IT Security: Android Stagefright Vulnerability Puts 950M Devices at Risk

A full 95 percent of all Android devices -- that's about 950 million smartphones, tablets and other mobile gadgets -- are at risk from one of "the worst Android vulnerabilities discovered to date," according to enterprise mobile security firm Zimperium. The security flaw, enabled by the Android operating system's Stagefright media library, could allow hackers to access devices without users ever realizing that they've been compromised.
Because Stagefright is used for time-sensitive media processing on devices, it's implemented using C++ code rather than a more "memory-safe" language such as Java, Zimperium noted today in a blog post on its Web site. However, that code leaves it more vulnerable to memory corruption and can open up devices to potential hack attacks that can gain remote access through media files delivered by MMS (multimedia messaging service) text messages.

Zimperium said it has reported the vulnerability to Google and also submitted patches for the flaw. While Google "acted promptly and applied the patches to internal code branches within 48 hours," many millions of Android device users might not see security updates for months, if at all.

"We thank [Zimperium zLabs researcher] Joshua Drake for his contributions," a Google spokesperson told us today. "The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device."

The spokesperson added, "Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device."

The Stagefright flaw opens vulnerabilities for devices running Android version 2.2 and up, according to Drake's findings. Most at risk are devices using Android Jelly Bean (versions 4.1 through 4.3.1), which covers about 11 percent of all Android devices, due to "inadequate exploit mitigations."

"If 'Heartbleed' from the PC era sends chill down your spine, this is much worse," the Zimperium blog post noted. The targets for this attack can be anyone from prime ministers, ministers, executives of companies, security officers to IT managers and more, with the potential to spread like a virus."

Google said Android's open source foundation ensures strong security by making it possible for anyone to look for and identify potential security risks. The company also encourages researchers to look for vulnerabilities through programs such as its Android Security Rewards Program, launched earlier this year, and its Google Patch Rewards program, kicked off in 2014.

Competitors such as Microsoft, however, have criticized Google for its less-than-completely-hands-on approach to security updates. Android system and security updates are often handled by device manufacturers or network carriers rather than by Google itself.

As of June 1, Google's Android developer dashboard indicated that the majority of device users -- 39.2 percent -- are running KitKat (Android 4.4). Jelly Bean (shown above) is the second-most widely used flavor of Android, with a total of 37.2 percent of Android users.

Updates for Android devices have traditionally taken a long time to reach users, and devices older than 18 months are unlikely to even receive an update, Zimperium noted on its blog, adding that it hoped users "recognize the severity of these issues and take immediate action." End users and enterprises should contact their device manufacturers or mobile carriers, the company said.

VMware: Schedule ESXi to Restart CIM Server (sfcbd-watchdog)

You may schedule the VMware ESXi to restart the CIM Server (sfcbd-watchdog) every half an hour by following the steps below:
1.  Access the ESXi through SSH

2.  Go to /etc/rc.local.d by typing the following commands:
cd /etc/rc.local.d

3.  Edit the local.sh with the following commands:
vi local.sh

4.  Insert the commands below right before exit 0:
echo "chkconfig sfcbd-watchdog off" > /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd off" >> /usr/sbin/sfcbd-restart.sh
echo "/etc/init.d/sfcbd-watchdog stop" >> /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd-watchdog on" >> /usr/sbin/sfcbd-restart.sh
echo "chkconfig sfcbd on" >> /usr/sbin/sfcbd-restart.sh
echo "/etc/init.d/sfcbd-watchdog start" >> /usr/sbin/sfcbd-restart.sh
chmod 755 /usr/sbin/sfcbd-restart.sh

kill $(cat /var/run/crond.pid)
cat /var/spool/cron/crontabs/root > /var/spool/cron/crontabs/rootx
echo "*/30 * * * * /usr/sbin/sfcbd-restart.sh" >> /var/spool/cron/crontabs/rootx
rm /var/spool/cron/crontabs/root
cp /var/spool/cron/crontabs/rootx /var/spool/cron/crontabs/root
chmod 1444 /var/spool/cron/crontabs/root
crond

5.  Press Esc and type the following commands to save and close the local.sh:
:wq!

6.  Locate the PID number of the crond process by typing the commands below:
cat /var/run/crond.pid

7.  Kill the crond process by typing the following commands:
kill -HUP <pid##>

8.  Finally, start the crond process again with the following commands:
ESXi 5.0:  /bin/busybox/crond
ESXi 5.1 and ESXi 5.5:  /usr/lib/vmware/busybox/bin/busybox crond

Apple: Mac OS X 10.11 - El Capitan

You should know the drill by now: every year Apple announces new desktop operating system in June, and by the end of October, it’ll be ready for us all to play with. The latest release takes its name from the iconic Yosemite vertical rockface, El Capitan.

While the changes don’t seem that big on the surface, there’s a lot going on under the hood that could make this incremental upgrade one of the most significant to date. Here’s what Apple is adding to OS X in October.


<< Improved Performance >>
El Capitan is an incremental upgrade rather than a major release (that was Yosemite, with its new flat UI and bold colors). Most features added by Apple are improvements of past technologies, and that should mean a smoother, more pleasant user experience in general.

Apple is throwing some numbers around to back this up, like the fact that apps now apparently launch 1.4 times faster than in Yosemite, that switching apps and displaying messages in Mail are twice as fast as before, and that PDFs now open at four times the speed in Preview.

These may seem like meaningless numbers attached to mundane tasks, but if performance has picked up similarly elsewhere, it’s possible you’ll notice a performance increase this time round. That’s rare because it’s commonly accepted that each upgrade introduces features which generally slow your computer down.

Another area where performance is set to soar is with Apple’s implementation of their console-level core graphics technology, Metal. The company is touting a 40-50 percent increase in system-level graphics rendering, which could seriously improve Yosemite’s occasionally laggy performance. A 10x increase in draw call performance (the time it takes the hardware to draw an object called by the graphics API) should improve gaming performance too.


<< Better Window Management >>
When your desktop becomes cluttered, your workflow becomes inefficient. Apple has taken a leaf straight from Microsoft’s book and finally added an “aero-snap” feature of its own which allows you to pin two windows side-by-side just like iOS 9’s new Split View mode.

In fact, it’s called Split View here too, and it allows you to grab an app, drag it to the top of the screen and then position it alongside another app without creating mess. The division in the center can be altered depending on the app you’re using, so you can set up Safari with a small TextEdit window for notes or check off songs on a Reminders list while you add them to your iPhone in iTunes.

Mission Control itself has also been revamped, with a new view that places each window on a single layer, without any stacking or overlapping. In fact, you don’t even need to head to Mission Control to organise your spaces any more — just grab the window, head to the top of the screen and wait for the desktop organiser interface to pop-up.

Last of all, while it’s not a window management feature it’s bound to be useful — shaking your mouse from side to side will now cause it to swell to giant proportions so you can easily find it, particularly handy if you use lots of monitors.


<< A Better Spotlight >>
Spotlight was overhauled during last year’s major revamp of OS X, and this year it’s getting smarter still with the addition of natural language. That means you can talk to Spotlight as you would Siri, by typing as you would speak. It should allow you to issue commands like: “Pages document I worked on yesterday about iOS 9,” or “emails from Jackson last week.”

Spotlight also adds some new sources of information, including the weather conditions and forecast, stock prices, sports news like scores, fixtures and league tables and web videos from sources like YouTube.


<< Improved Apps >>
Apple hasn’t introduced any brand new apps to El Capitan’s included software, but it has made some large changes to existing apps. Most of these changes are designed to complement the improved window management tools, with the introduction of Split View opening up a world of productivity options to users.

Mail in particular has seen some changes, starting with an improved full-screen mode (which is good because it’s currently a bit useless). Also new are iOS-style prompts that check your incoming mail for phone numbers or calendar invites and offer to add them to your contacts or schedule. Another feature ported from iOS is the ability to swipe horizontally on a mail message to quickly mark an email read or unread (swipe right) or to delete an email quickly (swipe left).

Tying in with the iOS 9 revamp, Notes gets a big overhaul and can now handle to-do checklists and note attachments too. This allows you to pin photos, videos, documents, audio recordings, web addresses and even locations to a note. It’s not quite Evernote, but it’s a big step up and it syncs for free with all your other Apple devices over iCloud.

Apple’s Safari web browser gets a few small tweaks including the ability to pin and mute individual tabs, two features that most other browsers have by now. It’s also possible to use AirPlay with web video now, which means rather than mirroring your entire screen you can choose just to share the embedded video with your Apple TV instead.

In other, less interesting changes, Maps gets mass transit information allowing you to get more accurate walking, subway, train, bus and even ferry directions in cities like London, Berlin and New York (with more set to be added) along with an easier way of sharing the route you just planned on your Mac with your iPhone.

Photos is probably the least interesting app to receive an update, adding third party editing tools (like filters and effects) and a long-awaited “sort by date” feature but probably not fixing the fact that you can’t easily edit your originals with an external editor any more.


<< New Fonts & Better Unicode Support >>
El Capitan comes with a few new fonts, and sees the system-wide font change to San Francisco, developed for use on the Apple Watch to be highly readable at a glance. If you’re bilingual or learning Chinese or Japanese you’ll also see improvements to El Capitan’s handling of these character-based languages.

Chinese users will see the new Ping Fang font and find that whether they use simplified or traditional Chinese the OS will better remember word choice, includes an enhanced prediction engine and provides access to frequently updated vocabulary lists. Inputting characters via the trackpad has also been improved, allowing for multiple characters in a row.

Japanese input has also been dramatically improved, with enhanced vocabulary and language engine that automatically transforms Hiragana into written Japanese as it is typed; and four new fonts.

Google: Google Photos

The search giant’s appealing service for storing pictures and videos in the cloud. It was uncoupled from Google’s widely ignored social network, Google+, where it had been effectively hidden. And it was upgraded with new features.

Not only that, but Google gave Photos users free, unlimited storage for pictures and videos at the highest resolutions used by average smartphone owners. And it issued nearly identical versions of the shiny new standalone app across Android devices and Apple’s iPhones and iPads. There’s also a browser version for the Mac and Windows PCs.

Once you’ve backed up your photo library to the service, all your photos and videos, including any new ones you take, are synced among all of these devices.

Google Photos was always good, but now it’s entirely outside of a social network. Lots of folks choose to share photos on social networks, but few want to share every single one publicly, or even among all their friends and followers. Now you don’t need a Google+ account to use Google Photos, and your pictures and videos remain private unless and until you choose to share them, Google says.

And when you do want to share them, you can totally ignore Google+ and easily and quickly post them to Facebook, Twitter and other networks, on both Android and iOS. You can email a link to a photo to someone, which works whether or not he or she has the Google Photos app.

<< People, Places and Things >>
The coolest aspect of the new Google Photos is that once you click the search button — before you even type anything — the app presents you with groups of pictures organized by three categories: People, Places and Things.

In the People section, Google collects all the photos containing faces it thinks are the same, without any work by you. It doesn’t identify these people, but just collects them for you for quick access. I found its guesses remarkably accurate. It even picked out a tiny image of my wife in the background of a group shot.

In the Places section, Google relies on geo-tagging where available. For older photos taken with cameras that lacked location tracking, it relies on known landmarks. For instance, it correctly identified a photo of the Eiffel Tower at night that I took with a cheap camera in 2002.

But the Things section, while less accurate, is more impressive. Here, the app uses cloud computing power to aggregate shots of, say, flowers or cars or the sky or tall buildings or food or concerts, graduations, birthdays — and yes, cats. And there are many more categories, including screenshots, posters and castles.

I was impressed by most of Google’s choices in the Things section. For instance, a category called Boats correctly included everything from fishing boats off Cape Cod to gondolas in Venice.

But there were some errors. For example, under Screenshots, Google Photos included an original, professionally-taken photo of me interviewing the company’s own top executive, Sundar Pichai — and it wasn’t a screenshot. And under the category Sky it included a graphic for an event by archrival Apple, which wouldn’t qualify as a Sky scene except on a planet where the sky was greenish and the sun was in the shape of the Apple logo.

You can remove such classification errors manually.

<< Photo Effects >>
As before, Google Photos automatically creates collages, animations, photo groups, panoramas and “stories” from photos it detects as being from the same place and time. You can choose whether to keep these in your library. As in the past, I generally found these pleasing and accurate. For instance, for my library, it created a Story — a sort of digital photo book — for a recent trip I took to China and Hong Kong, complete with maps showing my route.

The new version includes an “Assistant” panel that shows how your backup is going and presents these auto-created collections so you can choose whether you want to keep them.

You can also now manually create collages, animations, stories and more. And there are lightweight editing tools, including filters.

<< Search >>
Not surprisingly, search is a central feature in Google Photos, easily accessible from a blue button at the lower right of the screen. When I typed in “Massachusetts,” Google Photos instantly brought up loads of photos of subjects, ranging from my baby granddaughter (who lives there) to Revolutionary War sites I’d visited there to games I had attended at glorious Fenway Park in Boston.

<< Navigation >>
When you want to select multiple pictures — say, for sharing or creating an album — you don’t have to tap on them one by one. You can just select the first one and then slide your finger to add others to the selection.

Also, you can pinch and zoom to switch the view of your photo library from years to months to days.

Apple: Retrieve Passwords from Keychain without User's Password

The following steps allow you to retrieve the passwords from the Keychain without user's password in Mac OS X:
1.  Sign in to root account.
2.  Copy the login.keychain file in /Users/administrator/Library/Keychains
3.  Backup the login.keychain file in /private/var/root/Library/Keychains
4.  Replace the login.keychain file in /private/var/root/Library/Keychains with the login.keychain file you obtain from Part 2.
5.  Get the keychaindump.c from https://raw.githubusercontent.com/juuso/keychaindump/master/keychaindump.c
6.  Open Terminal and go to the directory where you have kept the keychaindump.c file.
7.  Type in the following command lines:
$ gcc keychaindump.c -o keychaindump -lcrypto
$ sudo ./keychaindump

* Note:
a.  The user’s MacBook cannot be restarted or powered off!
b.  During the execution of the command lines, you might be asked to install the Xcode application.

Example with truncated and censored output:
$ sudo ./keychaindump
[*] Searching process 15 heap range 0x7fa809400000-0x7fa809500000
[*] Searching process 15 heap range 0x7fa809500000-0x7fa809600000
[*] Searching process 15 heap range 0x7fa809600000-0x7fa809700000
[*] Searching process 15 heap range 0x7fa80a900000-0x7fa80ac00000
[*] Found 17 master key candidates
[*] Trying to decrypt wrapping key in /Users/juusosalonen/Library/Keychains/login.keychain
[*] Trying master key candidate: b49ad51a672bd4be55a4eb4efdb90b242a5f262ba80a95df
[*] Trying master key candidate: 22b8aa80fa0700605f53994940fcfe9acc44eb1f4587f1ac
[*] Trying master key candidate: 1d7aa80fa0700f002005043210074b877579996d09b70000
[*] Trying master key candidate: 88edbaf22819a8eeb8e9b75120c0775de8a4d7da842d4a4a
[+] Found master key: 88edbaf22819a8eeb8e9b75120c0775de8a4d7da842d4a4a
[+] Found wrapping key: e9acc39947f1996df940fceb1f458ac74b877579f54409b7
xxxxxxx:192.168.1.1:xxxxxxx
xxxxxxx@gmail.com:login.facebook.com:xxxxxxx
xxxxxxx@gmail.com:smtp.google.com:xxxxxxx
xxxxxxx@gmail.com:imap.google.com:xxxxxxx
xxxxxxx:twitter.com:xxxxxxx
xxxxxxx@gmail.com:www.google.com:xxxxxxx
xxxxxxx:imap.gmail.com:xxxxxxx
...

VMware: Hardware Status Tab Error

<< Symptom >>
The Hardware Status tab displays the error: Hardware monitoring service on this host is not responding or not available (1013080)

<< Resolution >>
1.  Open an SSH session to the host.
2.  Run this command:
/etc/init.d/sfcbd-watchdog restart
3.  Go back to the Hardware Status tab on vCenter Server and click the Update link. It may take up to 5 minutes to refresh.

Note: Do not navigate away from the Hardware Status tab until it refreshes.

PRTG: VMware WBEM Sensor Error

<< Symptom >>
Prompted an error message stated "Read timed out."

<< Resolution >>
1.  Open an SSH session to the host.
2.  Run this command:
/etc/init.d/sfcbd-watchdog restart