Yearly Archives: 2014

by -
0 3
First time ever in the History, Apple Inc. has pushed out an automatic security update for Macintosh OS X computers to address a critical security issue that, according to the company, was too risky to wait for users to patch after seeking their prior approval.
Despite having the ability for years to silently and automatically update its users computers, Apple typically asks its users’ permission to approve them manually or automatically before installing any security update of this kind. But, the company has exercised its ability for the very first time to patch a critical security flaw in a component of its OS X operating system called the Network Time Protocol (NTP).
This newly discovered security vulnerability, assigned CVE-2014-9295, became public late last week and affects all operating systems, including OS X and other Linux and Unix distributions, running versions of NTP4 prior to 4.2.8. NTP is used for synchronizing clocks between computer systems and across the global internet.
TURNING YOUR MAC INTO DDOS ZOMBIES
Once exploited, the NTP vulnerability can allow an attacker to remotely execute an arbitrary code on a system using the privileges of the ntpd process. The security hole in NTP would give hackers ability to turn users’ Macs into DDoS zombies. However, no security firms have reported any cases of hackers exploiting this vulnerability.
NTP is a global way of synchronising time over a network, and because of its link to networks it has previously been exploited by hackers a number of times. At the beginning of the year, NTP was used to launch 300Gbps DDoS attack against Internet blacklist maintainer Spamhaus. Also in February 2014, the record breaking400Gbps DDoS attack was launched against content-delivery and anti-DDoS protection firm CloudFlare by leveraging weaknesses in NTP.
The Carnegie Mellon University Software Engineering Institute identified the critical flaw which was made public on Friday by the Department of Homeland Security. The vulnerability affects dozens of technology companies’ products including Apple’s.

As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices,” ICS-CERT wrote in an advisory published Tuesday. “Products using NTP service prior to NTP–4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

UPDATE YOUR SYSTEMS NOW
The company recommends that all users apply this patch “as soon as possible.” The update is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 and is available for download via the “updates” section of the Mac App Store. The update doesn’t require a restart.

by -
0 8

The Tor project said it could face attempts to incapacitate its network in the next few days through the seizure of specialized servers.

The project did not name the group or agency that may try to seize its directory authorities, which guide Tor users on the list of distributed relays on the network that bounce communications around.

“We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,” wrote “arma” in a post Friday on the Tor project blog. The “arma” developer handle is generally associated with project leader Roger Dingledine.

Rather than take a direct route from source to destination, data packets on the Tor network, designed to mask people’s Internet use, take a random path through several relays that cover user tracks.

Unless an adversary can control a majority of the directory authorities, he can’t trick the Tor client into using other Tor relays, according to the Tor project website. There are nine directory authorities spread across the U.S. and Europe, according to arma.

There were no reports of a seizure by late Sunday. The project promised to update the blog and its Twitter account with new information.

Users who live under repressive regimes look to Tor as a way to escape surveillance and censorship. But the network has also been used by illegal websites including online sellers of drugs, like the underground drug market Silk Road. A second version of the market, Silk Road 2.0, was launched a few weeks after the first was seized by law enforcement in October 2013, according to the U.S. Department of Justice.

Millions use the Tor network at their local Internet cafe to stay safe for ordinary Web browsing, as also banks, diplomatic officials, members of law enforcement, bloggers and others, according to the Tor project.

“Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker,” it added.

An exit node cluster operator for the Tor network reported unusual network activity late Sunday. But that was not seen as an indication of the expected attack. “No, this is an exit relay operator, not a directory authority operator,” wrote arma in a comment.

by -
0 11
Sony was forced to pull the cinema release of “The Interview,” scheduled for Christmas day, after hacker groupGuardians of Peace (GOP) threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives.
HACKERS WARNED OF TERROR ATTACK
The massive hacking attack against Sony Pictures Entertainment is getting worst day by day. The hack has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of 5 newest films leak, marking it as the most severe hack in the History.
Week back, the hacker group GOP, who has claimed responsibility for the damaging Sony cyber-attack, demanded Sony to cancel the release of “The Interview” — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un, citing terror threats against movie theatres.
At the beginning of the month when GoP group send a threatening email to Sony executives, they didn’t even ask the company to cancel the release of The Interview movie. They never released any statement regarding the movie, but later with second hack they actually demand for the same. It seems that hackers got this TIP from media suggestions and put all the blame to North Korea for making this Drama more interesting.
PULLING THE INTERVIEW – A VERY COWARD ACTION
Not just GOP, the studio has been threatened by a number of hackers group including a group identifying itself as Anonymous. In a statement on Monday to Sony Entertainment CEO Michael Lynton, the hackers group warned the studio to release “The Interview” as originally planned, or else face more damaging hacks.
The Anonymous group also denies that the Sony hackers are linked to North Korea, despite the FBI’s revelation Friday that their probe had determined as much. The group criticized Sony for pulling the movie, saying it was a “very cowardly” act of both the CEO and the organization, alleging it showed “panicking at first sight of trouble.
In fact, President Barack Obama also expressed disappointment in Sony’s decision to pull the film and announced Friday that the studio had made “a mistake” by withdrawing the movie, but said it was the private company’s right to do so.
SONY INTENDS TO RELEASE THE INTERVIEW
In response, Michael Lynton, the studio’s chief executive, said that it had “not caved” to hackers who harmed the company and that the studio itself intends to release its controversial film and exploring ways to let audiences see the film, possibly Youtube..

We would still like the public to see this movie, absolutely,” Lynton said during an interview. “There are a number of options open to us. And we have considered those, and are considering them.

BITTORRENT CAME UP WITH A GOOD IDEA
Meanwhile, the popular file-sharing giant BitTorrent has suggested Sony a way to release the controversial film using its new alternative digital-distribution paygate for artists, BitTorrent Bundle, a paid service. The San Francisco-based company believes BitTorrent Bundle is the best way to satisfy both online downloaders and Sony’s desire to release the film.
According to BitTorrent, it’s a totally “safe and legal way” for Sony to release “The Interview“, with up to 20,000 creators and rights holders currently using the publishing platform. Notably, BitTorrent Bundle had released “The Act Of Killing,” a 2012 Oscar-nominated documentary account of mass murder in 1960s Indonesia that stirred controversy for criticizing government officials. The feature was downloaded over 3.5 million times.
Now, let’s wait and watch what Sony decides about BitTorrent offer, but it is very clear that the studio has never been a fan of torrents and if the company accept the offer from the file-sharing giant then it would be an unlikely deal. But this deal sounds to be a convenient one both for Sony and viewers.

New Delhi: Motorola has started rolling out Android 5.0.1 update for Moto G and Moto G (Gen 2) devices in the US.

The new Android operating system introduces vivid new colours, typography, and edge-to-edge imagery. The new OS also brings a new user interface to enable better, more natural touch screen interactions.

The new Android version allows users to see notifications on the lock screen and even dismiss them without unlocking. Android L’s new “Downtime” and “Interruption” settings also allow users to decide what people and what notifications get through at times that you choose.

The change log on Moto G (Gen 2) carries system version 22.21.25, and on the original Moto G smartphone it is version 220.21.25.

Earlier this month, Motorola rolled out the Android 5.0 Lollipop update for the first-generation Moto G – aka Moto G (2013), Moto G (XT1033), and Moto G (Gen 1) – in India.

Here’s how to update to Android 5.0 Lollipop:

Go to Settings > About phone > System updates > Download and install.

by -
0 5

Hyderabad: Internet giant Google plans to open its own “permanent and big” campus in Hyderabad and is set to sign a memorandum of understanding (MoU) with the Telangana government shortly to take up the venture.

“We are likely to sign MoU with Google. They are likely to open their campus here in Hyderabad. It will be the third campus they will have after the US and the UK,” Telangana IT, Electronics and Communications Secretary Harpreet Singh told PTI here.

Google currently operates from rented premises here but wants to move to a “permanent campus”, he said, adding that the tech major would sign an MoU with the state government shortly.

He, however, declined to go into further details of the proposed venture, saying a press conference is scheduled to be held shortly on this but added that it would be a “big campus”.

Mr Singh also said Cisco, Airtel, Vodafone and a Taiwanese company, among others, have responded to the expression of interest floated by the government on proposed venture to make Hyderabad a “Wi-Fi-enabled city”.

“Many of them are partnering and coming,” Mr Singh said, adding that the Taiwanese firm, in fact, was behind making Taipei a Wi-Fi-enabled city.

But he said the companies that have evinced interest have sought information such as detailed maps of the city, including roads, and some clarifications with regard to certain specific points.

“So, we are preparing the replies; we will give it to them.”

“It will take time (to make the city Wi-Fi-enabled) because business model is the critical issue. Making wi-fi is not a big problem … but how to monetise it … is the key issue,” he explained.

Mr Singh, however, said the contract for this venture is expected to be awarded in the next three-four months after floating the request for proposals and the bidding process.

After that, the successful bidder is expected to take six months to roll out the infrastructure, he said, indicating that the city is likely to be Wi-Fi-enabled only towards the end of next year.

On the proposed Rs 30 crore incubator facility for technology start-ups, he said its designs have been completed and the process of tendering is in progress.

The 70,000 square feet facility will have 800 seats, housing an expected 500 start-ups in different stages of growth, he said.

“We are planning to formally inaugurate this building on June two (on the first anniversary of Telangana State’s formation).”

As for software exports from Hyderabad, he noted that it was Rs 57,000 crore or roughly $10 billion in the year 2013-14.

“This year (2014-15), I think it’s (going to be) 12 per cent (more). We may do slightly better (better than 12 per cent growth),” Mr Singh added.

by -
0 4
Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available.
The critical flaw lies in the global telecom network known as Signal System 7 that powers multiple phone carriers across the world, including AT&T and Verizon, to route calls, texts and other services to each other. The vulnerability has been discovered by the German researchers who will present their findings at a hacker conference in Hamburg later this month.

“Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers,” said The Washington Post, which first uncovered flaws in the system earlier this year.

NUMBER OF SECURITY FLAWS IN SS7
SS7 or Signaling System Number 7 is a protocol suite used by most telecommunications operators throughout the world to communicate with one another when directing calls, texts and Internet data. It allows cell phone carriers to collect location information from cell phone towers and share it with each other. A United States carrier will find its customer, no matter if he or she travels to any other country.
According to the security researchers, the outdated infrastructure of the SS7 makes it very easy for hackers to hack, as it is loaded with some serious security vulnerabilities which can lead to huge invasions of privacy of the billions of cellular customers worldwide.

“The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network,”the report reads.

BACKDOOR OPEN FOR HACKERS
So far, the extent of flaws exploited by hackers have not been revealed, but it is believed that using the flaws hackers can locate or redirect users’ calls to themselves or anywhere in the world before forwarding to the intended recipient, listen to calls as they happen, and record hundreds of encrypted calls and texts at a time for later decryption.
No matter how much strong or advanced encryption the carriers are using, for example AT&T and Verizon use 3G and 4G networks for calls, messages, and texts sent from people within the same network, but the use of that old and insecure SS7 for sending data across networks the backdoor open for hackers.
Not just this, use of SS7 protocol also makes the potential to defraud users and cellular carriers, according to the researchers.
ACLU – STOP USING TELEPHONE SERVICE, BUT WAIT!! IS THAT POSSIBLE?
The American Civil Liberties Union (ACLU) has also warned people against using their handset in light of the breaches.

“Don’t use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” principle technologist Christopher Soghoian told Gizmodo. “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”

Soghoian also believes that security agencies – like the United states’ NSA and British security agency GCHQ – could be using these flaws. “Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They’ve likely sat on these things and quietly exploited them,” he said.
However, the poor security capabilities of SS7 protocol is not hidden from the people and its not at all a new, just three months ago we reported How a Cell Phone User Can be Secretly Tracked Across the Globe. But the era where each and every person care about privacy and security of their data, things like this really publicize exactly how big this threat really is and make many worried of its consequences.

Hacking” is not just popular among cyber security experts and criminals, but also is a great interest for movies industries as well. Hollywood movies such as 1995 released Hackers and 2001 released Swordfish are examples of it, and now Chris Hemsworth‘s new flick Blackhat.
Blackhat – An upcoming cyber thriller, directed and co-written by Michael Mann (who also directed Tom Cruise’ Collateral), in which actor Chris Hemsworth trades brawn for brains to save the world. The latest trailer for Blackhat has arrived online, and you can watch it below.
Hemsworth’s character in the upcoming cyber thriller is a former Blackhat hacker, named Nicholas Hathaway, who is serving a 15-year sentence for cyber crimes. He was recruited straight from prison by a mixed team of American and Chinese law enforcement officials to stop high-level cybercrime network from Chicago to Los Angeles to Hong Kong to Jakarta and save the world from global hackers.
Hathaway agrees to help on a condition if the law enforcement officials commute his sentence, but as he get into the matter, he found that things were a lot more complicated than he thought.
The filmmaker of The Insider and Heat has spent years on researching material for Blackhat, explored the dependence of people on technology and security issues nowadays. Oscar nominee Viola Davis, Tang Wei and Leehom Wang are also star casts in the thriller.
Chris Hemsworth is dropping his Thor hammer and picking up a computer keyboard, sounds really interesting. Well, I will watch it for this very reason. Blackhat will hit the movie theaters in U.S. on January 16th, 2015 and in the UK on February 20th, 2015.[Yahoo Movies]

The users of WordPress, a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting.
The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign, that has been brought by SoakSoak.ru, thus being dubbed the ‘SoakSoak Malware’ epidemic.
While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress.
Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge.
The search engine giant has already been on top of this infection and has added over 11,000 websites to their blacklist that could have seriously affected the revenue potential of website owners, running those blacklisted websites.
The security team at the security firm Sucuri, which is actively investigating the potential vector of the malware, said that the infections are not targeted only at WordPress websites, but it appears that the impact seems to be affecting most hosts across the WordPress hosting spectrum.
SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.
If you run any website and are worried about the potential risk of the infection to your website, Sucuri has provided a Free SiteCheck scanner that will check your website for the malware. The exact method of intrusion has not been pointed out at this time, but numerous signals led to believe us all that many WordPress users could have fallen victim to this attack.
However, if you are behind the Website Firewall, CloudProxy, you are being protected from the SoakSoak malware campaign.
Source : THN

by -
0 3

The Pirate Bay popularly called as TPB has been revived by another popular Torrent website “ISOHunt.”  The oldpiratebay.org is up and running with word like #LongLiveTPB emblazoned on the website with some sort of eulogy to TBP. Though at first glance, the TPB seems just a commemorative website opened to pay respects for the dead and buried TPB, a keying in search for new movies and songs reveals that the site is just fine and serving latest content.  The eulogy written on the new site is given below.

As stated in our previous reports, many TPB well wishers as well competitors has copied the script in anticipation of police action and downing of TPB.  ISOhunt has used one such script to resurrect the OldPirateBay.org.  At present several clones and copy cat sites of TPB are online taking advantage of the fact that TPB is in the news for all the wrong reasons, but ISOHunts TPB looks different and may one of the oldest scripts of erstwhile TPB.

Further the various clones only offer a copy of TPB with no new content as many proxy sites have doing for years when TPB was still active and running. One of the clones, thepiratebay.cr,is in fact milking the gullible torrent seekers with fake content and even attempts to charge them.

ThePirateBay.org on the other hand throws up content just like TPB of the old.  It has a functioning search engine, all the old listings, and working magnet links. New content is being readily uploaded and downloaded.

Here is isoHunt’s explanation for the launch of The Old Pirate Bay:

As you probably know the beloved Pirate Bay website is gone for now. It’ll be missed. It’ll be remembered as the pilgrim of freedom and possibilities on the web. It’s a symbol of liberty for a generation of internet users.In its honor we are making the oldpiratebay.org search. We, the isohunt.to team, copied the database of Pirate Bay in order to save it for generations of users. Nothing will be forgotten. Keep on believing, keep on sharing.

Though ISOHunt many not be the best of choices to resurrect the TPB considering its own future at the hands of the authorities. ISOHunt itself has had many run ins with the authorities, launched in 2003 at isohunt.com, it quickly grew to become the third most popular torrent files index and repository by 2008. The anti-piracy lobby of movies and song, namely MPAA had then sued ISOHunt for copyright infringement activities and to take down the website.  After three years of legal battles, isoHunt settled with the MPAA, agreeing to a $110 million reimbursement for damages and the site’s closure.  Thus ISOHunt itself was dead and buried till its resurrection just 3 months before as ISOhunt.to.  Launched on October 21, 2013 the ISOHunt.to is another possible candidtate in itself for action for the authorities.

Till then happy torrenting on TPB.org for all the torrent seekers across the world.

by -
0 7
Facebook is thinking about introducing a dislike button, founder and CEO Mark Zuckerberg has said, but is worried that introducing it would become a way of ‘demeaning’ people.

The dislike button is Facebook’s most requested feature, according to Zuckerberg — and people’s desire to get one has led to plenty of fake, viral posts on the network about how to get one.

The company is trying to find a way for people to express the fact that they’re sad about a status without it looking like people are ‘demeaning’ people’s posts, he told an audience at Facebook’s headquarters in California. He said that the button needs to be a ‘force for good’.

“One of things we’ve thought about for quite a while is what’s the right way to make it so that people can easily express a broader range of emotions,” Zuckerberg said.

People feel uncomfortable pressing the ‘like’ button in response to sad news, he said, and the company is trying to find a way for people to say “that isn’t good. That’s not something that we think is good for the world”, he said.

Source : TOI

 

by -
0 3

Chinese smartphone maker Xiaomi has reportedly said that it will fully comply with the Delhi high Court order asking it to stop sales of its smartphones in the country. The third largest smartphone maker in the world had earlier suspended the upcoming flash sale of its Red Mi 1S and Red Mi Note smartphones after being barred from selling, importing or advertising its devices in India until the next hearing on February 5, 2014.

The high court had granted an ‘ex parte’ injunction against Xiaomi after Ericsson filed a patent complaint. Officials from the Chinese company have been asked to visit Xiaomi’s India office to ensure that it does not sell, advertise, manufacture or import devices that infringe the patents in question, reported Tech Crunch. Terming Xiaomi’s use of its Standard, Essential Patents (SEPs) as “unfair,” Ericsson said that its action was the last resort after the company ignored communication requests for more than three years.

“We have not been served the notice till now, but we know about the issue. If the court has asked us not to do it, we won’t do it,” Jain was quoted in Economic Times referring to the high court order. “We would want to be 100% compliant with Indian rules and regulations.”

“We will explore all options including legal options on what can be done. Our lawyers and legal teams are working on it but we don’t know how this will proceed. We will communicate and explain very openly to our users about what the order says, once we get it,” Jain added

Hugo Barra, head of international operations at Xiaomi had apologised to the smartphone company’s fans. He explained the circimstances behind the suspension of sales of  Redmi Note and Redmi 1S and said he was committed to continue their sales. He added that the company was thinking about the next logical legal step and firmly intended to continue the sale of its products in India.

“As a law abiding company, we are investigating the matter carefully and assessing our legal options. Our sincere apologies to all Indian Mi fans! Please rest assured that we’re doing all we can to revert the situation. We have greatly enjoyed our journey with you in India over the last 5 months and we firmly intend to continue it!,” Barra explained in his Facebook post

SOCIAL CONNECTIONS

1,074FansLike
10Subscribers+1
1,000FollowersFollow
542FollowersFollow