be used for identity theft.

perfusion-pump

It’s also important to bear in mind that in the USA (where the problem is greatest) healthcare is expensive and is mostly run by publicly-traded firms. That’s why they have a general interest in suppressing concerns about this issue (albeit a difficult task).

This August saw one of the largest thefts of medical data so far recorded, though it certainly wasn’t the first, or probably not the last. The personal details of over four million patients from the Community Health Systems organization were compromised.

Now no hospitals or health centers or health departments or healthcare companies are safe. Anyone who had received treatment in any center related to this healthcare group could be affected.

For this reason the FBI has said that it would be “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators“. It has launched an investigation to determine where were the attacks originated: the cyber-criminals were apparently working from China and used sophisticated malware. They are experienced in spying on the healthcare industry, stealing formulas for medications and drugs, and have been active for over than four years, although their impact is now greater thanks to the technological modernization of the sector.

doctor-patients

The FBI also warned healthcare companies of the need to take all possible security measures. The agency has recently been releasing alerts to provide businesses with technical information they can use to either prevent or identify cyber-attacks.

What’s more, hospitals are rarely prepared for this kind of attack, much less when many of the devices they use every day are connected to the Internet. However, with the emergence of the ‘Internet of Things’, it is essential that they adapt to the new environment. According to Kristopher Kusche, an expert in medical IT services, there are currently about 20,000 healthcare devices in the country connected to the Web.

doctors-at-the-OR

For this reason he believes it is essential for organizations to carry out risk assessment audits for their facilities with Internet access. Nevertheless, the most difficult thing is to quickly train people in prevention to deal with the attacks that are already happening. One of the easiest ways to start however, is to install programs that can detect malware, which could in the short term help protect devices against infection.

In addition, these attacks are creating a great deal of insecurity in the medical environment, which goes beyond just data theft, as many of these devices are routinely used to care for patients. Doctors are concerned whether someone could hack devices in order to affect people’s health. It wouldn’t be the first time that someone managed to tamper with a pacemaker…

The post Hospitals targeted by cyber-criminals appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/family-safety/hospitals-targeted-cyber-criminals/feed/ 0
The Ebola virus becomes the latest bait used by fraudstershttp://www.pandasecurity.com/mediacenter/news/the-ebola-virus/ http://www.pandasecurity.com/mediacenter/news/the-ebola-virus/#comments Fri, 10 Oct 2014 17:46:07 +0000 http://www.pandasecurity.com/mediacenter/?p=12374 The Spanish Civil Guard has warned via Twitter of a number of Ebola-related hoaxes that have appeared over recent days. Once again, WhatsApp has become the main channel for such scams, which include bogus reports of new cases of Ebola or the canceling of classes at the CEU San Pablo University in Madrid due to […]

The post The Ebola virus becomes the latest bait used by fraudsters appeared first on MediaCenter Panda Security.

]]>
The Spanish Civil Guard has warned via Twitter of a number of Ebola-related hoaxes that have appeared over recent days.

Once again, WhatsApp has become the main channel for such scams, which include bogus reports of new cases of Ebola or the canceling of classes at the CEU San Pablo University in Madrid due to a possible infection.

Spanish-Civil-Guard

Hackers often exploit such situations for financial gain, and it was never in doubt that the first confirmed case of Ebola in Spain would give rise to these types of scams.

The Spanish Civil Guard have asked users to help avoid generating panic by not distributing these messages. They also encourage people to get their information through what they refer to as “serious channels of communication.”

The post The Ebola virus becomes the latest bait used by fraudsters appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/the-ebola-virus/feed/ 0
If Viruses existed in the Times of Columbus…http://www.pandasecurity.com/mediacenter/malware/viruses-columbus/ http://www.pandasecurity.com/mediacenter/malware/viruses-columbus/#comments Thu, 09 Oct 2014 12:10:03 +0000 http://www.pandasecurity.com/mediacenter/?p=12357   If you want to share this infographic, here you have the code: If Viruses existed in the Times of Columbus

The post If Viruses existed in the Times of Columbus… appeared first on MediaCenter Panda Security.

]]>
 

Columbus English

If you want to share this infographic, here you have the code:


The post If Viruses existed in the Times of Columbus… appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/malware/viruses-columbus/feed/ 0
How do cookies work?http://www.pandasecurity.com/mediacenter/security/cookies/ http://www.pandasecurity.com/mediacenter/security/cookies/#comments Wed, 08 Oct 2014 14:39:58 +0000 http://www.pandasecurity.com/mediacenter/?p=12352 We all know the ‘Allow cookies?’ message. This option now appears in practically all websites. In fact, nowadays more people associate the term ‘cookies’ with its Internet use rather than with its edible origin. Cookies are small data packets which Web pages load on to browsers for a whole range of reasons. Every time you […]

The post How do cookies work? appeared first on MediaCenter Panda Security.

]]>
Cookies

We all know the ‘Allow cookies?’ message. This option now appears in practically all websites. In fact, nowadays more people associate the term ‘cookies’ with its Internet use rather than with its edible origin.

Cookies are small data packets which Web pages load on to browsers for a whole range of reasons. Every time you return to the same URL, the computer sends back this little package of information to the server, which detects that you have returned to the page.

When you access your email account or Facebook profile, it is cookies that allow your user name and password to be saved, so the next time you won’t have to enter them again.

But apart from storing strings of digits and letters, webmasters can use these tools for monitoring the activity of Internet users.

These virtual spies collect information about your Internet habits: the pages you visit frequently and the topics that interest you. The problem is that they usually share this information with data analysis firms or those that design targeted marketing campaigns.

If, say, an ad for a food product appears on your screen after you visit a restaurant page, don’t be too surprised. Thanks to cookies, advertising can be tailored to consumers’ preferences.

Even though cookies are safe and won’t usually infect your computer with malware, it is not always clear in whose hands the collected data ends up or where it is stored.

A team of researchers from Queen Mary University, London, has managed to shed some light on this in one of its studies. They have basically been spying on the spies. They analyzed where the data of Internet users from around the world ended up in order to draw up a data circulation map.

The experts have focused on who is running cookies on user’s browsers. External companies (such as those marketing and data analysis firms mentioned above) send these data packets from a domain different to the site so they can be detected when they do this. With this methodology they were able to analyze the 500 most popular pages in 28 countries.

The results have shown that this practice extends across the world. You can also see in the image the areas of the planet where Internet user privacy is most compromised.

cookies map

While in Europe, South America and Oceania the amount of local companies accessing user data is quite similar, the number is greater in Turkey and Israel. The origin of the snoopers is also interesting: most come from Russia or Germany. Those based in the USA often end up on browsers in the Middle East.

Scientists believe that this distribution reflects Internet privacy legislation in different countries. In most European countries, where there are laws regulating third-party access to user data, there aren’t so many ‘spies’ as in China or Turkey, where such rules are scarce. But spies are everywhere, so experts continue to call for tougher measures to combat the trafficking of personal information.

 

The post How do cookies work? appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/cookies/feed/ 0
WhatsApp Oro, a new scam related to the world famous messaging apphttp://www.pandasecurity.com/mediacenter/news/whatsapp-scam/ http://www.pandasecurity.com/mediacenter/news/whatsapp-scam/#comments Tue, 07 Oct 2014 12:16:00 +0000 http://www.pandasecurity.com/mediacenter/?p=12345   Be careful! The Spanish National Police have reported a new type of scam related to WhatsApp. That’s right, another one! We’re beginning to lose count of how many times we’ve reported these types of stories. It appears that cyber-criminals have invented a new version of the messaging app: WhatsApp Oro (WhatsApp Gold). As you […]

The post WhatsApp Oro, a new scam related to the world famous messaging app appeared first on MediaCenter Panda Security.

]]>
whatsapp oro

 

Be careful! The Spanish National Police have reported a new type of scam related to WhatsApp. That’s right, another one! We’re beginning to lose count of how many times we’ve reported these types of stories.

It appears that cyber-criminals have invented a new version of the messaging app: WhatsApp Oro (WhatsApp Gold). As you can probably imagine, there is no ‘Gold’ version of WhatsApp, and it’s really just another fraud to subscribe you to Premium SMS services.

Seemingly, criminals have been advertising this service on Twitter and more than a few users have fallen for it.

As you know, the success of WhatsApp has made it a prime target for criminals, so take care and don’t fall into the trap!

The post WhatsApp Oro, a new scam related to the world famous messaging app appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/whatsapp-scam/feed/ 1