Monday, 18 July 2016

Unknown

World's 3rd Best Ethical Hacker Shahmeer amir

The Hacker we’re featuring today is a remarkably charitable White Hat Hacker and a distinguished Bug Bounty Hunter from Pakistan. He was recognized numerous times by Facebook, Microsoft, Google, Mozilla, LinkedIn, and other well-known websites. He was also the former number one hacker on HackerOne’s Hall of Fame and currently holds the most number of acknowledgement of any researcher worldwide which grosses up to approximately 250+ acknowledgements.
Meet Shahmeer Amir, Founder and CEO of the Charity Hackers Association (CHA) which specifically formed to raise money from the Information Security Community for emerging causes around the world. He is also known as an author of two research papers, Modern Wireless Attacks and Attacking the Web with Logics (Currently in publication).
  1. How did you start in Penetration Testing?
By academic profession I am not a Hacker, I am actually an Engineer and holds a Bachelor’s Degree in Electronics Engineering. But Hacking have always fascinated me as an art. About two and half years back, I attended a seminar on Hacking and Exploitation in my University where the speaker’s talk motivated me to enter the field. It was only later I came to know that those were mere deceptive words, but it was at that time I decided to learn Penetration Testing.
2. What motivates you to participate in Bug Bounty Programs?
I believe that we are present on this earth for a purpose, and I also believe that my purpose of existence is to help others. As most of the people of the community know, I have the usual habit of donating my bounties to reputed NGOs, as well as serving people who ask me for help. It is that idea of becoming a bridge to help other out that motivates me to participate in Bug Bounty Programs, and gradually keep my knowledge upto date. It is also the very reason I started Charity Hackers Association (CHA).
3. What was the biggest or coolest Security Vulnerability you’ve found in your bug bounty journey?
My specialty is Business Logic Flaws, and it is also something I enjoy finding because to break an application with the developer’s logic itself is challenging. One of my most cherished findings was the recent Command Injection Vulnerability I discovered in Apache, it was noted and mentioned in reputed platforms and study journals of universities around the world.
4. What is your favorite hacking tool for searching security vulnerabilities?
My brain!
As I am fond of business logic flaws, I don’t believe any tool out there would match the potential as to one’s brain. Although I think we all would agree that BurpSuite is the best tool to be used in Web application testing. But still, its modules are what I mostly use to observe requests in responses.
5. Do you have any advice for White Hat Hackers considering getting into bug bounty programs?
Yes! I do. When one develops the crave for wealth, life loses meaning. The idea that to give what is most precious to you, is the most noble of all. Hackers earn bounties and develop the sense of greed to have more. I think if my bounty can help someone get a home, get education or even a night’s bread, then it would be of more use than fulfilling any of my needs. I urge all bug bounty hunters to donate an integral part from what they earn, and for this very reason, I am taking Charity Hackers Association (CHA) up a notch to help hackers get their donations in the right direction.
As the interview end, Shahmeer proved that hackers are not bad people just as how the society usually sees them. He also proved that hackers can be charitable while dealing with their own struggles in life. Kudos to you, Shahmeer. Keep up with this guy on Twitter, and stay tuned for his next activities!
Read More

Sunday, 10 July 2016

Unknown

Twitter CEO Jack Dorsey! Account was Hacked

Twitter_CEO_Jack_Dorsey
Twitter CEO Jack Dorsey! Account was Hacked
Twitter account of another high profile has been hacked!

This time, it's Twitter CEO Jack Dorsey.

OurMine claimed responsibility for the hack, which was spotted after the group managed to post some benign video clips.

The team also tweeted at 2:50 AM ET today saying "Hey, its OurMine,we are testing your security," with a link to their website that promotes and sells its own "services" for which it has already made $16,500.
Although the tweets posted by the group did not contain any harmful content, both the tweet and linked to a short Vine video clip have immediately been removed.

Ourmine is the same group of hackers from Saudi Arabia that previously compromised some social media accounts of other CEOs including:
  • Google's CEO Sundar Pichai
  • Facebook's CEO Mark Zuckerberg
  • Twitter's ex-CEO Dick Costolo
  • Facebook-owned virtual reality company Oculus CEO Brendan Iribe
Since all tweets posted to Dorsey's account came through Vine, it's possible that the group had used passwords from recent mega breaches in LinkedInMySpace, and Tumblr to hack Dorsey's Vine account or any other service, which had given OurMine access to his Twitter account.
OurMine claims it is "testing security" of accounts and teaching people to secure their online accounts better, though it also offers its support to those it targets, charging up to $5,000 for a "scan" of their social media accounts, website security holes, and other security vulnerabilities.

The takeaway:

Change your passwords for all social media sites as well as other online accounts immediately, especially if you use the same password for multiple 
Read More

Tuesday, 28 June 2016

Unknown

Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices


It's not in the slightest degree amazing that the Google Play Store is encompassed by an expansive number of noxious applications that can pick up clients' consideration into falling casualty for one, yet this time, it is far more detestable than a great many people figure it out.

Scientists at Trend Micro have recognized a group of vindictive applications, named "Atheist," that has the ability of covertly establishing right around 90 percent of all Android telephones.

All things considered, that is somewhat frightening.

The malignant applications are appropriated by means of various techniques and assortment of application stores, including Google Play Store, which is typically considered as a protected alternative for downloading applications.

The pernicious applications stuffed with Godless contain an accumulation of open-source or spilled Android establishing misuses that chips away at any gadget running Android 5.1 Lollipop or prior.

90% Android Devices are Vulnerable to Godless Rooting Malware

Since Android biological community is broken to the point that around 90 percent of all Android gadgets are helpless against this noxious programming. Atheist applications have as of now been introduced on more than 850,000 gadgets overall in this way.

Establishing a gadget could open a client to a few security dangers as it for all intents and purposes opens the way to undesirable access, equipment disappointment, information holes and data burglary, thus on if the engineer has malevolent expectation.

Taking into account the source code they dissected, Trend Micro specialists say that once an application with Godless malware is introduced on a casualty's gadget, it utilizes a system known as "android-establishing instruments" to pick up root access to the casualty's gadget.

From that point, the malware will ensure the casualty's screen is killed before executing the pernicious code.

This is what a Godless-Packed App can do to your Device:

Once Godless picked up root benefits, it begins speaking with a summon and control (C&C) server, from where it gets an applications rundown to be introduced on the established gadget and introduces them without the clients learning, and every one of this should be possible remotely too.

"With root benefit, the malware can then get remote directions on which application to download and quietly introduce on cell phones," Trend Micro says. "This can then prompt influenced clients accepting undesirable applications, which may then prompt undesirable promotions. Much more dreadful, these dangers can likewise be utilized to introduce secondary passages and spy on clients."

The scientists say the malware can sidestep security checks done Google Play store and other online application stores.

In spite of the fact that there are a few applications in Google Play, including utility applications like electric lamps, Wi-Fi applications, and famous amusement applications, that contain the vindictive Godless code, Trend Micro had distinguished stand out such Android application by name.

Likewise Read: How To Keep Your Android Phone Secure.

Named Summer Flashlight, the vindictive application had been introduced from 1,000 to 5,000 times, and was as of late expelled from the Google Play store, however's regardless it recorded in web crawler reserves until further notice.

Heathen is the most recent Android malware to utilize attaching misuses with a specific end goal to pick up a diligent a dependable balance on casualties' handsets. In view of the realistic, most casualties are situated in India, trailed by Indonesia, and Thailand (9.47 percent). The US additionally has around 17,000 Godless downloads.

"Obscure engineers with almost no or no foundation data might be the wellspring of these pernicious applications," Trend Micro notes.

In this way, keeping in mind the end goal to abstain from being a casualty to one such application, Android clients are encouraged to abstain from utilizing outsider application stores and dependably "survey the designer" while downloading applications even from Google's legitimate store.
Read More

Monday, 27 June 2016

Unknown

Zero || Animated Short Film

Read More

Tuesday, 21 June 2016

Unknown

China develops the World's Most Powerful Supercomputer without US chips


China beats its own record with the World's fastest supercomputer.

Sunway TaihuLight, a newly built supercomputer from China, now ranks as the world's most powerful machine.

During the International Supercomputer Conference in Germany on Monday, Top500 declared China's 10.65 Million-core Sunway TaihuLight as the world's fastest supercomputer. Moreover, the supercomputer is leading by a wide margin, too.

With 93 petaflops of processing power, Sunway TaihuLight is nearly three times more powerful than the world’s previous fastest supercomputer, Tianhe-2, which had been the world's fastest computer for last 3 years with speeds of 33.9 petaflops per second.

That's 93 quadrillion floating point operations per second (FLOP), which means the supercomputer can perform around 93,000 trillion calculations per second, at its peak.

The Sunway TaihuLight supercomputer is installed at the National Supercomputing Centre in Wuxi.

"Sunway TaihuLight, with 10,649,600 computing cores comprising 40,960 nodes," is one of the world's most efficient systems, with "peak power consumption under load (running the HPL benchmark)" at a relatively modest 15.37 Megawatts of energy consumption.

What's the irony?


The microprocessors inside Sunway TaihuLight are 100 percent Chinese.

Sunway TaihuLight is powered entirely by Chinese processors (the 260-core ShenWei 26010) and runs on a custom Linux-based operating system.
Speaking of the TOP500 list, the National Supercomputing Centre's director, Professor Dr. Guangwen Yang said:

"As the first number one system of China that is completely based on homegrown processors, the Sunway TaihuLight system demonstrates the significant progress that China has made in the domain of designing and manufacturing large-scale computation system."

In the past, China relied heavily on American processors for its supercomputers, but the US thought that China was using the Tianhe-2, which was built with Intel cores, to run its nuclear simulations.

Due to this reason, the United States government banned Intel from exporting its powerful Xeon processors over a year ago to a number of Chinese supercomputer makers.

China is Leading the World in Supercomputing


The US decision did not halt the Chinese progress. Instead, it seems like the US policy has made an opposite effect.

For the first time since the Top500 list began, China has overtaken the United States in the amount of supercomputers being used. China has 167 computers in the top 500 while the US has 165.

"Considering that just 10 years ago, China claimed a mere 28 systems on the list, with none ranked in the top 30, the nation has come further and faster than any other country in the history of supercomputing," said the latest Top500 announcement.

Sunway TaihuLight will be used in scientific research and engineering work in fields including life science research, data analytics, advanced manufacturing and climate, weather and Earth systems modeling.
Read More
Unknown

Twitter Ex-CEO Dick Costolo Got Hacked!


The same group of teenage hackers that hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person.

This time, it's Twitter's ex-CEO, Dick Costolo.

The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitter account of former Twitter CEO on Sunday and managed to post three tweets on Costolo's Twitter timeline, first spotted by a Recode reporter.

However, the tweets seemed to be just simple-worded tweets with no disturbing content. It looked like the hacking group was testing its access to the account


All the three tweets in question have since been deleted, and Costolo soon regained access to his account.

Moreover, Twitter also suspended the Twitter account belonging to OurMine once again, after the company already suspended its original account following the Zuckerberg hacks.

After regaining access to his account, Costolo said that the group of hackers managed to post tweets on his timeline without directly compromising his Twitter profile.

Instead, the hackers got access to "an old account from another [third-party] service that cross-posted to Twitter," the Twitter ex-CEO said.

The links included in the tweets indicates that hackers managed to access Costolo's Pinterest account and then cross-posted to his Twitter timeline, though the group did not reveal how it accessed Costolo's Pinterest account.

Although the group previously hijacked Zuckerberg account and now Twitter ex-CEO, it claimed that it hacks accounts to teach people to better secure their accounts, according to screenshots of previous OurMine tweets.
Read More

Sunday, 19 June 2016

Unknown

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.
"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post.
But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfullyhacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Read More
Unknown

Microsoft creates its own FreeBSD VM Image for Azure Cloud Computing Platform

This year, Microsoft impressed the world with 'Microsoft loves Linux' announcements, like developing a custom Linux-based OS for running Azure Cloud Switch, selecting Ubuntu as the operating system for its Cloud-based Big Data services and bringing the popular Bash shell to Windows 10.

Now, the next big news for open-source community:

Microsoft has released its own custom distribution of FreeBSD 10.3 as a "ready-made" Virtual Machine image in order to make the operating system available directly from the Azure Marketplace.

FreeBSD (Berkeley Software Distribution) is an open source Unix-like advanced computer operating system used to power modern servers, desktops as well as embedded systems.

Until now, the only way for Azure customers to run FreeBSD was to make use of a custom image from outside of Azure (from the FreeBSD Foundation).

However, the new release makes it easier for Azure users to launch FreeBSD directly from the Azure Marketplace and get official support from Microsoft whenever necessary.

Why is it so important for FreeBSD to run on Azure?

install-freebsd-on-microsoft-azure
According to the company, it’s important for FreeBSD to run in Azure because many top-tier virtual appliance vendors develop their products on the operating system.

However, the key reason for building, testing, releasing and maintaining its own FreeBSD 10.3 image is to ensure its users have an enterprise service level agreement (SLA) for their "FreeBSD VMs running in Azure," says Jason Anderson, Principal PM Manager at Microsoft's Open Source Technology Center.

As shown in the image, just click on the +New on the Azure Marketplace tile on your dashboard, Type "FreeBSD 10.3" in the text search box, and here you are.

He also added that Microsoft did so to remove "burden" from the FreeBSD Foundation that fully relies on community contributions.
"We will continue to partner closely with the [FreeBSD] Foundation as we make further investments in FreeBSD on Hyper-V and Azure," Anderson said, as well as add "new Hyper-V features – stay tuned for more information on this!"
The company has previously worked on supporting FreeBSD on Hyper-V as a virtual machine that was aimed at ensuring software appliance partners' kit functioned smoothly in Azure that makes use of Hyper-V.

Read More
Unknown

NSA wants to Exploit Internet of Things and Biomedical Devices


The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs)become more commonplace, making valuable data accessible through an ever-widening selection of entry points.

Although it's not the hackers alone, the NSA is also behind the Internet of Things.

We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013.

But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers.

During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now."

Ledgett totally agreed on the fact that there are easier ways to track terrorists and foreign intelligence spies than to hack any biomedical devices they might have, but believed that these devices could be a source of information for the agency, reports the Intercept.

When the deputy director was asked whether the entire scope of the IoTs, i.e. Billions of interconnected devices from toy's Wi-Fi to medical devices, would be a bonanza for the agency or just a security nightmare, Ledgett replied, "Both."
"As my job is to penetrate other people’s networks, complexity is my friend," Ledgett said. "The first time you update the software, you introduce vulnerabilities, or variables rather. It's a good place to be in a penetration point of view."
Ledgett also explained that why the NSA was not able to help the FBI hack into iPhone belonged to the San Bernardino shooter, which was accessed by the FBI after buying an exploit from a group ofhackers for a large sum of cash.


It's because the agency had not exploited that particular model of iPhone, as the NSA has to prioritize its resources, which are not focussed on popular gadgets, rather on the bad guys' technology of choice.
"We do not do every phone, every variation of the phone," Ledgett said. "If we don't have a bad guy who's using it, we don't do that."
Ledgett is not the only intelligence official who sees the growing IoT devices as a possible way for global spying.

During a Senate hearing in February, the Director of National Intelligence James Clapper also said that internet-connected devices could be useful "identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."
Read More
Unknown

Over 51 Million Accounts Leaked from iMesh File Sharing Service

How many more data dumps does this hacker have with him that has yet to be exposed?

Well, no one knows the answer, but we were recently made aware of another data breach from Peace – the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn, MySpace, Tumblr, and VK.com.

The hacker under the nickname "Peace" (or Peace_of_mind) is now selling over 51 Million records obtained from iMesh – now defunct peer-to-peer file sharing service.

The New York-based iMesh was one of the first and most popular file sharing services that allowed users to share multimedia files with their friends via the peer-to-peer (or P2P) protocol.

Launched in the late 90s, iMesh became the third-largest service in the United States in 2009, but the service was unexpectedly closed down last month.

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that the company has obtained the database containing more than 51 Million accounts from iMesh.

The same database has also been made available for sale on The Real Deal Dark Web marketplace by the same hacker that also put up for sale data from LinkedIn, Tumblr, MySpace and Twitter.

The LeakedSource's analysis shows the database contains user information, including email addresses, usernames, passwords, IP addresses, location information and other information on users.

Though iMesh stored all passwords in hashed and salted format, the passwords were salted with the MD5 algorithm that is easy to break nowadays.

Based on the most recent records in the leaked database, the data breach search engine estimates the hacker breached iMesh on September 22, 2013.

The database contains 13.7 Million users from the US, around 4 Million from Turkey, over 3.5 Million from the UK, and remaining from other parts of the world. Most iMesh’s users signed up with Hotmail (14.3 Million) and Yahoo (10.5 million) emails, and almost 1 Million users used 123456 as their password.

All the data is now up for sale on the dark web for just 0.5 Bitcoin (nearly US$335), so it's high time you changed your passwords for all social media sites immediately, especially if you use the same password for different websites.

Read More

Saturday, 18 June 2016

Unknown

Breaking: Microsoft to buy LinkedIn for $26.2 BILLLLLION

Breaking News for today:

Microsoft has announced that it is planning to acquire LinkedIn, the social network for professionals, for $26.2 Billion in cash.

Yes, Microsoft announced today that it would buy LinkedIn for $196 per share in an all-cash transaction valued at $26.2 BILLLLLLION.

It is so far the biggest acquisition made by Microsoft, which has made 8 takeovers, including Skype in 2011 and Nokia in 2013, worth more than $1 Billion.

According to the tech giant, LinkedIn will retain its own brand and product, and also LinkedIn's existing CEO Jeff Weiner will remain as the company's chief executive.


LinkedIn will now become a part of Microsoft's productivity, and business processes segment and Weiner will report directly to Microsoft CEO Satya Nadella.

Here's what Nadella said about the deal:
"The LinkedIn team has grown a fantastic business centered on connecting the world's professionals. Together we can accelerate the growth of LinkedIn, as well as Microsoft Office 365 and Dynamics as we seek to empower every person and organization on the planet."
The offer of $196 per share on LinkedIn represents a premium of 49.5 per cent to LinkedIn's Friday closing price.

LinkedIn is the world’s most popular as well as largest professional social network and continues to grow. With the launch of new version of its mobile app last year, the company has increased its member engagement and enhanced its news feed to deliver better business insights.

Both Mr. Weiner and LinkedIn’s chairperson, co-founder and controlling shareholder Mr. Reid Hoffman back the deal.
"Just as we have changed the way the world connects to opportunity, this relationship with Microsoft, and the combination of their cloud and LinkedIn's network, now gives us a chance also to change the way the world works," Weiner said in the statement.

"For the last 13 years, we have been uniquely positioned to connect professionals to make them more productive and successful, and I’m looking forward to leading our team through the next chapter of our story."

Read More
Unknown

North Korean Hackers Steal thousands of Military files from S. Korea


Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets.

Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems.

The cyber attack was designed to lay for a long term period against its rival, authorities in Seoul said.

The South Korean police were on high alert against cyberattacks by the North Korean hackers, especially after North Korea successfully tested a miniaturized hydrogen bomb in January and a long-range rocket launch in February, Reuters reports.

According to the police, the hacking attack began in 2014 but was detected only in February this year, after North Korea managed to steal information from two companies: the SK and Hanjin Group.

The documents stolen from the two companies included blueprints for the wings of F-15 fighter jets, an official at the South Korea cyber investigation unit confirmed.
The investigation unit said, "There is a high possibility that the North aimed to cause confusion on a national scale by launching a simultaneous attack after securing many targets of cyber terror, or intended to continuously steal industrial and military secrets."
More than 42,000 materials were stolen in the hack, of which more than 40,000 materials were defense-related.

Although a South Korean defense ministry official said that the stolen documents were not secret and that there wasn’t any security breach, a spokesperson from SK Holdings stated that 4 group affiliates were affected by the cyber attack.

The cyber attack originated from an IP address traced down to the North Korea and was intended to target the network management software used by 160 companies and government agencies in South Korea.

The police declined to identify the malicious software, though the IP address from where the hack was originated was identical to one used in a 2013 cyberattack against banks and TV broadcasters in South Korea.

The South Korean police were then teamed up with companies and other government agencies to disable the malware and prevent the malicious code from further spreading, in what could lead to a massive cyber attack.
Read More