Posted by Avik Sarkar On 12/27/2012 05:07:00 pm
More Leaks are Coming in 2013 Said WikiLeaks Founder Julian Assange
The government are trying their best to dominate WikiLeaks founder Julian Assange, while blocking public search containing WikiLeaks, blocking banking donations, keeping him in under house arrest. But its is a undeniable that the enthusiasm and the will power of Assange can never be ruled or dominated. Again the above fact came into light when Julian Assange announced in a defiant speech from the balcony of Ecuadorian embassy here as his supporters shouted, and sang Christmas carols. In his speech Assange said that WikiLeaks have planned to release over one million new secret documents that would affect "every country in the world"
It was his second ``balcony’’ address since he sought refuge there six months ago to avoid extradition to Sweden over allegations of sexual assault. And he made clear he had no intention of leaving the cramped mission which he described as ``my home, my office and my refuge’’ until ``this immoral investigation continues’’.
Referring to the impasse over his extradition, Mr Assange said that as long as long as the American government sought to prosecute him and his native country, Australia, refused to defend his journalism, he would remain in the embassy. But, he said, he was open to negotiations. "However, the door is open, and the door has always been open, for anyone who wishes to use standard procedures to speak to me or guarantee my safe passage," he said.
Mr Assange has been given asylum by Ecuador but is prevented by the British Government from leaving the country arguing that it is under a legal obligation to extradite him to Sweden. He will be arrested the minute he steps out of the embassy. Police say he broke his bail conditions when he sought refuge in the Ecuadorian embassy without informing them. Mr Assange claims the case against him is politically motivated and fears that Sweden would hand him over to Americans who have threatened to prosecute him for publishing confidential diplomatic cables.
While talking about Jullian Assange and WikiLeaks, we would like to give you reminder that in this year we got several leaks from WikiLeaks, among them -'Detainee Policies' containing more than 100 classified or otherwise restricted files from the United States Department of Defense covering the rules and procedures for detainees in U.S. military custody. SpyFiles, GI Files (Global Intelligence Files & Five Million E-mails From Stratfor) & The Syria Files Containing 2.5 Million Emails of Syrian Politicians, Govt, Ministries & Companies.
-Source (The Hindu)
Posted by Avik Sarkar On 12/27/2012 05:07:00 pm
Hacker Breached Verizon Server & Stolen 3 Million Customer Data
Verizon one of the most popular and largest Network provider and ISP of America faced a large scale cyber attack. A hacker going by the name of TibitXimer claimed to have breached one of major server of Verizon, by which he managed to gain access inside the database of Verizon customer. This data breach effected more than 3 Million Verizon FiOS customers including full names, addresses, mobile serial numbers, the opening date of each account, and account passwords. However, he said that figure was an estimate and had "no clue" exactly how many records there were, and that it was a "low estimate based on the size of one record and the size of all the files." A fraction of leaked data have been allegedly posted on pastebin, but later the post was removed. In a report Zdnet said that the cyber attack was taken place earlier in July, this year which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw. Though Tibit denied to mention the reason of this hack, and also he did not expose the nature of the vulnerability by which he managed to get access in the server. The hacker also said that after he informed Verizon of the exploit, the company "ignored my report," and did not comment.
He also noted that the exploit "still exists." "The worst part of it all, every single record was in plain text," he said. "I did not have to decrypt anything." He said he couldn't understand "why they still haven't fixed the exploits," months after informing the company of its poor network security.
Immediately after this hack Verizon authorities posted a notice while saying- "This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers...."
Posted by Avik Sarkar On 12/25/2012 02:12:00 am
'Indian OS' DRDO Introducing It's Own Operating System to Harden Cyber Security
On the 3rd Worldwide Cyber security Summit, Telecom and IT Minister of India, Kapil Sibal said the Indian Government will invest $200 million in coming 4 years. This high tech plan of Indian govt in now getting executed, as Defence Research and Development Organisation (DRDO) along-with other premier institutes is developing India's own operating system (OS), which is likely to be ready in next three years. One of the key purpose of developing this operating system named "Indian OS" to enhance cyber security and strengthen the cyber and digital fence of India. In September the Prime Minister of India Dr. Manmohan Singh said the government is working on a robust cyber security structure, and this project of introducing the own and secure OS can be calculated as one of the very major part of that very robust cyber security system.
Speaking to newsmen on sidelines of NAVCOM-2012', two-day international conference on Navigation and Communication that began here, Saraswat, Scientific Adviser to Defence Minister, said, "We have already started a major programme and are one-and-half-years into that programme. It (Indian OS) is a major effort requiring large number of software engineers working together." In his speech the Director-General of DRDO said "One of the major elements of cyber security is having our own operating system because today we are dependent on all OS systems which are imported whether it is based on Windows, Linux which is likely to be having malicious worms/things and hence it is essential that we have our own OS"
He also said that 150 engineers were working across the country on creating Indian OS, and added it will take at least three more years for getting the Indian OS ready.
So, till that time being, we have to keep patience and wait. We the Team VOGH congratulates DRDO for making such a fruitful Operating System (Indian OS). We strongly believe that day by day the cyber fence of India will be safer and secure. Along with this, the Indian OS will definitely strengthen the nation's cyber security.
Posted by Avik Sarkar On 12/21/2012 07:18:00 pm
Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes
This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."
Security Feature Enhancements
The JDK 7u10 release includes the following enhancements:
- The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
- The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
- New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.
Notable Bug Fixes in JDK 7u10
The following are some of the notable bug fixes included in JDK 7u10.
Area: java command
Description: Wildcard expansion for single entry classpath does not work on Windows platforms.
The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).
This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.
For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page.
The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site.
Posted by Avik Sarkar On 12/21/2012 07:17:00 pm
Hollywood Celebrities Nude Photo Hacker Sentenced to 10 Years in Prison
Photo hacking case of Hollywood celebrities takes another direction, as Christopher Chaney, who pleaded guilty to hacking into the e-mail accounts of Scarlett Johansson and other celebrities including Mila Kunis, Christina Aguilera and few others, has been sentenced to 10 years in prison by the federal judge in Los Angeles. Chaney was arrested last year as part of a year-long investigation of FBI dubbed Operation Hackerazzi. At a hearing on Monday, U.S. District Court judge S. James Otero said that Chaney's conduct demonstrated a "callous disregard to the victims," some 50 in total, including two non-celebrities who the judge noted was stalked by Chaney for more than 10 years. The prison term was accompanied by an order to pay $66,179 in restitution. Chaney pleaded guilty to nine offences, including illegal wire-tapping and unauthorized access to computers. In his guilty plea, Chaney admitted to having repeatedly hacked email accounts over a period of at least eleven months. He hacked into email accounts by taking advantage of the "forgotten password" feature on web interfaces and using publicly available information to answer security questions.
Chaney admitted that as his hacking scheme became more extensive, he began using a proxy service called “Hide My IP” because he wanted to “cover his tracks” and not be discovered by law enforcement agents. Even after his home computers were seized by law enforcement, Chaney used another computer to hack into another victim’s e-mail account. As a result of his hacking scheme, Chaney obtained private photographs and confidential documents, including business contracts, scripts, letters, driver’s license information, and Social Security information. On several occasions, after hacking into victims’ accounts, Chaney sent e-mails from the hacked accounts, fraudulently posing as the victims and requesting more private photographs. Chaney e-mailed many of the stolen photographs to others, including another hacker and two gossip websites. As a result, some of the stolen photographs were posted on the Internet.
"I don't know what else to say other than I'm sorry," Chaney said. "I could be sentenced to never use a computer again and I wouldn't care." For detailed information about this case click here.
Posted by Avik Sarkar On 12/21/2012 07:17:00 pm
Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel
Serious security hole has been discovered in Samsung smartphones. According to a member of XDA-Developer forum named 'alephzain' the vulnerability exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. As per sources the vulnerability is marked as "severe". This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats. Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.”
While talking about security holes in Samsung phones, then we would like to remind you that few moths ago, researcher have unveiled several android based handsets including Samsung Galaxy S3, S2 were vulnerable to 'remote wipe' hack.
Posted by Avik Sarkar On 12/19/2012 03:45:00 pm
NASA & UFO Hacker Gary McKinnon Will Not Face Prosecution in UK
Infamous NASA hacker Gary McKinnon who broke into US government computer system, while hunting for evidence of UFOs and fought a long fight against extradition, has been told that he will now not face prosecution in the UK. After discussing the case with US Department of Justice and the police, The Crown Prosecution Service (CPS) has decided the appropriate jurisdiction for the McKinnon case to be heard is the US. According to Karen Todner, McKinnon's solicitor, the decision on Friday is an "interesting" one given that he was first arrested and questioned by UK police.
The reasons for that decision were:
In a statement, the CPS's Director of Public Prosecutions (DPP), Kier Starmer QC, and Mark Rowley, Assistant Commissioner of the Metropolitan Police Service, said that they had convened a joint panel to discuss the issue and decide whether a new criminal investigation should take place. They decided that the original reasoning for the trial being held in the US still held, and looked into the possibility of holding the trial in the UK. This would have involved transferring witnesses and sensitive physical evidence to the UK. The panel consulted with the US Department of Justice as to whether this would be possible, given that they believed that "the prospects of a conviction against Mr McKinnon, which reflects the full extent of his alleged criminality, are not high".
According to the statement, the US authorities "indicated to us that they would be willing to co-operate with a prosecution in England and Wales if that would serve the interests of justice." However, the US authorities did not feel that transferring all the witnesses and evidence to the UK would be in that interest, given the panel's representations. The statement goes on to say: "That is a decision the US authorities are fully entitled to reach and we respect their decision." On that basis, the panel concluded that a new criminal investigation should not be started and the Assistant Commissioner accepted that advice.
Posted by Avik Sarkar On 12/19/2012 12:51:00 pm
Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor, Still Microsoft is Apathetic
Yet again Microsoft Internet Explorer have fallen victim in front of hackers. Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads. Spider.io said -The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
As a user of Internet Explorer, your mouse movements can be recorded by an attacker even if you are security conscious and you never install any untoward software. An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit. This is not restricted to lowbrow porn and file-sharing sites. Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Indeed, the vulnerability is already being exploited by at least two display ad analytics companies across billions of webpage impressions each month. As long as the page with the exploitative advertiser’s ad stays open—even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer—your mouse cursor can be tracked across your entire display.
Package: Microsoft Internet Explorer
Affected: Tested on versions 6–10
BugTraq Link: seclists.org/bugtraq/2012/Dec/81
Spider.io has set a demo page to demonstrate how the vulnerability is working. According to sources, Microsoft Security Research Center has acknowledged the vulnerability, but unfortunate that Microsoft are not in a hurry to patch this vulnerability in existing versions of its popular browser. "There are no immediate plans to patch this vulnerability in existing versions of the browser." said MSRC
Posted by Avik Sarkar On 12/19/2012 12:51:00 pm
Two Nigerians Arrested For Hacking into Mail Servers of Ghana Armed Force & Stealing $13,978
Two middle aged Nigerians have been arrested for hacking into mail server of Ghana Armed Force (GAF). The suspects, Peter Okechukwu, 32, and Emmanuel Ifedi, 31, were arrested by officials of the Criminal Investigations Department (CID) of the Ghana Police Service at a branch of the United Bank of Africa (UBA). In a report Ghana Business News said- these two cyber criminal get busted in Accra while attempting to divert $13,978 belonging to, Ghanaian peacekeepers after they had succeeded in hacking into the e-mails of GAF. According to the Director-General of the CID, Commissioner of Police Mr Prosper Agblor, in November this year the two suspects managed to enter the e-mails of Continental African Trading Limited (CATAL) and the United Nations Interim Force in Lebanon (UNIFIL) GHANBATT 76 and intercepted all electronic communications between the two parties. CATAL, an international organisation, had been supplying home appliances' to Ghanaian peacekeeping troops on various missions at different locations in the world.
Recently, CATAL was contacted, as usual, by the GAF to supply home appliances to UNIFIL GHANBATT 76 peacekeeping troops in Lebanon. Mr Agblor said there was correspondence concerning the supply of the items between CATAL and the military through the Internet. Along the line, he said, the e-mails between the GAF and CATAL were hacked into by the two Nigerians, who intercepted all mails from both ends and replied them as if the replies were coming from the rightful receivers of the e-mails.
He said the two suspects, using the identity of CATAL, sent an e-mail to the GAF instructing it to pay $13,978 into a UBA account number 01011651102235 as part payment for the supply of the goods. Upon receipt of the information, the GAF transferred $13,978 into the account as instructed by the two suspects.
Mr Agblor said CATAL realized that the GAF had suddenly stopped communicating with the company on matters relating to the transfer of the money and so it followed up with a phone call and detected that the GAF had paid $13,978 into an account number supplied by CATAL.
He said it was at that stage that the two organisations realised that someone had hacked into their e-mails and quickly reported the issue to the Documentation and Visa Fraud Unit of the CID. Mr Agblor said the Business Development Manager of CATAL reported the case to the police and checks at the bank revealed that the money had not yet been cashed by the suspects. The police quickly mounted surveillance at the bank, awaiting the arrival of the suspects to cash the money.
According to the CID boss, on November 11, 2012, Okechukwu, who happened to be the owner of the said account, was arrested when he turned up at the bank to cash the amount. Upon interrogation, the police said, Okechukwu admitted to the offence but mentioned Ifedi as the master brain behind the whole deal and led the police to Ifedi's house at Ashaley Botwe, an Accra suburb. Mr Agblor said investigations were still ongoing, after which the two would be put before court.
Posted by Avik Sarkar On 12/15/2012 04:14:00 pm
#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI
After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."
GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present."
In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.
The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries.
Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”
Posted by Avik Sarkar On 12/13/2012 07:35:00 pm
Hong Kong Govt Opens a New Cyber Security Center Worth $9 Million
Now a days cyber attack has became one of the most challenging issue for almost every country and its Government. Previously we have seen cyber awareness were mainly limited to the first world countries like USA, England, Australia and few other European countries. While keeping in mind the rising amount of cyber threats and its output, now both second world and the third world countries have also taken this issues very seriously. To get rid of this burring challenge and to make it's cyber fence safe and secure The Hong Kong Govt launched a Cyber Security Center on December 7 to enhance the city’s internet security and protection of critical infrastructure, and strengthen the defense against cyber-attacks. Hong Kong Govt has spent HK$9 million (£730,000) for this new Cyber Security Center in a bid to tackle the growing threat to critical infrastructure in the Special Administrative Region of China. The Center which will operate under the Technology Crime Division of the Commercial Crime Bureau, will start with a force of 27 police personnel, ranking from Police Constable to Chief Inspector. “The incidence of cyber-attacks is increasing,” said Tsang Wai-hung, Commissioner of Police, during the inauguration ceremony of the Center “Police recognize the need to respond to the worldwide cyber crime phenomenon, particularly cyber-attacks aimed at critical infrastructures, by enhancing our readiness and capability to counter such threats.
So far the Cyber Security Center has been given four main responsibilities as follows:-
- It will strengthen collaboration with other government departments and stakeholders, both local and overseas, concerning cyber-attacks against critical infrastructures.
- It will monitor the flow, but not the content, of data traffic of major infrastructure systems.
- The Center will collect intelligence to analyse cyber-attacks, and provide an immediate response when necessary.
- The Center will conduct research into cyber security and cyber-attacks, and perform security audits to maintain the protection of Hong Kong.
In addition to these key responsibilities, the Center will support the daily operations of the Technology Crime Division in the prevention and detection of technology crimes.
Posted by Avik Sarkar On 12/11/2012 05:53:00 pm
British Court Convicts Anonymous Hacker "Nerdo" For DDoS Attack Over WikiLeaks Funding
Another alleged Anonymous hacker faced cour rule. A British court has convicted a 22-year-old for allegedly being a ‘key figure’ behind Anonymous DDoS attack on PayPal in revenge for its freezing WikiLeaks payments. A 22-year-old British student Christopher Weatherhead, self described "hacktivist", going by the name of "Nerdo" was convicted by the jury on a count of conspiracy to impair computer operations. The conviction came after guilty pleas of three of Weatherhead's co-conspirators.
"Christopher Weatherhead is a cyber criminal who waged a sophisticated and orchestrated campaign of online attacks on the computer systems of several major companies," prosecutor for the CPS Organized Crime Division Russell Tyner said in a statement. "These were lawful companies with ordinary customers and hard working employees. This was not a victimless crime."
This court rule came as a part of its ongoing pursuit to strike back at hackers, U.K. courts have convicted a member of Anonymous for conspiracy.
That very cyber attack, for which Christopher Weatherhead has been charged was dubbed "Operation Payback" where Weatherhead and several other Anonymous members targeted those companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks. Recently in our report, we described that Operation Payback cost a massive damage, for PayPal it cost more than €4.3 million. According to CPS, those campaigns carried by the hacker cost the companies more than $5.6 million in additional staffing, software, and loss of sales.
The student denied the accusation claiming he was merely an Anonymous chatroom operator and never took part in the attacks. The judge allegedly demanded that Weatherhead provide “as much information as possible” and threatened him with a jail term. The court ruling in Mr. Weatherhead's case will be announced later.
Posted by Avik Sarkar On 12/11/2012 05:53:00 pm
48 Countries Worldwide Joined Biggest Global Alliance Against Child Sexual Abuse Online
Cyber bullying, online child sexual abuse has became one of the biggest threat and challenge for the society. Several security report are pointing out that the number of cyber bully is increasing every day. There are daily reminders about those risks, whether it's the tragic fate of Amanda Todd, bullied into suicide. To get rid of these burning issues European Union (EU) Commissioner for Home Affairs Cecilia Malmström together with US Attorney General Eric Holder launched a Global Alliance against Child Sexual Abuse Online. In this campaign Forty-eight countries have joined forces to launch the most expansive fight ever against the spread of online child sex abuse. According to current estimates, there are more than one million images of sexually abused and exploited children now online. Every year, that number grows by 50,000 new images, according to the United Nations Office on Drugs and Crime (UNODC). Participants at the launch include Ministers and high-level officials from 27 EU Member States, who are also joined by 21 countries outside the EU (Albania, Australia, Cambodia, Croatia, Georgia, Ghana, Japan, Moldova, Montenegro, New Zealand, Nigeria, Norway, the Philippines, Serbia, Republic of Korea, Switzerland, Thailand, Turkey, Ukraine, United States of America, and Vietnam). The countries of the alliance are committing themselves to a number of policy targets and goals. Thanks to increased international cooperation, the fight against child sexual abuse online will therefore be more effective.
"Behind every child abuse image is an abused child, an exploited and helpless victim. When these images are circulated online, they can live on forever. Our responsibility is to protect children wherever they live and to bring criminals to justice wherever they operate. The only way to achieve this is to team up for more intensive and better coordinated action worldwide", said Commissioner for Home Affairs Cecilia Malmström.
“This international initiative will strengthen our mutual resources to bring more perpetrators to justice, identify more victims of child sexual abuse, and ensure that they receive our help and support,” said Attorney General Holder. “Through this global alliance we can build on the success of previous cross-border police operations that have dismantled international pedophile networks and safeguard more of the world’s children.”
- Enhance efforts to identify victims and ensure that they receive the necessary assistance, support and protection;
- Enhance efforts to investigate cases of child sexual abuse online and to identify and prosecute offenders;
- Increase children's awareness of online risks, including the self-production of images and "grooming" methods used by paedophiles;
- Reduce the availability of child abuse material online and the re-victimization of children;
- Establish dedicated law enforcement units for these crimes in all countries;
- Make it easier to initiate joint cross-border police investigations;
- Intensify co-operation with hotline services, where the public can report findings of online child pornography; and
- Ensure that the Interpol international database of child abuse material grows by 10 percent annually.
Posted by Avik Sarkar On 12/11/2012 05:53:00 pm
Apple Hired Kristen Paget, Renowned Hacker & Former Security Expert of Microsoft
To become the very best along with that to maintain and hold your position, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. For that we have to gather the very best guy with as. The above fact took place again, when Apple hired a renowned computer security researcher who helped Microsoft to rid Windows Vista from glaring exploits. I think, you already started guessing, let me tell you that yes you are absolutely right. Kristen Paget formerly known as Chris Paget who was part of an elite team of security experts of Microsoft has now been hired by Apple to lend her expertise to securing the company's operating systems. Apple, slowly, has been trying to make inroads into the security community. This summer, an Apple engineer spoke at the Black Hat security conference for the first time. So it is a bit predictable that why Apple is looking for security experts. Paget's exact charge at Apple is still somewhat of a mystery, with company representatives declining to comment on the specifics of what she'll be working on. After leaving Microsoft and prior to her move to 1 Infinite Loop, Paget was employed by security firm Recursion Ventures. According to sources, this past July, she'd departed stating that she wished to focus on developing security-related hardware.
According to a report by Wired - Paget’s work at Microsoft had been similarly secretive. She’d been forbidden from speaking about it for five years after her work there ended.
But in 2011, the NDA expired, and she spilled the beans on her Vista hacking at the Black Hat Las Vegas conference. In short: Microsoft’s security team had expected Vista to be pretty clean when Paget got her hands on it, but they were wrong.
“We prevented a lot of bugs from shipping on Vista,” Paget said, according to a recording of her talk. “I’m proud of the number of bugs we found and helped get fixed.” Paget and company’s bug-hunt was so successful, in fact, that it forced Microsoft to push back Vista’s ship date. When the work was done, the hackers received special T-shirts, signed by Microsoft Vice President of Windows Development Brian Valentine. They read: “I delayed Windows Vista.”
Until this past summer, Paget had been chief hacker at Recursion Ventures, a company that specializes in hardware security. When she left in July, she said she was looking for a break from bug-finding, hoping to find a job that involved building “security-focused hardware.”
“I’ve done too much breaking of things, it’s time to create for a change,” she said on Twitter. She was hired in September as a core operating system security researcher at Apple, according to her Linkedin Profile.
Paget made headlines in 2010 when she built her own cellphone-intercepting base station at the Defcon hacker conference. Back then, Paget was known as Chris. She switched genders last year.
While talking about hiring geniuses by giant firms, we would like to remind you that very recently Apple has hired search guru Bill Stasior to oversee Apple's Siri voice-activated personal assistant. Along with this, few months ago social networking giant Twitter had appointed famous whitehat hacker Charlie Miller, to boost up its security. Also in late 2011 Nicholas Allegra, the world-famous hacker known as "Comex", creator of JailbreakMe.com comes was also hired by Apple.
Posted by Avik Sarkar On 12/08/2012 05:57:00 pm
Help! I Think My Child Might Be a Cyberbully (Special Article)
Our society grows more and more connected. We have smart phones, computers, tablets, social media sites and other tools constantly creating new connections between people. This is generally a good thing, but there is a negative side to this enhanced communication—cyberbullying. Although bullying in the playground or classroom has been around since we started putting kids in schools, cyberbullying brings a new aspect to bullying. It is more difficult to stop because, in many cases, the bully is anonymous.
Cyberbullying Can Lead to Suicide
Cyberbullying is using the internet, cell phones or other devices to post pictures, text, videos or other information intended to hurt or embarrass another person. According to the National Crime Prevention Association, cyberbullying affects almost half of all American teens. Although many feel cyberbullying is not a big deal, the consequences can be severe. As evidenced by the amount of suicides—particularly of gay teens—in the last few years, cyberbullying can have a devastating effect on the victim and their family. Because of the nature of cyberbullying, it is difficult to tell if your child is involved—either as a victim or an aggressor.
Prevent Your Child From Becoming a Cyberbully
There are some simple ways to prevent your child from becoming a cyberbully. Be a model for them. Don’t use abusive language when referencing workmates, other parents or kids. Make sure the language you use around your child does not lead them to believe it is alright for them to use abusive language. Children look to their parents as guides for how to operate in the world. Make sure, as a guide, you're pleasant, kind and non-aggressive.
Keep an eye on your child’s social networking profile. See if they are getting involved in harassing other children. This could be a precursor to them becoming the primary bully themselves. If you do find evidence they are harassing others, do not let it stand. Talk to them about it. Explain the better, healthier ways to deal with their aggression or anger towards their friends and classmates. Make sure they understand that harassment is not an acceptable type of behavior. There are ways to assure your child's social network site can't be hacked.
Keep Your Child's Social Network From Being Hacked
Cyberbullying is not exclusive to hateful or aggressive comments or messages. Many kids have their social networking site hacked, and the hacker shares embarrassing information or posts things the actual user would not post. There is software to track the sites that have been accessed on your computer and that can help you to protect your child against identity theft. Utilize the tools available to make sure your child has not stolen another kid’s identity.
The best way to stop cyberbullying is to prevent your child from ever becoming one in the first place. Have open conversations about bullying and its effects on others. Show through example the best way to solve problems is not through threats and anger but through calm and reasoned action.
Special Article By
Guest Editor VOGH
Posted by Avik Sarkar On 12/08/2012 05:57:00 pm
UK Govt. Announces Plans for ‘Cyber Reserve’ Online Crime Defense Force
Earlier this week, the UK government announced that it was planning on setting up a ‘cyber reserve’ force aimed at dealing with security threats brought about by online crime. The proposed force will be run by the country’s ministry of defense and is going to allow the armed forces to draw on the nation’s computer-related talents in order to ward off online attacks and stem the tides of cyber crime. Minister for the Cabinet Office Francis Maude claims that ‘critical’ work is required in order to combat online lawbreaking. He says that nine tenths of large British corporations and three quarters of small British businesses have reported experiencing a cyber breach within the last year, meaning that this force has now become a necessity.
Cyber Crime in the UK
Research conducted by a team of academics recruited by the UK Ministry of Defense earlier this year concluded that the country spends a billion US dollars per year on protecting against and cleaning up after instances of cyber crime. This includes the cost of measures taken to safeguard bank account security and reduce computer-related fraud, the money forked out by businesses purchasing anti-virus software and the cost of removing viruses from computers. In addition to criminals, terrorists and rogue states have also targeted computers in the UK, meaning that it is not difficult to see why the country would consider setting up such a force.
More Students Trained in Tackling Cyber Crime Needed
Maude has promised to make the UK one of the safest places in the world to conduct online business. He added that further details of the ‘cyber reserve’ plans would be revealed in 2013 and said that British government agencies and departments are working with professional bodies in order to ensure that the consideration of internet security becomes an integral component of corporate governance and the risk management process. He stated that UK officials want more students in the country trained in the skills required for tackling cyber crime and pointed out that the nation’s ministry of defense is examining new methods for attracting talented cyber security specialists, as they are required for critical areas of work.
Cyber-Spying by Hostile Nations
The UK Ministry of Defence’s announcement came in the wake of revelations that hostile foreign states had carried out ‘mapping’ of the systems that control the country’s power and water supplies. Officials refused to name the nations that were believed to have carried out this mapping but there have been reports in the United States that China and Russia have conducted similar reconnaissance exercises there, which suggests that they could be the countries that are responsible for this cyber-spying activity. With this in mind, it is little wonder the UK is stepping up its security, as it wishes to safeguard vital information.
Cyber Confidence Tracker
Francis Maude stated that the increasing number of threats posed to the UK’s online security is partly down to the growth of the internet economy. He said that the country’s government cannot take sole responsibility for fighting cyber crime and emphasized the fact that individuals and businesses would also have to play their part. Next spring the UK will be taking steps to improve online security for consumers and small businesses. The nation plans on launching a ‘cyber confidence tracker’, which will keep tabs on online behaviors and perceptions about internet security in an effort to ensure that the advise that they are delivering to the public about this subject is being conveyed in the best possible way.
It appears that the UK is now taking the threat of cyber attack extremely seriously, which it is wise to do considering the increasing trend of nations targeting the infrastructures of those that they are hostile towards via the internet. This is a sign that the web is becoming the new battleground in the international struggle for power. The full extent of the country’s plans for its ‘cyber reserve’ are not yet known. It is also questionable whether it will be used solely for defense purposes. Espionage is no longer dominated by spies being physically placed in another country. It is now evidently moving online, meaning that countries are being forced to adapt and develop cyber spies of their own.
Special article by
Evelyn Anderson of International Business and Journalism
Guest Editor VOGH
Posted by Avik Sarkar On 12/08/2012 05:56:00 pm
Red Hat Enterprise Linux 6.4 Beta Released & Available For Download
Red Hat the global leader in open source solutions released another update of its enterprise Linux (RHEL Version 6). Since Red Hat Enterprise Linux has been released, we have got several updates, including three beta release and three final release (RHEL 6.1, RHEL 6.2 & RHEL 6.3). Now the American software company added another beta, that is RHEL 6.4 and made it available for its customers. The beta release includes a broad set of updates to the existing feature set and provides rich new functionality in the areas of identity management, file system, virtualization, and storage as well as productivity tools. In their release note the RHEL Team said that -through collaboration with partners, customers and the open source community, we are committed to delivering technology that is tested and stable – including in the beta phase of development. Red Hat Enterprise Linux 6.4 demonstrates this commitment and has been designed for optimized performance, stability and flexibility to cater to today’s diverse workloads running in physical, virtual and cloud environments.
Key New Features & Enhancement :-
- Identity Management
System Security Services Daemon (SSSD) enhancements improve the interoperability experience with [Microsoft Active Directory] by providing centralized identity access control for Linux/Unix clients in a heterogeneous environment.
- File system
pNFS (Parallel NFS) client (file layout only) remains in technology preview, however now delivers performance improvements with the addition of Direct I/O for faster data access. This drives particular performance benefits for I/O intensive use cases including database workloads.
Red Hat Enterprise Linux 6 now includes the Microsoft Hyper-V Linux drivers, which were recently accepted by the upstream Linux community, improving the overall performance of Red Hat Enterprise Linux 6 as a guest on Microsoft Hyper-V.
Installation support for VMware and Microsoft Hyper-V para-virtualization drivers. This new feature enhances the user deployment experience of Red Hat Enterprise Linux as a guest in either of these virtualization environments.
In this release, KVM virtualization virtio-scsi support, a new industry storage architecture, provides industry leading storage stack scalability.
The use of swap functionality over NFS enables more efficient read/write tradeoffs between local system memory and remote disks. This capability increases performance in very large, disk-less server farms seen in ISP and Web hosting environments.
Enhancement in c-groups delivers the ability to migrate multi-threaded applications without errors.
Optimized perf tool for the latest Intel processors
New system log features identify mapping from block device name to physical device identifier – allowing an administrator to easily locate specific devices as needed.
- Productivity Tools
Microsoft interoperability improvements with Microsoft Exchange and calendar support in Evolution. Productivity functions, such as calendar support with alarm notification and meeting scheduling is improved.
Customers such as animation studios and graphic design houses now have support for the newer Wacom tablets.
Through this next beta release of Red Hat Enterprise Linux 6, Red Hat team is proud to deliver the highest quality open source enterprise platform. To download the beta release of Red Hat Enterprise Linux 6.4 click Here
Posted by Avik Sarkar On 12/05/2012 07:33:00 pm
'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website
Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager.
While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1' apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.