Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Snowden Designs Device To Get A Safer iPhone

(pc-google images)
Well, you heard it right! It is Edward Snowden who wants to help you keep a check on your mobiles which might be spying on you. The NSA whistleblower along with his co-author and fellow hacker Andrew Huang presented their research on phone "hardware introspection" at the MIT Lab which aims to give users the ability to see whether their phone is sending out secret signals to an intelligence agency.

"This work aims to give journalists the tools to know when their smart phones are tracking or disclosing their location when the devices are supposed to be in airplane mode," the pair wrote in their technical paper.

In their paper, Snowden and Huang make it clear that what you see on your phone's screen is not always true.

If you turn off Bluetooth or cellular service, the phone's radios and other electronics can still be made to send signals, especially if they are compromised by a sophisticated intelligence agency or hackers. Even airplane mode isn't a defense, since the current version of Apple's iOS still keeps the GPS active while in that state.

"Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive," they write.

(pc-google images)
The pair, hence, suggest a device (a phone case) that plugs into the hardware and constantly scans to see whether is transmitting. Both Snowden and Huang plan to create a prototype of the device this year.

"As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time," they wrote. "If the prototype proves successful, The Freedom of the Press Foundation may move to seek the necessary funding to develop and maintain a supply chain. This would enable the FPF to deploy modified iPhone 6 devices for field service among journalists in high-risk situations."
Read more »

Kickass Torrents owner arrested


The U.S. Government has arrested the owner of the most popular torrent-sharing website in the world, Kickass Torrents, often called KAT. United States government has seized seven of its domains, following the arrest of its alleged owner, Atrem Vaulin, in Poland.

The 30-year-old Ukrainian was charged with criminal copyright infringement and money laundering. Exact details of Vaulin’s arrest were not available.

In a criminal complaint filed in U.S. District Court in Chicago on July 8, he is charged with conspiracy to commit criminal copyright infringement, conspiracy to commit money laundering, and two counts of criminal copyright infringement.

According to the U.S. Department of Justice website, "Vaulin is being charged “with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering and two counts of criminal copyright infringement.”

The statement also accuses Vaulin of stealing “more than $1 billion in profits from the U.S. entertainment industry.” The complaint said,website on the internet.”
“KAT receives more than 50 million unique visitors per month and is estimated to be the 69th most frequently visited

 Commenting on the announcement, Assistant Attorney General Leslie R. Caldwell said that“In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits.  His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice.”

There is no illegal content found on the site itself, but it provides download links for the unauthorized copies of content from other users’ computers.

Read more »

Former Air India employee held for hacking

A 23-year-old former Air India employee was arrested for allegedly hacking Air India's Frequent Flyer member accounts and using them to book tickets, and sold them to several travel agents.

Anitesh Giri Goswami, a BCA graduate from Pune was arrested from Jaipur. He has also worked with the Kingfisher Airlines.

Additional Commissioner of Police (Economic Offences Wing) Arun Kampani said that he was running the racket from Jodhpur.

"The accused was well versed with online ticket booking system and functioning of intranet and internet-based systems of Air India. He first understood the functioning of the ticketing system as well as the points/miles system of the airlines and then hacked into the Loyalty Plus programme website of Air India," he said.

Cyber Crime Cell of the Delhi Police's Economic Offences Wing (EOW)  received a complaint that alleged some persons were selling Air India tickets by redeeming of miles of genuine Flying Returns Members after hacking the Frequent Flyer members account.

After hacking into the system, he verified and upgraded hundreds of dormant accounts of Frequent Flyer members by allegedly uploading forged documents.

"Thereafter, the accused used these membership accounts and the Frequent Flyer miles/points accumulated in these accounts for booking airline tickets. These tickets were then sold to various travel/ticketing agents based in cities like Pune, Delhi, Jaipur and Mumbai," he said.

Read more »

If computers could replace judges


As every part of our lives became computerized, so did the law. Slowly, the rules and standards of a country were copied on the electronic form so as to not juggle with the heavy dusty books, whose papers are already worn out.

The move to electronic forms of information has been believed to be a momentous change in the law which is more significant than modes of writing from pencil to pen.

Technology turned the foundations of law upside down. Specific rules and broad standards, the two approaches through which law was applied for thousands of years have become obsolete. The day is not far when computers will also take up the work of judges, becoming the highest power of any democracy.

Even hospital treatment changed over the time. Micro-directives had replaced the broad standard controlling medical care: that a doctor aspire to act in a patient’s best interest. Though many rely on the machines for lack of trust on humans, it is notable that even machines can make mistakes but the blame does not fall directly on a specific person in this case. If a hand is lost while operating, the machine will be blamed and perhaps it’s inventor.

Similarly, if computers take on judges, it will be interesting how machine made mistakes can release criminal or pronounce a wrong judgment, for which the protests too cannot take place, after all machine can’t be blamed.

However, envisaged machines able to assemble data and produce predictive outcomes instantly, turning rules and standards upside down and replacing them with micro-directives were more responsive to circumstances, and rational.

What if a computer could tell it was okay to install a swimming pool in a remote location and if it poses danger to children, a fence should be erected?

 People have already started seeking answers about complex areas of tax, such as how to determine if a person is an employee or independent contractor, or whether an expenditure should be treated as current or depreciated—murky stuff that even tax authorities preferred coming from machines.

Students aspiring to work in investment management now routinely use machines to assess whether a shareholder in a firm that was sold through a leveraged buy-out would be retrospectively liable for a “fraudulent transfer” if the company subsequently collapsed, a risk that defied being addressed because it was so hard to measure.

Criminal law once revolved around externally observed facts. Then DNA evidence entered the picture. Now, cases often hinged on data about pulse rates, intoxication and location, drawn from the wristbands that replaced watches. It was much fairer—but creepy, because the facts came from perpetual monitoring.
Read more »

Increase in online drug market

Purchasing drugs in an open market is quite risky, but you can easily buy it online with full encryption and security making them almost impossible for law enforcement to track.

Though online drug market has a very small share in the sale of illicit drugs, they are growing fast and changing the scenario.

There are various online drug marts like Silk Road 3.0, Darknet, AlphaBay,Crypto, Dream Market ,Agora Marketplace, which will easily supply all illegal and banned drugs to your doorsteps. Online drug markets are part of the “dark web”, sites which are only accessible through browsers such as Tor, a highly encrypted browser.

According to the Global Drug Survey, an online study, the turnover has risen from an estimated $15m-17m in 2012 to $150m-180m in 2015. And the share of American drug-takers who have got high with the help of a website jumped from 8% in 2014 to 15% this year.

A secure dark web service like Sigaint, an email provider,  is used by buyers and sellers to contact each other, and encryption software such as Pretty Good Privacy (PGP). They use bitcoin, a digital currency that can be exchanged for the old-fashioned sort and that offers near-anonymity during a deal.

The Economist has studied the research and extracted some of the data from the resulting 1.5 terabytes of information for around 360,000 sales between December 2013 and July 2015 on Agora, Evolution and Silk Road 2.

In total the deals were worth around $50m. Marijuana was the most popular product, with around 38,000 sales. Legal drugs such as oxycodone and diazepam (Valium) were also popular.

"Some of the products cater to niche interests. You can consume “with a good conscious [sic]”, promises one vendor for his “ethically sourced” THC chocolate, which costs 13% more than the ordinary, immoral stuff. “Conflict-free” cocaine is also available for the humanitarian (or delusional) drug-taker. And “social” coke—a less pure version sold at a discount of 5-25%—is aimed at buyers who want to look lavish on a budget."

Read more »

World’s first hacking tournament to be held in Las Vegas

The Defense Advanced Research Projects Agency's (DARPA) Cyber Grand Challenge (CGC) finals will take place between the two of the biggest hacking conventions: Black Hat USA and DEF CON on 4 August in Las Vegas.

The goal of this tournament is to find out whether artificial intelligence-fueled machines can beat even the best meat-based hackers.

Mike Walker, a program manager for the CGC, told Tech Insider that "Cyber grand challenge is about bringing autonomy to the cyber domain. What we hope to see is proof that the entire security life cycle can be automated."

DARPA says that identifying new flaws and threats and then patching them takes a lot of the time, this needs to speed up, in the meantime, it gives an opportunity for the hackers to take the advantage of the flaw. “Discover, prove and fix software flaws in real-time, without any assistance.”

DARPA  is organizing the world’s first all-machine hacking tournament.

Seven finalist teams that will be competing at the security shows are bearing names such as Deep Red, Shellphish, and Forallsecure etc.

To gain an invitation to this final event finalists had fielded an autonomous system on June 3, that found and fixed enough vulnerabilities.

The payouts will be sizable: the first prize will be $2 million, while second and third will get $1 million and $750,000, respectively.
Read more »

Fake Pokemon Go App Infects Google Play Store

(pc-google images)
While Pokemon Go is creating waves around the world for gaming lovers, people with malicious intent are trying to reap as much benefits from it as they can.

According to a recent report by software security company ESET, a malicious gaming application has been found on the Google Play Store, claiming itself as the official source of “Pokemon Go,” while the game yet hasn’t released in India. This app promises to work on the lockscreen, but instead is installed as ‘PI Network’ on your phone.

Anyone who ran that app would find their phone completely frozen, forcing them to restart the phone by removing the battery. Once rebooted, the PI Network app seemed to disappear, however it continued running in the background and generating fake ad clicks, a report published in the Fortune said.

The Pokemon Go app uses the Global Positioning System (GPS) of the smartphone in conjunction with Google Maps. It places virtual creatures in real world locations that players need to find using the smartphone as screen as a guide.

The app, however, has been pulled off from Google Play, ESET reported. One can uninstall the app manually by going to their phone's application manager.

ESET also spotted several other malicious apps, including Install Pokemongo and Guide & Cheats for Pokémon GO.
Read more »

Cybersecurity flaw in 3D printing

A team of Indian-origin researchers has found cybersecurity risks in two aspects of 3D printing, that is printing orientation and insertion of fine defects.

In 3D printing,  Computer-Aided Drafting (CAD) files are by the designers that are used in the creation, modification, analysis, or optimization of a design.

“These are possible foci for attacks that could have a devastating impact on users of the end product, and economic impact in the form of recalls and lawsuits,” said Nikhil Gupta, from the New York University.

The designs cut the manufacturing Softwares into slices and orients the printer head. The printer then applies material in ultra-thin layers.The researchers reported that the orientation of the product during printing could make as much as a 25 per cent difference in its strength.

“Minus a clear directive from the design team, the best orientation for the printer is one that minimizes the use of material and maximizes the number of parts you can print in one operation,” he said.

“With the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain be aware of the unique challenges presented to avoid significant risk to the reliability of the product,” said Ramesh Karri, of NYU.

The researchers pointed  out that an attacker could hack into a printer that is connected to Internet to introduce internal defects as the component is being printed.

Also, sub-millimetre defects that can appear between printed layers with exposure to fatigue and the elements were found to be undetectable by common industrial monitoring techniques, the researchers said.

“With 3D printed components, such as metallic molds made for injection molding used in high temperature and pressure conditions, such defects may eventually cause failure,” Gupta said.

Read more »

Pokémon Go server hacked



Millions of people are crazy about Pokémon Go, but on Saturday users across the US and Europe found difficulty in logging into their account.

A hacking group, known as PoodleCorp,  has claimed responsibility on Twitter for taking down the Pokémon Go servers using a DDOS attack. This is the same group that claimed responsibility for a series of hacks on YouTube personalities’.

This morning the app got stuck on the loading screen for at least 10 minutes and were problems logging into account.

According to the Independent, the group used a DDOS attack, which floods the server with so many requests it cannot cope.

Thousands of people took to Twitter this afternoon to complain about the game freezing and refusing to log in.

There is 86%  increase in share price of Nintendo in a week

Read more »

Ubuntu Linux Forum Hacked, Exposes 2 Million Users' Data

(pc-google images)
Popular Derbian-based Linux operating system (OS) Ubuntu's user forums have been hacked with over two million user details stolen that includes usernames, email addresses, and IP addresses.

Ubuntu is one of the the most popular Linux distribution systems used for PCs, smartphones and network servers.

Canonical, the firm that builds and develops Ubuntu, said the attackers had the ability to read any table in the database, but the company believes they only read from the “user” table, which means the attackers shouldn’t have access to forums accounts with higher privileges.

Canonical CEO Jane Silber explains: “We were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.”

To fix the situation, Canonical backed up its servers and then used a clean version of the vBulletin forums software with the latest security patch to restore the Ubuntu Forums. Although the company said it doesn’t think the attackers gained system-level access, it reset all of the system and database passwords. It also installed ModSecurity, a web application firewall, to prevent similar attacks in the future.
Read more »

Airtel behind CloudFlare's mystery interception of site traffic across India

Airtel  has been capitalising, sniffing and intercepting ALL unencrypted traffic in sites tended by DDOS-buster CloudFlare.

CloudFlare engineers had an emergency meeting to investigate into the matter. They have verified claims that traffic to their customer sites is being intercepted.

When you try to visit to the intercepted websites then you are redirected to an Airtel page which reads that the "requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India".

Some of the CloudFlare's websites which are redirected  include those run by political dissidents, hacking forums, and piracy sites.

According to the India-based developer Abhay Rana (@captn3m0) and security researcher Shantanu Goel (@shantanugoel)  Pirate Bay traffic interception which they suspected might be because of the cooperation between CloudFlare and the Indian Government.

CloudFlare founder Matthew Prince told The Register that, "The company concluded a meeting less than an hour ago and says there are no security flaws on its side, but that the company was blind-sided by the interception."
.
Prince says that the attacks occurred at their Chennai and New Delhi data centres but not at their Mumbai centre.

"It appears to only affect traffic that is being passed over an unencrypted link," Prince says.

"Whatever the system is that is looking for the requests might not be installed in Mumbai, we don't know, but it appears to be triggered off the host header in requests.

"It suggests there is some system that is running either at the edge of India's network or within AirTel that is at least conducting infection of host headers in requests."

Prince says the company is examining "all traffic" to locate other affected customer sites, but did not name impacted clients.

CloudFlare contacted AirTel representatives and  they were not aware of the interception.

In May, CloudFlare asked their customers to install its free certificate.

Read more »
Subscribe to: Comments (Atom)