Computer Sounds Give Up Secret Information

Once again proving that real life is stranger than fiction, a group of Israeli security researchers have figured out how to pull off possibly the coolest hack in the past several years: extracting complex encryption keys via sound waves.

When computers are at work, the vibrations in their various components create noise, though usually that noise is too quiet or too high-pitched for the human ear to distinguish.

These sounds can be recorded with the microphone of an average cellphone placed near a computer, and they can reveal extraordinary amounts of information about what the computer is doing when it makes them.


For example, the sounds made when a common security program called GnuPG decrypts messages encoded with a 4096-bit RSA key could be used to determine that encryption key within an hour.

The attack is called "acoustic cryptanalysis," and it opens the door for some serious spy-thriller-level hacking.

Encryption keys work similarly to passwords in that they "unlock" messages that have been mathematically scrambled using an encryption algorithm.

A 4096-bit RSA key is a string of 4,096 ones and zeroes that unlocks a message encrypted with the Rivest-Shamir-Adleman (RSA) algorithm. Anyone who possesses an encryption key can read all messages secured with that key.

There is one catch, however — the text being decrypted during the recording process has to follow a certain mathematical pattern in order to create all the necessary patterns for determining the encryption key.

However, the researchers — who include Adi Shamir, the "S" in RSA — say in their paper that an attacker could easily craft unsuspicious-looking text that follows those mathematical patterns.

The paper also specifies some possible implementations of this attack, which sound like plot points from upcoming James Bond movies. For example, the GnuPG program is often set to automatically decrypt incoming email addresses.

An attacker could send the target an email with a few specially crafted lines of text, which would make the program emit the necessary sound. So long as a mobile phone placed next to the computer, or a more sensitive microphone up to 4 meters away, was recording the sound, the attacker would be able to secure the encryption key.

The research is not directly related to a possible newly discovered piece of malware that may send messages among infected machines using high-pitched sound

To get updates follow on facebook

Read More

Facebook Announces Secondary Offering Of 70M Shares, Raising Around $4B, As It Joins S&P500 Index

Some steps ahead for Facebook in its life as a huge public company: it’s selling some 70 million shares worth around $4 billion in a secondary offering and joining the S&P 500 Index, while Zuckerberg is will be making a philanthropic gift of 18 million Class B shares, worth potentially $1 billion.

The social network today announced that it would be making an offering of 70 million shares of Class A common stock — 27,004,761 shares from Facebook, and 42,995,239 shares from “certain selling stockholders,” with 41,350,000 shares coming from CEO and co-founder Mark Zuckerberg, and 1.6 million shares from VC Mark Andreessen.

Going by the closing share price on December 18 of $55.57/share, this would value the sale at nearly $3.9 billion. The actual price will be determined at the close of market today, Thursday, December 19.

Standard & Poor’s is adding Facebook’s Class A common stock to the S&P 500 Index — a measure of the company’s influence on the wider market. It will mean that shares of Facebook’s Class A common stock will be offered “primarily to index funds whose portfolios are primarily based on stocks included in the S&P 500 Index.” It’s getting added at the close of trading on December 20, 2013.

Facebook does not give any specific details about how it would use the capital raised in the offering, but there are a few things to note here:

First, Facebook notes that it will be used for working capital and general corporate purposes:

“Our principal purpose for selling shares in this offering is to obtain additional capital. We intend to use the net proceeds to us from this offering for working capital and other general corporate purposes; however, we do not currently have any specific uses of the net proceeds planned. Additionally, we may use a portion of the proceeds to us for acquisitions of complementary businesses, technologies, or other assets.”

This is a fairly routine reason given for secondary offerings, except that on the subject of acquisitions, Facebook has been in the news of late. Specifically, it had been rumored to be eyeing up the hot new ephemeral photo messaging app Snapchat, reportedly making an offer to buy it for $3 billion — raising money today potentially puts Facebook into play to acquire something, if not Snapchat.

Second, part of the reason for secondary offering is because you when you are added to S&P 500 Index you have access to more investor capital so it makes sense to release shares at that time.

Third, Facebook notes in its S-3 form the ongoing legal case around securities violations during its IPO last year and “seeking unspecified damages.” It further notes that “We believe these lawsuits are without merit, and we intend to continue to vigorously defend them,” but also that “Such lawsuits or inquiries could subject us to substantial costs, divert resources and the attention of management from our business, and adversely affect our business.” This potentially could be one other area where the proceeds of this offering may get used.

Regardless, Facebook notes that it “will not receive any proceeds from the sale of shares of Class A common stock by the selling stockholders.” In particular, Zuckerberg’s proceeds from the sale will be used to pay down tax obligations: “to satisfy taxes that he will incur in connection with the exercise, in full, of an outstanding stock option to purchase 60,000,000 shares of Class B common stock.” The 27 million shares being sold by Facebook, at yesterday’s closing share price, works out to around $1.5 billion.

Charitable donations

 The filing also lifts the curtain a bit on the extent of Zuckerberg’s philanthropic efforts. It notes that Zuckerberg intends to make a gift of approximately 18,000,000 shares of Class B common stock this month. The donation of these shares, a spokesperson tells me, will go to the Silicon Valley Community Foundation, which includes Zuckerberg’s educational and life sciences charitable efforts.

“These shares will be converted to Class A common stock in connection with Mr. Zuckerberg’s donation,” Facebook notes in the filing. There is no way to forecast what the value of the Class B stock will be when he decides to convert those shares to cash, although, again, going by the share price yesterday, this works out to just over $1 billion.

Facebook notes that J.P. Morgan, BofA Merrill Lynch, Morgan Stanley and Barclays are joint bookrunners for the offering. BNP Paribas, Citigroup, RBC Capital Markets, Credit Suisse, HSBC, Standard Chartered and Piper Jaffray are co-managers for the offering.

For updates you can like this face book page .

Read More

Reasons Why You Need an Antivirus on your Windows Operating System No Matter How Careful You Are

COMPUTER SECURITY

Whenever antivirus software is mentioned, someone always seems to chime up and say they don’t need an antivirus because they’re careful. This isn’t true. No matter how smart think you are, you can still benefit from an antivirus on Windows.

The idea that antivirus software is only necessary for irresponsible Windows users is a myth, and a dangerous one to spread. In an age where zero-day vulnerabilities are found and sold to organized crime with alarming frequency, even the most careful of users are vulnerable.

Being Smart Only Helps So Much

Many people think that you can only get malware by downloading suspicious files, running unpatched software, visiting the wrong websites, and doing other irresponsible things like having the Java plug-in enabled in your web browser. It’s true – this is how most people pick up malware. But this isn’t the only way malware can spread. You may not be able to protect yourself against zero day threats – vulnerabilities that the bad guys find first. The ones (virus) we don’t know about, which we can’t protect ourselves from. These flaws are corrected as soon as they’re found, but new ones inevitably pop up.

In other words, your computer could be infected just from you visiting a website. Even if you only visit websites you trust, the website itself could be compromised – something that happens with alarming frequency these days.

AN ANTIVIRUS IS THE FINAL LAYER OF PROTECTION

An antivirus is your final layer of protection. If a website uses a security flaw in your browser or a plug-in like Flash to compromise your computer, it will often attempt to install malware – key loggers, Trojans, rootkits, and all sorts of other bad things. These days, malware is the domain of organized crime looking to gather financial information and harness your computer for botnets.

If a zero-day in a piece of software you use does give the bad guys an opportunity to get malware onto your system, an antivirus is your last layer of defense.  It shouldn’t be your only layer of protection, but it is an important one. And there’s no good reason not to run an antivirus on Windows.

Why Wouldn’t You Run an Antivirus?

Some people believe that antivirus software is heavy and slows down your computer. This was certainly true in the past. Older Norton and McAfee antivirus software suites were infamous for slowing down your computer more than actual viruses would. They’re full of notifications and inducements to keep paying for a subscription and buy more expensive security suites, just as adware annoys you with requests to buy products.

This isn’t true anymore. Computers have become so fast that antivirus software doesn’t weigh them down like it used to. There are also more efficient security suites that are lighter on resources. Avast are lightweight antivirus programs created by Avast company. They don’t try to sell you anything at a costly price.

An antivirus program like Avast or AVG is cheap, and won’t noticeably slow down your computer, won’t harass you to buy anything, and doesn’t include an annoying update process (it updates automatically). If it does slow things down, you can use exclusions to exempt certain trusted files from the antivirus scans.

Antiviruses like Avast and AVG are a very low-hassle way to increase your security. There’s no reason not to use them – unless you just want to brag online that you’re too smart for an antivirus.

(For updates you can like my face book page .)

You Should Still Be Careful

An antivirus is only a single layer of security. No antivirus program is perfect, as all the antivirus tests show nothing catches all malware all of the time. if you don’t exercise caution, you may become infected by malware even if you’re using an antivirus (Of course, performing scans with other antivirus programs may help find malware your antivirus suite can’t find.)

Be careful about the files you download and run, keep your software updated, uninstall vulnerable software like Java, and more – but don’t drop your antivirus defenses completely just because you’re being careful. A zero-day in your browser, a plugin like Flash, or Windows itself could open the door to infection, and an antivirus is your last layer of protection.

Malware isn’t what it used to be – much of it is created by organized crime to capture financial information and other sensitive data. Antivirus software helps you stay ahead of the bad guys by a little bit more and it’s worth using.

For updates you can like my face book page .

Read More