Version 2.0 of the popular open source Firebug Web development tool, released this week, features a slew of programming improvements including debugging enhancements, syntax highlighting, and better code auto-completion.
The debugger is the heart of Firebug 2.0 and its features are integrated throughout the tool, Firebug team leader Jan Odvarko said. "Firebug's debugger is now based on new debugging APIs -- known also as JSD2 -- that are more stable, faster, and consume less memory."
The tool's Script panel supports syntax highlighting, and Syntax coloring is also offered for HTML and the CSS source edit mode. Code auto-completion, which works for HTML, HTML style, and SVG attributes, is now available in the Command Editor within the console panel.
For DOM events inspection, version 2.0 offers an Events side panel listing event handlers on the page, grouped by event type for the selected DOM element. Developers can find out which HTML event is associated with a specific event listener or see JavaScript source code. The Search function in the HTML panel has been improved, and the Script panel supports a pretty print capability for reformatting source code -- a helpful feature when dealing with minified JavaScript code.
The JavaScript expressions inspector in Firebug 2.0 enables inspection of JavaScript expression details, and developers can group console logs coming in a row from the same panel. Original CSS color values can be displayed in the CSS panel, making it easier to compare styles interpreted by the browser with ones in the original CSS source file. Developers also can modify return values of a JavaScript function.
Firebug's builders collected feedback from developers and designers and used the feedback to tweak features in this release. "Firebug's strength is mainly its user interface and user experience. It's simple and intuitive, a handy tool," said Odvarko. "Other built-in tools introduced in, [for example,] Firefox, Chrome, and IE (Internet Explorer) might have more features now, but the user experience of those individual features is often [a] step behind Firebug."
Introduced in 2006, Firebug has been downloaded 70 million times. It's compatible with the Firefox browser and is registered as a Mozilla trademark and maintained by a group of developers around the world. Version 2.0 is downloadable at the Firebug website.
Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim’s computer system or encrypt the documents and files on it, in order to extort money from the victims.
Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker, Icepole, PrisonLocker, CryptoDefense and its variants.
Now, the ransomware dubbed as Crytowall, a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others.
Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense (Trojan.Cryptodefense) ransomware, appeared in the end of March, that holds the victims’ computer files hostage by wrapping them with strong RSA 2048 encryption until the victim pays a ransom fee to get them decrypted.
But unfortunately, the malware author failed to realize that he left the decryption keys left concealed on the user’s computer in a file folder with application data.
So, to overcome this, the developer created Cryptowall ransomware and alike the latest versions of CryptoDefense, the infected system’s files and documents encrypted by CryptoWall are impossible to decrypt.
The story broke, when researchers at Cisco revealed that cybercriminals have started targeting people with RIG Exploit Kits (EK) to distribute malicious Cryptowall ransomware malware.
The Rig Exploit Kit was first spotted by Kahu Security in April, which checks for an unpatched version of Flash, Internet Explorer, Java or the Silverlight multimedia program on the infected users and if found, the system is instantly exploited by the bad actors.
Researchers at Cisco have noticed high levels of traffic consistent with the new “RIG” exploit kit, thereby blocking requests to over 90 domains. On further investigation, the company observed that many of its Cloud Web Security (CWS) users were visiting on those malicious domains after clicking advertisements on high-profile domains such as “apps.facebook.com,” “awkwardfamilyphotos.com,” “theguardian.co.uk” and “go.com,” and many others.
cryptowall ransomwar
If clicked, the advertisements redirect victims to one of those malicious domains in order to malvertise users and once the system get infected with the RIG Exploit Kit, it will deliver the payload which includes the Cryptowall Ransomware malware.
Now, when this CryptoWall is installed in the infected system, it will start scanning the system Hard Drive for data files and encrypt them.
After encrypting the files on victim's system, it will create files containing ransom instructions in every folder it had encrypted, demanding up to $500 USD. The service where users are instructed to pay the ransom amount is a hidden service that uses the Command-and-Control server hosted on TOR .onion domain.
The largest share of infections, some 42 percent, are in the United States, followed by England and Australia, but it believes that several groups and bad actors are involved in this attack chain.
A quiet change in the privacy setting of its forthcoming iOS 8 smartphone Operating System, Apple could effectively block the path for advertisers, marketers, and other snoopers looking to collect data about you and your location from your Smartphone devices.
When your mobile device scan for a free Wi-Fi network, whether at the shopping complex, airport, or restaurant, it sends out the MAC address which is a unique identifier of the device that allows devices to distinguish between one another on a network.
Routers need this identifier to connect you to a network. Advertisers and retailers have been seeking to track these identifiers to help offer personalized advertisements to customers based on where they’ve been.
Thanks to Apple’s upcoming feature which will enhance users privacy to one step higher than other smartphone providers.
Apple announced the change during its annual Worldwide Developers Conference (WWDC) in Cupertino last week, revealing that the feature will restrict the information your device will share when it will scan for near-by wi-fi networks. To do this, the device will spoof MAC addresses that it broadcast to the all available wi-fi network when device searches for them.
“In iOS 8, Wi-Fi scanning behavior has changed to use random, locally administrated MAC addresses,” Apple notes. This exactly means that “the MAC address used for Wi-Fi scans may not always be the device’s real (universal) address,” Apple explains.
Not only this, to enhance iOS 8 users’ privacy, Apple has also added Secure Search Engine DuckDuckGo as the default search engine in Safari.
DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party.
iOS 8 Safari Browser also has Camera based Credit Card scanner to fill up the debit and credit card details automatically on payment pages, rather than filling them manually into the browser.
We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.
To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.
Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.
Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions - jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.
“WARNING your phone is locked!
The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1.) Locate the nearest payment kiosk.
2.) Select MoneXy
3.) Enter {REDACTED}.
4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”
The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.
mobile virus
To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:
“Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn't come close to “the infamous Cryptolocker” on Windows.”
The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can't detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.
Vodafone, the world’s second-largest mobile carrier with more than 400 million customers around the world has issued its first "Law Enforcement Disclosure Report", reveals that the governments in some of the countries it operates, have direct access to its network allowing them to listen to all conversations.
The Company has broken its silence on government surveillance and after Snowden's revelations about NSA, this is the only most comprehensive transparency report ever published by an International company detailing that how some Governments are taking advantage of their laws to infiltrate citizens privacy.
Vodafone operates in 29 countries, where the government agencies need legal notices to tap into customers’ communications, but some of those countries are actually tapping directly into their network, without any need for a warrant or any explanation.
There are many countries like Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey, where it's against the law to disclose whether surveillance is happening and some of them have empowered their Intelligence agencies to conduct mass surveillance legally without any warrant.
According to the report, refusal to comply with a country’s laws is not an option and unlawful, and in such situation Vodafone’s licence to operate in that territory would be at risk.
The Guardian reported that Vodafone is not alone, in some countries the law obliges carriers to install direct access pipes to their data centers, or at least gives governments the power to do so.
These wires are typically attached directly to the company's central data centre or the company's telecoms switches, allowing agencies to listen to or record live conversations and other electronic communications.
“In our view, it is governments - not communications operators - who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators,” Vodafone said.
Different Government count warrants in different ways, so the company also warned that its hard to conclude about the level of surveillance in a country, 'as each warrant can target any number of different subscribers, different communications services, and devices.'
Vodafone can not reveal the identities of such countries because certain regimes could imprison its staff as a result, but Privacy campaigners have praised Vodafone and called for other companies to follow Vodafone's example.
