It is reported that Google has detected several bogus SSL certificates issued by NIC and blocked them.
According to the report the certificates have been later blocked by CCA also.
It is surmised that hackers might have gained access to NIC and created the bogus certificates.
NIC may need to review the incident and report its findings for public information.
Naavi
A new virus called Selfmite has been detected on the Android platform. This virus spreads itself by sending SMS to contacts in the infected phone with a link.
The text message sent by Selfmite contains the contact’s name and reads: “Dear [NAME], Look the Self-time,” followed by a goo.gl shortened URL.
The rogue link points to an APK (Android application package) file called TheSelfTimerV1.apk that’s hosted on a remote server, researchers from security firm AdaptiveMobile said in a blog post.
If the user agrees to install the APK, an app with the name “The self-timer” will appear in the app list.
In addition to spreading itself to other users, the Selfmite worm tries to convince users to download and install a file called mobogenie_122141003.apk through the local browser.
Mobogenie is a legitimate application that allows users to synchronize their Android devices with their PCs and download apps from an alternative app store. The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently.
Naavi
In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-
The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI) says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.
According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.” Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.
Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.
In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.
For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.
It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.
The current guidelines come as a great relief to the Bank’s customers.
Naavi.org congratulates RBI for taking these steps.
Naavi
It has been reported that Nokia had given into a hacker’s black mail and paid a huge sum of ransom to a hacker who threatened disclosure of an encryption key for the Symbian OS.
The incident reportedly took place back in 2007, when Nokia was still one of the world’s biggest handset manufacturers with a market share of around 50%, and Symbian was the main operating system for its devices. It’s not known how the blackmailer got hold of the key, but if it was made public, Nokia risked a huge security headache with the potential there for hackers to write malware for the OS.
The ransom paid is reported to be of the order of several million Euros.
The incident highlights the cost of security weaknesses in big corporates. Many times the mistakes would have been committed by one of the employees and the nature of the mistake could be very silly. however the consequences could be disastrous. A Good corporate management should therefore consider investment in security as a non negotiable aspect.
Those companies including major Banks in India who state in their security policy that “We shall follow such security practices as are commercially feasible” will have to understand that they are taking risks that may one day kill their organizations.
Naavi
In a major and welcome move, the Supreme Court of US has disallowed “Business Method Patents”.
The decision which holds the subject patent “a method for reducing the risk that the parties to a transaction will not pay what they owe” invalid for patent, opens up a debate on several other vague patents which have been granted in the past.
Though the decision states that it should not affect software patents, many software patents may also get challenged in the process.
The development is interesting and could be beneficial to the community in the long run.
Naavi.org has in the past discussed how IPR is often misused both under Copyright and Patent laws and argued for a more saner implementation. Perhaps the subject decision will help in rationalizing the IPR concept in the coming days.
Naavi
A new Cyber Threat that is far ahead of the Stuxnet threat has been reported by security researchers.
Ref: here
This threat works through a mobile phone which is near a computer. The electro magnetic waves emanated by the phone and the computer during their regular operations establish a contact with which a malware is first introduced into the computer and then the computer transmits the data through FM frequency to the mobile and later sent through the mobile network to the hacker.
This means that no mobile phones can be allowed near a sensitive computer if this threat need to be eliminated.
Naavi
