Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Social media rescued Erdogan’s government

Hours after the attempted coup began, Turkey's defiant president Tayyip Erdogan appealed to the supporters to take to streets and confront the rebels. He addressed the nation from a smartphone and not from the back of a tank.

This affected the supporters so much so that they wrapped themselves in the national colours to celebrate the thwarting of the coup.

“This is not a 12-hour affair,” Erdogan told his followers, urging them to stay out on the streets. For the ruling AKP, it was a time to celebrate.

It was an extraordinary moment which tells why Erdogan is still in power, and why thousands of soldiers are now behind the bars.

By last night, more than 6,000 members of the armed forces and the judiciary – all of them suspected supporters of the attempted putsch had been arrested. At a rally, Erdogan supporters demanded execution of coup leaders to which the President assured them of considering a proposal to bring back the death penalty.

The crowd was agitated as the coup had inflicted a lot of human and material loss that night. Some 265 people were killed in the chaos of July 15 night, while a number of government buildings, notably in Ankara, were extensively damaged.

The coup failed for a number of reasons, the main among them being broader military support and failure of gaining public and political support. They also failed in how to get their message across.

The coup seemed a success initially when rebel troops sealed off Istanbul's bridges over the Bosphorus, surrounded the city's Ataturk airport, stationed tanks outside the presidential palace in Ankara and raided major news organisations but they failed to understand the significance of social media.

While journalists made last minute broadcasting and statements on social media showing their support to help democracy, it was Erdogan's message that proved most important and which, combined with similar statements from other senior Turkish politicians, showed the country's democratic leadership was safe and well.

Till the time Erdogan flew back to Istanbul, thousands had defied the curfew, lying down in front of tanks to halt their movement.

Even if coup organisers had controlled traditional media, they could not stop people accessing news on social media and messaging platforms.

There was a two-hour period of social media throttling during the uprising but no full internet blackout probably because it worked as an advantage for government.

Erdogan even sent a nationwide text out asking people to stand up for democracy, a trick lost on the faction responsible.

The coup plotters clearly used pre internet rules to take over the government While they needed something more modern and tech-savy.

The biggest irony of the situation was that Erdogan’s government was saved by the same tool which came under attack under his rule.

Erdogan once vowed to "wipe out" Twitter, after the platform helped mobilise mass protests in 2013.
Read more »

Russian Government websites hacked

Cyber attack has hit the Russian government bodies websites by a "professional" hackers,  the country's intelligence service agency, Federal Security Service (FSB)  says.

According to the FSB,  a "cyber-spying virus" was found in the networks of about 20 organisations.

The attack came just after Russia was accused over data breaches involving the Democratic Party in the US.

The FSB  has denied to name the one who is responsible for hacking Russian networks, but said the latest hack resembled "much-spoken-about" cyber-spying, without elaborating.

 The hack looks like it had been "planned and made professionally", and targeted state organisations, scientific and defence companies, as well as "country's critically important infrastructures".

"The malware allowed those responsible to switch on cameras and microphones within the computer, take screenshots and track what was being typed by monitoring keyboard strokes," the FSB said.


Read more »

WhatsApp Chats Never Really Get Deleted, Says Security Researcher

Most popular messaging app ‘WhatsApp’ doesn’t really deletes your chats, says researcher Jonathan Zdziarski. Zdziarski claims that the chats on WhatsApp are never removed,even after users have hit the delete button.

Zdziarski found that the message leaves a forensic trace of the logs which could be used to recover it in its original form. "The latest version of the app tested leaves forensic trace of all of your chats, even after you've deleted, cleared, or archived them... even if you 'Clear All Chats', he said in a post.

Zdziarski said that ,"To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the 'Clear All Chats' function in WhatsApp. None of these deletions or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.”

The issue of data privacy is even more prominent for users of iPhone. Zdziarski said during a backup, WhatsApp's chat database gets copied to users' iCloud backup (on desktop as well) from the iPhone. This then leaves a user's WhatsApp data open to law enforcement warrants.

Zdziarski suggests that the only way to completely remove all traces of chats is to remove the app entirely from the phone.
Read more »

Osram's 'Smart' Lightify Bulbs Susceptible To Hacking

If you think those smart light bulbs installed in your homes are just carrying out the task of lighting, then you might not be all correct. Those bulbs may just be giving access to your home network’s security, creating cracks that hackers can slip through to press attacks.

Security researchers at Rapid7 have found flaws in Osram’s Lightify light bulbs that could give attackers access to a home wi-fi network, and potentially operate the lights without permission. Rapid 7 has discovered nine vulnerabilities in the Home and Pro range and reported them to the manufacturer.

“Nine issues affecting the Home or Pro versions of Osram Lightify were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the web management console, to operational command execution on the devices themselves without authentication,” security firm Rapid7 said in vulnerability report posted earlier this month.

(pc-google images)
Osram's Lightify range features internet-connected light bulbs that can be controlled using a smartphone app. In the vulnerabilities found, hackers could exploit the flaws to identify your network’s password, steal or change your PC’s data, launch browser-based attacks against you, or even seize control of your lights. In addition, the smart bulbs' relatively short eight-character passwords could also be cracked quite easily, giving another possibility for hackers to explore.

On the brighter side, Osram plans to patch the majority of the flaws in an August update. In a statement, Osram said: "Since being notified about the vulnerabilities identified by Rapid7, Osram has taken actions to analyse, validate and implement a risk-based remediation strategy.”

Osram said that it is in ongoing coordination with the ZigBee Alliance in relation to known and newly discovered vulnerabilities.
Read more »

Yahoo Saves A Copy Of Your Deleted Emails !

(PC-GOOGLE IMAGES)
If you think your emails are taken out of your account permanently after being deleted, then you are not entirely correct. Yahoo's 'auto-save' feature saves a copy of emails even after they have been deleted from Trash and Draft.

A US judge has granted a motion forcing Yahoo to explain how exactly it is able to recover emails that have been deleted from a user's inbox. The motion has been granted as part of a convicted UK drug trafficker Russell Knaggs’ appeal to try to get evidence against him thrown out of court by arguing that the information was illegally obtained by Yahoo.

Knaggs, convicted in 2012 and jailed for 20 years, is now trying to get his conviction overturned by taking Yahoo to court in the US, claiming that the email provider was using an NSA-style real-time interception technology to bulk collect data, which contravenes privacy laws in the UK.

Yahoo is ordered to present a witness and provide documents on how the email retention system works, as well as a copy of the software's source code and instruction manuals used by email provider’s staff on how to retrieve the emails.

Yahoo said that it is able to recover the emails via its "auto-save" feature, which creates snapshots of an email account preserving its contents at a certain date, and that it provided law enforcement from the Yahoo account used by Knagg and his accomplice.

(PC-GOOGLE IMAGES)
Yahoo's Compliance Guide For Law Enforcement states:
Yahoo! retains a user's incoming mail as long as the user chooses to store such messages in their mail folders and the user's email account remains active. Yahoo! retains a user's sent mail only if the user sets their email account options to save sent mail and has not subsequently deleted specific messages. Once the trash folder has been emptied, which usually occurs automatically within 24 hours of when the user has placed messages in the trash folder, Yahoo! will be unable to search for and produce deleted emails. Yahoo! may set an email account to inactive status and delete all account contents after at least four (4) months of inactivity.

Whatsoever the issue turns out to be, if the emails are retrieved by Yahoo ; then there is simply no guarantee of online service from the service. Yahoo has until the end of August to respond.
Read more »

After 'Erdogan Emails', WikiLeaks Reveals Info Of Turkish Women

(pc-google images)
After publishing the ‘Erdogan Emails’ amidst the failed military coup in Turkey, whistleblowing platform WikiLeaks has now revealed the personal detail of every woman in the country. WikiLeaks has been criticised for tweeting a link to archives holding personal and sensitive data of 'every female voter in 79 out of 81 provinces in Turkey'.

According to Turkish academic and reporter Zeynep Tufekci, the site also linked to the personal details of hundreds of thousands of women on the electoral register via their social media accounts.

( Zeynep Tufecki, pc-google images)
In an article in the Huffington Post, Tufekci asserted: "[WikiLeaks] posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.”

"If these women are members of Erdogan's ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practising a range of basic rights and accessing services. The Istanbul file alone contains more than a million women's private information, and there are 79 files, with most including information of many hundreds of thousands of women."

Tufekci claims she confirmed the legitimacy of these files by asking "dozens of friends and family members" about the accuracy of the leaked data. Many, she said, said it contained "correct private information."

Giving a warning to WikiLeaks supporters, Tufekci concluded: ‘I hope that people remember this story when they report about a country without checking with anyone who speaks the language; when they support unaccountable, massive, unfiltered leaks without teaming up with responsible parties like journalists and ethical activists; and when they wonder why so many people around the world are wary of “internet freedom” when it can mean indiscriminate victimisation and senseless violations of privacy.’

After publishing the article – which has been widely shared on social media – Tufekci was blocked by the WikiLeaks Twitter account.
Read more »

TechCrunch hacked for security check

Famous tech site, TechCrunch became the latest victim of hacker group, OurMine.

The group describes itself as ‘an elite hacker group known for many hacks showing vulnerabilities in major systems’. For quite some time they’ve been famous for compromising high profile celebrity Twitter accounts and the DDoS-ing of hot properties like Pokemon Go.

 OurMine Security gained publishing access to Verizon-owned site, which uses the popular content management system Wordpress, and posted its now infamous message. Rather than completely defacing the site, OurMine chose instead to simply post a news story to indicate that the CMS had been breached.

The group said that it hacked the site to check its security. A post on the site under the byline of Seattle-based writer Devin Coldewey said: “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.” The story appeared at the top of TechCrunch with a big, highly-noticeable red banner.

 The OurMine posting appeared at around 5:10 pm but was removed within two hours. It was still showing in Google’s index and cache at the time of writing. It did not take TechCrunch long to notice and remove the story.

Multi-factor authentication is the ground level security for any news organization. TechCrunch admits that re-used passwords must have been instrumental to this hack. Sharing passwords between sites and services is the worst.
Read more »

Clash Of Kings Breach Leaks 1.6 Million Accounts

(pc-google images)
The official forum of the popular ‘clash of kings’ game has been hacked and the hacker has reportedly stolen 1.6 million user accounts.

The data breach has revealed the names, email addresses, IP addresses, facebook data and access tokens. In addition, password details are stored in the breached database in a salted and hashed form.

According to the hacker, Clash of Kings forum was using an old version of vBulletin dated back to 2013 and the forum also didn’t have any HTTPS encryption making things easy for the attacker.

For instance, if a hacker now knows that you are a fan of Clash of Kings and a member of the forum it is easy to imagine that they might be tempted into sending out tailored email messages to users, perhaps tricking them into revealing their passwords through phishing attacks or luring them into clicking on links which might lead to malware.

There has been no official statement from the Clash of Kings forum yet. The forum is currently offline and under maintenance.
Read more »

Russia behind DNC’s cyber attack


Is Vladimir V. Putin trying to meddle in the American presidential election?

US officials said the suspected Russian hack of the Democratic National Committee last month was part of Russian cyber attacks aimed at political organizations and academic think tanks in Washington.

Until Friday, the Russians being behind the hack were only whispered but the release of some 20,000 stolen emails from DNC’s computer servers has intensified discussion of the role of Russian intelligence agencies in disrupting the 2016 campaign.

That hack dominated the news space on the eve of the Democratic convention. The emails disclosed by WikiLeaks show DNC chairwoman, Debbie Wasserman Schultz, plotting to undermine the campaign of Senator Bernie Sanders, confirming the worst suspicions of the left flank of the party. She resigned from her post after the revelation on Sunday.

The FBI is investigating the DNC hack and has sent experts to meet with the Republican National Committee, as well as the major campaigns, to discuss their security measures. The bureau has been working with political organizations and think tanks to put more resources into the security of DNC’s computer networks.

“The software code seen from the hack had all the telltale signs of being Russian, including code re-used from attacks,” said Bob Gourley, a former chief technology officer for the Defense Intelligence Agency and now the co-founder and partner Cognitio, a cyber security consultancy.

When the hack of the DNC was first disclosed in June, the security firm Crowdstrike also pointed to the Russians. Crowdstrike investigated the incident for the Democratic party and concluded it was the same actor that penetrated the State Department, White House and Pentagon unclassified systems in 2015.

Trump told The New York Times in an interview last week that if he's elected the US President, he wouldn't defend NATO allies against Russian aggression if they haven't "fulfilled their obligation to us." Until Trump, no Republican presidential nominee has questioned the U.S. mutual-defense commitment enshrined in NATO.

Over the weekend, the Trump and Clinton campaigns traded accusations on the issue.

Trump's son, Donald Trump Jr., denied that his father's campaign had anything to do with encouraging Russians to hack the DNC. The party officials have also denied any involvement in the case.

The question is of who benefits. While Clinton implemented a reset in relations with Russia when she was secretary of state, she has since soured on Moscow. When Russian irregulars invaded Ukraine in 2014, she compared Putin to Hitler.

Whether the thefts were ordered by Putin or just carried out by apparatchiks, who thought they might please him, is just a guess till now. It may take months, or years, to figure out the motives of those who stole the emails and the commanding force behind the actions but the theft from the national committee would be among the most important state-sponsored hacks yet of an American organization, rivaled only by the attacks on the Office of Personnel Management by state-sponsored Chinese hackers, and the attack on Sony Pictures Entertainment, which President Barack Obama blamed on North Korea.
Read more »

A man sentenced in celebrity hacking case

A federal judge had sentenced a man to six months in federal prison for hacking into hundreds of Apple and Google accounts and stealing explicit photos from several unidentified celebrities.

According to the U.S. attorney's office in Los Angeles, U.S. District Judge John A. Kronstadt also issued a $3,000 fine to the accused, Andrew Helton, a 29-year-old resident of Portland.

Helton pleaded guilty in March for stealing 161 nude or explicit photos from 13 people. Authorities have said they do not believe any of the images he stole were publicly released.

"For more than two years, defendant Andrew Helton targeted, baited, and hooked unsuspecting victims with his phishing e-mails," Assistant United States Attorney Stephanie S. Christensen wrote in a filing urging Kronstadt to sentence Helton to at least a year in prison. "He targeted strangers, acquaintances, and celebrities alike. He trolled through their private e-mail accounts, accessing the most private of communications. He systematically pilfered nude and intimate images of his victims and stored them for personal use."

His attorney defended him that he should not receive a prison sentence because the phishing technique he used was not technologically sophisticated, and his arrest forced him to confront his mental health issues and change his life.

"For the last ... five years or so, I've been a dead man walking, so to speak," Helton said at the outset of lengthy comments about how his arrest changed his life.

"Mental illness took over my life and surrounded everything," Helton said. Court filings noted he was diagnosed with bipolar disorder after his arrest in 2013 and has been receiving treatment ever since.

He said for the first time in his life, he can envision a future and wants to help people.

Read more »

Turkey Blocks WikiLeaks After Erdogan Emails Go Online

(pc-google images)
Turkey has blocked its residents from accessing WikiLeaks website after it dumped nearly 300,000 emails from President Recep Tayyip Erdogan's ruling party AKP online.

The leaked documents, which are being called the 'Erdogan Emails’, were obtained a week before Turkey saw an attempted coup to overthrow Erdogan that resulted in almost 300 deaths. As a result WikiLeaks moved forward its publication schedule in response to the government's post-coup purges. WikiLeaks added that that the source of the emails was not connected to the coup plotters or to a rival political party or state.

(pc-google images)
The emails date from 2010 to 6 July this year. The nature and content of the "emails associated with the domain are mostly used for dealing with the world, as opposed to the most sensitive internal matters" says the official WikiLeaks website.

Although these won't contain President Erdogan's top-secret personal emails, there are masses of correspondence between party members to highlight the dynamic of the AKP and their political agendas.

Wikileaks said on Twitter that Turks who are blocked from accessing its website can "use a proxy or any of our IPs" to get access to the documents on Turkey's ruling party.

The Turkish government has previously banned access to websites deemed to be carrying material critical of Turkey, including YouTube and Twitter.
Read more »
Subscribe to: Comments (Atom)