ProxyBack - A malware that turns PC into Proxy.

             In this cyber world if the user is not educated enough and caught in then all dirty jobs can be done in the name of the infected user. Recently a malware has been spotted which validates the point.

            Actually in many countries some websites are blocked as per their Government order and even in many organisations website blocking happens. In order to remove the barrier and access the blocked sites, proxy softwares are used.

             That proxy will create a tunnel and gives access to the blocked sites. There are many providers who provides this service for free or as paid service.

             A malware has been identified by Palo Alto Network security researchers that was named as #ProxyBack that makes the infected computer into a proxy for attackers and thus all the traffic will be redirected through the PC.

             A computer if infected will be given a unique ID and then the attacker will communicate with the compromised machine through HTTP requests. It has been noted that till there are 11000 compromised PCs nearly.

            The infection count increases and this shows the user negligence towards security of their own systems. This malware is not used to hide the location of the attacker but to use the blocked sites.

P.S: The post is to create awareness and not to create any negative impact.

Microsoft backup Encryption Key on its server.

             Microsoft released its latest version of its operating system with the feature of encrypting the whole disk (Don't confuse it with Bitlocker). Recently it has been stated that Microsoft backs up the encryption keys on its server.

              Microsoft if installed will encrypt the whole disk and the encryption key will be saved in their server as a backup option. This can possess a serious threat if

Any rogue insider can misuse it.
Any spy agencies can access the data with the backed up keys if allowed.
If Microsoft is hacked then the damage may be on large scale.

               There is option available to stop the machine from sending the keys to Microsoft server and it can be achieved by

Turn off the Bitlocker (This will decrypt the entire disk)
Turn on Bitlocker again
Then it will ask you whether to send the data or not (Do not select "Save to your Microsoft Account").

                 The reason turning off and turning on again will make the backed up key of no use and we are using a fresh key and then we are telling not to store it in Microsoft Account.

                 If you want to delete the keys that are stored already in Microsoft server then you can login  to your Microsoft Account. Then you will find the recovery keys backed up. Store them locally into your machine and then delete them.

                 Before making any changes ensure you know what you are doing as this may lead to some damage if misused. The Author is NOT RESPONSIBLE for any damage occured due to the execution of this article.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft wants Governments to install Windows 10.

                Microsoft's latest operating system #Windows 10 does not hit the mark as expected and there has been many strategies followed by Microsoft to promote their product. Recently they released a statement stating the Government can use #Windows 10.

                 Microsoft recently stated that all world Government can install Windows 10 as it provides security, flexibility, speed, efficiency and control than other platforms available.

                 They also stated that the performance with same hardware is 30 percent faster than Windows 7 and also providing improved power management and hardware acceleration.

                 They also supports Microsoft Cortana and also Edge to increase the efficiency and for security they are having Credential guard, Device guard and Windows Hello.

                  They also stated that it provides flexibility to the IoT enabled components and also they stated that with the latest update the operating system is ready for enterprise deployment.

                   You can find the official post from Microsoft regarding this here.

P.S: The post is to create awareness and not to create any negative impact.

WhatsApp Free video calling feature.

              WhatsApp has been used by billions of people for messaging and also for photo sharing and has provided many more features to its user. Recently there has been a leaked photos that reveals the feature yet to come in WhatsApp.

               Many users of WhatsApp wants a video calling feature eventhough there are many video calling applications out there. It has been a news that spreads which states that WhatsApp is working on it and will reveal the feature in near future.

                Recently there has been some leaked photographs that indicated that WhatsApp is working on video calling feature and it has been in testing stage now.

                 WhatsApp is supposed to provide the video calling feature at free of cost if connected to the Internet through either Wi-Fi or through any subscribed tariff from service provider.

                  There has been no official news from WhatsApp about the new video calling feature and the users has to wait to receive the official confimation and if it has been released then the user will get the official upgrade from WhatsApp and do not believe in hoax message stating upgrade.

P.S : The post is to create awareness and not to be misused.

Temporary ban for Facebook Free Internet Service.

            Facebook introduced a concept of providing free internet to the users of India and it has been restricted to the reliance subscription users and can access few sites for free. Recently TRAI has temporarily banned the free service offered in India.

            There has been many problems ever since the concept of #Net Neutrality has been came to focus and now Facebook announced the free internet in the name of internet.org and the fact is that Reliance users can access to some portals for free.

             The actual reason for banning the service in India is that if it comes into action then the Facebook messenger will be the one used by many users and then the competitors can compete which obviously violates the Net Neutrality concept in India.

              Thus TRAI (Telecom Regulatory Authority of India) temporarily banned the Facebook's free internet services to the users in India. Facebook has been asked to detail the act.

               Few days back Facebook also made its users to send an automated mail to TRAI supporting for Free Internet services in India which then has been noted as "Accidental" action by Facebook.

               There has been many statement that there has been access to Internet free services for users still TRAI bans the service according to sources.

P.S : The post is to create awareness and not to create any negative impact.

Crash WhatsApp by sending Smileys.

         WhatsApp is one such messaging application that has been used by millions of users and many also gets addicted to it. Few months back there has been a bug that causes the WhatsApp to crash and Recently it has been found that WhatsApp can be crashed in other way out.

          #WhatsApp application can be crashed by sending around 4000 smileys to the recipient and by sending such an enormous amount of text it causes the recipient's #WhatsApp application to crash and will terminate.

            Indrajeet Bhuyan, an independent security researcher noticed this bug and has reported it to the WhatsApp team and they are yet to patch it. 

            By sending 4000 smileys will make the application not responding in both the web browser and also in mobile as an application.

            The crash affected more than one billion users and the crash has been noticed as success in the following versions

Android for Mobile - Marshmallow, Kitkat and Lollipop.
Web Browser - Chrome, Opera and also in Firefox browsers.

            If you are in doubt that you are a victim of this bug then you have to remove the whole conversation and the video demonstration can be found here.

P.S : The post is to create awareness and not to be misused.

AirBar - Turn Non-touch screen to Touch Screen.

          Due to the revolution in electronic devices, there has been a greater demand for touch screen and now all the devices are being shipped with Touch screen but many cant afford for Touch screen. Recently a company came up with a idea of turning a non touch screen into a touch screen device.

          Actually working of #Touch screen devices is that it will detect the pressure changes from the user and then it will sense the area and the corresponding action will be carried out accordingly and due to the implementation the touch screen devices are priced high which many cant afford.

          Swedish Company #Neonode has brought a new device known as #AirBar which will transform the non touch screen into a touch screen device and the AirBar is a small plug and touch bar that attaches magnetically to the bottom of the device screen.

          It can be USB powered and it will emit invisible light across screen that can be used to track the user movements and gestures. The movements and the gestures will be transferred to the input and thus converting into touch screen.

          As like Touch Screen, user can pinch, zoom, scroll and also perform many other operations that can be performed with a touch screen.

          The product is now available at $49 and is available for Windows 8, 10 and chromebook and OS X support is yet to arrive. The video demo of #AirBar can be seen here.

P.S : The post is to create awareness and not to be misused.

My one day experience with an imposter.

           In this post i am not gonna post any security news but something very important. It is true that Hacking is a state of art which is still a hidden world to many people but dont let others to fool you just by doing a magic before you.

            Few days back I had been to a competition and then came a person who proclaimed himself as #Cyber Security Analyst, #Malware Analyst, #Cyber Detective and many more. 

            Then came his session in which he stated that he will Crack Windows 10 security within 30 seconds and then came demo part. 

He inserted a OFFLINE REGISTRY / LM hash editor Live boot CD and booted the system.
It is a menu driven application and then he just removed SAM file and rebooted.
Without SAM file what the innocent operating system will do ? It will allow user to have access
Then he said yay i cracked Win 10 authentication mechanism.

            A Technical person can understand this very well and for other let me explain this with similar example. Consider you are buying X company phone you yourself delete the photo that resides in the device and then you are saying to X company that you are responsible its your flaw. Got it ?

            This is the real state and i was agitated to the core and many have no knowledge in cyber security field, dont take advantage of that and earn money. You will be just a goat that leads an army of lion. 

             People must be aware enough to see whether the speaker is an imposter or really a stuffed person until then this shit will happen always. There are many person wandering who self proclaims themselves as #Cyber Security Expert / Analyst. Dont spoil the credit of that prestigious positions.

P.S : The post is based on my real experience and not to create any negative impact.

Hacking Linux with just 28 Key Strokes.

              One of the operating system kernel that has to be considered to be secure to some extent is #Linux till date and now a serious flaw has been found in its operation. 

              Security researcher found that the Linux login screen can be bypassed with just #28 Key Strokes and they too are the same key "#BackSpace". Yup by pressing Backspace key for 28 times will allow you to bypass the login screen.

              This is not at a kernel fault and this happens in #Grub Loader (Grand Unified Bootloader) popularly used by Linux versions. It was due to the underflow that resides in #grub_password_get() function.

              It resides in Grub2 version 1.98 and it has been reported to them and once the login screen appears if the attacker follow this he /she will be entered into Grub Rescue shell with which all the files can be accessed.

               The vulnerability has been patched by the vendor and the distros based on Debain Ubunutu and RedHat are yet to patch it. You can find the patch here.

                User who are running Linux are advised to patch it immediately if you are concerned about your data.

P.S : The post is to create awareness and not to be misused.

Hacker Friendly Search Engine.

         In cyber space there is a hidden world exists and is commonly known as #Deep web, what we use are referred to as #Surface web which constitutes only 4 percent of total Internet as per statistics. Recently a new search engine has been developed that is hacker friendly.

        For exploiting the Deep web the normal search engine wont help for that specialized tools and search engines should be used. #Shodan is one such search engine that has been used to find the vulnerable devices and also for scanning purposes.

        #IoT (Internet of Things) evolves at a rapid rate and due to which many vulnerabilities arises. Many manufacturers and many users use hardcoded cryptographic key which allows anyone to spy through the device.

         There has been many hacks in recent days involving hacking #CCTV and #Baby monitors in hospitals and now even toys. The newly developed search engine #Censys powered by the search engine giant #Google is used to find all the vulnerable devices connected to Internet.

         If any device is about to be connected to Internet it will act as a door to your network and this search engine #Censys uses two components such as #Zmap and #Zgrab.

          Zmap is an open source network scanner and #Zgrab is an application layer scanner and this can be used by any hacker to find vulnerable devices at one stop.

          #Censys can provide details about the devices through which many zombies can be formed and also it causes damage to the users in worst way. Users are requested to secure their devices before connecting them to Internet.

P.S : The post is to create awareness and not to be misused.

100 Million times faster computer.

          There has been many researches carried out in the field of #Quantum computing to reduce the time taken for the traditional PC to give a solution for any complex calculations. Recently #Google has developed a computer that was much faster than the traditional computer.

           The main idea behind the #Quantum computing is that instead of bits (0 or 1) used to represent data #Qubits can be used to represent 0 or 1 or both at the same time. This will significantly reduce the computing time and also increases the accuracy of result.

           The Mountain View giant #Google with NASA has developed a #D-Wave 2X Quantum computer that can solve the complex problems at very high speed and accuracy.

            Google Quantum AI team released the results of the Quantum computer result and is that Quantum computers are 100 million times faster than the traditional PC in producing complex problem result.

             They take the point of parallel processing that allows faster computational power than the traditional PC with a single core processor. The system was in initial research state and the commercial product will be out in near decades.

             They have also published a pdf which states the functionalities of the Quantum computer and it can be found here.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft's new Windows 10 upgrade strategy.

        Microsoft after releasing #Windows 10 expected a big bang among the users but many of the users find #Windows 7 and #Windows 8 or 8.1 comfortable and stayed with them. There has been many strategy that has been carried out by Microsoft. Recently Microsoft is following a new strategy to push the #Windows 10 upgrade.

         Previously Microsoft automatically pushed the download files into the machine with which the system will upgrade itself to #Windows 10 and then they changed the upgrade setting of Windows 10 from optional to recommended.

         Some users found that their systems are automatically upgraded to the Windows 10 without their consent. These are some of the strategies followed by Microsoft to promote their new product.

          Now they are following a new strategy which is that even if the user blocks the upgrade to Windows 10 it automaticaaly gets enabled.

          Actually everyday or over a period of time system will check for any change in the settings in the server and then if Microsoft enables the service then your sytem will change the setting to enable mode even if you blocked it.

          This has been identifed by the security researcher to whom many users has stated that even if they block the service the upgrade is enabled by the system and Windows 10 starts downloading to the system.

          This is one of the weird strategy followed by Microsoft to promote their new product Windows 10 and there has been also a news that many manufacturers like Dell and hp are recommending Windows 8 not Windows 10. Even some of the support people recommend Windows 8 only.

P.S : The post is to create awareness and not to create any negative impact.
          

Microsoft made heart of Edge as an open source.

           Microsoft released its latest operating system #Windows 10 with the much more powerful browser in the name of #Microsoft Edge. It is being liked by many users due to its rendering speed. Recently Microsoft is going to made the heart of Edge as an open source.

            Microsoft's Edge has a Javascript engine in the name of #Chakra that powers the whole Edge browser and also some applications in the xbox and also in Windows 10.

             Chakra is going to be made as an open source but Microsoft is gonna reveal it as #Chakracore and the code will be available in GitHub under the MIT open source license scheme.

              Chakra actually is the combination of the COM which powers the windows 10 and so the private components will remain hidden and the Chakra JS engine will be available in GitHub in the name of #Chakracore.

               Chakracore will provide many functionalities such as

The parser
The Interpreter
JIT compiler (Just In Time)
Garbage Collector
API to integrate into applications.

              It is really a big decision by the giant and this will power IoT (Internet of Things) projects well as it can be intergrated with the devices.

P.S :  The post is to create awareness and not to be misused.

Most vulnerable programming language of the year - 2015.

             There has been many programming languages that has been used by developers to design their site or the management software and due to the increase in the cyber attacks, there has been an analysis that has been carried out to find the most vulnerable programming language.

             Security Researchers analysed more than 200 000 web applications that has been developed in various platforms and it has been found that some possess very critical threats.

            They analysed the threats that has been faced by the applications and then they have released the result with the title "The most vulnerable programming language of the year - 2015".

            Programming language #Classical ASP tops the list and then comes the #ColdFusion and then came the most famous scripting language "PHP".

            Actually the most vulnerable language of the year is PHP because the other two are almost not in use and PHP has been used in almost all sites.

             It is found that the sites developed by PHP are vulnerable to XSS (Cross Site Scripting), SQLi (SQL Injection). Many are vulnerable to command injection, improper storage management and information leakage.

             Among them XSS and SQLi are the components of OWASP Top 10 vulnerabilities for web applications. Developers are advised to use the language wisely as JAVA and .NET are considered to be secure than PHP.

P.S : The post is to create awareness and not to create any negative impact.

Who is responsible for Hacking ?

                Hacking becomes a pressing issue these days and many are facing a huge loss for this action. Actually there has been many wrong facts that prevails around people. Lets discuss who is responsible for hacking that happens.

                 Hacking word has been misunderstood by many people and it is just an act of making a system do a function which it is not intended to do. Computers are protected with IDS, Firewall, Anti Virus and many more protection mechanism. Then why this happens?

1. Many of us fails to update or fix security patches because it may consume large data or many are using pirated softwares so it is not done to avoid getting caught.

2. One of the classical practice is downloading a cracked version of Anti Virus and many products cant be updated if not original. Missing to buy a paid one is a big problem.

3. Our craziness towards offers and free products. If a 100 mail stating about a fake free offer atleast 20 will respond to that link which may lead to an attack.

4. Having an awesome password like password123; admin123; p@ssw0rd; mypass any many more can be easily cracked as they are famous one and most widely used.

5. Clicking on the links or pop ups to see what it holds. Users may think what will happen if i just click a pop up. It is more than enough to plant a malware or do any nasty work with just a click.

6. Providing all details such as favourite dish, novel, music, pet name and many in social media and having them as a security question for mail recovery. Great is it not ?

7. Not linking the account with your phone number. Failing will not notify you if other changed the password and it will also help in recovering the lost account control or resetting passwords.

              Now think what is the use of having all security mechanism which are controlled by a person who is not cautious. That why it is stated "Humans are the weakest link". 

P.S : The post is to create awareness and not to create any negative impact.

WhatsApp blocks Telegram Links.

          WhatsApp owned by giant Facebook is one of the most popular messaging application that has been used by billions and infact many teens are addicted to it. Recently a news has been released that WhatsApp is blocking link to Telegram.

           Users can notice if they typed a URL (Web link) in their chat box will change it to a link which  is clickable and can be forwarded so that other users can visit the site easily. WhatsApp started blocking the Telegram links.

            #Telegram is one such messaging which has many new features such as Secret Chat, Self Destructing Messages and end to end encryption and many more which many even dint tried of. 

               WhatsApp rolled out a new update WhatsApp 2.12.327 earlier this day and in that if a user typed a link like "www.telegram.me" (For Example) then it will not change into a link which can be clicked by any user will take you to the site.

                The link has not been recognized as a URL and appears to be a normal link and it has been found by a user who posted in reddit today.

                 Telegram acknowledged this and there has been a news that the social network giant may block the link but there is no official information from both WhatsApp and Telegram.

                  Users can check this with the updated version #2.12.327 and then comment if anything is wrong. Official information yet to be released by WhatsApp and Telegram.

P.S : The post is to create awareness and not to create any negative impact.

Port Fail - A vulnerability for VPN.

                  In order to maintain anonymity and also to maintain privacy many users uses VPN (Virtual Private Network) which uses encrypted transmission of messages. Recently a vulnerability has been found that affects almost all the VPN providers.

                 The simple concept behind VPN is that the sender will be connected to the destination like a secret tunnel and all the communication that flows through the tunnel is encrypted such as to avoid sniffing.

                There are many VPN providers who provides free as well as some are paid services. The new vulnerability #Port Fail allows attackers to reveal the real IP address of the victim.

                Discovered by VPN provider Perfect Privacy (PP) is a simple port forwarding trick. Port Forwarding is nothing but diverting all the traffic to a user defined port so as to sniff the packets.

               This vulnerability requires that the attacker and the victim needs to be in the same network and the protocols that are vulnerable are

OpenVPN and IPSec (Which provides security to the IPv6).

                This vulnerability can be exploited by simply forwarding the traffic and for that he / she must know the exit IP address. Some vendors has patched this vulnerability and users are recommended to update their software to avoid further attack.

P.S : The post is to create awareness and not to be misused.
               

Li-Fi - 100 times faster than Wi-Fi.

                  All the devices we are using are getting connected to the Internet giving rise to the #Internet of Things (IoT) and almost all the devices are connected through wireless medium. Wi-Fi plays a major role there. Recently a new technology has been invented by researchers.

                  Wi-Fi uses radio signals and thus they can be affected by external attackers and at the same time any client can be removed from the access point without connecting to it (Deauthentication attack), to solve all these problems #Li-Fi has been invented.

                   The idea behind Li-Fi is using light to transfer the data and it can be accomplished by having a LED light at the routers and then data can be transmitted at an increased rate.

                    Researchers have been running many tests and achieved the transfer rate of 1 Gbps which is 100 times larger than the existing Wi-Fi technology.

                    The technology uses visible light so it cannot penetrate through walls. It is stated that using this technology speed of 224 Gbps can be achieved which is much more greater speed.

                     To watch the full details about the technology you can view the introduction of this technology by a speaker in Ted conference. You can find the link here.

P.S : The post is to create awareness and not to create any negative impact.

1.2 Billion login passwords hacked.

                 Login passwords and the username seems to be the main asset in the cyber world and everyone at some point of time will forget the password and reset it. Recently a hacker hacked around 1.2 billion account credentials.

                 It is not an easy task to get around 1.2 billion login passwords which is a large number and to accomplish this task he (#Mr.Grey) used botnets it seems.

                 The news also stated that the login passwords belongs not to a single account but to almost 420,000 websites and this is done by exploiting the simple #SQL Injection attack.

                 Actually botnets can be used to carry out a large attack such as DDoS (Distributed Denial of Service) or other deadly attack but in this case it has been used to scan the Internet for finding any vulnerable site.

                  Let's have a deeper look, consider a hacker already planted a malicious malware in computers across globe say 5000 computers. The malware will receive instructions from the attacker who planted the malware. Then if the attacker issues a command to scan the Internet, all 5000 computers will start scanning for vulnerable site.

                  If the site has been found vulnerable then the url can be given to the attacker or it can carry out the attack and get the credentials and send it to the attacker.

                  There has been no information that the attacker alone does this job or a group of hackers accomplished this task. There is no information about the sites that has been compromised and also about the login credentials also.

                   Users are requested not to respond to any mail from unknown stranger and also to scan any drive before pluggin them into the computer. Apart from these, use complex passwords to prevent attacks to some extent.

P.S : The post is to create awareness and not to be misused.

Dell laptops with pre-installed malware.

             Dell being one of the major laptop and computer manufacturers in the world has a major place in the market. Last time Lenovo was caught for using pre-installed adware named #Superfish and then they provide a free tool to remove the malware. Recently Dell laptops has been caught for having pre-installed malware.

             Laptops sold by Dell has a pre-installed fake signed certificate actually it is a self signed credentials for secure connection establishment the certificate are signed and the keys are stored in local computer.

             Let's have a look what can be done with this thing. Attacker can use the credentials to fake a connection as a trusted one and then can carry out a MiTM (Man in The Middle) attack and with that the attacker can gain the sensitive information suchas credentials and other information.

             The laptop models that are identified to be having this malware are

Dell Inspiron 5000 series notebooks
Dell XPS 13
Dell XPS 15

            It is also doubted that not only these models but also many models may have this malware pre-installed.

            To check whether you are infected with this malware 

Go to Run
Type certmgr.msc and hit enter
Open up Trusted Root Certification Authority 
Select Certificates
Search for eDellRoot

              If found you can delete it and then try after sometime you will find the same #eDellRoot in place and the funny thing is that even if you remove it, it will be created by itself.

             So what is the way to remove it, there is no removal mechanism available yet but inorder to prevent you from any attack users are recommended to use #Firefox browser as it will warn if the certificate is fake one.

             Dell has been reported about this issue and they have posted that  customers privacy are their major concern and their team are working on it and will post the status update soon.

P.S: The post is to create awareness and not to create any negative impact.

Secret Malware for Android devices.

          Android has millions of users across globe and very popular thus serves as a main target for the attackers. Many malwares has been targeted towards Android. Recently a new malware with new features has been detected.

         Malwares actually request user permission and if granted they will start affecting but this new malware will start its action even if the user reject the installation of the malware.

         Security Researcher at #Lookout detected three malwares and they are

1. #Shedun (#GhosPush)
2. #Kemoge (#ShiftyBug)
3. #Shuanet

        These three belongs to a Adware family and they root the victim's mobile so that the attacker can gain full access to the device that is infected.

        Among them #Shedun is more deadly because it doesnot exploit any vulnerability in the device and uses the legitimate funtionality of the device to make malicious activities.

        Victim is tricked to allow access to #Android Accessibility service by which a user can interact with the device in other ways.

        After gaining access to the system the attacker can

Read the text messages that displays on the screen
Install any application
Scroll through Permission list
Press install button for any app without the physical interaction of the user

       The adware masquerade itself in the Google Play store and waiting for users to install the corresponding application. Since the adware roots the device it is not easy to remove them other than to reset the device to factory reset.

      Rooting the device also voids the warranty for the device and users should be careful in dealing with third party apps from any untrusted sources.

P.S: The post is to create awareness and not to be misused.

Anonymous takes down 20000 ISIS Twitter accounts.

           After the terrorist attack at Paris there has been a cyber warfare started between two groups Anonymous and ISIS. Apart from France and other nations that bombing the groups, Anonymous started a cyber war against ISIS.

           Anonymous stated that "They will hunt down the ISIS twitter account" and then ISIS stated Anonymous as Idiots and then it has started.

           Already Anonymous published a list of twitter accounts who are having connections with ISIS group (Refer earlier post) and then they also published some simple hacking tutorials for public viewing.

          The main idea of this is to stop the propagation of news to all the members through the social media and one of the main social media used by the members is the Twitter and now it has been targeted.

          Another main source of communication is considered to be the Telegram messenger and then few days back Telegram has removed 78 channels that belongs to the ISIS groups.

         In a video released by Anonymous they have stated that they have taken down 20000 Twitter accounts related to ISIS members.

        It is a fact that Social media sites has been used by terrorist groups to influence people and then make them a member of their activities. 

P.S : The post is to create awareness and not to create any negative impact.

Did Mark Zuckerburg left Facebook?

          No need for the introduction about the giant Facebook which was created by a geek Mark Zuckerburg and is one such social media that has users all over the world. Recently there has been a post that he left the job at Facebook.

           It is just a bug in the code of Facebook that the security researcher has disclosed in a brand new way. You can check the post here on his wall.

           Actually the security researcher modified the url available that takes care of the Life Events that posts in the wall of any user. He just tampered the url and then by removing the start parameter it posted this post.

           This is not an actual technical bug and is just a way a user can tamper the url make others kind of fool.

           However it is actually a minor bug that any bad intended attacker to create a false post.

            If the post is not available you can see the picture below

P.S : The post is to create awareness and not to be misused.

Is Telegram really secure for secret sharing?

           Telegram being one of the famous messaging application that has more than millions of users and there has been a news that terrorists are using Telegram messenger to communicate with their fellows. Recently there has been a post by a security researcher about the telegram security.

           Some of the major features of the Telegram application are end-to-end encryption which prevents any middle person from sneaking into what data is being communicated. Another feature is the #Self Destruct messages which will delete after a specified period of time.

           Apart from these features that are being provided by the Telegram a security researcher claims that it contains more security loopholes which he mentioned in his blog and they are as

1. End-to-end encryption is not enabled by default and have to be enabled before the chat begins and not possible with the existing or started conversation.

2. Another thing is that Telegram will access your mobile contacts and then upload the entire database into its own server and with that data it is possible to clearly draw a map that connects all people.

3. Using mobile phones will expose more metadata which can be used by any agency to retrieve the data such as time, location and the persons involved in the conversations.

4. There has been some consideration with encryption they uses but it is not yet publicly broken even after they declared a prize of $3,00,000.

         With all these security loopholes the security researcher concludes that the app may be used for common use but not hold goos for terrorist activities and all. Telegram also closed 78 ISIS affiliated channels to cut down their communications to some extent.

P.S : The post is to create awareness and not to create any negative impact.

Operation Paris - Anonymous against ISIS.

        ISIS is a terrorist group that carried out a horror attack last week in paris and then after that Anonymous openly declares a war on ISIS hackers and they have started it.

        Cyber warfare started and many social media has been used by many of the terrorist groups to recruit people to carry out terrorist tasks. ISIS stated Anonymous as IDIOTS and then Anonymous started their attack on ISIS.

        It is a fact that #Anonymous is one such potential group that has been proved in many past attacks and then now it turned against the ISIS group.

        Anonymous posted that they have hacked 5500 Twitter accounts of ISIS members to stop their propaganda through the social media.

        They have also stated that they will cut the propaganda through the social media and then they have also posted a how to hack tutorial for all the online users to join in #Operation Paris which is against the ISIS group.

         Anonymous has also posted a list of Twitter account names of ISIS group and it can be found here.

         It simply doesnot ends here and as the heading says A Cyber Warfare has started with full pace and Facebook has removed Anonymous page that posts information about Anti ISIS stating that the page is against its policies.

P.S: The post is to create awareness and not to create any negative impact.

Bug in Gmail app that allows to spoof emails.

This summary is not available. Please click here to view the post.

Spying Samsung Galaxy mobile phones.

                      Samsung being one of the major manufacturers of smartphones has an important model which many users uses in the name of #Samsung Galaxy. Recently a security researcher has found that these phones can be spied easily.

                      One of the major security breach that can be achieved in the smart phone is spying the incoming voice calls and record them if possible. This can be achieved in samsung galaxy models easily.

                      Two Security Researcher demonstrated a famous attack known as #Man in The Middle (MiTM) and with that they achieved MiTM attack on the models such as Galaxy S6, S6 Edge and also in Note 4.

                      The attack needs a special equipment such as #OpenBTS Base Station which will act as a bogus base station. The attack is due to the phone's baseband processor.

                      The mobile above mentioned considers this bogus base station as a legitimate cellular tower and thus any calls that are incoming and outgoing can be routed through the bogus base station.

                       By achieving this attack the attacker can record the voice call that are directed towards the cell. This is not possible for everyone as it needs some additional equipment to exploit the attack.

                       The two security researchers reported the bug to samsung and also the details how to carry out the attack has not yet been disclosed and samsung is expected to fix the bug soon.

P.S : The post is to create awareness and not to create any negative impact.

Self Destructing Messages from Facebook.

                 Facebook has own a messenger application in the name of #Facebook Messenger and it has been used by millions of users to communicate with the users globally. Recently Facebook rolled out a new feature for its application.

                 One of the expected feature is that #Self Destructing messages and it has been available in the Snapchat users since 2011 and now Facebook is about to roll out this feature to its users.

                 Few users from France has noticed the feature of self destructing message and it will appear as a hour glass icon on the chat box and once clicked the message sent will be set to a timer of one minute and after that time the message will be removed automatically.

               To disable the feature all the user has to do is to click the hour glass icon again and there is no news about the customized timer and it may be available in near future.

                Already Facebook tried it before in its standalone application named as #Slingshot and has failed to achieve success with that feature but now it successfully integrates this feature.

                The new feature is now available only for the France users and there is no official information about the launch of the feature globally but will be available to all the users in near future.

P.S : The post is to create awareness and not to be misused.

Preventing Microsoft from Tracking.

                 Microsoft with the launch of Windows 10, users started having many problem such as low boot time, wifi connectivity problems and one of the main problem is the privacy for some users. Recently a firm has developed a new tool that can stop Microsoft from Tracking.

                    Microsoft admits that they are collecting information from the user machine to give better experience to the users by collecting the telemetry data. Many users tried to stop the tracking option but many stated that they failed to disable it.

                     There has been many third party softwares that can be used to diable the tracking of Microsoft through Windows 10. One among them is #DoNotSpy (Explained in earlier post).

                     A new tool has been released in the name #Spybot-Anti Beacon from a security firm Spybot. This tool can be used to disable the tracking of telemetry data.

                     The tool is free to use and can be installed and on running the tool tracking of telemetry data can be disabled.

                     If the user is not comfortable with the new tool the tool also has the option of undo the changes and once undo has been done the tracking will be enabled.

                     Microsoft started the automatic upgrading of Windows 7 8 8.1 to Windows 10 and the tool can be used for disabling the tracking by Microsoft.

                      The tool #Spybot Anti-Beacon can be downloaded from their website.

                      The Author is not responsible for any damage done by running the tool and the user is solely responsible for the execution of the tool.

P.S : The post is to create awareness and not to create any negative impact.