Monday, 2 December 2013

Google Nexus phone vulnerable to SMS-based DOS attack

Google Nexus phones vulnerable to SMS-based DOS attack
Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them.

The vulnerability, discovered by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5.
The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS (Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts) messages to Nexus phone an attacker can cause the phone to malfunction.

He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said 'I was testing different message types and for the class 0 messages I noticed that the popup being displayed also adds an extra layer which makes the background darker." 

"Then my first thought was: what happens if I send more such messages? Will it make the entire background go black? If so, wouldn't this cause a memory leak? The answer is "Yes" for both of the questions. So, basically, by sending around 30 Class 0 messages, it will make the Google device behave strangely'."
According to the researcher, several possible outcomes can result from the overloading:

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP vulnerability
A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability (CVE-2012-1823) to propagate that has been patched as far back as May 2012.
Linux worm, which has been dubbed Linux.Darlloz, poses a threat to devices such as home routers and set-top boxes, Security Cameras, and even industrial control systems. It is based on proof-of-concept code released in late October and it helps spread malware by exploiting a vulnerability in php-cgi.

"Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target." the Symantec researchers explained.

The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of system files.

10 reasons why PCs crash U must Know


10 reasons why PCs crash U must Know

Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."

You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?

1 Hardware conflict


The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.

If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:

* Start-Settings-Control Panel-System-Device Manager.

Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.

Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.

Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is www.driverguide.com. If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).

When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.

2 Bad Ram


Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.

One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settings

Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.

Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.

A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.

Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).