QR Codes: Quick Response or a Quick Virus code?

Before scanning that QR code you just saw give it a second thought, Is it a clean code that will redirect you to an authentic site for the information you seek or a malicious code to breach your mobile security?

It seems like everywhere you look these days in business cards, ads, posters, websites, magazines, buses, almost on any object about which you might want to know more, you see a QR code which have proved to be the cheapest and easiest way to link the real world with the virtual.
QR code short for ‘Quick Response' code is a small two dimensional barcode that somewhat look like a scrambled checkerboards, invented by the Japanese corporation Denso Wave in 1994. Although these codes have been around for almost two decades, they were mainly used for industrial purposes until the last few years.

Why are QR codes so popular?
A Quick Response code is a type of matrix barcode that can store alphanumeric characters, in the form of URL's or text encoded in both vertical and horizontal direction, thus increasing its capacity of holding data than the traditional single dimensional barcodes i.e. 7,089 numeric characters or 4,296 alphanumeric characters and can store up to 2KB of data.
All you have to do is take a picture of a QR code with your smartphone camera and a QR reader application to scan it, the link within will direct you to websites, online videos or launch apps. The problem is there is no way to tell what's behind that QR code until scanned by QR code reader app. The biggest risk is if someone sees a random QR code that's not connected to anything just a sticker on the wall people cannot deny  their own curiosity, they will scan it because they want to know what it is, and attackers depend on this curiosity and craft their attacks.

Mobile Malwares:-
According to McAfee Labs Mobile malwares have doubled in last year.

Scams involving QR codes are gaining popularity. There are many cases of malicious QR codes being neatly placed over legitimate ones known as QRishing similar to phishing attacks.

IOS Device:-
On IOS devices for example, hackers are using jail-break exploits to send users to websites that will jailbreak the device. When a user scans a QR code he is redirected to an unknown website. These are drive by download attack, where these website hosts modified jailbreak exploits. Once visited the user phone will be jail broken and additional malware would be installed such as GPS trackers and key loggers.

Android Security Tool 'Conceal' by Facebook to encrypt data on disk.

When you install an app on your phone, you don’t always install it on the phone itself. You often store new apps and data on the external SD Card, letting you add more storage space as needed.

Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your phone's SD Card.
Engineers at Facebook have developed a way of protecting its popular Android apps when they’re stored on SD cards, and they’re now sharing this security tool called 'Conceal', that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface.
Conceal, is a programming code library for safely encrypting and decrypting data stored on SD cards. The company is already using the tool with the primary Facebook app that runs on Android.According to Facebook software engineers the company started building the tool about six months ago, but it only recently decided to open source it.
This tool is based on algorithms from OpenSSL, a common open source encryption system for the web, but it’s designed specifically for mobile phones running Android — including low-end phones. The whole library takes up only about 85KB of space. Conceal is smaller and faster than existing Java crypto libraries, uses AES-GCM, an authenticated encryption algorithm that helps to detect any potential tampering with data.The library also provides resources for storing and managing keys to protect against known weaknesses in the Android's random number generator. Conceal officially supports Android 2.3 and higher (Gingerbread). It will run on 2.2 (Froyo) phones as well.

Information Security Conferences 2014.

Date: February 9 – 13, 2014.
Conference Title:- Kaspersky’s SAS 2014.
Where: Punta Cana, Dominican Republic.
Link to the event

Date: February 12 – 14, 2014.
Conference Title:- nullcon Security Conference 2014.
Where: Goa, India.
Link to the event

Date: February 15, 2014.
Conference Title:- BSides Tampa, Florida.
Where: Tampa, Florida, United States.
Link to the event

Date: February 17 – 18, 2014.
Conference Title:- Code Blue.
Where: Tokyo, Japan.
Link to the event

Date: February 17 – 20, 2014.
Conference Title:- 12th USENIX Conference on File and Storage Technologies .
Where: Santa Clara, CA, United States.
Link to the event

Date: February 23 – 26, 2014.
Conference Title:- NDSS Symposium 2014.
Where: San Diego, California, United States.
Link to the event

Date: February 23 – 26, 2014.
Conference Title:- 2014 Network and Distributed System Security Symposium.
Where: San Diego, CA, United States.
Link to the event

Date: February 24 – 28, 2014.
Conference Title:- RSA Conference USA 2014.
Where: Moscone Center, San Francisco, United States.
Link to the event

Date: February 28, 2014.
Conference Title:- International Symposium on Engineering Secure Software and Systems .
Where: Munich, Germany.
Link to the event

Date: March 1 – 2, 2014.
Conference Title:- The 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments.
Where: Salt Lake City, UT, United States.
Link to the event

Your laptop Camera could spy on you without lighting up the warning light.

If you own a MacBook or any other laptop, you should cover up it's webcam, because there’s a possibility someone could be watching you.
Most of the webcam have a tiny light lets you know that the webcam is active, but it's possible for malware to disable this important privacy feature.
Two Students from Johns Hopkins University  Matthew Brocker and Stephen Checkoway created a proof of concept app called “iSeeYou” that confirmed that MacBook iSight webcams can spy on their users without the warning light being activated.
A young man recently pleaded guilty in court to extortion after he performed a remote hack on Miss Teen USA’s webcam to secretly collect nude photos. It was revealed through court papers that the FBI has the ability to do the same thing with a variety of current laptops including Apple products.
Your laptop camera could Spy on You without lighting up

Rogue Gaming app that steals WhatsApp conversations.

Many of my friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware are an excellent answer to it.
Spreading the malware through an official channel the attacker could improve the efficiency of the attack,and it is exactly what is happening,an Android game that was published on the official Google Play store to stealthy steal users WhatsApp conversation databases and resell the collection of messages,images,video etc on an internet website.The game “Balloon Pop 2” has been identified and removed from Google Play store,it was able to spy on conversations made via WhatsApp and upload them to the WhatsAppCopy
website.On the website the Android game BalloonPop 2 is advertised as a way of backing up any device’s WhatsApp conversation.
The website managers sustain that their app is a legitimate game that could be used to back up
WhatsApp messages and they aren't responsible for its abuse for spying purposes.
The attacker paying a fee could view the stolen WhatsApp conversations from the website but it is necessary to provide the phone number
of the targeted Android device to read the messages exchanged by the victims.
Despite of being immediately removed from the Google Play

Google tests NSA proof encryption to protect its users data on Google Drive.

Google is exploring ways to encrypt files stored in Google Drive to prevent the the U.S. government and
other authorities from demanding access to user data, according to a CNET report.
Encryption has been a popular word since former NSA contractor Edward Snowden leaked documents revealing an NSA program called PRISM that collects user data from major Internet companies, including Google.

Many companies use SSL and HTTPS to securely transmit data from a users computer to the destination servers.This protects the data from anyone listening in on the transmission, a procedure called a man-in-the-middle attack.Currently, when you upload or download something from Google Drive the transmission is in encrypted form,but Google is storing that data in an unencrypted manner.

According to CNET's report, Google is experimenting with

World's largest collaborative phone directory compromised.

True Caller,a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army.The hacker group claimed on its Twitter accounts and its website,that it has managed to get access into the databases containing a hundred of millions of phone numbers and its owners in addition of millions of Facebook/Twitter/Linkedin/Gmail accounts.

Syrian Electronic Army have also posted screenshots of the website's WordPress dashboard and database.

According to the hackers about 560 GB of data was downloaded from Truecaller servers.

In another tweet they have also leaked the login credentials for the site's database.

TrueCaller confirmed the security breach in their official blog. However, they denied the hacker's claim that they had access to the social network's access codes.