Showing posts sorted by relevance for query social network. Sort by date Show all posts
Showing posts sorted by relevance for query social network. Sort by date Show all posts

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

Posted by Avik Sarkar On 5/25/2012 03:45:00 pm

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Twitter feed announced on 20 May 2012 that the WL Friends/Friends of WikiLeaks (FoWL) network is ready to launch an 'encrypted Facebook' as the whistleblowing website claims that Facebook sells users' information to governments. Wikileaks also criticize Facebook recently came out in support of CISPA, a proposed US law that infringes on privacy and freedom of speech. So WL claimed that from now onwards Facebook cannot be trusted any more.
In the press release WL said- "FoWL is currently in its beta stage. This means that people from all over the world are registering to be part of this network to support WikiLeaks. For some time, nothing else will happen - we need the network to be of a certain size before we can start introducing you to candidate friends. Registering now will allow you to be a part of the network before the beta stage network gets full. As soon as we are ready to give you some candidate friends we will let you know."
One WikiLeaks tweet noted that "Facebook sells your information to governments, is lauded by MSM. WikiLeaks gives government information to you for free and we're terrorists". Following this statement, WikiLeaks tweeted a dozen reasons why this new site is better than Facebook.
Reasons:- 
  1. WL Friends introduces you to people you want to know, but don't know yet. Facebook connects you to people you already know - no point.
  2. Facebook is a mass surveillance tool. You put your friends into it, you betray your friends. Do friends betray friends? WL Friends doesn't know your friends. It introduces you to new friends.
  3. Facebook records everything you do, hands it over to the US government and corporations. WL Friends doesn't.
  4. WL Friends keeps your data so encrypted, not even the system admins can decrypt it. You and your friends decrypt on login automatically.
  5. WL Friends uses military grade cryptography and the best industry standards (OpenPGP + Elliptic Curves).
  6. WL Friends even uses homomorphic encryption for certain operations so WL Friends doesn't even know how many friends you have.
  7. The more you use WL Friends, the less you use WL Friends. WL Friends is designed to build, not control, a robust network of shared value.
  8. WL Friends is designed for more than just WikiLeaks. It is a general solution to build a robust support network under hostile conditions.
  9. Friends of Israel, Friends of Palestine, Friends of the Tea Party, Friends of Catholicism are all possible with WL Friends.
  10. WL Friends is designed to make infiltration costly. No person can be seen to be more important than any other or individually targeted.
  11. WL Friends builds a strong support network instantly for any shared belief by connecting supporters in a way that maximizes communication.
  12. As time goes by the WL Friends network for any shared belief is designed to mathematically grow stronger and stronger. 



-Source (WL Central, Wikileaks)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Get Updated & Created New Security Concerns

Posted by Avik Sarkar On 10/01/2011 01:12:00 pm

Facebook CEO Mark Zuckerberg unveiled a raft of changes at this year’s f8 Developer Conference, many of which have left security experts concerned about a rise in Twitter-style spambots as well as targeted cybercrime attacks on users.
New privacy controls as well as the new Subscribers, News Ticker and Timeline features have boosted usability and sharing on the social networking, but according to BitDefender, the changes could also mean a rise in the number of privacy and security breach incidents.

The company has created a list of the Facebook changes, and the impact they could have on online security:-

1. Smart Lists, will prompt users to share more information publicly, but will also have the adverse effect of supplying ammunition for targeted attacks.
Smart Lists encourage people to complete their profile with details of their career, work projects, where they went to school or which city they live in. Every time someone creates a list with colleagues from a specific job, this is tagged in their profile. Of course, this is generally not confidential information, and the user has the final decision on whether to approve or reject the tag. But having this information public and indexable will make it much easier to create sophisticated, targeted attacks. Attackers will be able to find out exactly who is working for a specific company at any given time, their job and, more importantly, what project(s) they are working on. The additional information available to a hacker may lead to an increase in socially engineered attacks on businesses, where hackers attempt to gain access to a company’s network or confidential information by targeting its employees as the point of entry.


2. The Subscribe feature could increase the number of spambots, just like on Twitter.
The subscribe feature lets Facebook users follow people of interest, much like Twitter. It also allows your updates to be followed by others, even if they are not friends with you on Facebook. But with the introduction of Twitter-like features, BitDefender believes that Facebook users may see an increase in the number of Twitter-like threats and annoyances, too.
These include spambots and fake schemes that try to lure users in with promises of obtaining more subscribers to their profile page.

3. The Timeline feature means everything you’ve ever shared on Facebook is now available and easy to browse.
Timeline is a revolution of usability, but it’s also the open story of your life to date on the social network. If the default settings are not changed, to restrict who can see your wall, the content will, by default, be available for anyone to see. Friends, photos, places you have checked in, relationships and much more.
It’s important for Facebook users to be aware of this privacy setting when using Timeline, and adjust this accordingly.

4. Health is now social… and public.
The Facebook timeline considers health information social. While it will be easy to share health-related updates such as breaking a bone, undergoing surgery or overcoming an illness, this information is also set to public by default. While seemingly innocuous, information about health that is shared publicly may risk being exploited for identity theft or social engineering attacks.

5. Widgets, open the door to interactive scams.
With Timeline, Facebook also introduced widgets that live on users’ profile pages, which takes social interaction to a whole new level. Until now, anyone who had an application installed could only interact with other users within the app. Now, the app is on the user’s wall, so anyone who interacts with the user profile can also interact with the app.
This isn’t a concern for legitimate apps, but the ease with which they can be accessed may lead to fake or scam apps spreading quickly through the social network.


-News Source (F8, Dynamic Business & FB)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem

Posted by Avik Sarkar On 10/14/2012 06:26:00 pm

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem 

World's most popular and largest social network Facebook faced another downtime. This time the outage effected millions of users in European countries including Denmark, France, NorwayGermany and Italy. After June this is the second outage which effected large number of Facebook users. Last time Facebook users faced disturbance while using their favorite social network. Facebook users across the globe experienced log-in difficulties for several hour. But this time, the social networking giant remain down for a decent time. The outage may have caused Facebook’s share price to go down. For a site with 900 million users worldwide, even a minor outage has a huge effect. Like the June issue, here also hacker collective came first and took credit of the outage. According to a twitter account of the hacktivist group named  Anonymous Own3r, took responsibility of the outage, In his tweet he claimed to figure out several vulnerabilities in Facebook, which causes the outage. In a pastebin note, the hacker publishes those so called vulnerabilities. Also in his tweet the hacker claimed to have control in many servers owned by Facebook. 

But Facebook completely denies the hacker attack & said the cause of the outage was nothing but DNS issue, neither hacker attack nor DDoS.  Here we want yo give you reminder that i2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. Later in June this year, Anonymous took credit for a couple of hours outage of Facebook, and here again Anonymous affiliated member repeated the same story, which again proves completely baseless, and in short it was nothing but a publicity stunt. 

In case of large social network like Facebook, such kind of DNS issues can be happened. Whatever immediately after this outage Facebook released a statement saying -
"There has not been a hack of Facebook. We have investigated these claims, and they are not valid. The evidence cited was produced by an automated vulnerability scanner that alerts developers of potential vulnerability, and we have found these all to be false alerts.
We expect Anonymous just like we expect any other attack on any other day. Due to our size, we face the same threats as seen everywhere else on the Web, but we have developed partnerships, back-end systems, and protocols to confront the full range of security challenges we face. Facebook has always been committed to protecting our users’ information, and we will continue to innovate and work tirelessly to defend this data.
Earlier (Thursday), we made a change to DNS as part of a traffic-optimization test, and that change resulted in some users being temporarily misrouted. We detected and resolved the issue immediately, but a small number of users located primarily in Western Europe experienced issues accessing the site while the DNS addresses repopulated. We are now back to 100 percent, and we apologize for any inconvenience..."



-Source (All Facebook)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Finally Facebook Released Their Application for iPad

Posted by Avik Sarkar On 10/11/2011 10:14:00 pm


One year, six months, and seven days after the iPad first went on sale, Facebook has at last released its app for Apple's tablet. "Many of you have been asking about Facebook for iPad," the company said in an understated blog post Monday. "Today, it's finally here." The long-delayed app has the subject of much Silicon Valley chatter. Some rumors suggested that a rift between Facebook CEO Mark Zuckerberg and Apple's executive team over Apple's Ping social network was to blame for the delay. Others claimed that Facebook preferred a Web-based application that bypassed Apple's strict app store rules.
Former Facebook developer Jeff Verkoeyen, the lead engineer on the the iPad app, wrote on his blog recently that he quit the company after Facebook continually delayed the release of the iPad app. It had been in the works since October 2010 and was essentially completed in May, Verkoeyen said.
"For reasons I won't go into details on the app was repeatedly delayed throughout the summer," Verkoeyen wrote. "Needless to say this was a frustrating experience for me. The experience of working on this app was a large contribution to the reasons why I left Facebook, though that doesn't mean it wasn't a difficult decision."
Verkoeyen, who now works for Google, later updated his blog post to strip out his criticism of Facebook and his comments about the app's delay.
If Verkoeyen's timeline is correct, that means that the Facebook iPad app was stuck in limbo longer than the Apple's notoriously delayed white iPhone 4.
But like the white iPhone, Facebook's iPad app has finally appeared. The application showcases many of the familiar Facebook features, integrating gestures and swipes to help users navigate the social network.
"With the iPad app, you get the full Facebook experience, right at your fingertips," Leon Dubinsky, a Facebook mobile engineer, said in a blog post that he wrote "from the comfort of his couch."
Games, apps, groups and lists appear in a menu on the left-hand side, giving users quick access to their most-frequently used tasks. Messages and notifications appear at the top of each screen, so Facebook users can chat with friends and view updates without jumping back and forth between screens.
The app also allows lets users play full-screen games, watch and record HD videos and stream them to other devices using Apple's Airplay technology.
The app had been noticeably absent from Apple's iTunes app store, considering that Facebook had been among the first to debut an iPhone application in 2007. The social network also said Monday that it made several improvements to the iPhone app and Facebook's mobile site, giving users simplified navigation, faster search and access to more games and apps. 

For more information and to get the application click Here



-News Source (CNN)



 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Are Invited To Attack Facebook's Corporate Network

Posted by Avik Sarkar On 7/30/2012 01:52:00 am


Hackers Are Invited To Attack Facebook's Corporate Network

Last year the social networking giant, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. The minimal reward amount was of $500. White hats were urged to search for Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection bugs. In Facebook's White Hat program the company strictly announced that they should not be bothered with spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps. Now they changed their mind. When the social network's security team randomly receiving tips from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the Corporate Network. There are quite a few bug bounty programs instituted by tech companies such as Google, Paypal but Facebook has become the first firm that gave formal permission to white hats to target its networks. Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there’s a million-dollar bug, they will pay it out.
Given that Facebook has a strong incentive to protect the data belonging to its 900 million users, and the fact that data breaches have become a disturbingly common occurrence in the last two years or so, the step seems like a logical one. 


-Source (Net-Security)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

2011 "The Year of The Hack" A Brief Over View & Prediction of 2012

Posted by Avik Sarkar On 12/13/2011 10:51:00 pm


Everyday when you open voiceofgreyhat.com you see lost of hacks, defacement, data breached, server rooted, database hacked, information leaked and so on and on. Here is some summary where all the recent attacks ware covered. If 2011 was “the year of the hack,” as it was dubbed by Richard Clarke, former White House cyber-security czar

Would 2012 be the year enterprises apply the lessons learned and stop the attacks? 
Apparently not, as security experts are predicting even more sophisticated attacks for 2012. 

Defense contractors, government agencies, and other public and private organizations reported network breaches where attackers stole intellectual property, financial data and other sensitive data. Hacktivist groups such as Anonymous and LulzSec demonstrated how much damage they can cause large organizations by employing fairly well-known techniques against the application layer. 

What’s the security outlook for 2012? 
It’s appears gloomy, as security experts warn that cyber-attackers will target applications, mobile devices and social networking sites. There will be more social engineering as attackers research victims beforehand to craft even more targeted attacks.
2011 was a year in transition, David Koretz, CEO of Mykonos Software, toldthe year when sophisticated Web application attacks came of age. Before, people were talking about the threat to Web applications but were unable to quantify the problem. “2011 is the year people started caring about Web security for the first time,” Koretz said
Attackers targeted applications through SQL injection and cross-site scripting attacks to get access to sensitive data, said Lori MacVittie, senior technical marketing manager at F5 Networks. There are more kits and exploit tools released that exploit certain vulnerabilities, making it easier for even less skilled attackers to launch sophisticated attacks. There will be more of these tools in 2012, she said.
Social media has become more ubiquitous. Forrester estimated 76 percent of enterprises allow some access to social networking sites from within the corporate networks,  and 41 percent allow “unfettered access” to these sites. Many of the data breach and cyber-attack headlines in 2011 were social engineering attacks that exploited email and the Web as an attack vector, according to Rick Holland, a Forrester analyst.
Attacks against social network sites accounted for only 5 percent of total social engineering attacks in Verizon’s 2011 Data Breach Investigations Report. Forrester expects this number to “increase significantly” in 2012, Holland said.
Malware for mobile platforms grabbed headlines in 2011, starting with Google removing apps infected with DroidDream malware from Android Market and then remotely removing them from user devices.
Malware developed for mobile platforms exploded in volume and sophistication, according to Juniper Networks’ Global Threat Center. Criminals released a mobile version of the Zeus Trojan designed to intercept security controls used for online banking for several mobile platforms. Many users were infected with malware that turned their smartphones into zombies participating in a botnet without their knowledge.
Mobile device adoption is on track to reach 60 million tablets and 175 million smartphones in the workforce by 2012, according to Forrester. The majority of users will not be using these devices secured within the corporate environment as they will be working from home offices, public hotspots and third-party networks.
Organizations will increasingly shift their content security operations to the cloud to better protect mobile users. Security professionals have to adapt quickly to multiple mobile form factors and evolving threats from sophisticated malware and social networks, Holland said. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Help! I Think My Child Might Be a Cyberbully (Special Article)

Posted by Avik Sarkar On 12/08/2012 05:57:00 pm

Help! I Think My Child Might Be a Cyberbully (Special Article)

Our society grows more and more connected. We have smart phones, computers, tablets, social media sites and other tools constantly creating new connections between people. This is generally a good thing, but there is a negative side to this enhanced communication—cyberbullying. Although bullying in the playground or classroom has been around since we started putting kids in schools, cyberbullying brings a new aspect to bullying. It is more difficult to stop because, in many cases, the bully is anonymous.

Cyberbullying Can Lead to Suicide

Cyberbullying is using the internet, cell phones or other devices to post pictures, text, videos or other information intended to hurt or embarrass another person. According to the National Crime Prevention Association, cyberbullying affects almost half of all American teens. Although many feel cyberbullying is not a big deal, the consequences can be severe. As evidenced by the amount of suicides—particularly of gay teens—in the last few years, cyberbullying can have a devastating effect on the victim and their family. Because of the nature of cyberbullying, it is difficult to tell if your child is involved—either as a victim or an aggressor.

Prevent Your Child From Becoming a Cyberbully

There are some simple ways to prevent your child from becoming a cyberbully. Be a model for them. Don’t use abusive language when referencing workmates, other parents or kids. Make sure the language you use around your child does not lead them to believe it is alright for them to use abusive language. Children look to their parents as guides for how to operate in the world. Make sure, as a guide, you're pleasant, kind and non-aggressive.
Keep an eye on your child’s social networking profile. See if they are getting involved in harassing other children. This could be a precursor to them becoming the primary bully themselves. If you do find evidence they are harassing others, do not let it stand. Talk to them about it. Explain the better, healthier ways to deal with their aggression or anger towards their friends and classmates. Make sure they understand that harassment is not an acceptable type of behavior. There are ways to assure your child's social network site can't be hacked.

Keep Your Child's Social Network From Being Hacked

Cyberbullying is not exclusive to hateful or aggressive comments or messages. Many kids have their social networking site hacked, and the hacker shares embarrassing information or posts things the actual user would not post. There is software to track the sites that have been accessed on your computer and that can help you to protect your child against identity theft. Utilize the tools available to make sure your child has not stolen another kid’s identity.
The best way to stop cyberbullying is to prevent your child from ever becoming one in the first place. Have open conversations about bullying and its effects on others. Show through example the best way to solve problems is not through threats and anger but through calm and reasoned action.



Special Article By 
Jennifer Stone
Guest Editor VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonplus Hacked by Akincilar (Turkish Hacker Group)

Posted by Avik Sarkar On 7/24/2011 11:30:00 pm


AnonPlus, a social network created by the hacker group Anonymous has been hacked by a Turkish hacker group called Akincilar, who replaced the Anonymous logo of men in suits, with one of a dog wearing a suit on the social networking site, according to The Register.
Anonymous began setting up its own social network after profiles set up by its members on Google+ were removed last week. Several days later, the rival hacker group from Turkey defaced the pre-beta site's front page with the joke version of the standard Anonymous logo and a message mocking the group in Turkish and English.

"We Are TURKIYE We Are Akincilar. This logo suits you more ... How dare you rise against to the World ... Do you really think that you are Ottoman Empire? We thought you before that you cannot challenge with the world and we teach you cannot be social Now all of you go to your doghouse ..." read the message.
Details of how the hack was perpetrated are unknown, but are likely to have involved either easily exploited site vulnerabilities or sloppy password security: the same vulnerabilities that Anonymous has been criticising big business for, through its AntiSec campaign.

Developers behind AnonPlus had a few choice words for Turkish hackers dismissing them, among other things, as "snobby, arrogant, IGNORANT little fucking children" in a counter-rant.
Anonymous attacked government websites in Turkey in protest against controversial internet filtering plans back in June. Turkish police arrested 32 suspects days later.

-News Source (ITP)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

6.5 Million of LinkedIn Passwords Stolen By Cyber Criminals

Posted by Avik Sarkar On 6/07/2012 12:16:00 am

6.5 Million of LinkedIn Passwords Stolen By Cyber Criminals

Very popular social networking site LinkedIn are currently running through a massive cyber attacks. It has been allegedly reported that more than six million passwords belonging to LinkedIn users have been compromised among them more than 300,000 passwords has already been cracked and published as plain text. A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.  
LinkedIn has confirmed that it is investigating the incident. In the meantime, several reputable sources have said that they have found their LinkedIn passwords in that list; it can therefore be assumed that the social network's operator actually does have a problem.
Pages are already appearing on the internet that prompt you to enter your password to verify whether you are affected; these are phishing sites. It is also expected that there will be waves of spam email soon which will call for you to change your password with a link to a LinkedIn-impersonating phishing site. Instead of following these links, either enter the LinkedIn URL yourself (linkedin.com) or use a stored bookmark to visit the social network and change your password.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Forces 900 Million Users To Put Phone Details To Prevent Hacking

Posted by Avik Sarkar On 6/19/2012 11:58:00 pm

Facebook Forces 900 Million Users To Put Phone Details To Prevent Hacking

After the security breach in LinkedIn and eHarmony now the world's largest social network Facebook is asking each of its over 900 Million active users to provide their original mobile numbers as a part of a drive to improve security on the social networking site. Millions of Facebook users have already seen a link at the top of their profile requesting them to follow ''simple security tips''. Clicking on the link opens the site''s security page where users are asked to pick a unique password and given a tutorial on how to spot an online scam. Users are then requested to provide their phone number for secure account recovery. Facebook claims that when a user confirms their phone number it allows the site to automatically wipe their password in case their account is being hacked. The social network would then send a text message to the user informing that their password has been changed. According to the paper, Facebook, however, claimed that the security update has nothing to do with the recent LinkedIn hack.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

XSS Worm on Chinese Twitter

Posted by Avik Sarkar On 7/02/2011 01:14:00 pm

Users of Sina Weibo, the Chinese Twitter alternative, were targeted by a cross-site scripting (XSS) worm spreading through a vulnerability on the micro blogging site.
With over 140 million users, Sina Weibo is the most popular social networking site in China, a country where both Twitter and Facebook are banned. The site's administrators announced that an worm exploiting an XSS weakness hit the platform on Tuesday evening. The worm propagated through messages that lured users with videos, pictures and software. For example some advertised bloopers from a new film, while others nude pictures of Chinese actress Fan Bingbing. Clicking on the included links forced users to re-post the spam messages from their own accounts, therefore helping the worm spread.
The attack was apparently launched from an account called @hellosamy, a name possibly chosen as a tribute to the Samy (Spacehero) worm released on MySpace back in 2005.
The work of security enthusiast Samy Kamkar, Spacehero was the first large-scale worm to spread on a social network by exploiting a cross-site scripting vulnerability and paved the way for many similar attacks that have occurred since then.
There is barely any social network left that hasn't been affected by such a worm. Some of them have had to deal with such problems multiple times and on some occasions the attacks distributed malware or spam.

There doesn't seem to have been any malicious component behind the Weibo worm, though, except for its spreading mechanism.

When such attacks happen if webmasters are not quick enough there is a high risk that the worms will mutate as other users modify the code and launch their own versions. In this case, the Weibo staff plugged the hole in around one hour, which is a rather long time for such an attack.

-News Source (Softpedia)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonplus the Social Networking site of Anonymous

Posted by Avik Sarkar On 7/18/2011 03:02:00 pm


Renowned hacker group Anonymous revealed yesterday that its Google+ profile has been removed and that their Gmail account has been blocked as well. Google claims that the profile and account go against "Community Standards" and has shut down most, if not all, profiles related to Anonymous.
As a result of being blocked, Anonymous says that they have organized against Google+ and will be developing their own social network, dubbed "AnonPlus."
Welcome to AnonPlus. This will be your future. This will be our future. Today, we welcome you to begin anew…to watch this glorious incipience happen – one upon which you will never turn your back on. Welcome to the Revolution – a new social network where there is no fear…of censorship…of blackout…nor of holding back. Life is what you make of it – and we are making it. As you step through into the coming weeks, months, and years with us…they will know that we've arrived. There will be no more oppression. There will be no more tyranny. We are the people and we are Anonymous. We have arrived.
The site currently has the Anonymous logo, the text that is above, a link to the dev forums, and a version number (0.1). From what we can tell, Anonymous is taking this pretty seriously.
 
What do you think? Was Google right in blocking Anonymous' profiles? What do you think about AnonPlus?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GOOLGE Plus is Putting Pressure on Facebook

Posted by Avik Sarkar On 7/03/2011 03:59:00 pm

 
Google is making a fresh attempt at social networking with a service that competes with Facebook. The service, called Google Plus, has a similar appearance as Facebook, with streaming updates of photos, messages, comments and other content from selected groups of friends, said Bradley Horowitz, vice president, product management. It will integrate Google’s maps and images.
As Internet users spend more time on social-networking sites, Google, the world’s biggest Internet-search company, is releasing new social features to lure web surfers to its own services and expand advertising sales. Facebook, the world’s most popular social network, captured 13 percent of total hours people spent online in May, while Google attracted 10 percent, according to ComScore Inc.
“It’s something that is changing the quality of Google itself,” Horowitz said of the push into social networks. “It’s the Google you know and love, but now with people.”
Chief Executive Officer Larry Page is starting Google (plus) after missteps last year with the introduction of a social component to Gmail called Buzz. In March, Google reached a settlement with the Federal Trade Commission to resolve concerns it violated its own privacy policies. Executive Chairman Eric Schmidt, CEO for a decade before Page assumed the role, said earlier this month that he “screwed up” in the area of social networking. “I clearly knew I had to do something and I failed to do it,” he said.

The new service will initially be available to only a limited set of users in a test. The company has been testing internally and it’s now ready to gradually open up what it calls a “project” to the general public. The service is available only by invite for now.

“This is a project that will span many years,” Horowitz said. “This is not something where we’re done. On the contrary — we’re just getting started, laying some of the foundation and then many features will evolve.”

With Google (plus), users easily share information based on the circle of friends they think would most like to see a photo or read a message. Once users sign up, they have a profile page with security settings that let them share or hide personal information, such as education or job descriptions.

Other Google (plus) features include Sparks, which gathers videos and articles on topics of interests or hobbies, and Hangouts, which lets friends join video chat with multiple people at once. There is also a mobile version of Google (plus) for handsets running the Android software, and the company is developing a version for Apple’s iPhone. The mobile version enables text-message chats with multiple users and, with an opt-in, photos and videos are automatically stored in an online album for later access.

“We already have users,” Horowitz said. “This isn’t a startup that’s trying to acquire users. The users are here already. It’s just that the experience we’ve offered them is incoherent and disconnected.”


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facial Recognition Technology In Google+

Posted by Avik Sarkar On 11/22/2011 04:02:00 pm


One of the fastest growing social network Google Plus adds more facilities. The fastest growing social network, Google Plus, keeps improving its arsenal in the battle with rivals like Facebook and Twitter. Google’s newest heavy weapon is: face detection. This technology allows users to tag the photos quicker and easier than before, without manually entering the identity for individual pictures.
When the user decides to publish an entire photo album, the new face detection feature will display in one place all the faces found in that album. Later on, grouping photos according to the persons that appear in them will be much easier and then tag them with the name and the email will be made with just a few keystrokes. Users can access this new feature from three different places.
One way is to create an album from the sharebox or to add photos to an existing album. Once the upload is complete, Google will recognize the faces and the tagging feature will appear. Another way is to add photos from sharebox and to follow the same steps and Tag People when this option appears. Or, there is the possibility of tagging an entire album using button just above the photo previews.
To respect the people’s right to privacy, after the tagging, every person that appears in the photos will be informed and they can decide if they approve the tagging or not.
Initially, Google provided face detection features with Picasa, but after a while, this service was renamed Google Photos. To gear up for further improvements, Google acquired PittPatt, and its patents for the technology used in face detection and live tracking. Now what Google cooked up in this department is available for Google + users to enjoy. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

25 Years Old Guy Busted While Attempting to Hack Facebook Server

Posted by Avik Sarkar On 8/20/2011 04:42:00 pm

A  25 year old Brit allegedly used "considerable technical expertise" to hack into Facebook's servers.
Student Glenn Steven Mangham from York is currently on trial at Westminster magistrates' court for five charges under the Computer Misuse Act including adapting, supplying or offering to supply  software that ensures users can hack into Facebook's servers.

Mangham was arrested by the Metropolitan Police's Central e-Crime Unit in June this year for "computer hacking offences".
It is alleged that that between April 27 and May 9, Mangham hacked into a Facebook puzzle server that allows developers to test their skills, several times. Furthermore, it is also alleged he attempted to hack into a Facebook mailman server run that manages email distribution lists, as well as trying to gain access to the Facebook phabricator server, which offers tools for third-party app developers.
"This is what can be described as a hacking case," lawyer for the prosecution, Matthew McCabe, said.
While on bail, Mangham has been barred from accessing the web from any device.

"The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook," said Judge Nicholas Evans, who is preceding over the case.

Facebook said no personal details had been compromised during the attempted hacks and the social network had been working with Scotland Yard and the FBI as they "take any attempt to hack our internal systems extremely seriously".
According to a news daily "this is one of the first investigations into a hacking attempt on the social network and detectives were not aware of any hacking attempts "to this extent".

-News Source (Pc Advisor)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Son of Flynn (Social Engineer Toolkit v2.2) Released

Posted by Avik Sarkar On 10/28/2011 06:35:00 pm



Social Engineer Toolkit has been updated! This release is named “Son of Flynn”. We now have the Social Engineer Toolkit version 2.2. The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Official Change Log for Social Engineer Toolkit v2.2:-
* Added better handling when generating your own legitimate certifcate and ensure proper import into SET
* Adjusted java repeater time to have a little more delay, seems to be more reliable and stable if that occurs.
* Removed the check from the main launch of SET for pymssql and only added it when the fast-track menu was specified
* Removed the derbycon posting since it already happened. When we get closer I’ll re-add it back in with detailed information
* Removed old files in the java applet attack that were not needed.
* Added better granularity checking the Java Applet attack when the shellcode exec or normal attacks were being specified.
* Fixed a bug that caused infectious media bomb out if shellcodeexec was specified as a payload
* Added a legal disclaimer for first inital use of SET that is must be used for lawful purposes only and never malicious intent
* Added improved stability of the java applet attack through better payload detect/selection
* Fixed a bug with shellcodeexec and creating a payload and listener through SET, it would throw an exception, it now exports shellcodeexec properly and exports alphanumeric shellcode
* Added new config check inside core.py, will return value of config, easier..will gradually replace all config checks with this
* Fixed an issue that would cause AUTO_REDIRECT=OFF to still continue to redirect. This was caused from a rewrite of teh applet and the same parameters not being filtered properly
* Added more customizing Options to RATTE. Now you can specifiy custom filename ratte uses for evading local firewalls. So you can deploy RATTE as readme.pdf.exe and it will run as iexplore.exe to bypass local firewalls. You can although specify if RATTE should be persistent or not. For testing network firewalls you won’t need a persistent one. Doing a penetration test you may choose a persistent configuration.
* Fixed a bug in RATTE which could break connection to Server. RATTE now runs much more stable and can bypass high end network firewalls much more reliable.
* Added a new config option called POWERSHELL_INJECTION, this uses the technique discovered by Matthew Graeber which injects shellcode directly into memory through powershell
* Added a new teensy powershell attack leveraging Matthew Graebers attack vector.
* Rehauled the Java Applet attack to incorporate the powershell injectiont technique, its still experimental, so will remain OFF in the config by default. The applet will not detect if Powershell is installed, and if so, use the shellcode deployment method to gain memory execution without touching disk through PowerShell.
* Fixed a bug that would cause mssql bruter to error if powershell injection was enabled or other attack vectors

To Download SET 2.2 Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Has 1 Billion Unique Monthly Visitors

Posted by Avik Sarkar On 6/23/2011 11:05:00 pm



Google revealed more than a year ago that it has more than 1 billion searches a day and averages 1 billion searchers a week. Now it can add 1 billion unique visitors per month to that storied stat club. comScore revealed that Google's Websites, including its search engine, YouTube video-sharing site and Gmail, lured more than a billion unique visitors in May. That's up 8.4 percent from a year ago. It is the first time an Internet company has hit that benchmark, according to the researcher. See the report here or this snapshot on Search Engine Land. That would be nice if it weren't for the fact that Google's rivals are growing their online traffic, too. Microsoft, whose Bing search engine came on strong last year, followed with 905 million unique visitors in May, good for growth of 15 percent. Facebook, meanwhile, saw its visitor count balloon to 714 million visitors, perhaps an accurate reflection of its current user base. Facebook's year-to-year growth was a remarkable 30 percent. More impressive (and scary, for Google) is Facebook's user engagement stat: comScore said the social network's users logged 250 billion minutes worldwide in May, up 66 percent from May 2010. 
In a June 15 blog post, comScore said Facebook's average U.S. visitor engagement has grown from 4.6 hours to 6.3 hours per month over the past year. Nielsen confirmed the six-hour stat in its own research.
Microsoft is next at 204 billion minutes, down 13.6 percent, while Google is third with 200 billion minutes, good for growth of 13 percent. Facebook's ability to keep users logged in the walled garden is the reason why Google is logically infusing its Web services with social software. 
This Web phenomenon is also the reason Google has been revving up its mobile and display advertising efforts. The company acquired mobile ad maker AdMob for $750 million last year and agreed to buy display ad player Admeld last week. Google has also accelerated its YouTube efforts, adding thousands of streaming movie titles and using Google TV as a new access point for YouTube and its display ads.
Near-term, Google has little to worry about. EMarketer said Google will take 41 percent of all ad dollars, with Facebook netting 7 percent of U.S. online ad spending this year.
What Google is nervous about is that Facebook is getting more users to stay online with its site longer, which means more users are seeing more display ads on the network.
This generates more ad cash for Facebook and its partners. Moreover, ad partners who would normally go to Google, Microsoft or Yahoo for display ad placement now have Facebook as the optimal choice to spread their message. This is why Google has been boosting social -- adding the +1 button -- and why it's been fortifying its already strong ad arsenal.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Indian Govt. Asked Social Networks (Facebook, Google, Yahoo & Microsoft) To Screen Contents From India

Posted by VOICE OF GREYHAT On 12/07/2011 12:18:00 am


Indian government has told social networking giants Facebook, Google, Yahoo and Microsoft to remove material that might "offend Indian sensibilities". Top officials from the Indian units of Google, Microsoft, Yahoo and Facebook are meeting with Kapil Sibal, India’s acting telecommunications minister, on Monday afternoon to discuss the issue, say two executives of Internet companies. The executives asked not to be identified because they are not authorized to speak to the media on the issue.
Mr. Sibal’s office confirmed that he would meet with Internet service providers Monday but did not provide more information about the content of the meeting. About six weeks ago, Mr. Sibal called legal representatives from the top Internet service providers and Facebook into his New Delhi office, said one of the executives who was briefed on the meeting. At the meeting, Mr. Sibal showed attendees a Facebook page that maligned the Congress Party’s president, Sonia Gandhi.  “This is unacceptable,” he told attendees, the executive said, and he asked them to find a way to monitor what is posted on their sites.
In the second meeting with the same executives in late November, Mr. Sibal told them that he expected them to use human beings to screen content, not technology, the executive said. The three executives said Mr. Sibal has told these companies that he expects them to set up a proactive prescreening system, with staffers looking for objectionable content and deleting it before it is posted. The executives said representatives from these companies will tell Mr. Sibal at the meeting on Monday that his demand is impossible, given the volume of user-generated content coming from India, and that they cannot be responsible for determining what is and isn’t defamatory or disparaging.
“If there’s a law and there’s a court order, we can follow up on it,” said an executive from one of the companies attending the meeting. But these companies can’t be in the business of deciding what is and isn’t legal to post, he said. 
Yahoo, Facebook and Microsoft did not respond immediately to calls for comment, and a Google spokeswoman said the company had no comment on the issue. Facebook said earlier this year it has more than 25 million users in India. Google has over 100 million Internet users in India. The demand is the Indian government’s latest attempt to monitor and control electronic information. In April, the ministry issued rules demanding Internet service providers delete information posted on Web sites that officials or private citizens deemed disparaging or harassing. 
The Indian government also plans to set up its own unit to monitor information posted on Web sites and social media sites, executives said, which will report to Gulshan Rai, the director general of India’s cyber-security monitor. 
Some Indian cities like Mumbai have already set up special units to monitor Internet sites like Facebook and Orkut, the social networking site operated by Google, for content considered disparaging or obscene.
Now lets see what these social network authorities do in this case......



-News Source (The Guardian & New York Times) 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple’s Based Networks are More Vulnerable to Attack than Windows (BH 2011)

Posted by Avik Sarkar On 8/05/2011 10:01:00 pm


For many years, Apple enjoyed security through obscurity. The market share for Mac computers was so small that malware creators bypassed it to go after the much bigger target, Microsoft Windows. Not anymore.
Apple’s market share has been slowly rising and the popularity of the iPhone has put Apple’s products into the spotlight. Hackers are taking notice and they’re figuring out that Apple’s computers have security vulnerabilities, some of them more severe than Windows machines, according to a talk by the iSEC Partners security consulting team at the Black Hat security conference today.
Alex Stamos (pictured), Paul Youn, and B.J. Orvis of iSEC Partners said in their talk that it is possible for hackers to penetrate a network of Apple Mac computers and lurk undetected while gathering data. They concluded that there were so many vulnerabilities on the networking level that Mac machines could be considered more vulnerable than Windows machines.
Apple has not yet responded to a request for comment. At Black Hat, there will also be talks about the vulnerabilities of other operating systems, including Windows. In years past, security researchers have blamed Microsoft for producing vulnerable Windows code. And immediately following the Apple talk, security researchers had another talk about hacking Google’s Chrome operating system.
“This is all changing,” Stamos said. “If [recent hacking events] tell us anything, it’s that any computer is vulnerable to attack.”
The iSEC team said they looked at attacks on the Mac and its latest operating system, code-named Lion, or OS X version 10.7, from the perspective of Advanced Persistent Threats, or long-term security break-ins on networks of computers. They showed examples of the vulnerabilities and detailed proof that they had hacked into the operating system.
The category of Advanced Persistent Threats is a hot one because Google discovered that, under Operation Aurora, dozens of companies were compromised over a long period of time. And McAfee reported today that a similar attacked, dubbed Operation Shady RAT, compromised a total of 72 governments and corporations over a five-year period.
A network of Mac computers can be compromised in the usual way, iSEC’s Stamos said. A single user can be tricked out of giving up a username and password through social engineering or targeted “phishing attacks,” or attacks that use a believable ruse to get you to enter your username and password, which is then captured and compromised by the hackers.
Once inside the network, Stamos said that it is easy for the attacker to escalate the privileges he or she has on the network. That is where Apple’s operating system falls down in comparison to Windows. ”Once you have access, you can compromise the networking,” Orvis said. “Network privilege escalation is where it really gets bad on the Mac.”
The security researchers said that Apple has made improvements to security in version 10.7 of OS X, such as putting applications in a “sandbox,” or isolating them so that they can run (or crash) without taking down the rest of the operating system. Still, the researchers said they had figured out a couple of different ways to compromise the security of Macs through a test program dubbed Bonjoof. They said that it’s possible to lurk on a network and cover your tracks so that intelligence can be gathered on a network over time.
“All of Apple’s major authentication protocols suffer” from some kind of weakness, Orvis said.
There are ways to deal with the vulnerabilities, but company security professionals have to know how to use security forensics technology, which can take a long time. In the meantime, attackers can detect the forensics tools and react to their usage in an attempt to hide. The security researchers said they did talk with Apple about the vulnerabilities they found and communicated a number of ideas about how to improve the security of Apple’s computers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search