Information Security News
A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices.
An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.
"This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it," Check Point Mobile Threat Researcher Daniel Padon told Ars. "This should be a concern for all mobile users."
IP location, GeoIP or Geolocalization are terms used to describe techniques to assign geographic locations toIP addresses. Databases are built and maintained to link the following detailstoIP addresses:
If this looks very aggressive, in some cases, it can be useful if you want to protect online services used only by local people (from your country). If you dont make business with China, you should not receive connections from Chinese IP addresses. This sounds legit. However, this control may have nasty effects. The IPv4 address space being fully assigned, organisations which need more IP addresses are looking to buy some subnets from other organisations which have unused allocations. A newbusiness is born!
One of our readers, based in the US,contacted us about an issue with a /19 subnet they bought from an ISP in another country. They started to allocate IP addresses from this /19 to their customers and some of them were not able to connect to 3rd-party websites. After some investigations, the affected websites used IP location databases to restrict access from trusted countries (note the quotes!). Their IP location databases being too old, the IP addresses were still referenced asassigned to their old country and width:599px" />
Even if databases are constantly updated (the update rate may also depend on your subscription -free or paying), its the responsibility of the end-user or the security solution provider to implement a process to automatically update databases. It padding:5px 10px"> [email protected]:/# geoiplookup -v 220.127.116.11 GeoIP Country Edition: GEO-106FREE 20170307 Build 1 Copyright (c) 2017 MaxMind GeoIP City Edition, Rev 1: GEO-533LITE 20151201 Build 1 Copyright (c) 2015 MaxMind Inc All Rights Reserved GeoIP ASNum Edition: GEO-117 20170306 Build 1 Copyright (c) 2017 MaxMind Inc All Rights Reser GeoIP Country V6 Edition: GEO-106FREE 20170307 Build 1 Copy GeoIP ASNum V6 Edition: GEO-117 20170306 Build 1 Copyright (c) 2017 MaxMind Inc All Rights Re GeoIP City Edition V6, Rev 1: GEO-536LITE 20151201 Build 1 Copyright (c) 2015 MaxMind Inc All Rights Reserved
I checked the new IP addresses of our readers against several online services and all of them reported an accurate location (USA). Conclusion: the blocking service was for sure using an outdated version of an IP location database. The only solution is to contact them to report the problem and ask them to upgrade.
Personally, I wont recommend blocking traffic based on IP location. Why? The Internet has no border and you never know from where your visitors will reach you. The following Tweet width:400px" />
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant