The first thing you've wondered is surely how Google can get this data, because it's not something that hackers do. However, the figure published by Google is based on statistics provided by Verify the password, an extension that Google has developed and launched earlier this year.
This extension is available to all users who want to install it in their browser from the Chrome Web Store, which thousands of users have already done. The extension is responsible for checking user names and passwords used by users and alert them when it detects that the use of this identification information has been stolen by an attacker or a data filter.
This extension, fruit of the work done by Google in collaboration with many academics of the University of Standford, has already provided certainly alarming information. From a total of 21 million accreditations, username and password, automatically reviewed by Password Checkup, more than 300,000 were involved in several attacks and ended up in the hands of cyber criminals.
This suggests that our passwords are not as secure as we thought and that many users do not take the necessary security measures to protect their passwords. In this regard, Google recommends do not use the same password to access all our accounts and that each of them meets the minimum standards to be the sure enough
Written by Roberto Adeva
Specifically, allowing this failure is that the attacker can reduce the length of the encryption key used when establishing the connection between the two devices. In this way, reducing the length of the key makes a lot easier to decipher this key and therefore access the information exchanged.
Fortunately, exploiting this vulnerability is not an easy task because you have to give special conditions. On the one hand, both devices must be Bluetooth BR or EDR, ie basic rate or enhanced data rate, which corresponds to the data transmission rate supported by the connection . In addition, the attacker should be within reach of both devices They will establish the connection via Bluetooth and will be quick when it comes to intercept and manipulate the key established between the two devices, because it should be shortened and decrypt in a relatively short time.
Finally, this process must be repeated each time the two devices are associated again, as a new key would be used and the attacker should reestablish a new attack.
To resolve this problem, the Bluetooth specification has been updated. recommend a minimum length for the connection encryption key of 7 bytes for BR and EDR connections. For its part, Microsoft has already released an update today, CVE-2019-9506 – Bluetooth Encryption Key Negotiation, which resolves this vulnerability by applying the minimum length of 7 bytes to ensure secure connections.
However, once this update is installed, we need to enable the feature that allows us to solve the problem manually by accessing the Windows registry. We have to go to the road HKLM System CurrentControlSet Policies Hardware Bluetooth and change the input value EnableMinimumEncryptionKeySize at 1 instead of 0.
This vulnerability has affected both Windows XP as Windows 10, and to all operating systems in between. The problem lies in the way in which MSCTF it establishes communications, allowing even an application running in an isolated or low-privilege environment to read and write data to an application with more privileges.
MSCTF is a module present in the Text Services Framework (TSF) Windows that manages elements such as the processing of what we type with the keyboard, key distribution or voice recognition. Therefore, this element is executed each time we connect to our user. If we go into the task manager, we will see the CTF Loader process running, and it is responsible for communicating the changes made to the keyboard layout or input methods to the rest of the applications.
This interaction is forced into applications by the kernel, but the problem is that there is no access control or verification for this interaction. Any application or user can connect to a CTF session, read and write text in any window. any session, falsify the identifier of an application, increase the privileges or take the identity of a CTF service.
So, it's as simple as waiting for a administrator Sign in to take control of your session and read sensitive information from other apps, including Passwords, get System permissions, delete the UAC dialog box, or execute commands in the Administrator Console. And all this in Windows 10 fully corrected.
The investigator who discovered the incident reported his discovery to Microsoft in mid-May. After 90 days, he decided to publish the information because Microsoft has not fixed the bug yet in one of its operating systems. In addition, it took more than a month for the company to respond to the investigator she was going to investigate. Two weeks before its release, Microsoft was still asking for details about the exploit.
Let's hope now that the vulnerability is public Microsoft hurry to fix itbecause, at the moment, all Windows computers are vulnerable to a failure of the provisioning function. For the moment, Microsoft has corrected one of them, CVE-2019-1162, this month, but for the rest, they said they would need more time.
The investigation has focused on a family of malware called Baldr, which was detected for the first time in January of this year on the dark Web. Since then, the cybersecurity company has been tracking its sales and expansion via the network, where it has detected the sale of at least 200 licenses.
The malware was sold in Russian forums belonging to the Deep Weband was bought by cyber criminals with little experience that has included them in the chetos and other traps for online games. Once the user has run the malicious program, he stole his passwords and all the important information in just 30 seconds. Then I took a picture of the office, encrypted the data and sent it to a server.
The Trojan has camouflaged itself as a trap for games like CS: GO or Apex Legends, and was distributed by YouTube videos, whose descriptions contained links to files containing malware, usually in .ace format or Office .rtf files. When running, he analyzed the installed programs to know from which to steal the data.
The distribution of malware has increased rapidly, but a dispute between the malware developer and its main distributor has caused the system to shut down, although they do not exclude it from reappearing under another name. The developer and distributor both received stolen data from users.
Among the information that Baldr was able to steal is the location of the device, bitcoin wallets, VPN Network Profiles, FTP Clients, and all passwords and stored cookies Locally, up to 22 different browsers. With this, an attacker could steal the identity of the user, know his credit cards, in addition to access all his social networks, streaming services, online stores or platform accounts. games. Some of the stolen credentials include Gmail, Hotmail, and Yahoo email accounts. They also stole accounts on Amazon, Facebook or Steam.
The countries most affected by malware are Indonesia, the United States, Brazil, Russia, India and Germany. In principle, although France also has a high rate of people affected, Spain would have had virtually no cases. However, this shows us several things: firstly, in Spain, we are smarter and do not download YouTube waste, and we have less interest in cheating in games. If there was not a wide market of users who have a better time using Aimbot and Wallhack, all these malware would have no distribution.
Before Windows 10, previous versions of operative system they did not enjoy a really reliable protection. Users were therefore forced to install third-party antivirus solutions on their devices, hence the boom and the importance that many of these companies had acquired at the time. But Windows Defender, during its four years of life, has evolved a lot to become one of products of this type the most used in the world, which obviously negatively affects the third party developments in this direction.
And of course, to all of this, we must add that this anti-virus It is free for users of the mentioned Windows 10, and it is already installed and prepared in advance after the system is booted, so that the user himself has nothing to do protected from the beginning.
Well, to the good results achieved by the program As far as protection as such is concerned, we now have to add the revelation recently released by Microsoft regarding the current penetration of Windows Defender Antivirus on the market. More precisely in the middle of year 2019, it is already said that this solution has a use in more than 50% of the equipment based on Windows In the whole world.
Therefore, this could also result in the fact that in this case we are talking about the solution of these most used features when they are used 500 million devices Windows, the growth that seems to continue to increase over time. And of course, largely thanks to this important market share, Windows Defender has become one of the company's main goals. cyber attackers, in the event that a attacker I managed to overcome their defenses, so a lot of Windows systems would be vulnerable.
That's why Microsoft engineers keep working and improving this software, because everything indicates that, along with the operation of Windows 10, the integrated antivirus will continue to grow. This is why its functions protection they do not stop to increase and be more effective against all kinds of potential external attacks, as is the case for example with the recent incorporation of Sandbox functionality, among others. In fact, the rest of the developers of similar solutions is growing, and rightly so, if one takes into account the perfect results obtained in the most recent tests done by the company. AV test, both in protection and in the performance and usability, although it is not the only tool of this type that has punctuation perfect.
But Microsoft does not want to impose its security program for Windows 10 users, at least that's what it suggests, so Windows Defender Antivirus, although it's the default, is designed to be automatically disabled when we install another antivirus on a Windows computer.
With everything and with and reflecting the most recent data obtained by the company based in Redmond, his proposal is more than accepted for the moment. In addition, several reasons justify this market penetration of 50%. On the one hand, its cost, which is free when acquiring Windows 10, its constants updates, comfort of use from the beginning, total l & # 39; Integration in the operating system and, finally, the good results achieved in terms of protection and overall performance.
Are you already a member of those who already use Windows Defender as a security solution in Windows 10, or do you still prefer to use other, more experienced, third-party proposals?
With regard to the driving license, the DGT will "carry" the map in the miDGT application, having full legal validity, as well as the documentation of our cars in digital format. In this application, which has not yet been launched, you can receive notices, news and even make administrative procedures with the DGT, such as paying fines or knowing the number of points remaining on the map.
This will help us in situations where we might have forgotten to take the wallet and not have a driver's license, since in theory they could do it. well with 100 euros, although they usually pay a fine of only 10 euros for a minor offense.
In the case of the passport, it would not even be necessary to keep it. When we go on a trip, one of the biggest fears is to lose it and have to go there to become temporary. Therefore, last year at the World Economic Forum, a test was proposed for passport-free travel between Canada and the Netherlands via Digital identity of the known traveler, or KTDI, a unique digital identification system for every traveler requiring only a scan biometric data to identify us, such as the face or the imprint.
The user would save his data in an application that would identify us by biometric settings (as the fingerprint or face detection). These types of identification methods are becoming more and more necessary because of the long queues of access in the countries, where it can run for several hours between landing. from the plane and departure from the airport. So, simply by putting the fingerprint or scanning our face, we could access it.
The number of passengers continues to grow and in fact, this week, the flight record was broken in a day. By the year 2030, 800 million people will travel abroad, 50% more than in 2016. The cost of airport security continues to grow and, with these systems, we seek to reduce this cost while accelerating the passage of travelers. In the same way that online billing has reduced the number of queues at airline ticket offices, this new step will further simplify the process.
In terms of security, another issue that is raised in this regard with the KTDI is its security, but it will be robust enough to be blockchain-based so that it's not possible to hack the database. In addition, the user can have control of his information at any time, being able to unsubscribe from the database at any time, from his own mobile.
As we see, the passport via KTDI will be even safer than the current one, as we will not have to wear the physical passport for travel and robberies will be avoided. The same thing will happen with the miDGT app, provided that we transport the properly protected mobile with a PIN code, password, fingerprint, face detection or any other system.