MACS ARE VULNERABLE TO THUNDERSTRIKE 2 FIRMWARE MALWARE

Macs have long been said to be immune to viruses and malware -- but there is a long list of vulnerabilities that show this to be a false. Apple's claims that its hardware was not vulnerable to the firmware security flaws as PCs is proven wrong.

At the InfoSec event in Las Vegas which focuses on different security topics, Trammell Hudson, Xeno Kovah, and Corey Kallenberg will show that Macs are just as vulnerable to remote attacks as PCs using the Thunderstrike 2 backdoor.

Thunderstrike 2 is impressive in its efficacy. The malware can be remotely installed and can spread between Macs even if they are not connected. Thunderstrike 2 locks itself into firmware which makes it impossible to remove even after reinstalling OS X. Security software are unable to detect it. Xeno Kovah says:

For most users that's really a throw-your-machine-away kind of situation. Most people and organizations don't have the wherewithal to physically open up their machine and electrically reprogram the chip

Apple has previously stated that in order to become infected with firmware malware, direct physical access to a Mac is required. Although there is a wide-spread belief that Macs are more secure than PCs. There are far more PCs in use than Macs, so it make sense to hit as many system as possible with PC-specific attacks.

What do you think about Thunderstrike2 vulnerability? Let me in the comments.

Read More

VMWare Disk Utility v2.0

Today, I am releasing the version 2 of VMware Disk Utility. It contains bugs fixes and other features implementation such as

1. Bug reporting
2. Checking for update

If you are using version 1, you will have to manually download the latest version from here because the earlier version did not include Check for update feature. This has been fixed in this release and future updates will be available from the application. I apologize for the inconvenience. 

What is VMWare Disk Utility?

A few days back, I wanted to merge multiple vmdk disk files into a single one. I look around the internet and did the job. It was all console based so I decided to make a GUI for it.

The program uses the functionality of the vmware-disk-manager which is a part of VMware workstation. It is just like a wrapper-class that provides an interface to use the mentioned software with ease.

When you run the application, what you see is vmware-disk-manager presented to you with a graphical user interface. The hard part stays behind while you easily merge the vmdk disk files with just 3 clicks.

You can download the program from the links below:

Download 

Mirror

Your feedback is appreciated. If you find any bug, report it from the application or comment below

Read More

ANOTHER SERIOUS ANDROID VULNERABILITY DISCOVERY

A famous security company Trend Micro has found another vulnerability in Android which can send your device into totally non-functioning state. This is inconvenient, and can also be proven deadly.

Trend Micro says

"We have discovered a vulnerability in Android that can render a phone apparently dead -- silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May"

The company further explains,

"the vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system). The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data"

The worst part is that this is affecting many versions of the operating system-- Jellybean 4.3, to Lollipop 5.1.1.

Even worst is that Trend Micro reported this to Google in May and the company merely categorized it as a "low priority".

Does this vulnerability make you worry about your Android phone or tablet?

Tell me in the comments.

Source: Betanews

Read More