New way of Hacking Gmail.

                    Hackers are becoming smart enough to atmost extent and it has been stated earlier that cheating the computer is very difficult whereas cheating the human who is using the computer is very easy. Recently a new way of #Hacking Gmail has been revealed.


                     Hackers around the world works towards the same goal that is to steal other's details or to compromise other's privacy. Israel hackers are now following an entirely new way of stealing Gmail credentials.

                      Actually many will suggest the best way to secure the account is to enable the two factor authentication technique in which the code will be sent to the registered mobile number. But that too can be compromised according to the new technique.

                       Let's have a look at the attack. The attacker will send a fake message pretending to be from Gmail or Google account and will state that suspicious login detected password reset needed. 

                        If the user is in hurry or little careless then he / she will click the specially crafted password reset link available in the message which is purely fake. On clicking the link the user will be prompted to type the old password.

                         While he enters the old (Existing) password the password will be sent to the attacker and he tries to login at the same time when the victim is typing new password. After that the code will be sent to the victim's phone. 

                          Victim considering the code to be entered in the last box enters the code and press submit. Thats it the attacker got the current session's code and the password. The same technique is also applicable to Automated call for verification.

                          This is the new technique that has been followed these days and the users are recommended not to click on any untrusted website and provide credentials.

P.S : The post is to create awareness and not to be misused.

Hacking Facebook Fan Page.

             Facebook launched its bug bounty program and allows the security researchers to find any bug in the Facebook and they will be awarded according to the Bug Bounty Reward Program by Facebook. Recently a bug has been revealed that allows hacker to gain control.

             Laxman from India revealed two security bugs already and has been awarded with cash prize and now he revealed a bug that allows any attacker to gain control through the fan pages or any business pages.

             Business pages or Fan pages are not meant for single users and are managed by group of people who posts and manages the posts that are made in Facebook page.

              Third party Facebook applications are capable of performing operations such as publishing post, publish photos but Facebook doesnot allow them to modify or add admin page roles.

               Facebook allows a page administrator to assign different roles to different people in an organisation therough manage_pages, a special access permissions requested but third party apps. Modifying the small parameters will allow the attacker to take complete control over the Facebook page.

              Facebook rewarded him with $2500 and the issue has been patched and the video demonstration has been released and it can be found here.

P.S : The post is to create awareness and not to be misused.

Facebook M - A Digital Personal Assistance.

           Apple's Siri, Google's Google Now and Microsoft's Cortana and now it is Facebook's Facebook M as a digital assistance for the users to ease their work. Recently Facebook released the beta version of the Facebook M for some users.

           Its been days since Microsoft announces that Cortana is supported even to Android and iOS and now it is Facebook that releases its own digital assistance in the name of Facebook M.

           However the existing assistance like Siri are ruling the market, Facebook M stands one step ahead in Artificial Intelligence according to  a Facebook Post.

            The additional features that Facebook M has are as follows

It can give suggestions 
It can give available and non-available things.
Deliver things when user not available 
Make reservations 

            It can even converse with the user like other human beings. Of course the Facebook M questions and answers are provided by the employees working at back end and even there are some services like rabbit that serves the same purpose.

            The existing services are not as popular as stated in a post and Facebook M is in beta version and is now available to few hundred Bay Area Facebook users at this time.

P.S : The post is to create awareness and not to create any negative impact.

Cortana for Android devices.

                   Next to Apple it is Microsoft that rolled out a digital assistance in the name of #Cortana and in Apple devices Apple owns #Siri which serves well in IOS platform. Recently Microsoft stated that Cortana will be available for Android.

                    Cortona has been rolled out by Microsoft to ease the use of devices and it serves well and now after the introduction of Windows 10 Microsoft made a statement that Cortona will be available to Android and iOS platforms.

                     Already Android uses Google Now for initiating the voice assistance for searches and now it is Cortana with which 

Asking for Navigation
Remainders and Tracking the Flight details
Taking Notes by talking

                     can be done and it is upto the Android user whether to choose Cortona or Google Now in the device. However Cortona is patented by Microsoft.

                      For IOS platform there is an unbeatable #Siri which assist well and some of the features of Cortona resides with its own platform such as "Hey Cortona" is available only to the Windows devices.

                       Now Cortona is available only to Android devices in US and is still in testing phase and if you want to give it a try you can find Cortona for Android devices here.

P.S : The post is to create awareness and not to create any negative impact.

Android New Vulnerability.

             There has been a war between Security and the Android operating system for a long time and many vulnerabilities has been rolled out in the earlier weeks. Recently a new vulnerability has been discovered in the Android.

              Android's new vulnerability is allowing the attacker to gain complete control over the application or the device by gaining the appropriate credentials.

              The vulnerability has been exploited by making the user to give the login credentials to the malformed User Interface that allows the attacker to gain the credentials. 

               The main thing is that the user may not know that he / she is typing the login credentials in the malicious User Interface pretending to be the original application.

               The vulnerability exists in the exploitation of the multitasking of the apps and the multitasking in desktop is different from that of the multitasking in the Android device.

                The multitasking in the Android device allows the attacks having advantage over the 

Applications that are running in the background saves the state.
Switching or navigating between the Applications.

                 The vulnerability can be known as #Task Hijacking vulnerability and the vulnerability has been published in the conference in the name of "#Towards Discovering and Understanding Task Hijacking in Android".

                  More than 6.8 million applications that are available in the Google Play Store are vulnerable and the genuine way to secure to some extent is not to download applications from any unknown source.

P.S : The post is to create awareness and not to be misused.

Google's New OnHub Wifi Router.

             Google rolled out the entire world with its giant search engine and now it is the wireless field it jumped and as a result a Wi-Fi router has been developed by Google.

              Almost all the world is changing towards IoT (Internet of Things) in which tall the electronic components will be given an IP address and the device will be smarter. Google has already developed a IoT operating system and now they have developed a new Wi-Fi router.

               The new Wi-Fi router named as #OnHub is cylindrical in shape and has the main features such as

Supports Upto 128 devices at a time
Has good congestion sensing antenna and bandwidth prioritization.
Has Bandwidth Management and 4 Gb of storage.

                 OnHub is available for $199.99 on Google store, Amazon and Walmart but as a preorder and will hit the market soon in all the retail stores.

                  The amazing feature is that it also supports protocols related to IoT also such as 

Bluetooth
802.15.4
Weave

                   It supports Wi-Fi to about 1900 Mbps and supports both 2.4 and 5 Ghz channels. The mobile app is also available which can help the user to monitor the usage of bandwidth. The video about the router can be found here.

P.S : The post is to create awareness and not to be misused.

Windows 10 can uninstall pirated games.

               It has been three weeks since Microsoft launches Windows 10 and about 70 million people has upgraded to the new version of Windows. Recently it is being stated that Windows scan and uninstall pirated games or hardware.

                Windows 10 features are not explicitly mentioned due to the transparency of the company and for the past few days many features such as 

Wi-Fi sense
Automatic Windows Update

                  These features and many more has been revealed and now it is stated that the windows can scan for any pirated software in the system and can uninstall without the intervention of the user and there has been a bang with this feature.

                   If the user is running any pirated (Cracked) version of game then the game or the hardware will be automatically get uninstalled without the notification to the user in the context of maintaining security of the system.

                    There has been a report that many users Call Of Duty game is not running after a boot or after some boots this may be because the Microsoft uninstalls the games from your system if it is Pirated not the genuine one.

                     The License Agreement will be displayed to all the users and the user agreed that with or without knowing and so the Windows scans your system for the pirated software.

                      Actually it is a good initiative by Microsoft because many number of users are running pirated edition of Windows or games that may cause harm to the computer of may be taken control for any malicious activity.

                       Users are recommended to join hands to kill piracy and of course if you don't your system will automatically do the job for you hereafter with Windows 10.

P.S : The post is to create awareness and not to create any negative impact.

New Android Version M - M revealed.

              Google owing the giant operating system for smartphones and devices in the name of Android and it has a huge market share. The 13 th version of Android is yet to be released. Recently the name of the new version has been revealed.

               Google starts it operating system Android as an open source in the name of Cupcake and traveled till Lollipop and now the Android world is waiting for the version M.

               There has been many guesses made for the M as Muffin, Milkshake, Macaroon etc by the users across globe and the developer preview has been released this may.

                Now the version of operating system is officially named and the new version incorporates the following features.

Enhanced Security Mechanisms
Support for Fingerprint sensor
Power Saving mode named Doze
Rationalized permission model.

                 Enhanced security delivers the end user the secure environment to use the device without any fear. Support for fingerprint sensor allows the developers to develop the apps that support fingerprint reading.

                 New power saving mode has been used in the name of Doze and for permission model Rationalized model will be used.

                  Lollipop gets the permission list from the user once the app has been installed and this may lead to many user approving without reading all permission list and now in M version the application permission list will be notified as and when it is required. This feature is known as #Rationalized permission model.

                   Now coming to the name of the version the official name of Android version M is #Marshmallow. The version is expected to be available to all the user by the third quarter of 2015.

P.S : The post is to create awareness and not to be misused.

Exploiting Torrent to launch DDoS attacks.

                Torrent sites and the torrent downloader such as utorrent and vuze has been used by many users across globe and there has been many countries that blocks torrent. Recently it has been noted that this torrent protocol can be used to launch a DDoS attack.

                 Torrent protocol is the simple file sharing protocol in which the users shares the files among peers and so there will be a connectivity between the peers or the computers across the globe and this may be exploited to launch the attack.

                  DDoS (Distributed Denial of Service) attack is the distributed version of DoS attack where the user will make the services unavailable for the users and this can be accomplished normaly by the bots across the globe.

                   Now as an advancement a security researcher has published a paper stating that the Reflective DDoS attack can be launched using the Peer to Peer or P2P protocol.

                   The traffic is amplified to a higher bandwidth and then the attack is launched on larger scale. Past year there has been a massive hit upto 300Gbps Dos attack recorded. Now it can be achieved upto 400 Gbps using this technique.

                    utorrent has been notified about the attack and the patch has been made but still it is vulnerable to Distributed Hash Table (DHT) attack and vuze is also notified and yet to release the patch.

                     The work has been published as a paper and it can be viewed here.

P.S : The post is to create awareness and not to be misused.

Windows 10 won't stop spying even if disabled.

              Windows 10 came up with the bang with millions of users upgrading and there has been many issues that were being discussed. Recently another feature has been revealed that never stops spying the users.

               Many companies uses some features to collect data from the users and as regarding to Windows 10 the spying has been done by two main features available.

                They are #Cortona and #Bing search. Cortona is the voice assistant which was built like Siri owned by Apple but Cortona sends the data to the Microsoft servers periodically.

                 The another feature that offers spying facility is the Bing search which sends the search data that are being searched through the start screen to the server of Microsoft.

                  The crazy fact is that it won't stop sending the data even the user disabled the feature. The tiles that are preinstalled in Windows 10 will install by themselves if the user deleted them.

                  The main shocking fact is that for the communication they uses Unencrypted HTTP protocol for the data exchange. This may be used by an attacker for any malicious purpose.

                   Microsoft responded that they are collecting the data only for the retrieval of updates easier. They also added that Windows is communicating as per the user selected privacy settings.

P.S : The post is to create awareness and not to create any negative impact.

Kali Linux 2.0 Released.

                     Kali Linux being one of the famous Penetration Testing Operating System has been used globally by almost all the security researchers. Recently Kali Linux 2.0 has been released and is available for download.

                      Kali Linux distribution is a free open source built on Debian Kernel and it is known for its tool package that consists of hundreds of tools pre-installed for use and its stability is well known. 

                      Kali Linux 2.0 has been released and it is available for free download either as ISO or as Torrent File download. The important features that Kali Linux 2.0 incorporates are

Linux Kernel 4.0

Support Desktop Notifications

Has hundreds of tools installed

Improved Wireless coverage and Hardware

Supports Ruby 2.0

Has Screencasting that allows user to record Desktop

                         The famous framework Metasploit and its pro packages has been removed and open-source Metasploit framework and its modules are pre-installed.

                         The version is available and can be downloaded from here.

 P.S : The post is to create awareness and not to be misused.

Another Android Vulnerability affecting 55% Users.

                It is like a tug of war with Android and its security options. For the past few weeks many number of vulnerabilities has been revealed targeting Android devices. Recently another vulnerability has been revealed that targets Android platform.

                This new vulnerability allows the attacker to gain full access to the device with the app that has no privilege assigned by the users. 

                 Actually all the applications installed will have the permission list granted by the user and the app is not allowed to use any other resource than granted. This vulnerability allows the app with no privilege or few privilege granted by the user to super app with root privilege.

                  The vulnerability is due to the residing of #OpenSSLX509Certificate flaw which takes care of the permissions granted by the user to the application. The vulnerability has been categorized under #CVE-2015-3825. 

                   The vulnerability has been revealed by the Security Researchers at IBM and the vulnerability has been presented with the Proof of concept and the same has been reported to Google.

                   All the attacker need to do is to install a small application that can be given few or no permission and then the application can then download additional components and may get the system-level access permission.

                   Once the system-level access is achieved then it is a cake-walk for an attacker to control the device. The complete detail about the vulnerability can be found here.

                    The video demonstration can be found here.

                    The patch has not yet been released and the version that is yet to release i.e. Android M is also vulnerable to this vulnerability.

P.S : The post is to create awareness and not to create any negative impact.

Certifi-Gate - An Android Vulnerability.

                     Recent security posts were focused only on the Android devices because there has been many vulnerabilities that has been revealed within a short span of time. Recently another vulnerability has been revealed targeting Android.

                      The vulnerability allows the attacker to take complete control over the Android device (root access) even you din't root your device.

                       The vulnerability lies in the part of the core which enables the remote support that has been used by services such as Teamviewer. The module has been integrated into the core and this has been integrated by almost all Android device manufacturers.

                       The vulnerable plugin can be used to take control to the core that is the attacker gets an administrator privilege for the device and it is not required that the device has to be rooted.

                        The vulnerability is named as #Certifi-Gate and unfortunately the plugin can not be removed because it is the core of the operating system and it also provides services such as rsupport and the plugin is known as #Remote Support Tool (#mRST).

                         Users can not prevent attacker from gaining access and all the versions lower than and running Lollipop are vulnerable and it has to be fixed by the Android itself.

                          The demo has been released on youtube for public viewing and the Android app has been developed by the Check point to check whether the device is vulnerable or not.

                           The Application that can be used to check whether the device has been vulnerable or not can be downloaded from the official Android Play store from here.

P.S : The post is to create awareness and not to be misused.

Fix Windows 10 Privacy issues in One click.

                  Windows 10 came with a bang and millions of users upgraded to windows 10 for free and there has been two issues that has been detected in Windows 10. Recently a solution has been developed to preserve privacy in Windows 10.

                   Windows has many new advanced features and it has been a fine built from Microsoft but it has been hit with many privacy problem. It is noted that it is using Torrent type upgradation which steals the users bandwidth in earlier days.

                    There has been another problem in the name Wi-Fi sense that allows users to connect to the network without having the password of the Wi-Fi network.

                     Many privacy interfering features are enabled by default and going through the express installation while installing will make Microsoft to collect data such as 

Location
Usage
Preference
Details
Biometric details
and many more

                      The data are sent to Microsoft for the categorization and for the targeted advertisements. The data also consumes much of the bandwidth while uploading.

                       To stop this and also to disable many more privacy concerned options there has been a software developed by pXc-coding which has a nice interface that allows the user to review and change the setting for 35+ security options.

                       The software has been named as #DoNotSpy10 and it is a freeware that can be downloaded and used for free which allows the users to edit the settings that has been done by default installation.

                       It is also noted that this software changes the registry setting and so many Antivirus software may categorize under malware since it is making changes to registry files. It may also be categorized under Adware since it is having an advertisement campaign.

                       The software can be downloaded here.

P.S : The post is to create awareness and not to create any negative impact.

Andriod bug that end in reboot loop.

              Android is facing worst week ever. There has been many bugs and vulnerabilities that has been targeted towards android. Recently a vulnerability has been discovered that causes endless rebooting of device.

              Few days back a researcher found a bug that exploits many Android versions and then it is Trend Micro that revealed that a vulnerability can be used to exploit the device under the name #Stagefright and now it is  a vulnerability that end in reboot ever.

              This vulnerability is assigned as #CVE-2015-3823 and it has been hit or exploited by either way as

Malicious Application or
Malicious Website.

                When the user visits a web site a download has been triggered and the malicious code will be executed that put the phone in endless rebooting.

                 The other way is by installing a malicious application and when the user clicks on the media file that is malicious (.mkv) then the device will result in endless rebooting.

                  This vulnerability works by creating a buggy "#mediaserver"  plugin and it causes the device to reboot again and again.

                    The vulnerability has been reported to Google and they have categorized it as Low-level vulnerability and no patch has been released from Google.

                     Inorder to prevent from this vulnerability the user if infected can boot their Android device in safe mode and this disables the third party applications from loading and then the user can wait until the patch has been released by Google.

P.S : The post is to create awareness and not to be misused.

Advanced Credit / Debit card Skimmers.

           There has been an enormous increase in the number of credit / debit card fraud where many innocent people lost their money. Recently a new advanced technique has been revealed which is widely used by attackers.

           Normally the E-card fraud will be exposed only when the user suffer a huge money loss at bank balance sheet. It will be too late to act and the money is lost. 

            Many users uses their card for purchases at the small retail store for payment and the payment will be made through a small square device. Many retailers will ask the user for their PIN telling that the machine is in another room. It is one simple way of stealing the card.

            Another advanced technology is that turning the device into the skimmer which stores the card information and it can be used to make duplicate card with the same data as on original card.

             The device thus stored the information and they can also be used to make online payment also in many cases and knowing the PIN it is very easy to withdraw the money from ATMs.

              The another thing is that the malicious app can be installed in the smartphones that can be used as a skimmer device and thus the information can be captured and can be used to make duplicate cards.

              Security Researchers also revealed that it is possible to even playback the purchase that was made earlier. Which means if a user makes a payment of 500 rs the same can be repeated after the user leaves.

              Users are recommended not to reveal PIN to any retailer if asked and also should have an eye while the card has been used for the purchase payment and it is mandatory to go through the bank statement periodically for preventing any loss of money.

P.S : The post is to create awareness and not to be misused.

Windows 10 is stealing bandwidth - Disable it right now.

            Windows 10 has been launched by Microsoft on July 29 2015 and there has been already a feature that causes problem under the name Wi-Fi sense. Recently another problem has been deducted in Windows 10.

             Microsoft is providing free upgrade for the users who are using Windows 7,8 and 8.1 and so millions of users are downloading simultaneously and it has been a difficult job to handle that much traffic.

              To solve this problem Microsoft is using Torrent Style downloading option under the name of #Windows Update Delivery Optimization and it uses peer to peer connection that enable the user to download the files from another user.

               When you are initiating the upgrade to Windows 10 your computer will copy the installation files from other user who already upgraded to Windows 10 this is the strategy followed to minimize the traffic to Microsoft Server.

                For this purpose of #WUDO your computer after fresh upgrade will start upload as similar to that of seeding process in Torrent download. This will drastically steal the network bandwidth of the system.

                This feature is enabled by default and if you don't want to upload and act as a peer then you have to disable it manually to avoid further stealing of bandwidth.

                 To disable the feature do the following

Go to settings in the start menu

Search for Update & Security

Under Windows Update open Advanced options

Under Choose how updates are installed, select choose how updates are delivered.

Disable the toggle under updated from more than one place.

                  Users are recommended to disable the feature to avoid the further loss of network bandwidth.

P.S : The post is to create awareness and not to create any negative impact.

Windows 10 Wi-Fi sense shares your Wi-Fi.

              Its been a day after the launch of Windows 10 and there has been about ten millions of users who upgraded their systems to Windows 10. There has been a feature named #Wi-Fi Sense that needs some attention.

              Actually Wi-Fi sense is a nice feature that allows your friends to share the Wi-Fi you are using without even knowing the password for Wi-Fi.

               The users if located in the same network range and the user allows the group of contacts to share the Wi-Fi then if any user belonging to the group if using the same Wi-Fi sense feature then the user can use the Wi-Fi without your password.

                One thing to be understood is that it is only sharing the Internet access and not the password for the Wi-Fi and the settings can also be customized by the user and the contact list can be modified.

                 The feature is enabled by default and so if any friend in the same group if in the same network can share your Internet access without your credentials.

                  No network social profile password has been shared and not even the Wi-Fi password has been shared but the Internet access has been shared.

                  The feature is found very interesting but looking on other side it is possible for an attacker to sit in between the two users and launch the attack.

                   The attacker can read the private messages and the mails that are being transmitted between nodes and the attack is known as #Man In The Middle (MITM).

                    To disable the feature go to Windows Settings and Network & Internet and click "Change Wi-Fi settings" and then "Manage Wi-Fi settings". Disable all the features available there and it makes the Wi-Fi sense to forget all Wi-Fi networks passwords.

                    Users who are more concerned about security and using Windows 10 without knowing this can change their Wi-Fi password for preventing further attack.

P.S : The post is to create awareness and not to be misused.