Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Online booter services to be tackled by Push

An FBI study has suggested that youngsters are behind many web attacks. The study scrutinized ‘booter’ providers that perform denial of service assaults.
The research presented at the Black Hat security conference investigated carrying out of assaults and sought to determine their operators.
It comes quickly after work by cost companies and safety researchers to make it more durable to run booters.
The name ‘booter’ was obtained as they were used by gamers to knock opponent’s offline who had bettered them in an online battle, said FBI special agent, Elliott Peterson. Since then many had diversified to offer "stresser" services that attempt to overwhelm a target website with data which is known as a distributed denial of service (DDoS) attack.
Though the attacks are run by cyber gangs situated in Eastern Europe, the people behind the booters and stressers are located somewhere else.
The research involved paying many providers to attack a target website and then observing whether that booter did what it claimed to be able to do. Prices vary but the lowest tier of attacks is less than $20 (£15).

FBI noted that none of the booters lived up to their claims of bombarding a site with hundreds of gigabits of data per second.
Many services advertise on forums where hackers gather but few were good at concealing information for investigators.
The not so sophisticated young operators have a lot of paying customers.
Payment for booter and stresser attacks are often collected via Paypal.
Prof Damon McCoy from the New York University, who has also researched these services, has collaborated with Paypal in an attempt to stop one service getting paid via the payment firm's network.
Read more »

Yahoo Investigates Massive Breach of 200 Million Accounts

(pc-Google Images)
Yahoo is investigating a massive data breach after the apparent user names, passwords and birth dates of up to 200 million users appeared for sale online. The information is being sold by a hacker known as "Peace" for three bitcoins, or about $1,860.

A Yahoo spokesperson said: "We are aware of a claim. We are committed to protecting the security of our users' information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."

Motherboard, which first reported the alleged breach, said it was able to acquire a sampling of some of the information for sale and found most actually correspond to accounts on the service.

"When [we] attempted to contact over 100 of the addresses in the sample set, many returned as undeliverable," said Motherboard's report. "'This account has been disabled or discontinued,' read one autoresponse to many of the e-mails that failed to deliver properly, while others read 'This user doesn’t have a yahoo.com account."

'Peace' admitted that the data was most likely from 2012, and there's a good chance that the information might have been collated from other hacks.
Read more »

Julian Assange: Wikileaks "Working On" Hacking Trump’s Tax Returns

Was it just a joke? When Wikileaks founder Julian Assange told Bill Maher during an interview with Real Time  that his organization is working on hacking into Donald Trump’s tax returns.

“Well, we’re working on it," Assange said, on Friday night when "Real Time" host Bill Maher asked whether WikiLeaks was looking to target Trump and his tax returns.

However, WikiLeaks denied that they were trying to hack Trump's tax returns, dismissing Assange’s comments as "a joke."

"WikiLeaks isn't 'working on' hacking Trump's tax returns. A claim is a joke from a comedy show. We are 'working on' encouraging whistleblowers," the group’s account tweeted.

The GOP presidential nominee Donald Trump has declined to release his tax returns publically. While it gave an opportunity to his opposition accusing him of having a connection with Russia.

Trump's campaign chief Paul Manafort said last month the GOP nominee has "said that his taxes are under audit and he will not be releasing them."

"It has nothing to do with Russia, it has nothing to do with any country other than the United States and his normal tax auditing process," Manafort said.

Last month, nearly 20,000 emails from officials at the Democratic National Committee (DNC) were released by WikiLeaks.


Read more »

Tech-Savvy Highly Prone To ID Theft, Reveals Experian

(pc-google images)
In a recent study by credit checking service Experian, it was revealed that nearly one in four people targeted by identity theft attempts in 2015 were highly tech-savvy users of mobile and social media.

It was discovered in the research that the most prolific users of mobile and social technology, making up 7.7 percent of the UK population, accounted for 23 percent of all ID fraud victims in 2015.

The next biggest rise in identity theft was among older and retired households, predominantly living in rural communities. This group makes up 1.6 percent of the UK population, with a rise in fraud of 15.4 percent year-on-year.

"These people are being targeted through phone and email scams by fraudsters trying to steal their details. They tend to be less aware of the types of scams fraudsters undertake, who can be very manipulative and sound trustworthy on the phone. The sole rule is to never give out personal details, passwords or Pins to anyone, whether it is on the phone or by email.” said Nick Mothershaw, a fraud expert from Experian.

Mothershaw said it is vital that those embracing technology also embrace protecting themselves online. "Using the latest device doesn't necessarily mean full protection, and being complacent about the risk of ID theft makes for a tempting target for ID fraudsters.” he added.

(pc-google images)
Here are some tips from Experian to avoid becoming a victim of fraud:

• Have unique, secure passwords for each online account with a combination of upper and lower case letters, numbers and symbols
• Keep up-to-date with the latest antivirus and newest versions of apps on all devices
• Be cautious about the information you post on social media such as email address, date of birth and family pet names, especially if they're used as passwords. Also think twice before adding someone you don't know to your network.
• Lock your device with a passcode or a gesture to prevent access
• Be wary of unexpected, irrelevant mail as it could be a sign of ID fraud particularly mail outside of the usual purchasing sphere
• Check your credit report to see if credit has been applied for under false pretences
Read more »

Iran First To Ban Pokemon Go, Cites Security Concerns

(pc-google images)
Iran has become the first country to officially banned Pokemon Go, the smash hit reality game that has taken the world by storm in recent months.

The Iranian High Council of Virtual Spaces , the official body that oversees online activity , has prohibited the use of the highly popular app game citing ‘security reasons’.

Although many countries and officials have expressed security concerns over the wildly popular game, Iran is the first country to introduce an official ban of Pokémon Go. Some countries, like Indonesia, have placed partial bans on the game.

Pokemon Go’s dramatic rise to popularity after it was first released last month has caused a spike in security fears after a number of reported phone robberies were linked to the game.

This is not the first time a video game has been banned in Iran, but despite the strict Internet restrictions, some fans have said that they managed to access the game in Iran using VPNs.

Reports had earlier said that Iranian authorities were waiting to see to what extent the game's creators would co-operate with them before making a decision on banning it.

"We had a communication through email with the developers of Pokemon Go and with the issue that if the game wants to come to the Iranian market it has to pass through the filtering of the National Foundation of Computer Games along with their cooperation, otherwise we have to filter and block this game in our market," Hasan Karimi Ghodosi, the director of the National Foundation for Computer Games told Mehr News Agency in July, run by the Islamic Ideology Dissemination Organization.

“The NFCG had two conditions for the game's creators to roll out the game in Iran - the game's data servers must be located in Iran and any tagged locations within the game would need to be coordinated with the NFCG to avoid including any locations that may be of national security concern”, said Ghodosi.

Middle East nations like Kuwait and the United Arab Emirates have cautioned fans against the security dangers of playing Pokemon Go. The Israeli military has also reportedly forbidden its troops and officers from playing the game stating cybersecurity concerns and fearing the leakage of sensitive information and base locations. The Indonesian government is looking to issue a ban on playing the game stating that the game makes damages the minds of children and makes them lazy.
Read more »

Kabali Superstar 'Rajinikanth's' Twitter Account Hacked !

As he basks in the success of his latest release ‘Kabali’, a rather shocking incident came to the forefront when Superstar Rajinikanth’s daughter Aishwarya revealed that his Twitter account was reportedly hacked on August 2nd and later retrieved.

Aishwarya wrote, “@superstarrajini appa’s account was hacked..handle retrieved. Thank you all :) #All s Well.” (sic)

(pc-google images)
Reports said that his official Twitter handle @superstarrajini tweeted “Rajinikanth #HitToKill”, which came as a shock for Thalaiva’s fans. The account had been hacked by an unidentified techie.

The hackers modified his account to follow more number of people, and displayed their pictures and Twitter handles. Rajinikanth reportedly followed celebrities like Kamal Haasan,Aamir Khan, Shah Rukh Khan, Kabali's director Pa Ranjith, Kabali's producer Kalai Puli S Thanu and publicist Riaz Ahmed. The stars were later unfollowed.

Rajinikanth, who joined Twitter on February 2013, now has over three million followers.
Read more »

Hackers stole more than 30 Jeeps

A duo of computer geeks who had digitally hijacked a Jeep over a year ago  have again hacked but this time with a twist.

In 2015, automotive cybersecurity researchers Charlie Miller and Chris Valasek hacked cars and disable its brakes when it was going below five miles per hour, prompting Chrysler to later recall 1.4 million vehicles.

According to news report, hackers used a laptop and pirated software to steal more than 30 Jeeps and Dodges.

Investigators told ABC 13 that police has arrested two men suspected of hacking into and then stealing the vehicles. They used to hook the laptop to the cars, and then used pirated software.


Fiat Chrysler said in a statement to USA TODAY: "while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles."

"It is highly unlikely that this exploit could be possible through the USB port if the vehicle software were still at the latest level," the statement read.

Fiat Chrysler had launched a "bug bounty" program last year, or a place for cybersecurity researchers to disclose vulnerabilities, rather than showcase them publicly.
Read more »

Google fights piracy through ContentID


Google has figured out a way to deal with thousands of piracy and copyright issues with its YouTube focused automated identification system, ContentID for audio and video, though visual artwork still remains a challenge.
Google’s piracy solutions are premised on the notion that piracy happens when consumer demand exceeds legitimate supply.
With its 2014 edition of ‘How Google Fights Piracy’ report, it claims to combat a piracy challenge which includes YouTube, search results and its Google Play/Music services, among others.
According to Google's transparency report, it received 88,168,206 copyright removal or takedown requests for search in July over 2.8 million requests a day.
Although Google has stepped up its anti-piracy efforts, one can still see thousands of copyright infringing clips from movies or TV shows. Despite being uploaded by individuals with no affiliation with the copyright holders, the media hasn’t been removed. Instead, members of Google’s Content ID Program can use those clips to generate ad revenue, with user’s getting to see free content or use the content to make their videos.

If a person uploads an original video or audio to You-Tube, Google will create a "fingerprint" or unique ID for the upload. Members of the Content ID program submit the copyrighted works that they want the Content ID program to track. Each day, Google searches over 400 years worth of videos looking for any content that match the member’s submissions. When one of found, the member is notified. The member can then either ask for the work to be removed or instead, leave the content intact and run ads against it. The Content ID Program currently has 500 members, with the majority having decided that monetizing the infringements is better than banning the content. YouTube's ContentID system handles 98% of content management on YouTube with over $2 billion paid to program members since 2007.
More than 1 billion unique visitors visit YouTube each month, and they collectively watch more than 6 billion hours of video. Obviously, some portion of this user-generated content likely will contain some copyrighted content so Google’s strategy has been their ContentID system, which not only allows for anti-piracy measures but also monetization.
Read more »

Pokemon Go creators face lawsuit over trespassing


A New Jersey man has filed a lawsuit against the makers of the popular location-based augmented reality game, ‘Pokemon Go’ for placing the virtual creatures on his property without permission which caused players trespassing on private property.

The first suit against game makers Niantic, Nintendo, and The Pokémon Company, was filed by Jeffrey Marder in Northern California’s U.S. District Court after strangers lingered outside his house with their phones in hand in West Orange with at least five people knocking on his door and asking for access in order to "catch" a Pokémon. The lawsuit claimed the game's developer, Niantic, “made unauthorized use” of his and other people’s properties by placing PokeStops and Pokemon Gyms, virtual meeting points key to playing the game thus encouraged "Pokemon Go’s millions of players to make unwanted incursions onto the properties" of him and others who may have been affected.

Nintendo and The Pokemon Company were also named as defendants in the lawsuit because of their interest in the Pokemon brand.

The game uses Smartphone’s' cameras and GPS capabilities to superimpose creatures known as Pokemon, as well as meeting points like PokeStops and Pokemon Gyms, over real-world imagery and maps. A player's objective is to capture Pokemon by travelling around on foot. It has lead to official requests around the world for people to be kept away from locations for safety or sensitivity reasons.

The suit seeks class action status for others who have had Pokemon stops and gyms placed on their property.

"Defendants have shown a flagrant disregard for the foreseeable consequences of populating the real world with virtual Pokémon without seeking the permission of property owners," the lawsuit filed by Marder's attorney Jennifer Pafiti reads.

Released on 6 July in the U.S. and later in Europe and other parts, the smartphone game has become a global phenomenon. Some countries, including Brazil and India, are still waiting for the game's official launch.

The lawsuit filed by Marder also mentions several other homeowners, movie theaters and even historical landmarks, expressing concerns over their sites being tagged by Niantic as "Pokestops" or "Pokémon Gyms.

There have been reports of the game's drawing people to sensitive locations. In July, the United States Holocaust Memorial Museum in Washington, D.C., asked people to stop playing the game inside the facility. Hiroshima Peace Memorial Park in Japan has also asked to be removed from Pokemon Go. The former concentration camp of Auschwitz, where millions of people were killed by the Nazis, has also banned the game.
Read more »

Privacy concern while playing Pokemon Go


Within few days of its release, Pokémon Go has been a huge hit among the gamers, but security bloggers are concerned about the security of the users.

The game is free to download, and requests for permission not only to uses smartphone camera and location data but also to gain full access to the user’s Google accounts — including email, calendars, photos, stored documents and any other data associated with the login.

Because of this critics have issued an alert and called the game a “huge security risk” that is invading people’s privacy.

Whereas,  its maker Niantic said, "The expansive permission requests were 'erroneous' and that Pokémon Go did not use anything from players’ accounts other than basic Google profile information. Niantic also said it was working on a fix to change the permissions to a level that would be in line with the data that we actually access."

“A number of these games are not only making money by selling you the game, they’re also collecting data about your habits and selling that to third-party marketers,” said Andrew Storms, vice president of security services at the security company New Context.

So to minimise the security risks that come with some apps, here are some information  on how to safeguard private information.

Read the Fine Print

Ari  Rubinstein, a Silicon Valley security engineer, says during installation most of the software's asks for the access request if you don't feel comfortable then turn down those requests,  if you are unsure about the permissions you have already granted, check them on iOS by clicking on Settings.

You just don't worry about permissions, but also need to worry about the data shared.

 Regularly audit third-party apps

According to the Rubinstein, as most of the apps use platforms like Facebook and Google to authenticate accounts, regularly check the access you have granted through the settings.
Read more »

Indian researchers work on establishing human robot communication

With the increasing use of robots in every sphere of life, it becomes utmost important to establish proper communication between humans and robots.

 A team of researchers of Speech and Audio (SAG) at Indian Institute of Science (IISC), Bengaluru have been working towards enhancing Human and Robot communication to which they call it as ‘HUBOT’. The research aims to obtain better response from robots to given commands. This team is led by Dr. T.V Sreenivas, Professor at the Department of Electronics and Communication Engineering. He leads the research activities of SAG.

There are different kinds of robots with different programmes. While human beings can differentiate between various sounds, it is difficult for robots to do the same. This is a major obstacle in human-robot interactions.

The researchers are actively engaged in enhancing Hubot communication. The techniques used to enable Hubot communication includes voice and word recognition and gross localisation of sound.

The setup required to effectively capture the data needed involves the use of multiple microphones which are used to capture the data from the surrounding environment after which it will be processed in a suitable form to give the required response to the robot.

The team has developed several techniques which work to make Hubot communication more effective. One of these is the Y-Array technique which works in an indoor environment to localise and track moving source. Another technique involves the use of multiple rotating microphones on the robot. This method has given satisfactory results which have further enhanced the efficiency of HUBOT communication.

Digital Signal Processing techniques and properties of speech signals are studied by the SAG in order to overcome the existing difficulties in human-robot voice based interactions. A lot of processing steps are involved to make the robot behave in a certain way in the considered environment and the foremost step is to analyse real life situation or physical problem faced by it after which it will convert problem into mathematical form and written as algorithm.

The team is working on challenges which must be addressed before Hubot can be considered perfect.
Read more »
Subscribe to: Comments (Atom)