Month: August 2024

SanDisk introduces the first 8TB SD and 4TB microSD cards

Earlier this year Western Digital announced plans to release 4TB SD cards in 2025. Now the company is showing off its first 4TB microSD cards, and promising that full-sized SD cards with up to 8TB of storage are also on the way. WD announced both of u…

Earlier this year Western Digital announced plans to release 4TB SD cards in 2025. Now the company is showing off its first 4TB microSD cards, and promising that full-sized SD cards with up to 8TB of storage are also on the way. WD announced both of upcoming products at the Future Memory Storage 2024 conference last week. […]

The post SanDisk introduces the first 8TB SD and 4TB microSD cards appeared first on Liliputing.

What’s the Safest & Most Trusted Site to Download Pirate Streaming Apps?

The title of this article contains a question, one that in various forms has been asked millions of times over the years. The reason the same question still gets asked countless times even today, is simple: the answer, should one even exist, is never true for long, even if we assume it was initially true. So what’s the harm in asking?

From: TF, for the latest news on copyright battles, piracy and more.

malware-s1Receiving and imparting advice allows humans to benefit from the experiences of others, without ever having to suffer the consequences of making the same mistakes themselves.

While that’s a great theory and a lovely thought, it’s a poor substitute for knowing that today’s disaster is your own work and yours alone. What’s infinitely worse than that is blindly allowing strangers on the internet to make big decisions, and then having to live with the consequences of their poor advice knowing the blame lies closer to home.

Stay Safe, Trust No One

Case in point, ‘staying safe online’, which according to Google’s autocomplete is a popular question when people are preparing to download anything, from music to PC games, to general software and Android APKs.

whats the safest

Anyone who opted for the ‘safest site’ to ‘download free mp3’ today, but ignored copyright concerns and the first few results linking to legal services, may have landed on a site with links to a few YouTube download sites. However, the ‘recommended’ option at the top of the list is to install free software that ‘claims’ to download from Spotify instead.

The .exe triggered no warnings when scanned using Windows Defender, MalwareBytes, and BitDefender. When checked it remotely, using a handful of online security tools, a different picture emerged.

baddware1

A decision was made not to install the software and that turned out to be a good thing. Most of the time, installing any type of software from unknown sites should be avoided and here, any benefit would’ve been eliminated ten times over by whatever came next.

Beware of Deception

While the Baader-Meinhof phenomenon might explain an ‘unusually’ large number of people asking for “the safest site” this week, they were definitely there; on X, Reddit and other platforms, seeking out everything from manga to mainstream movies.

As usual, responses to the impossible question varied. Typically, some site or another in vogue at the moment receives a mention; that happened on one occasion this week and the chat ended there.

On rare occasions, someone will take the time to point out that research is advised but, for many people, that sounds like a tedious way of not getting content immediately. We didn’t see any of those this week, unfortunately.

Occasionally, since it tends to get frowned upon these days, someone will post a link to a site. In one case last week, someone posted a direct link to an Android APK.

In response to that post, a seemingly unconnected user agreed that this particular app provides access to everything and helpfully provided a link to a site where all of those details were available. That included the name of the app, a nice logo, its file size (around 30mb), version number, package name, and details of OS version compatibility.

As highlighted by the poster, the page also listed all relevant file hashes and a signature, so that any prospective users could do all the relevant checks, to confirm it’s 100% safe. How many people actually check those things is unknown but, in this case, the hash linked to details of an app on VirusTotal with a clean bill of health. However, the APK delivered by the site had a completely different hash.

Pirated Content Still On Offer…Good?

Many people believe that if an app works, that’s always a good sign. The reality is that if the app doesn’t work, people will uninstall it, and that’s the last thing nefarious app distributors want.

In this case, the app did work, albeit in a secure environment. But ordinarily it would’ve been installed on someone’s Android phone, where it would’ve been very happy indeed.

worm

As F-Secure explains: An SMS-Worm is a type of worm that distributes copies of itself to new victims – in this case, mobile phones – over the Short Messaging System (SMS) of mobile telecommunications networks. An SMS-Worm may be able to automatically send a copy of itself to every contact listed in the mobile phone’s Contacts list.

Alternatively, the SMS may contain a link to a website. On clicking the link, the user may inadvertently download the worm’s executable code onto their mobile phone, thereby infecting themselves. For this method to work, the mobile phone would need to have Internet-access capability.

Other slightly worrying behaviors included an attempt to harvest all hostnames from the local network, presumably just to check out what other services might be available. Merely out of curiosity? Probably not

At some point, the app tried to connect to an IP address and domain names which according to records are connected to Hola/Luminati. That raises the prospect of devices subsequently becoming part of a network where the user’s connection can be used by someone else.

There’s no suggestion that those services are aware of anything malicious, a quality they’re likely to share with people who install *any* Android software without knowing what it does first, even though it’s free to find out.

Androguard: Reverse engineering and pentesting for Android
ANY.RUN: Free Malware Reports and Database
APKHunt: Comprehensive static code analysis for Android
APKLab: Android Reverse-Engineering Workbench
APKLeaks: Scanning APK file for URIs, endpoints & secrets
APKtool: A tool for reverse engineering Android APK files
Hybrid-Analysis: Free Automated Malware Analysis
Frida: A world-class dynamic instrumentation toolkit
Genymobile/scrcpy: Display and control your Android device
MobSF: Security research platform for mobile applications
Oracle VM VirtualBox
Sixo Online APK Analyzer
URLscan: Website scanner for suspicious and malicious URLs
VirusTotal: Analyse suspicious files, domains, IPs and URLs to detect malware
Wireshark: The world’s most popular network protocol analyzer

From: TF, for the latest news on copyright battles, piracy and more.

Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips

Worse-case scenario: “You basically have to throw your computer away.”

Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it.

At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.

Read 13 remaining paragraphs | Comments

More than greenwashing? Sustainable aviation fuels struggle to take off

Alternative fuels are intended to reduce the carbon footprint of airlines.

Contrails from a jet

Enlarge / Sustainable aviation fuels could help cut carbon emissions from commercial flights. (credit: Costfoto/NurPhoto via Getty Images)

Last November, Virgin Atlantic Airways made headlines for completing the world’s first transatlantic flight using “100 percent sustainable aviation fuel.”

This week, the Advertising Standard Authority (ASA) of the U.K. banned a Virgin radio ad released prior to the flight, in which they touted their “unique flight mission.” While Virgin did use fuel that releases fewer emissions than traditional supplies, the regulatory agency deemed the company’s sustainability claim “misleading” because it failed to give a full picture of the adverse environmental and climate impacts of fuel.

“It’s important that claims for sustainable aviation fuel spell out what the reality is, so consumers aren’t misled into thinking that the flight they are taking is greener than it really is,” Miles Lockwood, director of complaints and investigations at the ASA, said in a statement.

Read 20 remaining paragraphs | Comments