ProxyBack - A malware that turns PC into Proxy.

             In this cyber world if the user is not educated enough and caught in then all dirty jobs can be done in the name of the infected user. Recently a malware has been spotted which validates the point.

            Actually in many countries some websites are blocked as per their Government order and even in many organisations website blocking happens. In order to remove the barrier and access the blocked sites, proxy softwares are used.

             That proxy will create a tunnel and gives access to the blocked sites. There are many providers who provides this service for free or as paid service.

             A malware has been identified by Palo Alto Network security researchers that was named as #ProxyBack that makes the infected computer into a proxy for attackers and thus all the traffic will be redirected through the PC.

             A computer if infected will be given a unique ID and then the attacker will communicate with the compromised machine through HTTP requests. It has been noted that till there are 11000 compromised PCs nearly.

            The infection count increases and this shows the user negligence towards security of their own systems. This malware is not used to hide the location of the attacker but to use the blocked sites.

P.S: The post is to create awareness and not to create any negative impact.

Microsoft backup Encryption Key on its server.

             Microsoft released its latest version of its operating system with the feature of encrypting the whole disk (Don't confuse it with Bitlocker). Recently it has been stated that Microsoft backs up the encryption keys on its server.

              Microsoft if installed will encrypt the whole disk and the encryption key will be saved in their server as a backup option. This can possess a serious threat if

Any rogue insider can misuse it.
Any spy agencies can access the data with the backed up keys if allowed.
If Microsoft is hacked then the damage may be on large scale.

               There is option available to stop the machine from sending the keys to Microsoft server and it can be achieved by

Turn off the Bitlocker (This will decrypt the entire disk)
Turn on Bitlocker again
Then it will ask you whether to send the data or not (Do not select "Save to your Microsoft Account").

                 The reason turning off and turning on again will make the backed up key of no use and we are using a fresh key and then we are telling not to store it in Microsoft Account.

                 If you want to delete the keys that are stored already in Microsoft server then you can login  to your Microsoft Account. Then you will find the recovery keys backed up. Store them locally into your machine and then delete them.

                 Before making any changes ensure you know what you are doing as this may lead to some damage if misused. The Author is NOT RESPONSIBLE for any damage occured due to the execution of this article.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft wants Governments to install Windows 10.

                Microsoft's latest operating system #Windows 10 does not hit the mark as expected and there has been many strategies followed by Microsoft to promote their product. Recently they released a statement stating the Government can use #Windows 10.

                 Microsoft recently stated that all world Government can install Windows 10 as it provides security, flexibility, speed, efficiency and control than other platforms available.

                 They also stated that the performance with same hardware is 30 percent faster than Windows 7 and also providing improved power management and hardware acceleration.

                 They also supports Microsoft Cortana and also Edge to increase the efficiency and for security they are having Credential guard, Device guard and Windows Hello.

                  They also stated that it provides flexibility to the IoT enabled components and also they stated that with the latest update the operating system is ready for enterprise deployment.

                   You can find the official post from Microsoft regarding this here.

P.S: The post is to create awareness and not to create any negative impact.

WhatsApp Free video calling feature.

              WhatsApp has been used by billions of people for messaging and also for photo sharing and has provided many more features to its user. Recently there has been a leaked photos that reveals the feature yet to come in WhatsApp.

               Many users of WhatsApp wants a video calling feature eventhough there are many video calling applications out there. It has been a news that spreads which states that WhatsApp is working on it and will reveal the feature in near future.

                Recently there has been some leaked photographs that indicated that WhatsApp is working on video calling feature and it has been in testing stage now.

                 WhatsApp is supposed to provide the video calling feature at free of cost if connected to the Internet through either Wi-Fi or through any subscribed tariff from service provider.

                  There has been no official news from WhatsApp about the new video calling feature and the users has to wait to receive the official confimation and if it has been released then the user will get the official upgrade from WhatsApp and do not believe in hoax message stating upgrade.

P.S : The post is to create awareness and not to be misused.

Temporary ban for Facebook Free Internet Service.

            Facebook introduced a concept of providing free internet to the users of India and it has been restricted to the reliance subscription users and can access few sites for free. Recently TRAI has temporarily banned the free service offered in India.

            There has been many problems ever since the concept of #Net Neutrality has been came to focus and now Facebook announced the free internet in the name of internet.org and the fact is that Reliance users can access to some portals for free.

             The actual reason for banning the service in India is that if it comes into action then the Facebook messenger will be the one used by many users and then the competitors can compete which obviously violates the Net Neutrality concept in India.

              Thus TRAI (Telecom Regulatory Authority of India) temporarily banned the Facebook's free internet services to the users in India. Facebook has been asked to detail the act.

               Few days back Facebook also made its users to send an automated mail to TRAI supporting for Free Internet services in India which then has been noted as "Accidental" action by Facebook.

               There has been many statement that there has been access to Internet free services for users still TRAI bans the service according to sources.

P.S : The post is to create awareness and not to create any negative impact.

Crash WhatsApp by sending Smileys.

         WhatsApp is one such messaging application that has been used by millions of users and many also gets addicted to it. Few months back there has been a bug that causes the WhatsApp to crash and Recently it has been found that WhatsApp can be crashed in other way out.

          #WhatsApp application can be crashed by sending around 4000 smileys to the recipient and by sending such an enormous amount of text it causes the recipient's #WhatsApp application to crash and will terminate.

            Indrajeet Bhuyan, an independent security researcher noticed this bug and has reported it to the WhatsApp team and they are yet to patch it. 

            By sending 4000 smileys will make the application not responding in both the web browser and also in mobile as an application.

            The crash affected more than one billion users and the crash has been noticed as success in the following versions

Android for Mobile - Marshmallow, Kitkat and Lollipop.
Web Browser - Chrome, Opera and also in Firefox browsers.

            If you are in doubt that you are a victim of this bug then you have to remove the whole conversation and the video demonstration can be found here.

P.S : The post is to create awareness and not to be misused.

AirBar - Turn Non-touch screen to Touch Screen.

          Due to the revolution in electronic devices, there has been a greater demand for touch screen and now all the devices are being shipped with Touch screen but many cant afford for Touch screen. Recently a company came up with a idea of turning a non touch screen into a touch screen device.

          Actually working of #Touch screen devices is that it will detect the pressure changes from the user and then it will sense the area and the corresponding action will be carried out accordingly and due to the implementation the touch screen devices are priced high which many cant afford.

          Swedish Company #Neonode has brought a new device known as #AirBar which will transform the non touch screen into a touch screen device and the AirBar is a small plug and touch bar that attaches magnetically to the bottom of the device screen.

          It can be USB powered and it will emit invisible light across screen that can be used to track the user movements and gestures. The movements and the gestures will be transferred to the input and thus converting into touch screen.

          As like Touch Screen, user can pinch, zoom, scroll and also perform many other operations that can be performed with a touch screen.

          The product is now available at $49 and is available for Windows 8, 10 and chromebook and OS X support is yet to arrive. The video demo of #AirBar can be seen here.

P.S : The post is to create awareness and not to be misused.

My one day experience with an imposter.

           In this post i am not gonna post any security news but something very important. It is true that Hacking is a state of art which is still a hidden world to many people but dont let others to fool you just by doing a magic before you.

            Few days back I had been to a competition and then came a person who proclaimed himself as #Cyber Security Analyst, #Malware Analyst, #Cyber Detective and many more. 

            Then came his session in which he stated that he will Crack Windows 10 security within 30 seconds and then came demo part. 

He inserted a OFFLINE REGISTRY / LM hash editor Live boot CD and booted the system.
It is a menu driven application and then he just removed SAM file and rebooted.
Without SAM file what the innocent operating system will do ? It will allow user to have access
Then he said yay i cracked Win 10 authentication mechanism.

            A Technical person can understand this very well and for other let me explain this with similar example. Consider you are buying X company phone you yourself delete the photo that resides in the device and then you are saying to X company that you are responsible its your flaw. Got it ?

            This is the real state and i was agitated to the core and many have no knowledge in cyber security field, dont take advantage of that and earn money. You will be just a goat that leads an army of lion. 

             People must be aware enough to see whether the speaker is an imposter or really a stuffed person until then this shit will happen always. There are many person wandering who self proclaims themselves as #Cyber Security Expert / Analyst. Dont spoil the credit of that prestigious positions.

P.S : The post is based on my real experience and not to create any negative impact.

Hacking Linux with just 28 Key Strokes.

              One of the operating system kernel that has to be considered to be secure to some extent is #Linux till date and now a serious flaw has been found in its operation. 

              Security researcher found that the Linux login screen can be bypassed with just #28 Key Strokes and they too are the same key "#BackSpace". Yup by pressing Backspace key for 28 times will allow you to bypass the login screen.

              This is not at a kernel fault and this happens in #Grub Loader (Grand Unified Bootloader) popularly used by Linux versions. It was due to the underflow that resides in #grub_password_get() function.

              It resides in Grub2 version 1.98 and it has been reported to them and once the login screen appears if the attacker follow this he /she will be entered into Grub Rescue shell with which all the files can be accessed.

               The vulnerability has been patched by the vendor and the distros based on Debain Ubunutu and RedHat are yet to patch it. You can find the patch here.

                User who are running Linux are advised to patch it immediately if you are concerned about your data.

P.S : The post is to create awareness and not to be misused.

Hacker Friendly Search Engine.

         In cyber space there is a hidden world exists and is commonly known as #Deep web, what we use are referred to as #Surface web which constitutes only 4 percent of total Internet as per statistics. Recently a new search engine has been developed that is hacker friendly.

        For exploiting the Deep web the normal search engine wont help for that specialized tools and search engines should be used. #Shodan is one such search engine that has been used to find the vulnerable devices and also for scanning purposes.

        #IoT (Internet of Things) evolves at a rapid rate and due to which many vulnerabilities arises. Many manufacturers and many users use hardcoded cryptographic key which allows anyone to spy through the device.

         There has been many hacks in recent days involving hacking #CCTV and #Baby monitors in hospitals and now even toys. The newly developed search engine #Censys powered by the search engine giant #Google is used to find all the vulnerable devices connected to Internet.

         If any device is about to be connected to Internet it will act as a door to your network and this search engine #Censys uses two components such as #Zmap and #Zgrab.

          Zmap is an open source network scanner and #Zgrab is an application layer scanner and this can be used by any hacker to find vulnerable devices at one stop.

          #Censys can provide details about the devices through which many zombies can be formed and also it causes damage to the users in worst way. Users are requested to secure their devices before connecting them to Internet.

P.S : The post is to create awareness and not to be misused.

100 Million times faster computer.

          There has been many researches carried out in the field of #Quantum computing to reduce the time taken for the traditional PC to give a solution for any complex calculations. Recently #Google has developed a computer that was much faster than the traditional computer.

           The main idea behind the #Quantum computing is that instead of bits (0 or 1) used to represent data #Qubits can be used to represent 0 or 1 or both at the same time. This will significantly reduce the computing time and also increases the accuracy of result.

           The Mountain View giant #Google with NASA has developed a #D-Wave 2X Quantum computer that can solve the complex problems at very high speed and accuracy.

            Google Quantum AI team released the results of the Quantum computer result and is that Quantum computers are 100 million times faster than the traditional PC in producing complex problem result.

             They take the point of parallel processing that allows faster computational power than the traditional PC with a single core processor. The system was in initial research state and the commercial product will be out in near decades.

             They have also published a pdf which states the functionalities of the Quantum computer and it can be found here.

P.S : The post is to create awareness and not to create any negative impact.

Microsoft's new Windows 10 upgrade strategy.

        Microsoft after releasing #Windows 10 expected a big bang among the users but many of the users find #Windows 7 and #Windows 8 or 8.1 comfortable and stayed with them. There has been many strategy that has been carried out by Microsoft. Recently Microsoft is following a new strategy to push the #Windows 10 upgrade.

         Previously Microsoft automatically pushed the download files into the machine with which the system will upgrade itself to #Windows 10 and then they changed the upgrade setting of Windows 10 from optional to recommended.

         Some users found that their systems are automatically upgraded to the Windows 10 without their consent. These are some of the strategies followed by Microsoft to promote their new product.

          Now they are following a new strategy which is that even if the user blocks the upgrade to Windows 10 it automaticaaly gets enabled.

          Actually everyday or over a period of time system will check for any change in the settings in the server and then if Microsoft enables the service then your sytem will change the setting to enable mode even if you blocked it.

          This has been identifed by the security researcher to whom many users has stated that even if they block the service the upgrade is enabled by the system and Windows 10 starts downloading to the system.

          This is one of the weird strategy followed by Microsoft to promote their new product Windows 10 and there has been also a news that many manufacturers like Dell and hp are recommending Windows 8 not Windows 10. Even some of the support people recommend Windows 8 only.

P.S : The post is to create awareness and not to create any negative impact.
          

Microsoft made heart of Edge as an open source.

           Microsoft released its latest operating system #Windows 10 with the much more powerful browser in the name of #Microsoft Edge. It is being liked by many users due to its rendering speed. Recently Microsoft is going to made the heart of Edge as an open source.

            Microsoft's Edge has a Javascript engine in the name of #Chakra that powers the whole Edge browser and also some applications in the xbox and also in Windows 10.

             Chakra is going to be made as an open source but Microsoft is gonna reveal it as #Chakracore and the code will be available in GitHub under the MIT open source license scheme.

              Chakra actually is the combination of the COM which powers the windows 10 and so the private components will remain hidden and the Chakra JS engine will be available in GitHub in the name of #Chakracore.

               Chakracore will provide many functionalities such as

The parser
The Interpreter
JIT compiler (Just In Time)
Garbage Collector
API to integrate into applications.

              It is really a big decision by the giant and this will power IoT (Internet of Things) projects well as it can be intergrated with the devices.

P.S :  The post is to create awareness and not to be misused.

Most vulnerable programming language of the year - 2015.

             There has been many programming languages that has been used by developers to design their site or the management software and due to the increase in the cyber attacks, there has been an analysis that has been carried out to find the most vulnerable programming language.

             Security Researchers analysed more than 200 000 web applications that has been developed in various platforms and it has been found that some possess very critical threats.

            They analysed the threats that has been faced by the applications and then they have released the result with the title "The most vulnerable programming language of the year - 2015".

            Programming language #Classical ASP tops the list and then comes the #ColdFusion and then came the most famous scripting language "PHP".

            Actually the most vulnerable language of the year is PHP because the other two are almost not in use and PHP has been used in almost all sites.

             It is found that the sites developed by PHP are vulnerable to XSS (Cross Site Scripting), SQLi (SQL Injection). Many are vulnerable to command injection, improper storage management and information leakage.

             Among them XSS and SQLi are the components of OWASP Top 10 vulnerabilities for web applications. Developers are advised to use the language wisely as JAVA and .NET are considered to be secure than PHP.

P.S : The post is to create awareness and not to create any negative impact.

Who is responsible for Hacking ?

                Hacking becomes a pressing issue these days and many are facing a huge loss for this action. Actually there has been many wrong facts that prevails around people. Lets discuss who is responsible for hacking that happens.

                 Hacking word has been misunderstood by many people and it is just an act of making a system do a function which it is not intended to do. Computers are protected with IDS, Firewall, Anti Virus and many more protection mechanism. Then why this happens?

1. Many of us fails to update or fix security patches because it may consume large data or many are using pirated softwares so it is not done to avoid getting caught.

2. One of the classical practice is downloading a cracked version of Anti Virus and many products cant be updated if not original. Missing to buy a paid one is a big problem.

3. Our craziness towards offers and free products. If a 100 mail stating about a fake free offer atleast 20 will respond to that link which may lead to an attack.

4. Having an awesome password like password123; admin123; p@ssw0rd; mypass any many more can be easily cracked as they are famous one and most widely used.

5. Clicking on the links or pop ups to see what it holds. Users may think what will happen if i just click a pop up. It is more than enough to plant a malware or do any nasty work with just a click.

6. Providing all details such as favourite dish, novel, music, pet name and many in social media and having them as a security question for mail recovery. Great is it not ?

7. Not linking the account with your phone number. Failing will not notify you if other changed the password and it will also help in recovering the lost account control or resetting passwords.

              Now think what is the use of having all security mechanism which are controlled by a person who is not cautious. That why it is stated "Humans are the weakest link". 

P.S : The post is to create awareness and not to create any negative impact.

WhatsApp blocks Telegram Links.

          WhatsApp owned by giant Facebook is one of the most popular messaging application that has been used by billions and infact many teens are addicted to it. Recently a news has been released that WhatsApp is blocking link to Telegram.

           Users can notice if they typed a URL (Web link) in their chat box will change it to a link which  is clickable and can be forwarded so that other users can visit the site easily. WhatsApp started blocking the Telegram links.

            #Telegram is one such messaging which has many new features such as Secret Chat, Self Destructing Messages and end to end encryption and many more which many even dint tried of. 

               WhatsApp rolled out a new update WhatsApp 2.12.327 earlier this day and in that if a user typed a link like "www.telegram.me" (For Example) then it will not change into a link which can be clicked by any user will take you to the site.

                The link has not been recognized as a URL and appears to be a normal link and it has been found by a user who posted in reddit today.

                 Telegram acknowledged this and there has been a news that the social network giant may block the link but there is no official information from both WhatsApp and Telegram.

                  Users can check this with the updated version #2.12.327 and then comment if anything is wrong. Official information yet to be released by WhatsApp and Telegram.

P.S : The post is to create awareness and not to create any negative impact.