TOR Instant Messenger for Anonymous chatting.

               TOR (The Onion Router) provides anonymity to their users who are browsing the web through the TOR browser that uses the TOR network. Recently they have developed a messenger that can be used to chat anonymously.

               TOR browser routes the packets through the relays and encryption is being made at every level and so the anonymity is provided at the highest rate. In addition to the browser TOR network has now developed a anonymous messenger.

               #TOR Instant messenger can be used to chat with any user online through the TOR network the messages that are sent will be encrypted and routed through the relays and reaches the destination.

                It also uses the feature named #Off-The-Record (OTR) for higher level of security. Any eavesdropper who is capturing the message can not decode the packet and gain information about the sender and the receiver.

              To use the messenger download the application and run it. Then by selecting the account type user can login and chat with the users who are online linked to the account.

              The platforms that are being supported by the TOR messenger are

IRC (Internet Relay Chat)
Facebook Chat
Google Chat
Twitter
Yahoo and also
Desktop client like Adium for Mac and Pidgin for Windows.

             They are also about to add some features such as Sandboxing and Encrypted File transfers in future.

              The application is now in beta version and users can download the application from here.

P.S : The post is to create awareness and not to be misused.

000WebHost Hacked - 13 Million credentials leaked.

                     The number of websites launch in Internet is on high pace and many are hosting their domain from many of the service providers available. Recently there has been a breach that leaked around 13 million credentials.

                     Many hosting services are payable and some of them are free. Hosting services are those in which you can buy a domain and then host your website there in their servers. One such free hosting site is #000WebHost.

                       Millions of users has registered there and many websites are being hosted in their servers. The credentials of the users must be secured with high encryption to avoid any breaches.

                        Few days earlier there is a news that a hacker hacked into the server by using a exploit in old php coding and got the whole database of credentials. The database has been circulated in the underground forum.

                        Hunt, a security researcher from Australia also got the database through anonymous source and since it is proved to be original he alarmed the hosting service 000WebHost and there is also a Forbes article published about the hack at 000WebHost.

                        #000WebHost just simply ignored the warnings and then they noticed that the server has been hacked and the whole database has been compromised due to the exploit.

                        The funny fact is that all the passwords and the email ids are managed in Plain Text without any encryption. Then the 000WebHost personnel reset the passwords for 13 million users and then make the encryption at place and then removed all the malicious uploads.

                         Encryption is the basic security mechanism failing to do so will cost a lot which is now 13 million users passwords and emails. Users are requested to follow the reset procedure for their account and not to use the same old password in any other account since it is circulated to many places.

P.S : The post is to create awareness and not to create any negative impact.

How you are being tracked.

               Tracking a user in Internet is carried out by many agencies and also by many advertisers to provide accurate advertisements. Recently an advanced method of tracking a user has been revealed.

               Users may think that deleting the history and also wiping the cookies from the system will make them untraceable and also not able to build the websites they have visited. It is a completely false statement if you assume.

              All the activities made will leave a trace somewhere at sometime and now a security researcher has indicated a way by which a user can be tracked and the sites he / she visited before can be listed.

              The tracking can be done due to the improper implementation or loophole in the #HSTS (HTTP Strict Transport Security) this protocol has been in use after it has been proved that HTTPS traffic can be intercepted through SSL Striping technique.

              This HSTS is nothing but forcing the browser only to use #HTTPS and not #HTTP protocol. It also looks for the certificate issuer instead of the certificate provided by the site since any site can has a in-built root certificate.

              Here comes the problem due to this action the history will be managed even when the user deletes the history and also it uses the #Persistent cookies will not even delete even the user deletes the cookies available.

              The security researcher demonstrated this by developing a site which will allow the users to check their recently viewed sites even after wiping the history and cookies.

               This method will not work if the user has installed the #HTTPS Everywhere plugin in the browser and also the tool tracks the traffic only to HSTS protected sites and not others since they uses #Supercookie.

              The researcher developed a site and named is as #Sniffy and you can test by viewing this site and remember it only shows the HSTS protected sites and not all sites.

P.S : The post is to create awareness and not to be misused.

Anonymous browsing with secure VPN.

                  One of the major and the pressing issue in Internet world is #Privacy and all the users who are using Internet needs privacy. Recently a solution has been provided by an organisation to provide privacy.

                   There are many mechanisms that logs all the activities that are being carried out by the user in Internet. ISP (Internet Service Provider) logs all the traffic and also there are many spy agencies that spies on user traffic.

                   One of the fact is that there is no or little privacy provided to the users and in order to get rid of that we use the concept of #VPN.

                   VPN is a Virtual Private Network that has been developed to provide anonymous and secure browsing between the user and the server. It creates a tunnel and all the traffic both inbound and outbound are encrypted.

                    VPN provides anonymity and also security by encryption. There are many VPN providers but some of them are logging their users traffic.

                    #Privatoria is one such VPN providers who provides anonymity and also secure browsing at the same time no log has been maintained in the server. Privatoria also supports TOR browsing.

                     TOR (The Onion Router) is another concept in which there will be complete screening of the users who is requesting the service. Privatoria allows users to surf through TOR network without having TOR browser.

                     Privatoria also allows many functionalities such as VPN + TOR and many more and trial is available for users at free of cost. The homepage of the provider can be found here.

P.S : The post is to create awareness and not to be misused. 

Apple's Unbreakable Glass.

                  Apple owning major share in the communication devices released iPhone 6s and iPhone 6s plus recently. It is a fact that Apple products are priced more than many devices in the market. Recently Apple patented a new technique.

                  Apple filed a new patent for the new technology that explains the unbreakable glass for their upcoming products. Apple reinvents the technology ever and now it is the glass technology.

                  The major problem with all the devices is the breaking of glass, that too if it is Apple then it will cost a high price which is almost to a new smartphone in the market. To eliminate this problem they came up with a new solution.

                  Apple developed a retractable bumper that can be used to prevent the damage caused by falling of the device and breaking of glass. The bumpers are intelligent enough to determine when the phone is falling.

                  The bumpers are equipped with the advanced GPS, acceleration sensors, gyroscope and ultrasonic emitters all working in real time to sense the device fall. If happens then the retraction of bumper to avoid the damage.

                   Apple got approval for this technology and is expected to deploy in the upcoming iPhones and iPads in the near future.

                   The information posted are according to many sources and there is no sufficient information and official information about the technology from Apple Inc.

P. S : The post is to create awareness and not to create any negative impact.

Hacking CCTV camera to launch DDoS attack.

                A new era has been emerged in which we started giving intelligence to almost all the accessories and make them smart. #IoT (Internet of Things) has become a trend in which all the devices are connected to the Internet. 

                 The major issue that has to be discussed when the topic IoT comes up is that #Cyber Security because it is easy for any hacker to break the security when all the components are connected to the Internet.

                  Recently there has been a hack recorded that uses the CCTV cameras to launch a DDoS (Distributed Denial of Service) attack at large scale targeting a web server.

                  CCTV cameras are the normal components that are connected to the Internet for the view of video footage. Most of the CCTV cameras that are connected are not at all secured and many of the devices are left out with the default configurations.

                  One of the default configuration is leaving the default password and default login name. There has been a DDoS attack that targets a web server with 20000 page requests to the server.

                    While investigating it has been noted that the DDoS was due to the flooded HTTP Get page request and the nodes that has been used for launching the attack are 900 CCTV cameras.

                    All the CCTV cameras that are responsible for the attack are infected with the Malware and it has been targeted on linux platform. The CCTV cameras are hacked to form a botnet and then used to launch a DDoS attack.

                     The CCTV cameras are identified and the malware has been removed from the host. All the CCTV cameras should be properly configured.

                     It has been noted that all the cameras lack security mechanism to protect themselves from the Cyber Terrorists.

P.S : The post is to create awareness and not to be misused.

Impossible to access data on locked iPhones.

               Apple owing many products and iPhone being one of the major product owns a major share in smart phone market. Recently Apple defended in court about its security mechanism.

               iPhone has the first step of preventing unauthorised persons usage through the lock screen with the passcode or the biometric unlocking feature from iPhone 5s. 

               Few days back Apple was called by Federal Court for unlocking a iPhone by breaking the passcode set by the user. Apple strongly opposed that it can never break the encryption of the passcode.

               Apple stated that once the user sets the passcode it serves as the key for encryption and once the users forgets or lose his iPhone it is not possible for others to unlock the phone by breaking the encryption.

               Apple also stated that it can break the encryption if the iOS version is less than 8 which only less than 10 percent of total Apple devices. About 90 percent of Apple products are running iOS 8 or later and so it is impossible for them to break the encryption.

                You might think that if the passcode is of four digits then the brute force attack can be made but that will not work on devices running iOS 8 or later.

                 Also there is a news that Apple shares some of the data with the Government agencies and in the letter from Apple, its CEO Tim Cook stated that "We are not allowing any Government agencies to access the users data and we never will".

                  By this Apple strongly defended the court that they cant break the encryption and this shows the privacy level provided by Apple to its users.

P.S : The post is to create awareness and not to create any negative impact.

eFast Browser - A Lookalike for Google Chrome.

               Google Chrome browser which is built out of its #Chromiun browser project has been used by millions of users across globe. Malwares are now targeted towards cloning of softwares. Recently a malware has been identified that look alike #Chrome browser.

                Malware is a piece of code that will carry out malicious activity in the target computers compromising the security of the computer or any other devices.

                 Security Researchers at PcRisk has discovered a new malware that look alike Google Chrome and it replaces the original version in the victim computer. The browser provides all the necessary functionalities such as

Browsing
Pop up and display Advertisement
Tracking users
Redirecting to the bogus websites and many more

                  This piece of malware also states that it has been developed at Clara labs who are the designers of #Tortuga and #Unico. It looks very similar to that of the Google Chrome to trick the users.

                  The browser has been named as #eFast browser by the developers and the browser will exactly look alike chrome because it has been built upon the Chromium open source project.

                   It is also noted that the browser replaces completely the chrome and also starts affecting the files associated with the file formats such as .jpeg and .html.

                    Users are recommended to check their system for any existence of the #eFast browser and uninstall them completely by following the instructions.

P.C : The post is to create awareness and not to create any negative impact.

Full Disk Encryption Mandatory for Android 6.0

                Cyber crimes are increasing at a rapid rate and one of the biggest problem is the data loss or the data theft. Since smartphones owns now the sensible data it has to be secured. Recently Google announces that Android 6.0 devices will have a Encryption.

                 One best  or way of preventing data theft, eaves dropping is Cryptography in which the text or the message changed in the format that is unknown to any person other than destination.

                  Simple statement for Encryption is that you can lock your house and then you share the key with your one friend, so now only you and your friend can access your locked property. The same principle applies in Encryption.

                   Android 6.0 supports Full Disk Encryption (FDE). FDE is the mechanism of encrypting the whole data that resides on the disk and then decrypt them as and when required. The thing is that the data will be encrypted even before they are saved to the memory.

                    The key will be provided by the user and the key usually is the password. This mechanism will surely prevent data theft from happening and Android supports encrypting their devices

User private area (/data) and
SD card (/sdcard) data.

                        When considering the disadvantages of this mechanism the biggest problem is that since it requires encrypting the data and decrypting again, it requires time and on the fly mechanism will make the system little slower to respond.

                         This can be used by the users who wants complete shield to their data and other users can go with the passcode or pattern lock to their screens.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft's Tricks to hit market with Windows 10.

            Microsoft after the launch of windows 10 has been following many tricks to sell their new product in the market. It sets a target of making around 1 Billion users use Windows 10. Recently a trick has been carried out by Microsoft.

            All the operating systems will have a default apps list and the app will be used to open such documents in the future and now it is the browser of Windows 10 that causes the problem.

              I think it is the user's wish to make default option for their web pages and now whenever a user tries to switch to the apps such as #Mozilla Firefox and #Google Chrome, the dialog box will appear with the message "Don't Switch and try now".

              They also lists some of the highlighted features of the windows 10 edge browsers saying

In-built Cortana support
Reading mode to avoid disturbance
Stylus to share ideas through writing.

               Of course they are new features but forcing the user to use the app as default one will irritate not only the users but also the browser developers such as #Google and #Firefox team.

               Already the giant Microsoft has been accused of automatically installing windows 10 then they starting making it a default option in windows update. Now they are forcing the user with the so called option providence.

                There is also a news that Microsoft working hardly to make their users to stick to the default apps provided by Microsoft including #Microsoft Edge according to the post.

P.S : The post is to create awareness and not to create any negative impact.

Forcing Windows 10 installtion by Microsoft.

         Microsoft has rolled out the newer windows version #Windows 10 few months back and millions of users upgraded and many also roll backed due to some reasons. Recently there is a news that Windows 10 is automatically getting installed.

         Few weeks back Microsoft downloaded windows 10 installation files into the client machines who are all running Windows 7 or Windows 8.1 and now many users complained that Microsoft trying to force the users to use only Windows 10.

         Actually there are two categories of settings available for upgrading namely optional and recommended. The optional ones will not be checked and will be disabled by default and the user has to enable them manually.

          But the Windows 10 is getting upgraded automatically showing a warning box to the users but the users are left out with only two options such as Upgrade now or Upgrade later. Even some users stated that they are having only upgrade now option available in the dialog box.

           Microsoft has been notified about this mistake and they have told that it was due to the mistake and they have changed the setting preference available in the Windows update page.

            But it does not seems to be a mistake as the giant already made some attempts to force the users to install Windows 10 and this shows how badly Microsoft acting to get their users their advanced operating system.

P.S : The post is to create awareness and not to create any negative impact.

Hacking Phones through Radio Signals.

              All the smartphones are becoming smart and the smartphones started using Voice Assistant to control the devices. Recently there has been a hack recorded that uses the radio signals to hack any devices that uses Voice Assistant.

               Google's Android devices has the feature of #Google Now that let the users to control the search through their voices in Google and also there is a personal assistance available in  Applle devices in the name of #Siri.

                Both of them are enough to carry out any hack on devices nearby. The only requirement for this hack is that the victim should have a Microphone enabled pair of Headphones inserted into the slot.

                 A security researcher demonstrated this hack and he stated that the radio signal can be generated to trigger the Personal Assistant silently in any device nearby through the Headphone and Microphones attached.

                  After the personal assistant has been enabled then the following malicious activities can be carried out

Sending SMS
Making Calls
Making victim to visit a malicious site
Trigger a Trojan or any file download

                  The hack exploits the settings that the personal assistant can be enabled even from the lock screen. It is the default setting in the case of Apple and this hack is possible only if the headphone with the microphone is inserted into the jack.

P.S : The post is to create awareness and not to be misused.

USB Killer v2.0 released.

                        During the month of March a security researcher stated that a USB drive can be converted into a bomb and it can be used to explode a whole system through USB interface. Recently an advanced version of the previous work has been developed in the name of #USB Killer V2.0.

                         The whole idea behind this concept is to make a USB drive an interface to explode any computer by inserting a heavy voltage to the computer. The security researcher who developed it earlier done by it inserting a voltage of -110 until all the possible parts fried up.

                          But now it is something different and this time it directly inserts -220 voltage to the system line and it is more than enough to explode a whole computer through USB. 

                           The new method is also speedy when compared to the old model since computer started exploding in few seconds when plugged and is also very successful.

                            You may think that I can disable the autoplay option to avoid this damage but the main idea is that in order to read the content or to mount the device the computer has to access it and it is more than enough for the explosion.

                             It is very true that the cyber warfare has been started and the users should safeguard the data and now also their computers. The technique in olden days known as Flash Drive Technique in social engineering but now it takes a new form.

                              The very common intention of the user if found a pen drive on any floor or ground will pick it and you may think i can format the drive but after plugging there will be no device to format it.

                               The security researcher while developed this and demonstrated lost his brand new Lenovo Ideapad and the video demonstration can be found here.

P.S : The post is to create awareness and not to create any negative impact.

Apple Removes Malicious Ad Blocker Apps.

               Few days back there has been a news that there are many malicious app that has been found on the Apple's official app store and then they started revising all the apps. Recently Apple has kicked many malicious apps that serves to be a malicious ad blocker from App store.

               Actually the apps sits between the users and the servers and then compromises the security of SSL and thus gaining credentials or other personal information from the device.

                This happens due to the Root Certificate that has been used for any server communications. A server who wants to communicate will send the Root certificate with respect to Public Key Infrastructure and then the browser will validate the certificate and establishes the connection.

                 This is the normal working of the Root Certificate and now while the server sending the certificate the app will sit between the end user and the server and compromises the security and then steals the personal information.

                  Many apps that does this in the name of Ad Blocker has been removed by Apple from its App Store and the name of Apps has not yet been released by Apple.

                   Apple is yet to release the name of those malicious apps and until then the users are asked to uninstall any suspicious app from their devices.

P.S : The post is to create awareness and not to create any negative impact.

A Serious Router Exploit in Netgear.

        Netgear being one of the major Internet accessories providers such as Routers, Modem and many more components. Netgear devices once became victim of attack through DNS Poisoning and now Recently a news has been released stating that Netgear routers are vulnerable.

         DNS is the thing that maps the canonical name that we type in the web browser to its corresponding IP address and if the attacker can change the IP address mapping to his / her own malicious machine then all the traffic will pass through him/ her machine.

          This attack is known as DNS Poisoning which comes under Man in The Middle (MiTM) attack in which an attacker will sit in between and route the packets to and fro. Now Netgear and mostly many routers has the option to remotely access the router.

          This option is now exploited and an attacker can successfully exploit the login page and then can map all the traffic to bogus server by changing DNS entries. This is one such serious issue.

          A security researcher found that something unusual is happening and while digging out he found that his administrative settings has been changed and also the DNS settings has been changed.

           He contacted Netgear about the issue and they notified that it is a serious bug but the victim are less than 5000 and we are working on it.

           As of now no patch has been released and they also notified that they will release the patch on October 14 2015 and the users can upgrade their firmware to update the router and patch it against this serious bug.

           Users are recommended to update their routers on the specified date since you can also be one among 5000.

P.S : The post is to create awareness and not to be misused.

WhatsApp message backup with Google Drive.

            WhatsApp being one of the  most popular messaging app that has been used by millions of users across globe. Recently there is a news that users of WhatsApp can take a backup of chat to Google Drive.

              There is a partnership between WhatsApp and Google ant they have agreed on a feature that WhatsApp users of Android can upload their chat, photos and videos to the Google Drive and they it can help them in preventing data loss.

               Already iOS users can backup their chats in iCloud but there 90 percentage of users are Android users so the feature of integration with Google Drive will help users much.

                The users can select the option such as 

Daily
Weekly
Monthly and 
Not at all

                  as a window time for backup of data and the data stored in the Google Drive will be encrypted for the protection of data stored.

                  The users of Android can upgrade their WhatsApp to the latest version to get this feature and it can also be downloaded from here.

P.S : The post is to create awareness and not to be misused.

Secure Operating System from Hacking.

         There are many operating systems used by users for their ease usage, but if you ask a question which is a secure OS? The true answer will be no operating system is 100 % secure. Recently a new operating system has been built that is said to be secure.

         All operating systems heart is the kernel which is the core and takes care of all the activities that are being carried out in the system. Windows are monolithic and whereas Linux and Mac are said to be non monolithic.

          In this case if the kernel (Singe module) has been hacked then the whole system will be under the control of an attacker. To avoid this a new operating system has been developed in the name of #Qubes OS.

           This new OS uses the concept of virtualisation that has been used by many users to share or to effectively use the resources available. It can share the hardware and storage that are available.

           It is not a Linux Distribution but it is a #Xen Distribution which is a bare metal virtualization in which to the core Hardwares can be shared and used effectively.

          It supports any number of os to run on the system based on the hardware available and the distribution is based on a microkernel. It supports

Windows Distributions
Linux Distributions
Whoinx.

         Whoinx is another security based OS that is built using Debian Kernel and it uses TOR network for browsing to preserve the anonymity of the users while surfing the Internet.

          The #Qubes 3.0 is expected to be released by the end of October.

P.S : The post is to create awareness and not to be misused.

Hacking to make Systems Secure.

             Hacking refers to make a computer do something that it is not intended to perform. Hacking can be done for good deeds by good people also for ethical purpose. Recently there has been a news that a malware hacks nearly 10000 devices to make them more secure.

              This may sound crazy but it happens, Security Researchers at Symantec discovered a new malware and it targets systems and they are dubbed as #Linux.Wifatch or #Ifwatch. 

              This malware infected more than 10000 Internet of Things devices and it is still spreading quickly at a rapid rate. The malware once implanted will not download any threat or any payload as like any other malwares.

              Instead it will scan the devices or the system for any traces of similar families of malwares and then if any of such malware kind has been detected then it will display a message to the user about the threat posed and the remedy for that.

             For example if the password of the account is not that much secure then the malware will display the user that he / she can change the password for their account and also the indications such as disable the telnet port or services.

              The malware code has been developed in Perl programming language and the best ways to remove this malware can be done by 

Resetting the Router
Changing the default password in use
Maintain the updated Firmware.

             These kind of malwares can be avoided by implementing the following steps

Turn Firewall setting to ON.
Change the Default passwords.
Change the Default SSID
Never Broadcast the Network Name.
Use MAC Filter to avoid malicious users.

P.S : The post is to create awareness and not to be misused.

1 Billion Android devices are vulnerable.

            It is a usual thing that a new vulnerability will be discovered and the company will patch them. Now two vulnerabilities has been targeted towards Android and it has put around 1 Billion devices at risk. 

             Android latest version is 5.1.1 and is used by many number of users and of course there are also people who are using lower versions of Android also due to the hardware configuration and some backward compatibility issues.

              Few weeks earlier a security researcher discovered a vulnerability in the name of #Stagefright and now it is similar to the updated version of the same vulnerability.

              The two vulnerabilities are listed under #CVE-2016-6602 and #CVE-2016-3876 also resides in the media playback engine called #Stagefright and the amazing fact is that it affects all versions from Android 1 to 5.1.1.

              The old vulnerability can be triggered by a simple text message but the staegefright 2.0 can be invoked by the following ways

Man in the Middle
Web Page
Instant Messaging app
Third party media player.

             Google scheduled its security update on 5 October 2015 which will address all the security loopholes and the same has been shared with the Android device manufacturers and the users can also expect the patch from the manufacturers.

              The security researcher who discovered the bugs said that he will release the proof of concept and the exploit code once the patch has been released by Google.

P.S : The post is to create awareness and not to be misused.