Thursday 23 June 2016

The TOR Project is working closely with security researchers to implement a new technique to secure the TOR Browser against the FBI’s de-anonymization exploits. Called “Selfrando”, this technique will fight the FBI’s “Code Reuse” exploits and create a “hardened” version of TOR.
The tussle between TOR and the FBI dates way back to this privacy suite’s initial days. TOR might be a solid pal in keeping your online life private, but the FBI has managed to breach this security layer from time-to-time. The FBI is known to be involved in a fair share of efforts made to uncover TOR’s privacy layers.
Such developments have been made public in recent time, thanks to numerous court cases that tell us about FBI’s hacking tools like Network Investigative Technique (NIT). Another similar set of allegations were made by the TOR Director who accused the FBI of spending $1 Million on TOR-hacking research being carried out at the Carnegie Mellon University.
According to a new paper, TOR is working closely with security researchers to develop a new version of the TOR browser. This new and “hardened” version of TOR will come with new techniques to defeat hacking attempts by the FBI and other government agencies.
Called “Selfrando“, the researchers are using a technique to avert the web browser exploits being used by the FBI. This new method will fight the FBI’s “Code Reuse” exploits. It’s a way to utilize the memory leak and make use of code libraries that are already present in the browser.

In simpler words, Code Reuse develops malware inside a software’s memory by rearranging stuff and avoids the tougher task of injecting new notorious code.
workflow of selfrando tor
To fight this technique, Selfrando creates a random address space for application’s codes and makes the exploit tougher. This technique aims to replace Firefox’s standard address space layout randomization (ASLR) techniques.
This means that after this development and a new version of Selfrando-equipped TOR, it would be difficult for the law enforcement agencies to hack into a TOR-enabled system.
It’s pleasing to see that the researcher community is partnering with the TOR Project to make our web a safer place.

Tuesday 14 June 2016

                         MICROSOFT BUYS LINKEDIN FOR 26.2 BILLIION
Microsoft is buying professional social network LinkedIn for $26.2 billion. This is one of the biggest deals in Microsoft’s history that will be completed by the end of this year.
Microsoft has announced that it’s acquiring LinkedIn for $26 billion. The companies have entered into an agreement that values LinkedIn’s at $196 per share.After this agreement, Jeff Weiner will remain LinkedIn’s CEO, reporting to Microsoft’s CEO Satya Nadella.
LinkedIn is the world’s largest professional network that is a well-known brand. The announcement also mentions that LinkedIn will continue to maintain its “distinct brand, culture, and independence”.
Here’s what Satya Nadella had to say about this deal:
The LinkedIn team has grown a fantastic business centered on connecting the world’s professionals. Together we can accelerate the growth of LinkedIn, as well as Microsoft Office 365 and Dynamics as we seek to empower every person and organization on the planet.
About the agreement, Jeff Weiner said:
Just as we have changed the way the world connects to opportunity, this relationship with Microsoft, and the combination of their cloud and LinkedIn’s network, now gives us a chance to also change the way the world works.
After this deal, LinkedIn’s share prices saw a hike of 50 percent. This deal, one of the biggest in Microsoft’s history, is expected to be completed by the end of this calendar year.

Why is Microsoft acquiring LinkedIn?

This answer could be easily found if we take a look at Nadella’s internal memo. By acquiring this key tool used by professionals, Microsoft has got access to more than 433 million members.
Keeping in view Microsoft’s stride in the enterprise world, this deals matches closely with the services it provides. This also gives Cortana the power to provide contextual services to professionals and making things easier.


This trick will free more storage in your iPhone without deleting a thing

If you are an owner of an iPhone, clearing storage space is a constant concern for people with iPhones. It can be a fight to keep deleting apps and pictures to try and keep freeing up space, whether it’s to install the latest software update or to download new apps, particularly when they don’t come with expandable storage, and have limited amount of free iCloud storage, and still, understandably, produce units with only 16 GB of space.
In this article, we show quick and easy tips you can use to clear the temporary files (cache)from your phone, leaving you with more storage.
You can see the trick in action in this video from YouTuber iTwe4kz titled “one weird trick” garbage.

Let’s go through the full process that was tested on an iPhone 6 Plus.
This method works best if you have less than 1GB of storage left. The iPhone 6 Plus had only had 479 MB of internal storage available. Open Settings > General > Storage & iCloud Usage to check how much you have left.
Open the iTunes Store, select Films and attempt to rent a lengthy film. For this article, the movie Creed has been used for demonstration. However, you can use any movie with a file size that exceeds your available storage. You may think of choosing a long movie like Gone with the Wind or the extended cut of The Lord of the Rings: The Return of the King.
Unfortunately, iTunes doesn’t seem to carry Logistics, the longest movie ever made (clocking in at an unimaginable 857 hours).
When you click on Rent HD Movie, a notification will appear warning you the file is too big to download. Don’t worry, you won’t be charged anything for this.
Open up Settings > General > Storage & iCloud again to find out how much space you have. It gave 68MB of cleared up space. This successfully clears the temporary files created while you are using apps, like videos buffering on YouTube or tweets loading on Twitter. This method clears them as a handy side effect, as there’s no direct way to delete them from an iPhone.
The best thing about this trick is that it can be repeated multiple times. After repeating the process seven more times before it outdid, it left a total of 3.5GB of available space — 3GB more than started with.
You may have to carry out this trick a different number of times depending on what type of apps and files you have on your iPhone. Just continue doing it until you are not clearing out any more space.
The storage space will remain available even if you reboot your phone. It’s not precisely clear which files are being removed from your phone, but it’s probably the notorious “other” files that can take over your iPhone’s storage.
LIKE US ON FACEBOOK               

Sunday 12 June 2016

Google Fixes A High-Severity Browser PDF Vulnerability in Chrome

Google patched a high-severity vulnerability in the Chrome browser which allows attackers to execute code on targeted systems using a PDF exploit.
It was Cisco researchers who figured out that a specially crafted PDF document with an embedded jpeg2000 image file within Google’s Chrome default PDF viewer ( PDFium ) keeps users at high risk.
The attack can be performed with ease by the attacker. The vulnerability can be used by attacker in such a way that he places a malicious code inside the PDF file and place it in a website. Then victims are redirected using phishing emails or even malvertising, according to the  Cisco Talos team. They gave a technical description of the vulnerability publicly disclosed on Thursday.
The information on the bug was reported to Google on May 19 and Google managed to ship an updated version of Chrome (51.0.2704.63) on May 25 which fixed the flaw in the browser. Usually Google updates browser code automatically, but if the updates are to be installed users must restart their Chrome browser.
According to the Common Vulnerabilities and Exposures description, the vulnerability is classified as a high-risk and heap-based buffer overflow vulnerability. The flaw is present in the Chrome before he update 51.0.2704.63.
All git versions in the open source community which used PDFium are also vulnerable, according to Cisco Talos. Foxit Software, which developed the PDF rendering engine which is vulnerable in Chrome browser, also patched its git PDFium version at the same time, Cisco Talos said.
The PDFium component  was added to the Chrome browser by Google in 2014 as part of its open-source software library project. It’s not clearly known for how long the PDFium vulnerability has existed or if it has been exploited in a real world attack.
According to a Google blog post, the PDFium exploit (CVE-2016-1681) was discovered by a researcher from Talos called Aleksandar Nikolic who was awarded $3,000 for the discovery through Google’s bug bounty program, according to a Google

Rule 41: Bitcoiners, Torrenters, And TOR Users — FBI Can Catch You With A Single Warrant

The internet world for Bitcoiners using TOR is soon to be in a situation of curfew. The reason behind is a new “update” to the Rule 41 of the Federal Crime Procedure which will take effect on December 1 unless the Congress stands as a barricade in between.
The amendment approved by the Supreme Court will allow the FBI to gain access to any computer with a single warrant. All they need to do is prove that the device is hiding behind a cover i.e. concealing its location by using software like TOR. More precisely, it seems that they are buying a new set of weapons to destroy the world of TOR.
Earlier, the situation was that if FBI had to gain access to any device, they would have to get a warrant from the district court of that place. Now, they have come up with an all-in-one package to carry on their crime fighting activities. Also, they can access your device even if you’re not the one involved in any criminal activity at all, you might be a victim.
The people who use Bitcoin will be affected as the FBI will be after them as soon as they try to anonymize themselves on the TOR network. And not only the Bitcoiners, the people who bypass digital boundaries to watch censored content or download copyrighted media using Bittorrent will also be affected. The ones who use VPN services to watch Netflix shows, all of them may be the target. So, it’s time to think before doing any actions that would break the cover between you and the FBI.
 The change seemingly means that the limit on warrants is excused in any instance where a Virtual Private Network (VPN) is set up. Banks, online retailers, communications providers and other businesses around the world commonly use VPNs to help keep their networks and users’ information secure. A VPN can obscure the actual location of a network, however, and thus could be subject to a remote search warrant where it would not have been otherwise,” – posted Richard Salgado, Legal Director, Law Enforcement and Information Security at Google.
Google opposed the “said” amendment by making an official comment on a federal web platform. The language used in the update to Rule 41 doesn’t guarantee any solid assurance that the new rule will be applicable in geographical boundaries of the United States. “Even if the intent of the proposed change is to permit U.S. authorities to obtain a warrant to directly access and retrieve data only from computers and devices within the U.S., there is nothing in the proposed change to Rule 41 that would prevent access to computers and devices worldwide,” – said Salgado
The prime reason that concerns the masses is the breach of digital security and the user privacy. Personal data of millions of internet users around the world will be enjoyed by the FBI guys over a cup of coffee and peanut butter sandwich. It is the Congress which can be the hero in this movie.
“Happily, there is Congressional push back. H.R.5321 – the Stopping Mass Hacking Act (SMH or, in internet terms “Shaking My Head”) – was just introduced into the House. The Senate version, S.2952, is also in play,” – reports Bitcoin News.
FBI’s hatred for the onion network has been a long time affair trending on various mediums worldwide. Although not literally mentioned, it seems as if the amendment has been brought into existence for ransacking the anonymous realm of TOR. Also, we have seen how they tried to force Apple to unlock an iPhone and the childish questions they asked to prove their point. All we can do is wait and watch, what actions are taken by the Congress in the upcoming months.

A simple tutorial on how to perform DoS attack using ping of death using CMD:

Disclaimer: This is just for educational purposes. It’s nothing great but you can use it to learn.
Here are the steps:
  • Open Notepad
  • Copy the following text on the notepad
ping <IP Address> -l 65500 -w 1 -n 1
goto :loop
In the above command, replace <IP Address> with an IP address.
  • Save the Notepad with any name. Let’s say dos.txt
  • Right click on the dos.txt and click on rename.
  • Change the extension from .txt to .bat
  • So, now the file name should be dos.bat
  • Double click on it and you will see a command prompt running with a lot of pings.

Here is why you should not share important private links on Facebook Messenger

Next time you share a private confidential link to your friends and colleagues on Facebook Messenger App, a Facebook developer could be watching it.
A security researcher, Inti De Ceukelaire has published a detailed post how Facebook developers can spy on private links in Facebook Messenger. De Ceukelaire found that through the right API call he could summon links shared by specific FB  users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app.
De Ceukelaire found that the developers could access any link that could be popular news story or a link to some private website meant only for the reader. The developers can see the links once they’re shared in private messages, they’re logged in Facebook’s database, and accessible to API calls.
The bug allows only legitimate FB developers to spy on the private links in messenger and could not be exploited by unwanted hackers says De Ceukelaire.
De Ceukelaire was only able to make the API call because he’s registered as a Facebook developer. If he had tried to make simultaneous calls for pulling links of many users, FB would have quickly noticed and put a stop to it. Still it is a serious bug according De Ceukelaire who says it  could create several problems for Facebook users

Friday 10 June 2016

syntaxdb programming syntax search  SyntaxDB calls itself a programming syntax database that wishes to eliminate the need to use Google to search syntax during coding. It allows you to search your syntax queries and shows you helpful results along with further documentation. Currently, SyntaxDB supports nine popular programming languages.
Very often programmers new to the field ask if is it okay to use Google and Stack Overflow to look up some syntax. The answer is yes — searching the web is a routine task of a good developer and its frequency even increases with time. Using Google doesn’t make you a bad programmer. Instead, it makes you even better at it and teaches you new things.To make things even easier for programmers, Anthony Nguyen, a software developer studying at Queen’s University, has created SyntaxDB.
This website calls itself the programming syntax database and allows you to search your required query. Nguyen calls it helpful for those who often visit Google to look for their programming related queries.
The website’s home page is very simple and plain. You just need to enter a language or a concept, and it starts showing relevant suggestions. As soon as you hit enter, a search result page is shown to address your query.
Once you click on a concept, you are shown a small definition and syntax along with some related notes and examples. In the right sidebar, there are links to the official documentations for more help.
syntaxdb programming syntax search 12
Currently, SyntaxDB supports 9 languages — Java, C, C++, C#, Python, Ruby, JavaScript, Swift, and Go.
SyntaxDB also offers integrations with DuckDuckGo, Slack, and Visual Studio Code to make coding easier. There’s also an API available that lets you write your own integration.
In future, the website plans to provide more plugins for code editors and increase the size of the database and the number of programming languages.
 like our page
 Avast performed well this year with decent virus removal and good real-time protection. For whatever reason getting both of these things right is a problem for most products this year.

For our first battery of tests, we first installed Avast Pro onto each test PC. Next, after temporarily disabling Avast, we installed a host of malware on our testing PCs including, trojans, viruses, adware, rogueware, etc.

Then, we activated Avast Pro Antivirus and ran a full-system scan to see if Avast would effectively clean and/or remove the malware we'd installed.

Halfway through the scans, Avast prompted us to run a boot scan on some of the test PCs. This was very surprising—pleasantly so—since a boot scan is a way to scan your system before Windows runs.

It's a good way to prevent most malware from launching in the first place. This is a clever move by Avast. And it's one no other antivirus software we tested did as part of the clean-up action.

The down side is, a boot scan takes a very, very long time to run.

Invariably, this kind of thing seems to happen when you least have the time to spare to let it run, but it's a small price to pay compared to having malware festering on your system.

  • Avast Pro Antivirus 2016
    Avast Box

In the end, Avast did a really good job with virus removal, cleaning up the majority of threats off our PCs. There were small handsful of foreign adware left behind on some of the test PCs, but given that the nastiest threats were all caught, it's virus removal can safely be called, "very good."

One strange thing was that Avast claimed to have found zero threats. Not one... even though it obviously got most of them. Puzzling.

We put this question to different Avast reps and got different answers each time, but no one had a definitive solution.

As for real-time protection, Avast did well here, too. With a fresh install of Windows and Avast Pro Antivirus 2016 on each test PC, we attempted to download and install our multiple malware sets. Avast instantly started deleting them one by one before we could even open them. Those that we could open were blocked before we could install them.

Avast then prompted us (again) for boot scans on the test computers, which (again) took some time to run.

After a reboot, our PCs were almost as good as new... almost. About 35% of the malware samples remaining in our 'Downloads' folder, but Avast blocked them when we tried to launch them.

And, there were still some desktop icons remaining and the occasional adware program running.

We'd prefer to see the malware quarantined or it and the icons deleted outright, but all-in-all, it was a very respectable performance by Avast.

During our phishing tests, Avast didn't do as well, where it missed just under a third of the phishing sites we visited.

One thing to note, which we didn't care for: a special browser antiphishing add-on needs to be installed first.

It's easy to see given the bad reputation browser add-ons have these days how some users might neglect to install it.

Avast should be able to identify phishing sites without the add-on. It's a weakness in an otherwise good performance from Avast.

  • Very good virus removal
  • Very good realtime protection
  • Significantly improved interface
  • Expensive so-so tech support
  • download the avast licesense files here 

Anonymous using pornbots to bombard thousands of ISIS affiliated Twitter accounts with porn

The online hacktivist group, Anonymous has a new weapon against ISIS and its supporters Twitter accounts. Swarm and flood their Twitter accounts with porn. For this operation, the Anonymous are reportedly using bots called pornbots.
According to reports, the Twitter accounts of ISIS supporters have been bombarded with thousands of graphic sexual images.  The images they post are deemed highly offensive to ISIS supporters as they follow a strict version of Islam. The pornbots do not tweet but have explicit images as their DP causing discernment to ISIS followers.
Online ISIS supporters have been bombarded with thousands of graphic sexual images after being followed by hundreds of 'pornbots'
According to a report on Mirror, the pornbot hackers have targeted Twitter accounts which uses known ISIS hashtags. Among the accounts to be targeted were the Amaq, ISIS media agency, who were bombarded by pornbots before their account was disabled.
It is unclear who has carried out the hacking of the ISIS accounts by the porn profiles, which has forced some militants to make their social media private
The pornbots did not spare a Twitter account run by a Frenchman, who has praised the deaths of journalists in Syria and Iraq. Immediately within hours of his ‘praise’ he found himself having around 800 such pornbots as followers.
Anonymous has been forefront in finding and reporting Twitter and Facebook accounts belonging to ISIS supporters. It had announced an operation called #OpISIS after the gruesome killings of Charlie Hebdo employees in Paris and terrorist attacks in Brussels, and declared that it would target ISIS and its supporters online.
In the video released online, a member of the group appeared in Guy Fawkes/V for Vendetta mask and vowed to continue the online campaign against the Syria-based terrorists.
In the video the Anonymous spokesperson states  ‘We have silenced thousands of Twitter accounts directly linked to ISIS. We severely punish Daesh on the darknet, hacked their electronic portfolio and stolen money from the terrorists. We have laid siege to your propaganda websites, tested them with our cyber attacks, however we will not rest as long as terrorists continue their actions around the world. We will strike back against them… we will defend the rights of freedom and tolerance.”

like our page foe more follow the link

MOTO Z WORLD'S SLIMMEST PHONE For its 2016 flagship devices, Lenovo has decided to ditch the 3.5mm headphone jack in favour of USB Type-C. In the form of Moto Z, the company has unveiled the world’s thinnest premium smartphone with a metallic body. Lenovo has also launched its big brother Moto Z Force with a bigger battery and unbreakable Moto Shattersheild.
Motorola is here with its 2016 flagship smartphone Moto Z. This phone comes in two variants and marks a visible shift in Motorola’s design approach.At the Tech World 2016, Lenovo, Motorola’s parent company, left its mark by launching the world’s thinnest premium smartphone loaded with powerful specifications. Following the modular philosophy, Lenovo has also launched a series of accessories and modules that can be attached to it magnetically.
Called Moto Mods, these swappable backs bring many new features to the phone in the form of battery packs, projector, JBL speakers etc.
If you ignore the camera bump, Moto Z is just 5.2mm thick. As phones thinner than Moto Z exist and they include a 3.5mm jack, we exactly don’t know why Lenovo chose this path.
While Lenovo calls it a step to bring better audio quality with more clearity via USB-C, it could be seen as a way to compete with its rival LeEco that made similar change in its 2016 releases.
Whatever might be the case, Motorola has managed to beat Apple in this no-3.5mm-headphone-jack race. It’s expected that in iPhone 7, iPhone-maker will be replacing the universally accepted jack with its Lightning connector.
Moto Z JBL speaker mod
Moto Z JBL speaker mod
The other features of Moto Z include a metallic body with a 1440p 5.5-inch AMOLED screen, a Snapdragon 820 processor, 4GB RAM, 32/64GB storage options plus a MicroSD card slot.
The photography enthusiasts can enjoy a 13MP rear camera with laser autofocus and OIS, and a 5MP wide angle lens with flash for clicking selfies.
Other features of the world’s thinnest premium smartphone include water-repellant coating, fingerprint sensor, 2600mAh battery, and USB Type-C.
Moto Z’s big brother Moto Z Force comes with Moto Shattersheild, which is an unbreakable plastic cover. It features a slightly thicker body and a 3500mAh battery.
like our page foe more follow the link

CLOSED SOURCE ANDROID COMINGIn order to create a proprietary closed-source version of Android, Google is working on a secret project, according to technology analyst Richard Windsor. He claims that Google is doing so to bring faster updates to Android operating system and add more features to its Nexus smartphones.
To take control of the Android in a much bigger way, Google is reportedly working on a proprietary version of the mobile operating system.According to the claims of a technology analyst Richard Windsor, Google is working on a highly confidential internal project to rewrite the ART runtime to scrape the dependencies from the code base in AOSP (Android Open Source Project).
The reason behind this step lies in the problem with pushing the updates via the means of OEMs. Unlike Apple’s iOS that pushes its updates rapidly, it takes years for Google to update the Android devices.
For example, it took a long period of 2 years for Android L to overtake Android K. iOS achieves the same in 2-3 months.
“Google won’t admit this a problem. Internally they’re aware it’s a problem,” Windsor adds.
Windsor hints at Google’s intention to take the complete control of Android software to bring more functionality to its Nexus line of devices. To bring some important changes like battery drainage, some code changes are needed and this could be achieved with a proprietary version of Android OS.
It’s being predicted that in later phases of the Oracle vs. Google case over the fair use of Java APIs, Oracle might win the battle. This would provide Google the excuse it needs. Google might simply say that “we were forced to do it” and announce a proprietary Android version at Google I/O 2017.
If a proprietary closed-source version of Android hits the market, it’ll have great impact on the mobile industry and open source advocates.
We have contacted Google for more information about the same and we’ll be updating the article if we get something more.
What are your views regarding this rumored development? Don’t forget to drop your feedback in the comments section below.
Like our facebook page

Tuesday 7 June 2016

Facebook CEO, Mark Zuckerberg’s Pinterest, Twitter, LinkedIn accounts hacked

Facebook CEO Mark Zuckerberg is in the news once again, but for all the reasons. This time is because of his social networking accounts which were hacked by hackers.
A hacker group named OurMine Team with 41,000 followers on Twitter have claimed to have gained access of Zuckerberg’s Twitter, LinkedIn, Pinterest and Instagram account on Sunday. However, the group left his Facebook page intact. He has become the latest high-profile victim of an embarrassing hack attack. OurMine is reportedly a group of teenage hackers based in Saudi Arabia.
The group claimed responsibility for the high-profile hacking in a tweet and invited Mr Zuckerberg to contact them.

“Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm us.”
The team also wrote from Zuckerberg’s Twitter page.
“Hey @finkd, you were in Linkedin Database with the password ‘dadada’ !”
On the other hand, on his Pinterest, the new title was “Hacked by OurMine Team.”

In a deleted tweet, the group claimed it also breached Zuckerberg’s Instagram — which Facebook owns — claiming it was “just testing your security.”
Zuckberg’s Twitter account, which had not been active since 2012, was briefly taken offline but later returned with the tweets from the alleged hackers having been deleted.
The OurMine Twitter account has since been suspended and Zuckerberg’s Pinterest page has been restored.
While the group claimed to have hacked Zuckerberg’s Instagram account @zuck, there is no evidence that the page was breached.
Using Zuckerberg’s Twitter account, the hackers announced that they accessed his accounts because they found his password “dadada” in the details of stolen LinkedIn accounts of more than 164 million people that were leaked online last month.
The hacker group also bragged about breaching into several high-profile accounts on its now-suspended Twitter, including Bill Gates.
Zuckerberg is the latest in a rash of recent celebrity hacks. This isn’t the only high-profile leak with Tenacious D’s Twitter falling victim to a death hoax on Sunday. Also, recently artist Katy Perry’s Twitter account was hacked as well.
If the hackers claim is true, Zuckerberg seems to have broken the golden rule of passwords: never use a password more than once. Zuckerberg went with a ultra insecure password ‘dadada’ even when security experts preach us to use high security passwords.
Perhaps Zuckerberg went with “dadada” because it reminded him of the first few notes of the Thunderbirds theme, or a trumpet call, or the 1982 hit by German band Trio “Da Da Da I Don’t Love You You Don’t Love Me Aha Aha Aha”. Or maybe the guy just has daddy issues.
Poor passwords are one of the major reasons for data breaches. A Scottish student announced last week he hacked into North Korea’s version of Facebook using the password “password”.
When asked for comments Twitter declined to comment while Facebook, Pinterest, Instagram and LinkedIn are yet to respond.
follow us on facebook by liking our page

Researchers discover the most hackable countries on the Internet

Some of the richest and most developed nations are at the extreme risk of hacks and cyberattacks partly because they have more unsafe systems connected to the internet, according to security researchers. The databases contain important personal information, including passwords.
In its latest research published Monday, Security firm Rapid7 said that several Western nations are putting competitiveness and business ahead of security, and that will have “dire consequences” for some of the world’s largest economies, the report said.
Top countries that offer insecure services
The researchers pointed to an association between a nation’s gross domestic product (GDP) and its internet “presence,” with the exposure of unsafe, plaintext services, which virtually anyone can simply interrupt.
Some of the most unprotected countries on the internet today include Australia (ranked fourth), China (ranked fifth), France (13th), the US (14th), Russia (19th) and the UK (23rd).
Top 20 protocols and ports scanned
Belgium is the leader in the rankings as the most exposed country on the internet, with almost one-third of all systems and devices exposed to the internet.
“Every service we searched for, it came back in the millions,” said Tod Beardsley, Senior Security Research Manager at Rapid7, who co-authored the report and spoke on the phone to ZDNet last week.
“Everything came back from two million to 20 million systems,” he said.
‘Failure’ Of Modern Internet Engineering
As for the largest culprits, there were over 11 million systems with direct access to relational databases, about 4.7 million networked systems that were categorized as the most commonly attacked port, and 4.5 million apparent printer services.
A networking relic from the Cold War era was the one that hovered above them all.
Dissecting the example, Beardsley said the on-going extensive use of a decades-old, obsolete and unsafe networking protocol would prove his point. Quoting the research, he said that scans disclosed that there are over 14 million devices still using old-fashioned, unsafe, plaintext Telnet for remotely getting access to files and servers.
It was “encouraging” to see Secure Shell (SSH), its modern replacement, triumph over Telnet not least because given the choice, it’s far simpler to use that makes the switch much easier, Beardsley said.
However, he said it was annoying to see millions nonetheless vacate their systems wide open to hackers and nation-state attackers.
Echoing similar feelings from the report, he said that the high exposure rates are a “failure” of modern internet engineering.
“Despite calls from… virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design. Cleartext protocols ‘just work,’ and security concerns are doggedly secondary,” said the paper.
The research is a good starting point to check if there are other factors that finds out if GDP impacts the exposure rate, said Beardsley. However, they stressed that additional work needed to be done and the research was just a footing stone for further work.
“There are a million questions I have — I could talk for an hour,” he said.
Source: ZDNet

Sunday 5 June 2016

GhostShell hacker back with a bang, leaks 36 million user records from 110 misconfigured MangoDB servers

Twenty-four-year-old Romanian hacker GhostShell has returned with yet another leak of 36 million user records obtained from 110 misconfigured MongoDB servers, of which 3.6 million also include passwords. The hacker was in the news couple of months ago for doxing himself.
The hacker announced the data leak on Twitter and posted a link to a PasteBin URL where he wrote that the leak was aimed at raising awareness “about what happens when you decide not to even add a username and password as root or check for open ports.” The users also can find a statement regarding his reasons behind the hack, screenshots from all the hacked servers, and several links from where users can download the data.
The hacker added that most system administrators “don’t bother checking for open ports on their newly configured servers,” which can lead to anyone infiltrating the network and managing their internal data without any interference. You don’t even have to elevate your privileges, you just connect and have total access. You can create new databases, delete existing ones, alter data, and so much more.”
The download package is a 598 MB ZIP file, which when decompressed sizes up to 5.6 GB of data containing 110 folders named based on the hacked server’s IP. Each of these folders contains a screenshot as proof of the hacker’s access to the server, a text file with information about the hacked server, and the complete database dump.
The data includes user information such as real names, usernames, email addresses, passwords, gender, browser information, geolocation info, information about the user’s smartphone model, API credentials, social media details, and even avatar images.
In his statements, GhostShell says that he only used simple scanners like Shodan to reveal these databases. The hacker explains Project Vori Dazel, as he names his recent MongoDB hacking spree, as a public protest against poor security practices.
GhostShell says that all the databases he accessed had no username or password for the root account and had a large number of open ports.
According to a report by ZNet, security researcher Lee Johnston of Cyber War News discovered 626,000 unique email addresses as part of the data dump, which included over 1,300 government addresses from the US Department of Homeland Security, the IRS, the FBI, the FAA and the US Navy.
GhostShell also revealed that around 140,000 exclusive email addresses from one of the databases included information on “the top IT of the most wealthy corporations from the US”, such as Apple, Microsoft and IBM.
All these hacks from GhostShell are part of his Light Hacktivism campaign, which flourishes on finding and uncovering susceptibilities and poor security practices in order to have them modified. Earlier, the hacker also embarked on a more aggressive campaign called Dark Hacktivism. However, the hacker this time around has an issue with companies that deploy MongoDB without safeguarding them properly.