Gaana.com hacked.

             #Ganna.com one of the biggest music streaming website in India. It has millions of registered users and the service has been used nation wide. Recently there has been a hack noted on ganna.com.

               Few days back there has been a post in the social media that ganna.com has been hacked and about 10 millions of users details has been exposed along with the user name, password and other personal information.

               The users visiting the official website of #ganna.com has been given a message that the site was officially down. The fact behind the server down was the SQL injection attack.

                A Pakistan hacker claims the responsibility for the hack and posted that the hack was due to the SQL injection attack and it exposed the millions of database entries for the hacker.

                The hacker contacted the #ganna.com company and they refused to give any response and due to this negligence the hacker made the whole details for public viewing in Facebook and after that the company posted to take the details down and apologies for the negligence.

                 The hacker then take the details down and it has been posted that there has been no financial data loss or any sensitive data leakage as of now.

                  The interesting fact is that how a big music streaming website vulnerable to the common and very famous vulnerability known as SQL Injection. 

                   It also signifies the fact that nothing is secure in today's world and special care to be taken while performing a small task in Internet.

                   Users who have an account on ganna.com is requested to change their password immediately  and it is also recommended that they should change the password  in all the sites wherever it has been used.

P.S : The post is to create awareness and not to create any negative impact.

Facebook hack that allows to see Friend's Location.

          Heard of Marauder's Map from Harry Potter movie ? Those who don't know it is the map that shows the location of others based on their footprint. Recently an extension has been developed by a student developer that reveals the location of their friends in the map.

           A student developer from Cambridge has created a chrome extension that can be used to reveal the footstep of your Facebook friends by grabbing location data from Facebook Messenger and plot that on the map.

           It is rightly said that the most deadly attack vector is the user. Users are the one who are providing permission to access the data that are available in the phone, then there is no point of blaming others.

           Facebook Messenger has an option that helps the user to share the location of the user the extension works by getting that data and plot them in the map.

            This extension will work and plot the location for those instances when you have had a conversation with your friends over messenger with location enabled.

            Facebook can not be blamed as it is the user option to share the location to Messenger and the accuracy depends on the location data available and if you don't want to share the location with your friends the user can disable the feature by disabling the Messenger's location access altogether.

             This chrome extension is known as Marauder's map and is available in chrome store and it can also be downloaded from here.

P.S : The post is to create awareness and not to be misused.
             

Crash any Iphone with simple Text Message.

           Apple has a major share in mobile market with their powerful operating system IOS. There has been emerging trend of crashing the applications by using many unicode characters. Recently a technique has been discovered that can crash the Iphone.

           Few weeks earlier Google Chrome, Safari has encountered the same that if they encounter a special unicode characters then it will cause the application to crash. The characters can be in comment posted in a forum.

            Recently another set of unicode characters has been discovered that can crash any Iphone just by sending a simple text message. If an attacker sends a text message, if the phone renders the message the phone's message app will be crashed or it makes the phone to reboot without notice.

             The worst case is that sometimes the mobile reboot twice and the user may not be able to view the message app until the unicode message has been removed. 

              It is an arab language characters but it is a unicode characters that causes such a malicious activity. It happens when the phone app renders the message and when the unicode causes the phone to hang as an immediate rescue method the phone will reboot.

              Many users are using the unicode characters to play with their friends and causing their phone to crash or reboot.

              The ways to escape from the crash is that it can be undone by sending a message to the person who sent the unicode cancelling the initial strand. Another option is to send the person a message using share sheet by simply presenting the "Share" button in other apps or use Siri to send a message to the person.

              The character is available but since many users are using Iphone it can not be revealed here.

P.S : The post is to create awareness and not to be misused. The author of this post is not responsible for any damage done by the readers.

Fake Android Minecraft App.

                     Having a malicious app is not new for Android because Android Play Store has many malicious app history. Few months back it was Flashlight app and many more. Recently a new malicious app has been detected in Android play store.

                       Android users are familiar with the game named #Minecraft. There has been many malicious app distributing under the same name pretending to be the game tips and cheats. 

                        More than 3 Million users has downloaded this malicious app and a security researcher warned that 33 fake apps has been uploaded to Google Play Store in the past 9 months time masquerading as Minecraft cheats and tips.

                        These 33 apps has been downloaded between 660000 and 2.8 million times. Once downloaded the app will show the false banner that a virus has been detected and alerts the user to remove the virus and thereby fooling the user and activating the premium-rate SMS subscription that cost 177 euros per year.

                        Many users are downloading this malicious app because the game seems to be from the original developer with different feature names and icons. After researching it was found that 33 apps has been uploaded from various account but it is believed to be from a same person.

                         The app also uses the legitimate mobile anti-virus vendor name G-Data and pops up the alert thus making no alarm to the user. The fake apps has been removed from the Google Play Store.

                         The users cannot be asked to be safe because it has been uploaded to Genuine Google Play Store only Google has to stop the uploading of fake app to the store.

                          Google has introduced bouncer bots to detect and remove the malicious apps and also introduced in past March that they are gonna do the manual review of any app before publishing it in Google Play Store.

P.S : The post is to create awareness and not to create any negative impact.

Google's New IoT OS - Brillo.

             Internet of Things is believed to the future of computation. Many companies are investing more and researching for the integration of electronic components that can be used to make all the electronic components smarter. Recently Google has introduced a new operating system for #IoT.

             Google is expected to launch a new Android based operating system that could be light weighted and mainly dedicated for Internet of Things. The new operating system that has to be released by Google in named as #Brillo.

               The OS requires 32 or 64 MB of RAM to run and could be used on everything like bulbs, doors and in sensors. The OS will be a lightweighted and also is available for free to OEMs.

               Since it is based on Google, it is expected to include some features of Google and some of them includes

A New Photo-sharing service.
Next Google Android OS dubbed as 'Android M'.
A New voice commands to access Android devices.

                According to some researchers, the number of connected devices will rise from 900 million in 2009 to 26 billion by 2020.

                 Chinese telecommunication giant Huawei launched #LiteOS that is just 10 kb in size designed for running connected appliances and machines.

                   Microsoft is also releasing a new version of windows under the name of Windows 10 IoT Core that is meant to run on ultrasound machines, ATMs and wearables. Also Samsung announced the #Artik line of hardware designed for IoT.

P.S : The post is to create awareness and not to be misused.
                  

Astoria - A new TOR client.

              People are using TOR client browser to browse the Internet anonymously. Few days earlier there has been a report that NSA and other spy agencies can view the TOR users who are surfing the Internet. Recently TOR has developed a new client for anonymous browsing in an effective way.

                TOR uses the concept of The Onion Routing technique in which the IP address of the sender has been masked and only the request has been made and the request passes through a number of volunteer nodes which is more than 6000 nodes globally.

                 Recently TOR has been facing many network attack which reveals the identity of the users. One such attack is that TIMING Attack in which taking control of the entry and the exit node information can be used to analyse the user browsing.

                  Another such attack is the Asymmetric Correlation Attack on TOR and according to the researchers many nodes are vulnerable to the networks which is more than 58%.
  
                   Due to this increase researchers has developed a new TOR client in the name of #Astoria which has more anonymous feature and it minimizes the vulnerable nodes from 58% to 5.8%.

                   #Astoria client uses the algorithm that will first analyse the route between the entry and exit node and if any vulnerable node has been identified will be discarded and then safe route has been selected and then transmission of data takes place.

                     The client is not still made public for download and it is believed that it will be effective in both anonymous and in secure transmission than the TOR client browser that exists now.

P.S : The post is to create awareness and not to be misused.

Android Factory Reset wont wipe data completely.

                Android has a major share in mobile market and millions of devices are running Android operating system. What the user will do if he / she wants to sell the phone or exchange it ? the only option is to run a Factory reset. What happens if the reset fails to completely wipe your data?.

                Researchers at the University of Cambridge conducted a study and concluded that Android's #Factory Reset doesnot wipe the data completely and the data can be recovered.

                The data that can be recovered are text messages, Login Credentials, E-mails and even pictures. The interesting fact is that it is possible even when the disk full encryption is enabled  by the user.

                Android fails to erase the partition that contains the login credentials completely and it leads to the recovery of some data that can be misused. Around 630 million Internal SD cards doesnot wipe the data that includes video and pictures.

                 This is similar to that of the data recovery in computer. But this goes one step higher because the second hand market for mobiles is on demand. This is due to the improper wiping driver in Android version 4.1 , 4.2 and 4.3. It also fails to format the External SD card also.

                  After running Factory Reset they can obtain text messages, Google account credentials and conversations from third party app like Whatsapp, Facebook and also pictures from Camera roll. 

                  It is possible to retrieve the master token from all mobiles at the success rate of 80% that enables the users to access all Google Products. It is hard because the phone uses Flash memory and it is difficult to erase the data completely.

                  Google suggests some suggestions for this solution 

1. Erase the phone by hitting Factory Reset remotely as if the phone is stolen.
2. Update the phone to Latest version and enable the encryption with passcode.

                   Many users feels that the two solution is not reliable and upgrading in Android is nightmare for many devices. Google is yet to provide a nice solution to this problem.

P.S : The post is to create awareness and not to be misused.

NetUSB flaw that makes millions of routers vulnerable.

             Router is one of the main component used in networking that helps in routing the packets and also in establishing the connection between devices and the Internet. Recently there has been a vulnerability revealed that makes millions of routers vulnerable.

             The new security vulnerability assigned #CVE-2015-3036 is a remotely exploitable kernel level buffer overflow attack resides in Taiwan-based KCodes NetUSB.

             #NetUSB is a linux kernel module that allows for users to flash drives, plug printers and other USB connected devices into the routers so that they can be accessed over the local network.

                 A security consultant carried out its analysis of thee NetUSB driver on a TP-Link device and he requires an authentication key based on AES encryption but it is of no use because the key resides in both the kernel device and the client software for Windows and OS X.

                  A NetUSB service code runs in kernel mode, an attacker within the local network can easily exploit this vulnerability to gain ability to remotely execute malicious code at the kernel level.

                  An attacker if exploit the vulnerability can crash the device and make the device to implant a malware in any device connected to that router. The vulnerability will be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) for establishing the connection.

                   The affected vendors are D-Link, TP-Link, ZyXEL, Netgear, TrendNet, Western Digital and many more. Proof of concept has been provided to the vendors and there has been no news about the patch.

                   TP-Link provided the patch for the vulnerability and released patch for 40 products and Netgear is yet to release a patch. Users are recommended to check for the firmware update and update it once the patch has been released by the vendors.

P.S : The post is to create awareness and not to be misused.

                

Real Facts about RSA Security.

               We are using cryptography to make our transaction secure and also to maintain our data against security breaches. Recently two security researchers released that they have deciphered RSA 4096 bit keys.

                RSA is a public key cryptosystem that makes use of two keys and the strength of the keys depends on the strength of the Prime numbers chosen. Factoring prime numbers is where the RSA security lies.

                On sunday two researchers announced that they found a RSA key that belongs to Peter Anvin who is the Linux kernel developer. They also proposed that they done it with the tool named as #Phuctor : The RSA super collider.

                The theory about the working of #Phuctor can be found in the link provided. They stated that they found the key of Anvin that was created in September 22, 2011, the key may no longer exists.

                 In response to these Hanno Bock, a freelance journalist stated that the news about RSA breaking is incorrect. He also stated that he analysed many data on servers and there are some vulnerable keys.

                  That vulnerable keys may due to improper verification of account or may be created due to the internal network error. The keys may also be uploaded by changing the signature and can be uploaded but when the connection has been established on checking the signature the key fails.

                 As per his opinion, factoring of RSA 4096 bit key can occur only if keys have been generated with some broken entropy source or GPG implementation has been tampered.

                  Thus RSA algorithm is still safe and secure and can be used without any fear.

P.S : The post is to create awareness and not to create any negative impact.

United Airlines Bug Bounty Program.

            A security researcher was pulled out of the United Airlines flight for some weird reasons. He admitted to Federal Bureau of Investigation (FBI) that he had hacked into the airplane and taken complete control of an airplane.

            Chris Roberts, the founder of One World Labs was detained and questioned by following his tweet in which he stated that he had taken control of an airplane. He admitted that it is not only once he repeatedly hacked into the airplane control system.

            He did the hack while he was on board. According to the document Roberts connected his laptop to plane's IFE system via a modified Ethernet Cable allowing him to access other airplane systems.

            During a flight , he hacked into the system and overwritten the code on the airplane's Thrust Management Computer and controlled the climb command. Due to the issue of climb command from him resulting in a lateral or sideways movement of the plane.

            Roberts claimed that he had only watched data traffic on airplanes and he has only attempted the hack in a simulated environment because he believed that such hack attacks were possible.

            There has been no harm recorded till and he has been neither arrested by the FBI nor charged with any crime.

            Due to this incident, United Airlines has launched a bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its websites, apps and web portals.

P.S : The post is to create awareness and not to create any negative impact.

Real Fact Behind many Free Wi-Fi.

               Almost all the users started using wireless internet connectivity due to the ease of usage. No chords or plugs or cables is needed for wireless. Recently there has been many crimes reported based on the wireless breach.

                Every broadband users are using dongles or home Wi-Fi for the internet connectivity. What happens when we are out of the home, many search for free wi-fi around the area where they are. This is where the hack begins.

                There are places where there are genuine wi-fi hotspots available such as shopping malls, posh restaurants and hotels. But attackers are also using the place where people gathering will be more.

                 If you are aware of Wi-Fi Pineapple, Rogue Access Point and Evil Twins then you will be aware of the free wi-fi.

                 Rogue Access Point and Evil Twins are already discussed in the earlier posts and now we can take a look at the #Wi-Fi Pineapple.

                  Wi-fi Pineapple Mark V is a wireless auditing tool used for wireless penetration testing released by Hak5. It can be used to launch more sophisticated attack in very simple manner. It is unmatched in performance, value and versatility.

                   The main features of this tool are flexible power supply, Optional Pineapple Juice battery and it supports 300 USB Mobile Broadband modems for tunneling , pivoting and remote access. It supports tunneling over SSH and VPN, with logging and networking capabilities.

                   The Pentest package includes aircrack-ng, dsniff, easy-creeds,ettercap, hping3, httptunnel, karma, nmap, tor and many more. It also has out of box python, perl, ruby, php and bash support.

                    The tool if used by an attacker imagine the power of hack through wireless and this is how many victims fall these days in the name of FREE Wi-Fi.

P.S : The post is to create awareness and not to be misused. It is to be used for EDUCATIONAL PURPOSE ONLY and the AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE DONE BY RUNNING THE TOOL.
                   

VENOM - A New Vulnerability.

               Previous year a bug hits the cyber world with a bang under the name of #Heartbleed that has adverse effect when comes to exploitation. Recently a new vulnerability similar to that has been discovered.

              This new vulnerability has been named as #VENOM (Virtualized Environment Neglected Operations Manipulation). This vulnerability is focused for the virtual machines. As many know that these days even servers are deployed in VMs.

              #VENOM (#CVE-2015-3456) resides in the virtual floppy drive code used by many number of virtual machines. The vulnerability allows the attacker to gain full access of the host machine as well as other guest OS running on the system.

             The vulnerability was discovered in open-source virtualization package (QEMU) affecting its virtual floppy disk controller (FDC). The affectable packages are Xen, KVM, Oracle's VirtualBox and QEMU client.

             For Successful exploitation the attacker should reside in a virtual machine having access to Floppy and I/O ports. For Linux the attacker need just root or elevated previlege. For Windows normal user can exploit.

              Not only machines Cloud providers which rely on QEMU-based virtualization are also vulnerable to Venom. But the vulnerability is stated only in theory and no exploitation has been made as of now.

              Only QEMU-based are affected and also Xen and QEMU has released patches for Venom. All versions of RedHat are vulnerable and it is recommended to all users to update and patch. A restart after update is required to take effect.

P.S : The post is to create awareness and not to be misused.
             

Share Files securely and Instantly.

              Privacy seems to be a major problem today and those who want to send the data or files securely and in a short time are facing many problems like account signing. Recently a peer to peer sharing has been introduced that is secure and instant.

              Consider a person x wants to send a file to a person y securely and also in instant manner the user traditionally need to sign up for a service without an account and then the user can upload the file and send the link to the receiver. What happen if the sensitive information leaks.

               A new service named #otr.to has been introduced and this provides a safe and instant file sharing between users. The service uses encryption algorithm that combines javascript with AES256 bit algorithm. 

                For sending a file to another person he / she needs to do the following

1. Visit the site http://otr.to and upload the file.
2. Get the link and send it to the user.
3. That's it.

                 The key features are whenever a file is being uploaded the file will be encrypted with the key and a key pair will be encrypted and then saved in the server. If the receiver clicks the link. If both the key pair matches then the data will be decrypted and the data will be published.

                  Another important fact is that once the file has been downloaded it will be deleted from the server thus there will be no threat from future attacks.

P.S : The post is to create awareness and not to be misused.

Linux Rootkit Targeting GPU.

           Traditional Malwares and Rootkits were developed to attack the CPU of the system and cause mass destruction. Recently a rootkit along with a keylogger has been developed that targets GPU.

            GPU stands for Graphical Processing Unit and it is a separate unit from CPU that looks after all the Graphical works that has been carried out by the computer. The newly developed rootkit and keylogger has excellent stealth feature and also excellent computational power.

            There are two pieces of this Malware. They are

1. Jellyfish Rootkit for Linux 
2. Demon Keylogger

            Jellyfish Rootkit makes the users to believe that GPU can be attacked with malware as it contains dedicated processors and memory. They do not interrupt the normal working of the CPU thus it will not raise any suspicious behaviour.

            Jellyfish rootkit can access the memory without accessing CPU thus undetectable. Another main feature of exploiting the GPU is that the malware will reside in the GPU storage area even after the power shut down.

            Demon Keylogger is also a keylogger that resides in the GPU of the system and the working has been similar to that of the traditional keylogger.

            The proof of concept has been made public and has been available in GitHub. 

             There has been no infection or any full fledged working GPU malware but it is just a start by cyber criminals that this can also be done.

P.S : The post is to create awareness and not to be misused.

            


           


            

Windows 10 - Last Microsoft OS.

            Microsoft created history with its operating system under the name #Windows. There has been an expectation about the new version of Windows 10 yet to be released. Recently there has been a news that Windows 10 will be the last operating system of Microsoft.

            It has been a long journey from Windows 3.0 and they made upto Windows 8.1 with many versions and many improvements. In a conference a developer said that "As Windows 10 is the last OS of Microsoft we are working more on it".

             This has created many chaos and the explanation is that Windows is not gonna die but going to change in operational mode.

              Microsoft is gonna follow the path of APPLE who has a giant operating system under the name MAC OS X for about fifteen years with a smaller update each year or more.

               Microsoft will launch the new OS Windows 10 and from that there will not be any new version like Windows 11 or 10.1, there will be only updates for this version.

               Microsoft is gonna follow this new method. Windows 10 is considered to be a trademark release for Microsoft and users are expecting more from the new and last version of OS from Microsoft.

P.S : The post is to create awareness and not to create any negative impact.

Free Tool to find Hidden Facebook Friends.

                 Facebook being one of the famous social networking site has many privacy settings that can be set by the users. One such setting is the hiding of friends list. Recently a tool has been released that can be used to find the hidden friends list.

                 Hiding friends list is one such feature used by many users to maintain privacy. But it can be revealed by the Facebook's mutual-friends feature concept, which can raise privacy problem.

                 A free chrome extension has been released named "#Facebook Friends Mapper" which can expose a lot more than just mutual friends.

                 Usually Facebook users may still be able to see part of the hidden friends list and that is more than just mutual friends.

                  Lets have a look at the working of the extension. It leverages the Mutual Friends feature of the social networking site to crawl ans expose the hidden friends list.

                  The only condition that has to meet is that the friend whom you want to crawl should have atleast one mutual friend. To execute the tool do the following

1. Install Facebook Friends Mapper extension from Chrome Web Store.
2. Open Facebook profile of the user who is the target.
3. The user can find 'Reveal Friends' options on Friends tab.
4. Click on Reveal Friends.

                 In order to evade the tool and make the friend list more secure there is no privacy option available yet and Facebook is expected to reveal such privacy setting that can be used to prevent this kind of hacking.

P.S : The post is to create awareness and not to be misused.
                  

New Android OS Version 'M'.

              Google released the latest Android operating system version under the name of #Lollipop earlier this year. Recently there has been a news that Google is going to release a new operating system version.

               Google has a convention of naming the Android versions in an alphabetical order starting from Android Alpha in 2006. Earlier this year it has introduced a new version 5.0 under the name Lollipop. 

                The version Lollipop itself has not reached to all the customers but Google is going to release a new version in Google I/O developer event.

                There has been a news related to the Android - M in the official website but Google has taken down the link and removed all the news about the Android - M from the site. It is gonna be a surprise launch of new operating system version.

                The Google I/O developer event has been scheduled on this May 28 2015 and it is expected that the new version launch will take place for the developers.

                 Google also stated that with the new version it bring the devices under the command of the users. This means that Google applications are accessed through commands of the users.

                  Google is expected to revise their voice engine and made the devices voice interactive with the users.

                  Already there has been a review from many users that Lollipop version is not upto the expectation level and the appearance and performance is not as good as Kitkat. Before fixing them Google jumps into new version quickly.

                  There are many devices that are still running in lower versions of Android and many didnt even reach Lollipop but before that releasing new version will be a hard thing for some users.

P.S : The post is to create awareness and not to create any negative imapct.

Free Internet Usage - Internet.org

              After many criticisms against net neutrality, Facebook introduces a new way called #Internet.org for developers for creating their apps and services in India and other countries.

               Facebook's #Internet.org aims at offering free Internet access to people around the world who now don't have it. Any website can be accessed for free via Internet.org service.

               To access this Internet.org the Android user must have a Facebook app or Opera Browser or special Internet.org's Website app. A number of companies in India pulled themselves out of Internet.org as it directs the users towards a limited set of services.

               Now there are only few websites that can be accessed via Internet.org but another main disadvantage is that it does not support any HTPPS Connection, which means all the data that are being transmitted are not secure.

                 Not only this they also have some rules and regulations such as high resolution video, images online chat and video chats are banned.

                  They are also banning flash services and also many web based services, but Mark Zuckerberg posted in a comment that HTTPS will be supported soon.

                  There are many criticism that Mark's scheme of free Internet for all compromises the principles of Net Neutrality as it supports access to some websites and apps over others.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft EDGE - Windows 10 Browser..

             Microsoft is yet to release the new version of Windows 10 in near future. It has been released by Microsoft that it is replacing the traditional web browser named #Windows Explorer. Recently Microsoft released the official name of the new web browser.

              The project code named as Project Spartan Web browser has named officially as #Microsoft Edge. Microsoft's new web browser will be shipped with all the devices from computers to smartphones and tablets.

              Microsoft released the news that the #Microsoft Edge will be the default browser for Windows 10. It is the successor to IE and designed to be basic and minimal for the future.

               The main features of the Microsoft Edge web browser are as follows.

1. It has built-in Cortana support, Microsoft's Virtual Assistant.
2. It has a built-in reading list,web note-taking and sharing features.
3. It has a rendering engine named as EdgeHTML.
4. The design focuses on minimalism and simplicity.
5. It has a super useful and well-designed "New Tab" page.
6. It contains the vast majority of the controls.

               There has been no official release about the features of the Microsoft Edge and one of the notable feature is that it support web extensions designed for Firefox and Chrome with only "Minor" code alteratoins needed.

               The small video about the Microsoft Edge can be found here. It also announced that if any developer or researcher find any bug in Microsoft Edge will be rewarded.

P.S : The post is to create awareness and not to be misused.