Port Fail - A vulnerability for VPN.

                  In order to maintain anonymity and also to maintain privacy many users uses VPN (Virtual Private Network) which uses encrypted transmission of messages. Recently a vulnerability has been found that affects almost all the VPN providers.

                 The simple concept behind VPN is that the sender will be connected to the destination like a secret tunnel and all the communication that flows through the tunnel is encrypted such as to avoid sniffing.

                There are many VPN providers who provides free as well as some are paid services. The new vulnerability #Port Fail allows attackers to reveal the real IP address of the victim.

                Discovered by VPN provider Perfect Privacy (PP) is a simple port forwarding trick. Port Forwarding is nothing but diverting all the traffic to a user defined port so as to sniff the packets.

               This vulnerability requires that the attacker and the victim needs to be in the same network and the protocols that are vulnerable are

OpenVPN and IPSec (Which provides security to the IPv6).

                This vulnerability can be exploited by simply forwarding the traffic and for that he / she must know the exit IP address. Some vendors has patched this vulnerability and users are recommended to update their software to avoid further attack.

P.S : The post is to create awareness and not to be misused.
               

Li-Fi - 100 times faster than Wi-Fi.

                  All the devices we are using are getting connected to the Internet giving rise to the #Internet of Things (IoT) and almost all the devices are connected through wireless medium. Wi-Fi plays a major role there. Recently a new technology has been invented by researchers.

                  Wi-Fi uses radio signals and thus they can be affected by external attackers and at the same time any client can be removed from the access point without connecting to it (Deauthentication attack), to solve all these problems #Li-Fi has been invented.

                   The idea behind Li-Fi is using light to transfer the data and it can be accomplished by having a LED light at the routers and then data can be transmitted at an increased rate.

                    Researchers have been running many tests and achieved the transfer rate of 1 Gbps which is 100 times larger than the existing Wi-Fi technology.

                    The technology uses visible light so it cannot penetrate through walls. It is stated that using this technology speed of 224 Gbps can be achieved which is much more greater speed.

                     To watch the full details about the technology you can view the introduction of this technology by a speaker in Ted conference. You can find the link here.

P.S : The post is to create awareness and not to create any negative impact.

1.2 Billion login passwords hacked.

                 Login passwords and the username seems to be the main asset in the cyber world and everyone at some point of time will forget the password and reset it. Recently a hacker hacked around 1.2 billion account credentials.

                 It is not an easy task to get around 1.2 billion login passwords which is a large number and to accomplish this task he (#Mr.Grey) used botnets it seems.

                 The news also stated that the login passwords belongs not to a single account but to almost 420,000 websites and this is done by exploiting the simple #SQL Injection attack.

                 Actually botnets can be used to carry out a large attack such as DDoS (Distributed Denial of Service) or other deadly attack but in this case it has been used to scan the Internet for finding any vulnerable site.

                  Let's have a deeper look, consider a hacker already planted a malicious malware in computers across globe say 5000 computers. The malware will receive instructions from the attacker who planted the malware. Then if the attacker issues a command to scan the Internet, all 5000 computers will start scanning for vulnerable site.

                  If the site has been found vulnerable then the url can be given to the attacker or it can carry out the attack and get the credentials and send it to the attacker.

                  There has been no information that the attacker alone does this job or a group of hackers accomplished this task. There is no information about the sites that has been compromised and also about the login credentials also.

                   Users are requested not to respond to any mail from unknown stranger and also to scan any drive before pluggin them into the computer. Apart from these, use complex passwords to prevent attacks to some extent.

P.S : The post is to create awareness and not to be misused.

Dell laptops with pre-installed malware.

             Dell being one of the major laptop and computer manufacturers in the world has a major place in the market. Last time Lenovo was caught for using pre-installed adware named #Superfish and then they provide a free tool to remove the malware. Recently Dell laptops has been caught for having pre-installed malware.

             Laptops sold by Dell has a pre-installed fake signed certificate actually it is a self signed credentials for secure connection establishment the certificate are signed and the keys are stored in local computer.

             Let's have a look what can be done with this thing. Attacker can use the credentials to fake a connection as a trusted one and then can carry out a MiTM (Man in The Middle) attack and with that the attacker can gain the sensitive information suchas credentials and other information.

             The laptop models that are identified to be having this malware are

Dell Inspiron 5000 series notebooks
Dell XPS 13
Dell XPS 15

            It is also doubted that not only these models but also many models may have this malware pre-installed.

            To check whether you are infected with this malware 

Go to Run
Type certmgr.msc and hit enter
Open up Trusted Root Certification Authority 
Select Certificates
Search for eDellRoot

              If found you can delete it and then try after sometime you will find the same #eDellRoot in place and the funny thing is that even if you remove it, it will be created by itself.

             So what is the way to remove it, there is no removal mechanism available yet but inorder to prevent you from any attack users are recommended to use #Firefox browser as it will warn if the certificate is fake one.

             Dell has been reported about this issue and they have posted that  customers privacy are their major concern and their team are working on it and will post the status update soon.

P.S: The post is to create awareness and not to create any negative impact.

Secret Malware for Android devices.

          Android has millions of users across globe and very popular thus serves as a main target for the attackers. Many malwares has been targeted towards Android. Recently a new malware with new features has been detected.

         Malwares actually request user permission and if granted they will start affecting but this new malware will start its action even if the user reject the installation of the malware.

         Security Researcher at #Lookout detected three malwares and they are

1. #Shedun (#GhosPush)
2. #Kemoge (#ShiftyBug)
3. #Shuanet

        These three belongs to a Adware family and they root the victim's mobile so that the attacker can gain full access to the device that is infected.

        Among them #Shedun is more deadly because it doesnot exploit any vulnerability in the device and uses the legitimate funtionality of the device to make malicious activities.

        Victim is tricked to allow access to #Android Accessibility service by which a user can interact with the device in other ways.

        After gaining access to the system the attacker can

Read the text messages that displays on the screen
Install any application
Scroll through Permission list
Press install button for any app without the physical interaction of the user

       The adware masquerade itself in the Google Play store and waiting for users to install the corresponding application. Since the adware roots the device it is not easy to remove them other than to reset the device to factory reset.

      Rooting the device also voids the warranty for the device and users should be careful in dealing with third party apps from any untrusted sources.

P.S: The post is to create awareness and not to be misused.

Anonymous takes down 20000 ISIS Twitter accounts.

           After the terrorist attack at Paris there has been a cyber warfare started between two groups Anonymous and ISIS. Apart from France and other nations that bombing the groups, Anonymous started a cyber war against ISIS.

           Anonymous stated that "They will hunt down the ISIS twitter account" and then ISIS stated Anonymous as Idiots and then it has started.

           Already Anonymous published a list of twitter accounts who are having connections with ISIS group (Refer earlier post) and then they also published some simple hacking tutorials for public viewing.

          The main idea of this is to stop the propagation of news to all the members through the social media and one of the main social media used by the members is the Twitter and now it has been targeted.

          Another main source of communication is considered to be the Telegram messenger and then few days back Telegram has removed 78 channels that belongs to the ISIS groups.

         In a video released by Anonymous they have stated that they have taken down 20000 Twitter accounts related to ISIS members.

        It is a fact that Social media sites has been used by terrorist groups to influence people and then make them a member of their activities. 

P.S : The post is to create awareness and not to create any negative impact.

Did Mark Zuckerburg left Facebook?

          No need for the introduction about the giant Facebook which was created by a geek Mark Zuckerburg and is one such social media that has users all over the world. Recently there has been a post that he left the job at Facebook.

           It is just a bug in the code of Facebook that the security researcher has disclosed in a brand new way. You can check the post here on his wall.

           Actually the security researcher modified the url available that takes care of the Life Events that posts in the wall of any user. He just tampered the url and then by removing the start parameter it posted this post.

           This is not an actual technical bug and is just a way a user can tamper the url make others kind of fool.

           However it is actually a minor bug that any bad intended attacker to create a false post.

            If the post is not available you can see the picture below

P.S : The post is to create awareness and not to be misused.

Is Telegram really secure for secret sharing?

           Telegram being one of the famous messaging application that has more than millions of users and there has been a news that terrorists are using Telegram messenger to communicate with their fellows. Recently there has been a post by a security researcher about the telegram security.

           Some of the major features of the Telegram application are end-to-end encryption which prevents any middle person from sneaking into what data is being communicated. Another feature is the #Self Destruct messages which will delete after a specified period of time.

           Apart from these features that are being provided by the Telegram a security researcher claims that it contains more security loopholes which he mentioned in his blog and they are as

1. End-to-end encryption is not enabled by default and have to be enabled before the chat begins and not possible with the existing or started conversation.

2. Another thing is that Telegram will access your mobile contacts and then upload the entire database into its own server and with that data it is possible to clearly draw a map that connects all people.

3. Using mobile phones will expose more metadata which can be used by any agency to retrieve the data such as time, location and the persons involved in the conversations.

4. There has been some consideration with encryption they uses but it is not yet publicly broken even after they declared a prize of $3,00,000.

         With all these security loopholes the security researcher concludes that the app may be used for common use but not hold goos for terrorist activities and all. Telegram also closed 78 ISIS affiliated channels to cut down their communications to some extent.

P.S : The post is to create awareness and not to create any negative impact.

Operation Paris - Anonymous against ISIS.

        ISIS is a terrorist group that carried out a horror attack last week in paris and then after that Anonymous openly declares a war on ISIS hackers and they have started it.

        Cyber warfare started and many social media has been used by many of the terrorist groups to recruit people to carry out terrorist tasks. ISIS stated Anonymous as IDIOTS and then Anonymous started their attack on ISIS.

        It is a fact that #Anonymous is one such potential group that has been proved in many past attacks and then now it turned against the ISIS group.

        Anonymous posted that they have hacked 5500 Twitter accounts of ISIS members to stop their propaganda through the social media.

        They have also stated that they will cut the propaganda through the social media and then they have also posted a how to hack tutorial for all the online users to join in #Operation Paris which is against the ISIS group.

         Anonymous has also posted a list of Twitter account names of ISIS group and it can be found here.

         It simply doesnot ends here and as the heading says A Cyber Warfare has started with full pace and Facebook has removed Anonymous page that posts information about Anti ISIS stating that the page is against its policies.

P.S: The post is to create awareness and not to create any negative impact.

Bug in Gmail app that allows to spoof emails.

This summary is not available. Please click here to view the post.

Spying Samsung Galaxy mobile phones.

                      Samsung being one of the major manufacturers of smartphones has an important model which many users uses in the name of #Samsung Galaxy. Recently a security researcher has found that these phones can be spied easily.

                      One of the major security breach that can be achieved in the smart phone is spying the incoming voice calls and record them if possible. This can be achieved in samsung galaxy models easily.

                      Two Security Researcher demonstrated a famous attack known as #Man in The Middle (MiTM) and with that they achieved MiTM attack on the models such as Galaxy S6, S6 Edge and also in Note 4.

                      The attack needs a special equipment such as #OpenBTS Base Station which will act as a bogus base station. The attack is due to the phone's baseband processor.

                      The mobile above mentioned considers this bogus base station as a legitimate cellular tower and thus any calls that are incoming and outgoing can be routed through the bogus base station.

                       By achieving this attack the attacker can record the voice call that are directed towards the cell. This is not possible for everyone as it needs some additional equipment to exploit the attack.

                       The two security researchers reported the bug to samsung and also the details how to carry out the attack has not yet been disclosed and samsung is expected to fix the bug soon.

P.S : The post is to create awareness and not to create any negative impact.

Self Destructing Messages from Facebook.

                 Facebook has own a messenger application in the name of #Facebook Messenger and it has been used by millions of users to communicate with the users globally. Recently Facebook rolled out a new feature for its application.

                 One of the expected feature is that #Self Destructing messages and it has been available in the Snapchat users since 2011 and now Facebook is about to roll out this feature to its users.

                 Few users from France has noticed the feature of self destructing message and it will appear as a hour glass icon on the chat box and once clicked the message sent will be set to a timer of one minute and after that time the message will be removed automatically.

               To disable the feature all the user has to do is to click the hour glass icon again and there is no news about the customized timer and it may be available in near future.

                Already Facebook tried it before in its standalone application named as #Slingshot and has failed to achieve success with that feature but now it successfully integrates this feature.

                The new feature is now available only for the France users and there is no official information about the launch of the feature globally but will be available to all the users in near future.

P.S : The post is to create awareness and not to be misused.

Preventing Microsoft from Tracking.

                 Microsoft with the launch of Windows 10, users started having many problem such as low boot time, wifi connectivity problems and one of the main problem is the privacy for some users. Recently a firm has developed a new tool that can stop Microsoft from Tracking.

                    Microsoft admits that they are collecting information from the user machine to give better experience to the users by collecting the telemetry data. Many users tried to stop the tracking option but many stated that they failed to disable it.

                     There has been many third party softwares that can be used to diable the tracking of Microsoft through Windows 10. One among them is #DoNotSpy (Explained in earlier post).

                     A new tool has been released in the name #Spybot-Anti Beacon from a security firm Spybot. This tool can be used to disable the tracking of telemetry data.

                     The tool is free to use and can be installed and on running the tool tracking of telemetry data can be disabled.

                     If the user is not comfortable with the new tool the tool also has the option of undo the changes and once undo has been done the tracking will be enabled.

                     Microsoft started the automatic upgrading of Windows 7 8 8.1 to Windows 10 and the tool can be used for disabling the tracking by Microsoft.

                      The tool #Spybot Anti-Beacon can be downloaded from their website.

                      The Author is not responsible for any damage done by running the tool and the user is solely responsible for the execution of the tool.

P.S : The post is to create awareness and not to create any negative impact.

Free Android Vulnerbility Scanner for Mobiles.

              For the past few months mobile security has been a major concern in security field and many research has been going on and many vulnerabilities has been patched after they are revealed. Recently a new #Android Vulnerability Scanner has been developed.

               Vulnerability Assessment tool has been available for web servers and also for many web applications. Now a #Vulnerability scanner for Android has been developed.

               One of the important bug is known as #Stagefreight and is patched by Google but many vendors take many months to patch it completely. Stagefreight only needs a simple text message to hack the mobile.

               Including #Stagefreight 22 other bugs will be scanned if installed on your mobile and will notify the user about the bugs found and users can determine how vulnerable their devices are.

              Mobile Security Firm #NowSecure releases the new tool known as #Android Vulnerability Test Suite (#VTS) which does the job.

              The application has been released on Google Official Play Store and is available for Free. Users can download the application and do the following to execute the tool

1. Download and install the Application.
2. Run the application and press the search option.
3. In about 30 seconds the vulnerability scanner engine will start
4. The report about the device about the status of vulnerability will be reported.

             One important note is the The Mobile Antivirus may detect the tool as a Malware because of the presence of the Stagefreight detection code. It will not affect the mobile in any means.

              According to a post in Internet a user purchased a fully patched One Plus mobile and run the scan and found that the mobile is vulnerable to few including #Stagefreight 2.0. It is a nice option to download and scan your own mobile.

              You can download the application from Google Play Store and is available from GitHub.
         
               The Author is not responsible for any damage done by running the tool or any means. The post is to be used for Educational Purpose and to safe themselves from the emerging threats.

P.S : The post is to create awareness and not to be misused.

Ransomware for Servers emerged.

              Ransomware has been a biggest threat for the past year and many has been a victim for this malware type and lose money. Normally ransomware targets the files in a computer. Recently a ransomware has been analysed which targets web servers.

              The new ransomware has been dubbed as #Linux.Encoder.1 and this ransomware encrypt the files of the root directory and other directories needed for the web hosting.

               This new ransomware encrypts the data with AES algorithm and once the web server has been targeted then the following steps will be carried out

1. Download the supporting file to encrypt the data.
2. Download the RSA key needed to store all the AES keys needed.

                 The ransomware targets the MySQL and Apache root directories related to the web hosting and then the files will be encrypt with .encrypt file format and then it will display the message that

                 "The files has been encrypted and needs 1 bit coin (~450 USD) to decrypt the data and then the instructions for the decrypting" will be displayed.

                   The ransomware will look for all the web related file format and then once the victim pays the bitcoin then the command will be passed to the computer to continue the decryption process and the web servers are targeted through the normal third party software and plugin vulnerabilities.

                    The best way to evade this ransomware is not to respond to any unknown messages through mail or through pop ups and regular backing up of data will help in effective mitigation. If targeted security researchers advises to make a copy of encrypted files and wait for decrypter tool.

P.S : The post is to create awareness and not to be misused.

Tech Support asks users to downgrade from Win 10 to 8 or 8.1.

                    The newly rolled out Windows 10 has many new features and also hits millions of downloads world wide and then there has been many steps taken by Microsoft to make users to use Windows 10. Recently there has been a news that Tech support people recommends users to downgrade from Windows 10 to Windows 8 or 8.1.

                   Windows 10 has many glitches and when many users contacted Technical Support people the answer they got were really awesome that is to "Downgrade from Windows 10 to Windows 8 or Windows 8.1".

                     Many OEM such as Dell, HP and Lenovo recommends the same to the users and this is really surprising because the Tech Support is not supporting Windows 10.
  
                      In case of Dell a user contacted the Tech Support to change the directions of scrolling and then the Tech support person said "There are many glitches in the Windows 10" and diverted the call to the Expert who suggested to uninstall Windows 10 and go with Windows 8 or 8.1.

                      Dell stated that "We support Windows 10 but sometimes recommend the users to go with the downgrading option".

                       In the case of HP the support engineer not only tried to solve the issue but also tried to downgrade the system to Windows 8.1 and stated "She wont recommend the users to upgrade to Windows 10".

                       With these scenarios the Tech Support people tried to solve the problem only by downgrading and not solved the problem.

                        Already Microsoft stated that they will hit 10 millions downloads and with this happening it is really a doubt to hit their target.

P.S : The post is to create awareness and not to create any negative impact.

Common Mistakes done in Cyber Space.

               In this post lets discuss some of the common mistakes done by the users in cyber space that can affect them in worst ways. There has been an tremendous increase in Cyber crimes than traditional crimes.

1. Giving away OTP to unknown caller :

                There has been many incidents that involves users revealing the OTP to strangers through phone. A real time case study in which a college professor was targeted and received a phone call pretending to be from Google and said "We are upgrading your account sir, so we need the OTP that will come to your mobile". He revealed the OTP and wait it doesn't end here

                Another call from same number and said there has been a delay so tell fresh OTP again. Result : 40000 rupees gone.

2. Sharing Privacy with Everyone :

                  Famous thing is that sharing of photos and status updates in social media. A girl posted status "Feeling Depressed, Car punctured" and shared location. 
Result : The girl along with her friends Kidnapped.

                   Status update revealing everyday activity is like revealing a clear blueprint to anyone.

3. ATM PIN in ATM card itself :

                   Inorder to remember ATM PIN many will write them behind card (Some in front side too) having vehicle number, Last 4 digits of mobile number etc. can be easily guessed.

4. Curiosity towards FREE :

                  FREE is a word that can melt everyone. Pass this God photo to 10 person you will get Good news in 10 minutes. Is God monitoring who and all forwarding to 10 person and then give wishes ? The worst case is "Click the link to 10 person and earn Rs.100 talktime. No one will pay you if you get any please comment and forgive me.

                 Some ways by which we can prevent these are

Don't Trust anyone be suspicious towards everyone
Don't carry away by the word FREE.
Your Privacy is your own privacy.

P.S : The post is to create awareness and not to create any negative impact.

MegaNet - A Non IP Based Internet.

               One feature that every user in the Internet badly needs is his / her privacy which is provided only in a very small amount to the users. Recently a new concept has been proposed that will provide a decentralized and highly secure Internet.

                #Kim Dotcom, the man behind #Mega cloud and file sharing Infrastructure announces that they are going to introduce a new decentralized Internet which is a non-ip based.

                  Actually we are connected to the Internet with the IP address assigned to us by the service provider and the new idea is the #Non- IP based and is decentralized.

                   One such thing is that our existing Internet is the centralized one and all the details are managed somewhere and in this model he proposed an architecture in which everyone is connected but no central unit.

                    For encryption of the data that has been transmitted and stored he uses a very strong which he stated that it is not hackable by human or by super computers.

                   The #MegaNet is going to be launched by 2016 and another feature is that it also utilizes the unused power of user's device. This means if a user has 1 Gb RAM and uses 500 Mb then the remaining 500 Mb can be used by another person.

                   He also stated that if the network has been launched the users can access Internet with unmatchable network speed. He believes 100 Million people will join within first month of #MegaNet launch.

P.S : The post is to create awareness and not to be misused.

Free Hacking tool to steal Passwords.

                People using Internet is growing at higher rates and it is hard to remember all the passwords used for various accounts and so many uses #Password Managers. Recently a tool has been developed that can steal the entire data.

               The work of a password manager is to store the passwords that are saved by the users and all the similar softwares uses encryption method to safeguard the data stored. The strength of the password manager based on the encryption it will provide.

               One of the popular and highly used Password manager is the #KeePass and recently a hack tool dubbed as #KeeFarce is developed by a kiwi researcher and is available for usage.

                The tool uses the concept of #DLL Injection and when the user opens the KeePass and then the tool will give command to the tool to export the stored data in the current database to a dump file.

                The dump will now contain all the decrypted plain text information and then it can be remotely copied by attacker.

                 The tool is now made available for the KeePass software only and in near future it can be made available to many password managers.

                The tool he developed has been released on the GitHub and can be downloaded from here.

                The Author is not responsible for any damage occurred by running the tool and it is highly recommended to be used only for educational purposes.

P.S : The post is to create awareness and not to be misused.

Free Ransomware Decrypter tools.

             Malwares that are being released these days are in various flavours like trojan, virus, worms, spyware, adware and now it is ransomware. Recently a free ransomware decrypter has been developed and released.

             Ransomware is a type of malware that will encrypt all the data that resides on the disk and will ask the victim to pay a ransom of some amount for providing the decryption keys. This is a sophisticated attack.

               Without the decryption key it is nearly impossible to retrieve the data that has been encrypted and even some city police also fall as a victim to this attack. Ransomware that is very popular is #Coinvault and the next version is #Bitcryptor.

               After the initiative taken against the ransomware and the command and control centre has bene raided and the keys has been seized and then the antivirus vendor #Kaspersky join hands with Dutch police and developed a decrypter tool.

               They have arrested a person related to this ransomware and with his information the keys has been updated in the tool. Now if you are affected with this ransomware do the following

Get the list of encrypted files from the ransomware interface
Install some good antivirus and remove the malicious ransomware
Then navigate to noransom.kaspersky.com and download the tool
Install the additional libraries and decrypt the files.

               This tool will not help you if you are affected again in near future. As stated earlier Prevention is always better than cure. The steps that can be taken to get rid of this ransomware are

Install a good Antivirus and update regularly
Don't open any suspicious download from unknown sources
Don't click on any pop up from any unknown sources.

P.S : The post is to create awareness and not to be misused.