Showing posts sorted by date for query Android. Sort by relevance Show all posts
Showing posts sorted by date for query Android. Sort by relevance Show all posts

Android 4.4 'KitKat' -The More Compatible, Intelligent and Simple Android Ever

Posted by Avik Sarkar On 12/07/2013 12:33:00 am

Android 4.4 'KitKat' All You Need to Know-The More Compatible, Intelligent and Simple Android Ever 

Earlier we have discussed several times on android- which is one of the world's most popular and widely used operating system based on Linux kernel, mainly designed for smartphones and tablet computers. Since last four years we have got various flavor of android among them 2.2 (Froyo), 2.3.3–2.3.7 (Gingerbread), 3.2 (Honeycomb), 4.0.3–4.0.4 (Ice Cream Sandwich) & 4.1.x-4.3.x (Jelly Bean) successfully drawn public attention and gained popularity. After the success of Jelly Bean, now Google has introduced Android 4.4 nicknamed 'KitKat.' Official website of android explained the reason of this nomenclature -'as everyone finds chocolate so tempting, we decided to name the next version of Android after one of our favorite chocolate treats, the KitKat®!' Immediately after this release android 4.4 is vogue as with this version of android Google improved performance and memory usage, makes this version more compatible than ever; you can easily try KitKat on your older smartphones. Now lets illuminate android 4.4 briefly-

Introduction:-
Readers, I will introduce a simple way the new features of the version of android, "The KitKat" Accompanies the more intelligent and simple search for Android, says the official Google blog, and more importantly, Should Have compatibility with older devices. This means more people que can have access to the innovations than other Android updates.

Performance and improved use of memory:-
Many of the major changes are the KitKat under the hood. The overall performance should improve, especially in relation to RAM. The Android developers site says "KitKat streamlines all the key components to reduce memory consumption", so even older smartphones running Android 4.4 will be faster and more responsive - even with 512MB of RAM. The multitasking should work better and you can switch applications without lock your smartphone.

Simpler and more powerful: (Google Now)
The Google Now gained much prominence in KitKat, with quick, more cards, and more features without using their hands. Not too can wake up your smartphone to start a search and take a picture saying only "OK Google Now"? It's like Google Glass, but on your smartphone.
The Google Now will also gain space on your homescreen, if you want (and you can slide left to right to find it), and Google will add more cards to make your smartphone smarter automatically suferindo things based on your interests , location, and more.

Support SMS, location sharing, and animated GIFs in Hangouts:-
Google announced this week that Hangouts will turn the main messaging app - is text messaging, video calls and instant. If you hate having your conversations scattered in several different apps, with KitKat you need only Hangouts, which replaces the old Mail app.
The use of location sharing can be very convenient when you're meeting a friend and wants to tell exactly where it is.
Finally, if you like to put emojis in messages, are present in many new keyboard Google.

Improvements in NFC, Cloud Printing and File Management:-
The KitKat also includes improvements that developers can now use apps to improve their apps. Regarding the NFC, it may automatically take you to the right app when you touch your device into a payment terminal. Printer manufacturers can develop served to send print files from Android to your printer. And the new framework for access to storage provides a consistent way to access files stored in other facilities in other apps (eg, open or save files in Dropbox or Box when you're in the browser).
In short, I will whole heartily agree with Google while saying -KitKat 4.4 is Smart, simple, and truly yours To know more about Android 4.4 'KitKat' click here

While concluding this article, I on behalf of Team VOGH, want to thank our new guest editor Mr. Rafael Souza, for sharing his view and extensive thought on android 4.4. Rafael we love you. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text

Posted by Avik Sarkar On 11/30/2013 03:30:00 am

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text (Uunencrypted)

Cupid Media one of the leading niche online dating network that have more than 35 large online dating website, faced a massive intrusion that effects more than 42 million of its registered users. From an exclusive report of Kerbs On Security we came to know that the breach was taken earlier in this year. Where the hackers managed to gain access into the crucial servers belongings to Cupid Media network. According to the managing director of Cupid Media, Mr Andrew Bolton - "In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts.” After a preliminary investigation it has been found that the purloined database of Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from AdobeMore than 42 million peoples' unencrypted names, dates of birth, email addresses and passwords have been found from the pinched database. I am very much wearied to see that a high value site like Cupid is unconcerned about the basic security counter measure. Even their confidential tables remained unencrypted which allows the hacker to gain the personal information in plain text. Like the Cupid Media security team, the registered users also found very much inadvertent and unaware of basic security measures. I am saying this because of the leaked passwords, almost two million picked "123456", and over 1.2 million chose "111111". "iloveyou" and "lovely" both beat out "password", and while 40,000 chose "qwerty", 20,000 chose the bottom row of the keyboard instead - yielding the password "zxcvbnm"
Jason Hart of famous data protection firm Safenet said "The true impact of the breach is likely to be huge. Yet, if this data had been encrypted in the first place then all hackers would have found is scrambled information, rendering the theft pointless."
This security breach of Cupid Media reminds us  the decent history of breach where we have seen a slew of attacks against the following sites: Drupal.org  Scribd, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter,  New York Times, Apple and so on. While covering this story on behalf of VOGH, I am warning our readers across the globe to use strong alphanumeric passwords to avoid such disaster. Also the webmasters and security administrator are highly recommended to use salted encryption in their database to prevent fortuitousness cyber attack


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised

Posted by Avik Sarkar On 6/03/2013 09:07:00 pm

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised 

Drupal, one of the most famous and widely used open-source content management framework have fallen victim to cyber criminals. The Drupal Security Team and Infrastructure Team has discovered unauthorized access to account information on the official Drupal website and another site called groups.drupal.org. This security breach has exposed user names, country, and email addresses along with hashed passwords of more than 967,000 registered users on the Drupal.org. But still a matter of relief is that the breach failed to infiltrate the credit card details which was stored on the same server. According to security release unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. Drupal team have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. They are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, the security team has already shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability. The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, it is also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords. 

As a precautionary measure of the said security breach, Drupal Security Team has reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps. 
  1. Go to https://drupal.org/user/password 
  2. Enter your username or email address. 
  3. Check your email and follow the link to enter a new password. It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.
Counter Measures that Drupal has Taken to avoid such mishap is something followed- as attacks on high-profile sites (regardless of the software they are running) are common, Drupal strive to continuously improve the security of all Drupal.org sites. To that end, Drupal have taken the following steps to secure the Drupal.org infrastructure:
  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • Drupal is scanning and have not found any additional malicious or dangerous files and making scanning a routine job in their process
  • There are many subsites on Drupal.org including older sites for specific events. Drupal created static archives of those sites.

This security breach of Drupal which affected more than 967,000 users is giving us a remind of the decent history of breach where we have seen a slew of attacks against the following sites: ScribdGuild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWareAdobe Twitter  New York TimesApple and so on. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

Posted by Avik Sarkar On 5/09/2013 04:28:00 pm

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:
  • Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
  • Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
  • Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.
GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Scribd' World's Largest Document Sharing Website Admits Security Breach

Posted by Avik Sarkar On 4/11/2013 01:42:00 am

'Scribd' World's Largest Document Sharing Website Admits Security Breach 

Scribd- San Francisco-based document sharing site have fallen victim of cyber attack. Such kind of massacre is no doubt very much shameful for one of the world largest document sharing website which have more than 100 million of registered user. Like other largest companies, Scribd acknowledged the attack. In their official security announcement the company said that the operations team of Scribd have discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. But the matter of relief is that only the 1% of its registered users have been affected during the hack. Immediately after this intrusion get spotted Scribd security team have emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password.  So, if you are a Scribd user and you did not receive such email from Scribd, then you are most likely unaffected.  If you still wish to check, you can use this web tool to determine if your account was among those affected. From the official announcement of Scribd, we came to know that the inertial investigation have already take place, which indicates that no content, payment and sales-related data, or other information were accessed or compromised. It has been  believed that the information accessed by the hackers was limited to general user information, which includes usernames, emails, and encrypted passwords.  Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of the users were therefore unaffected by this; however, the analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, it has been highly recommended for those affected users to reset their password and to change their password on any other services they might have used it on. 
At conclusion of the note, Scribd team did serious apology to its users while saying -"we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us." 
While talking about big cyber attacks against large companies we would like to remind you in the last year we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWare, Adobe Twitter  New York Times, Apple and so on. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Posted by Avik Sarkar On 12/21/2012 07:17:00 pm

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Serious security hole has been discovered in Samsung smartphones. According to a member of XDA-Developer forum named 'alephzain' the vulnerability exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. As per sources the vulnerability is marked as "severe". This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats. Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.” 
While talking about security holes in Samsung phones, then we would like to remind you that few moths ago, researcher have unveiled several android based handsets including Samsung Galaxy S3, S2 were vulnerable to 'remote wipe' hack.   




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Posted by Avik Sarkar On 12/02/2012 07:01:00 pm

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.
That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.


-Source (TNW & FB)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 
"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"
"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 
While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH


-Source (Dark Reading, The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

End of Windows Live Messenger: Microsoft Replacing Live Messenger With Skype

Posted by Avik Sarkar On 11/12/2012 06:41:00 am

End of Windows Live Messenger: Microsoft Replacing Live Messenger With Skype

In 2011 the Redmond based software giant Microsoft acquired Skype Communications for US$8.5 billion, later we have seen several ups and downs, along with compliment and criticism of this acquirement. But we have to remember that, it is Microsoft Corporation, who always have done the very best to make its product successful. In case of Skype the same ting happened. Microsoft announced Tuesday that it is retiring Windows Live Messenger & chat tool and replace it with Skype's messaging tool. Microsoft said Windows Live Messenger (WLM) would be turned off by March 2013 worldwide, with the exception of China. This move will allow consumers to use Skype's features such as chat on all platforms including iPad and Android tablets; send instant messages; make video calls; share their screen; join a group chat; and call contacts on their mobile or land lines. This announcement from Microsoft is made in an effort to make Skype the company's main instant messaging software. It reflects the firm's determination to focus its efforts on Skype. 
For the information of VOGH readers, WLM launched in 1999 when it was known as MSN Messenger. According to survey MSN had more than 330 million active users world wide. According to internet analysis firm Comscore, Windows Live Messenger (WLM) still had more than double the number of Skype's instant messenger facility at the start of this year in the US, and was second only in popularity to Yahoo Messenger. But the report suggested WLM's US audience had fallen to 8.3 million unique users, representing a 48% drop year-on-year. By contrast, the number of people using Skype to instant message each other grew over the period. Microsoft highlighted the fact that WLM was still more popular than Yahoo's product in most other territories, but nevertheless decided to call time on the service. To ease the changeover, Microsoft is offering a tool to migrate WLM messenger contacts over. In order to transition over to Skype, just download the latest version, then select the option to sign in with your Microsoft account on the sign in screen. You will then be asked if you’re already using Skype or are a new user. If you use Skype and Messenger already, you can merge your Skype and Messenger account into your Microsoft account. Skype says it will assist users over the coming months to smoothly transition over from Windows Live Messenger. The move is nothing too surprising — it seemed obvious that Microsoft wanted to take advantage of its acquisition of the popular IM and video chat client. So far, it looks like Microsoft is on the right track to do that.


For detailed information about this story Click Here


-Source (Skype, BBC)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-
  • Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
  • Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
  • Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
  • Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
  • Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
  • Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
  • Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 
  • Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.243 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

AT&T a leader in telecommunication services, announced a brand new service which calls "AT&T Locker" that will allow iPhone and Android smartphone customers of AT&T to store 5GB worth of videos and photos for free in AT&T's cloud. The most interesting thing is that, the service is available through a free app in the Apple App Store or the Google Play store. And it allows users to store roughly 5,000 average sized photos in the cloud. The app requires subscribers use either an iPhone 3GS or newer device. And Android users must be on version 2.1 or higher of the Android OS. Users can choose to upload new photos and video via Wi-Fi, AT&T's cellular network or both. Customers can manage those photos and share them through the app on the smartphone or on the AT&T Locker web page. AT&T plans to incorporate additional features in future versions of AT&T Locker. And the company didn't say whether higher storage options will be available.
This service is exactly similar to Apple's iCloud service also allows up to 5GB of free storage. And it also offers Photo Stream, which allows its iPhone users to automatically store photos in Apple's cloud and share them across multiple iOS devices as well as share them with other people. The service stores up to 1,000 pictures automatically and this storage doesn't count against the iCloud storage limits. Google also offers storage in its Google Drive service. This service also offers up to 5GB of free storage. You can store anything here from pictures to documents to music. Of course there are also other options for storing photos and other digital content including Dropbox and Microsoft's SkyDrive which is also a very handy option. 



Brief Description:-

AT&T Locker™ allows you to Store, sync and share your photos, videos and documents in one convenient place. AT&T Locker is an app that lets you store, sync and share your data in one safe, convenient place. Your content is easy to access on your computer and phone from virtually anywhere. Photos and videos can be backed up automatically from your phone. It's also easy to share to email, Facebook and Twitter. First 5 GB of storage is free. Additional storage is available for the low monthly price of just $3.99 for 30GB or $9.99 for 100GB.

• Photos and videos can be automatically uploaded to your AT&T Locker from your phone
• Easily access your photos, videos and documents from your phone and computer
• Easy to share to email, Facebook and Twitter
• First 5 GB of storage is free. Additional storage is available.
• Your content is secure and backed up in the cloud
• Store your favorite memories in a safe and convenient place
• Store music from your computer to your AT&T Locker



-Source (AT&T, Cnet)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Steals 3.6 Million South Carolina Social Security No & Also Exposed 387,000 Card Details

Posted by Avik Sarkar On 10/29/2012 04:36:00 am

Hacker Steals 3.6 Million South Carolina Social Security Number & Also Exposed 387,000 Card Details

The year 2012 is going from bad to worse for the cyber space, as yet another big data breach happened which effected more than 4.7 million residents of South Carolina at risk of identity theft. Anyone who filed a South Carolina tax return in the past 14 years may have had their Social Security number stolen and has been urged by the state government to immediately enroll in consumer protection services. The U.S. Secret Service detected a security breach at the S.C. Department of Revenue on Oct. 10, but it took state officials 10 days to close the attacker’s access and another six days to inform the public that 3.6 million Social Security numbers had been compromised. The attack also exposed 387,000 credit and debit card numbers. The stolen data included other information people file with their tax returns such as names and addresses. Businesses’ taxpayer identification numbers also potentially have been comprised in the attack that is being described as one of the nation’s largest against a state agency. The hacker began accessing the Department of Revenue’s computer system in August, but wasn’t noticed by the Secret Service until October, giving him about two months to gather the data in what is one of the largest computer breaches in the US. Most of the data had not been encrypted, meaning the hacker would not need a key to a secret code to read the stolen data. Revenue director James Etter said none of the Social Security numbers were encrypted and about 16,000 credit card numbers were not encrypted.
“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” South Carolina Gov. Nikki Haley said during a news conference. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.” 
S.C. Inspector General Patrick Maley said nine agencies had been evaluated thus far, and some corrective action had been taken. There was no overarching security policy within state government, he said. No one at the Revenue Department or within the state’s information technology division has been disciplined over the latest attack.  
While this case of hacking was the largest in US history, it wasn’t the first. On March 30, 2012, officials in Utah discovered that one of their health department servers had been hacked. That time also a large number of Social Security numbers were stolen from the serverincluding those of children. Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: AdobeGuild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  NvidiaBlizzard and  Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Stolen 300K Student Information From Florida College Computer

Posted by Avik Sarkar On 10/14/2012 06:25:00 pm

Hacker Stolen 300K Student Information From Florida College Computer 

While fighting against the rising amount of cyber threats, the cyber security domain is getting stronger and developed everyday. But till today its not as up-to dated as it should be, and that is why every day the news of security breaches are being spotted in the wild. In the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  NvidiaBlizzardPhilips and Adobe. And it was the turn for Florida Panhandle College. According to sources, a massive security breach hit the main system of Florida Panhandle college, which effected the records of more than 300,000 students, faculty & other employeesEducation officials said that the computer hackers accessed confidential information of staff and students in a massive security breach. A breach that at first involved employees at Northwest Florida State College was much larger than suspected and now potentially involves student records from across the state, state and college officials said. The Department of Education said hackers stole 200,000 records including names, Social Security numbers and birth dates for any student statewide who was eligible for Florida’s popular Bright Futures scholarships for the 2005-06 and 2006-07 school years. 

The hackers also stole more than 3,000 employee records, including some that contained confidential financial information. Some 76,000 records containing personal identification information from students who attended the college was also hacked. “We speculate this was a professional, coordinated attack by one or more hackers,” said Northwest Florida State College President, Ty Handy, in a memo that went out to employees in this week. According to Florida College System Chancellor Randy Hanna in a statement. “While some of the contact information is dated, we will be trying to reach every student whose records may have been captured.” Because of the scope of the breach, Federal Authorities have joined the local and state investigation that got under way last week, confirmed the authority.
The breach occurred sometime between late May and late September. College officials said in a news release that 50 employees to date have reported issues with identity theft, including the college president, faculty and staff. The information has been used to either obtain personal loans or to take out a Home Depot credit card. 


-Source (CBS)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Posted by Avik Sarkar On 9/29/2012 02:33:00 am

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Few advanced hackers have managed to break into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware. This security breach took place on Thursday and the software giant Adobe confirmed that the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system. As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files. According to Brad Arkin, senior director of product security and privacy for Adobe “This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh,” 

Arkin wrote. “The revocation does not impact any other Adobe software for Macintosh or other platforms.” The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote

In another blog posted by Arkin, he said that, generally speaking, most Adobe users won't be affected"Is your Adobe software vulnerable because of this issue?" he wrote. "No". This issue has no impact on the security of your genuine Adobe software. Are there other security risks to you? We have strong reason to believe that this issue does not present a general security risk. The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates that the certificate was not used to sign widespread malware."
The "build" server that was compromised was not configured according to Adobe's corporate standards, but that shortfall wasn't caught during the provisioning process, Arkin said. He added that the affected server did not provide the adversaries with access to any source code for other products, such as the popular Flash Player and Adobe Reader and Acrobat software. 
Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,Blizzard and  Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH

UPDATE: Recently we got an update, where Adobe denies the breach. In their later press release an Adobe spokeswoman said the certificate was not actually stolen: "Adobe has stringent security measures in place to protect its code signing infrastructure. The private keys associated with the Adobe code signing certificates were stored in Hardware Security Modules (HSMs) kept in physically secure facilities. We confirmed that the private key associated with the Adobe code signing certificate was not extracted from the HSM."


-Source (Adobe, SC Magazine, WIRED)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search