Red Hat Enterprise Linux 7 Beta Arrives! Download Now And You Can Win $500

Red Hat Enterprise Linux (RHEL) 7 Arrived With Expanded Container Support, Performance Profiles, XFS As the Default Filesystem & Many More. 

We have just spent a less than a month time after the release of Red Hat Enterprise Linux 6.5 made available globally, yet again the American multinational software company, leading the world for open-source software has announced the availability of a first public beta release of Red Hat Enterprise Linux (RHEL) version 7. Based on Fedora 19 and the upstream Linux 3.10 kernel, Red Hat Enterprise Linux 7 will provide users with powerful new capabilities that streamline and automate installation and deployment, simplify management, and enhance ease-of-use, all while delivering the stability that enterprises have come to expect from Red Hat. This further solidifies Red Hat Enterprise Linux's place as the world's leading Linux platform and a standard for the enterprise of the future. Whether rolling out new applications, virtualizing environments or scaling the business with cloud, Red Hat Enterprise Linux 7 delivers the keystone to IT success. The beta release of Red Hat Enterprise Linux 7 adds value to new and existing IT projects across industries by adding key capabilities to improve critical but often cumbersome IT tasks like virtualization and storage while offering a clear pathway to the open hybrid cloud. In their official Red Hat Enterprise Linux YouTube channel, Red Hat posted a short video where you can hear what the team at Red Hat has to say about the next-generation of the world’s leading Linux platform.

Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: 

• Linux Containers - Enabling applications to be created and deployed in isolated environments with allocated resources and permissions.
• Performance Management – Using built in tools, you can optimize performance out-of-the-box.
• Physical and Hosted In-place Upgrades - In-place upgrades for common server deployment types are now supported. Additionally, virtual machine migration from a Red Hat Enterprise Linux 6 host to a Red Hat Enterprise Linux 7 host is possible, without virtual machine modification or downtime.
• File Systems – File systems continue to be a major focus of development and innovation.
  • XFS is now the default file system, supporting file systems up to 500TB
  • ext4 file systems are now supported to 50TB and include block sizes up to 1MB
  • btrfs file systems are now available to test
• Networking – Enhanced networking configuration and operation. Added support for some of the latest networking standards, including:
  • 40Gb Ethernet support
  • Improved channel bonding
  • TCP performance improvements
  • Low latency socket poll support
• Storage – Expanded support for enterprise level storage arrays. Improved scalable storage stack for deployments that are less disk intensive. Improved storage management for heterogeneous storage environments.
• Windows Interoperability – Bridge Windows™ and Linux infrastructure by integrating SAMBA 4.1 with existing Microsoft Active Directory domains. Or, deploy Red Hat Enterprise Linux Identity Management in a parallel trust zone with Active Directory.
• Subsystem Management – Simplified configuration and administration with uniform management tools for networking, storage, file systems, performance, identities and security. Leveraging the OpenLMI framework, enables use of scripts and APIs to automate management.

To know deeply about the hot features and enhancement of RHEL 7 beta 1, click here. I am quite sure that, after going through with the above description, all of you are very much excited to grab this brand new beta of RHEL 7. Like the previous beta release, this time also The Red Hat Enterprise Linux 7 beta has been made available to Red Hat customers, partners, and members of the public. For further information and to access the beta click here. Last but not least, with this release Red Hat also calls for an very interesting competition, where you can participate & win $500 while telling Red Hat, what interests you most in RHEL 7 beta. So what are you waiting for, lets download RHEL 7 and explore it. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Red Hat Enterprise Linux 7 Beta Arrives! Download Now And You Can Win $500"https://www.voiceofgreyhat.com/2013/12/rhel-7-released-download-now.html</a>

Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5

Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5 

The RHEL 6x series get another important update as Red Hat Inc, the world's leading provider of open source solutions announced the general availability of Red Hat Enterprise Linux 6.5, the latest version of Red Hat Enterprise Linux 6. According to the official press release of Red Hat -RHEL 6.5 expands Red Hat’s vision of providing an enterprise platform that has the stability to free IT to take on major infrastructure challenges and the flexibility to handle future requirements, with an extensive partner and support ecosystem. 

Red Hat Enterprise Linux 6.5 is mainly designed for those who build and manage large, complex IT projects, especially enterprises that require an open hybrid cloud. From security and networking to virtualization, Red Hat Enterprise Linux 6.5 provides the capabilities needed to manage these environments, such as tools that aid in quickly tuning the system to run SAP applications based on published best practices from SAP.“Red Hat Enterprise Linux 6.5 provides the innovation expected from the industry’s leading enterprise Linux operating system while also delivering a mature platform for business operations, be it standardizing operating environments or supporting critical applications. The newest version of Red Hat Enterprise Linux 6 forms the building blocks of the entire Red Hat portfolio, including OpenShift and OpenStack, making it a perfect foundation for enterprises looking to explore the open hybrid cloud.”-said Jim Totton, vice president and general manager of Red Hat Inc. Now lets take a closer look to the main highlights of RHEL 6.5 : 

Securing the Next-Generation Enterprise

Red Hat Enterprise Linux 6.5 continues the push for integrated security functionality that combines ease-of-use and up-to-date security standards into the platform. The addition of a centralized certificate trust store enables standardized certificate access for security services. Also included are tools that meet leading security standards, including OpenSCAP 2.1, which implements the National Institute of Standards and Technology’s (NIST’s) Security Content Automation Protocol (SCAP) 1.2 standard. With these additions, Red Hat Enterprise Linux 6 provides a secure platform upon which to build mission-critical services and applications.

Networking – When Every (Micro)Second Matters

In the financial services and trading-related industries, application latency is measured in microseconds, not seconds. Now, the latest version of Red Hat Enterprise Linux 6 fully supports sub-microsecond clock accuracy over the local area network (LAN) using the Precision Time Protocol (PTP). Precision time synchronization is a key enabler for delivering better performance for high-speed, low latency applications. Red Hat Enterprise Linux 6.5 can now be used to track time on trading transactions, improving time stamp accuracy on archived data or precisely synchronizing time locally or globally. Thanks to other networking enhancements in Red Hat Enterprise Linux 6.5, system administrators now have a more comprehensive view of network activity. These new capabilities enable sysadmins to inspect IGMP (Internet Group Management Protocol) data to list multicast router ports, multicast groups with active subscribers and their associated interfaces, all of which are important to many modern networking scenarios, including streaming media.

Virtualization Enhancements

Red Hat Enterprise Linux 6.5 continues Red Hat’s commitment to improving the overall virtualization experience and includes several improvements that make it a compelling choice for running in virtualized environments. Sysadmins can now dynamically enable or disable virtual processors (vCPUs) in active guests, making it an ideal choice for elastic workloads. The handling of memory intensive applications as Red Hat Enterprise Linux guests has also been improved, with configurations supported for up to 4TB of memory on the Kernel-based Virtual Machine (KVM) hypervisor. The KVM hypervisor also integrates with GlusterFS volumes to provide direct access to the distributed storage platform, improving performance when accessing Red Hat Storage or GlusterFS volumes. Finally, guest drivers have been updated to improve performance of Red Hat Enterprise Linux 6.5 running as a guest on supported third-party hypervisors.

Evolving Ease-of-Use, Storage, and More

As application deployment options grow, portability becomes increasingly important. Red Hat Enterprise Linux 6.5 enables customers to deploy application images in containers created using Docker in their environment of choice: physical, virtual, or cloud. Docker is an open source project to package and run lightweight, self-sufficient containers; containers save developers time by eliminating integration and infrastructure design tasks. Red Hat Enterprise Linux 6.5 stays current with the advancements in Solid-State Drive (SSD) controller interface, introducing support for NVM Express (NVMe)-based SSDs. The NVMe specification aims to standardize the interface for PCIe-based SSDs and its inclusion in Red Hat Enterprise Linux 6.5 positions the platform to support an expanding range of future NVMe-based devices.

Improvements have also been added to improve enterprise storage scalability within Red Hat Enterprise Linux 6.5. It is now possible to configure more than 255 LUNs connected to a single iSCSI target. In addition, control and recovery from SAN for iSCSI and Fibre Channel has been enhanced, and updates to the kexec/kdump mechanism now make it possible to create debug (dump) files on systems configured with very large memory (e.g. 6TB).

Red Hat Enterprise Linux 6.5 makes it easier to track and manage subscription consumption across the enterprise, integrating subscription tracking into existing business workflow. Usability enhancements include support for remote access to Windows clients and servers that use a newer version of the RDP protocol, including Windows 7 and 8 desktops and Windows Server 2012. 

To Download Red Hat Enterprise Linux 6.5 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5 "https://www.voiceofgreyhat.com/2013/11/redhat-enterprise-linux-rhel-6.5-released.html</a>

Hcon Security Testing Framework (HconSTF) v0.5 Codename 'Prime' Released

Hcon Security Testing Framework (HconSTF) v0.5 Codename 'Prime' Released

Previously we have discussed couple of times about HconSTF - a browser based security testing framework. Earlier in last year we got HconSTF version 0.4, now after almost 14 month, the author of Hcon, Mr. Ashish Mistry (Information Security Researcher) has proudly released the version 0.5 of HconSTF code named "Prime." No doubt that Hcon has already became a very popular and widely used browser based pen testing framework. Not only in hackers community but also several security experts and infosec researcher's prefers Hcon as one of their all time favorite pentesing tool as HconSTF is very flexible and very handy multipurpose tool for any IT Security Professionals, Web Bug bounty Hunters, Web Developers or any one interested in IT security. As expected this version of Hcon, came with enhanced features and more functionality, so lets take a glance of HconSTF v0.5 -

HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,

• Web Penetration Testing
• Web Exploits Development
• Web Malware Analysis
• Open Source Intelligence ( Cyber Spying & Doxing )
• and much more with lots of hidden features

HconSTF v0.5 in Brief:-

• Based on Firefox 17.0.1
• Designed in Process based methodology
• Less in size (40mb packed-80mb extracted), consumes less memory
• More than 165+ search plugins
• New IDB 0.1 release integrated
• Underlined Logging for each and every request
• More NEW scanners for DomXSS, Reflected XSS
• New reporting features like note taking, url logging for easy report making
• Smart searchbox - just select and it will copy it and just change search engine to search
• Integrated Tor, AdvoR, I2p and more proxies
• New Grease monkey scripts (18 scripts)

To Download HconSTF v0.5 Click Here [Download Type- Portable (no need to install , run from usb drive or any memory card) Platform : Windows XP , Vista , 7 both x32 & x64]

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hcon Security Testing Framework (HconSTF) v0.5 Codename 'Prime' Released"https://www.voiceofgreyhat.com/2013/04/HconSTF-v0.5-Codename-Prime-Released.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java. 

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.

• Web Browser
• Google Chrome on Windows 7 ($100,000)
• Microsoft Internet Explorer, either
• IE 10 on Windows 8 ($100,000), or
• IE 9 on Windows 7 ($75,000)
• Mozilla Firefox on Windows 7 ($60,000)
• Apple Safari on OS X Mountain Lion ($65,000)
• Web Browser Plug-ins using Internet Explorer 9 on Windows 7
• Adobe Reader XI ($70,000)
• Adobe Flash ($70,000)
• Oracle Java ($20,000)

The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.

Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-

Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars"https://www.voiceofgreyhat.com/2013/01/Pwn2Own-2013-Hack-and-Earn-in-Million.html</a>

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes 

This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."

Security Feature Enhancements

The JDK 7u10 release includes the following enhancements:

• The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

For more information, see Setting the Level of Security for the Java Client and Java Control Panel.

Bug Fixes

Notable Bug Fixes in JDK 7u10

The following are some of the notable bug fixes included in JDK 7u10.

Area: java command

Description: Wildcard expansion for single entry classpath does not work on Windows platforms.

The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).

This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.

See 7146424.

For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page. 

The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes"https://www.voiceofgreyhat.com/2012/12/Oracle-Released-Java7-update-10.html</a>

Israeli Domain of MSN, Bing, Skype, Microsoft Store, BBC, CNN & Many More High Profile Israeli Sites Hacked

Israeli Domain of MSN, Bing, Skype, Microsoft Store, BBC, CNN & Many More High Profile Israeli Sites Hacked

More hackers taking part in the Israeli rampage dubbed Operation Israel. As soon as the story of bombing and air strike in Gaza get spotted on the social networks, we have seen immediate protest coming from almost every part of the world. In case of digital bombing, then it was first Anonymous who called Operation Israel, then hackers from different part of the world joined and contributed in this combined protest. So far we have seen along with Anon, Pakistani hacker Hitcher from Muslim Liberation Army, Indian hacker Godzilla, & Kosovo Hackers Security have played vital role in this rampage. But now the scenario is going from bad to worse for Israeli cyber space, as a group of Pakistani hackers hit a large number of high profile Israeli domain. Those big giants who have fallen victim in this round of cyber attack from Pakistan are MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel, Philips, Israeli Parliament, Citi Bank and few more. According to sources more than 44 million hacking attempts have been made on Israeli government web sites since Wednesday. Attempts on defense related sites have been the highest, while 10 million attempts have been made on the site of Israel's president, 7 million on the Foreign Ministry and 3 million on the site of the prime minister.

Complete List:-

pm.parliament.co.il

www.skype.co.il 

www.cnn.co.il 

intelcore.co.il 

www.msn.org.il 

passport.org.il 

www.microsoftstore.co.il 

intelatom.co.il 

www.opel.co.il 

philips.co.il 

bing.co.il 

bbc.org.il 

pantene.co.il 

paypass.co.il 

amazonunbox.co.il 

windowslive.co.il 

windows.co.il 

www.nbcuni.co.il 

citibank.co.il 

blog.fanta.co.il 

blog.sprite.co.il 

sprite.org.il 

xbox360.co.il 

www.xboxfusion.co.il 

cocacola.co.il 

coke.co.il 

www.xboxignite.co.il 

www.intelappup.co.il 

www.intel.co.il 

live.co.il 

solarwinds.co.il 

live.org.il 

www.msn.co.il 

Both the screen shot of the deface page and Zone-H mirror is saying that four hackers from Pakistan named 1337, H4x0rL1f3, ZombiE_KsA & Invectus were behind this massive cyber attack. Though a post on popular hackers forum named Sec4ever we came to know that ZombiE_KsA denied his relation with this hack. As usual self claimed famous security news blog, The Hacker News, tried to do a publicity stunt, while morphing the original news. Chasing fake publicity and money, the ready made source of news, also known as The Hacker News forgot the importance of  the situation in Gaza.

According to the view of VOGH, it hardly matters who take part in this hack, but what matters is that, a few human stand for humanity & humanity is beyond any religion, any cast and any color. So far the world have seen an instance of cruelty and inhumane of Israeli army, where the people of Gaza have been tortured brutally. The peace loving people across the world have already stood against this relentless practice. And when Anonymous called Operation Israel, that protest became a digital bombing. We the entire VOGH team salute those people across the globe, who have actively taken part in this protest. Its our world, its our home, and all the people in it are our family, so its our foremost responsibility to take care those members and stand with them. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Israeli Domain of MSN, Bing, Skype, Microsoft Store, BBC, CNN & Many More High Profile Israeli Sites Hacked"https://www.voiceofgreyhat.com/2012/11/Israel-Under-Cyberattack-by-Pakistani-hackers.html</a>

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

The long awaited and the most advanced windows operating system by Microsoft is ready and available to buy from Microsoft Store. Earlier we got three Pre-release version of Windows 8 -Consumer Preview, Developer Preview & Release Preview. Along with these the Redmond based software giant also released an Enterprise Edition of Windows 8. With those releases, Microsoft declared that they will start selling Windows 8 from October 26. As per the schedule Microsoft opened its virtual store and began selling upgrades to Windows 8 Pro for $39.99, making good on a promise made last summer. The upgrade, which must be downloaded and installed via a utility called "Windows 8 Upgrade Assistant," can be applied to Windows XP-, Vista-, and Windows 7-powered systems. So far so good, but not that good as it looking, recently a security hole has been spotted in the wild which is allowing Windows user to buy a license for Windows 8 Pro for just $14.99 by faking the details on the WindowsUpgradeOffer page. According to a post from Technology Personalized -For the uninitiated, the MRP of Windows 8 Pro version is $169.99 and during the promotional offer period, which runs till Jan 31st 2013, Microsoft is offering a big $130 discount to encourage early adaption of the latest Windows OS. So, the existing Windows 7/Vista/XP users can upgrade to Windows 8 for just $39.99 (or INR 1999). Additionally, Microsoft had announced that those who bought a Windows 7 PC between June 2, 2012, and January 31, 2013 are eligible for a further discount and can actually upgrade for a meagre $14.99. Moreover, users get to download the ISO and/or save Windows 8 as bootable USB.

Shockingly, the WindowsUpgradeOffer page requires people to enter some extremely basic details about their Windows 7 PC purchase as shown below. As you can see, the details they ask for can no way be used to validate the purchase. It neither asks for a serial number nor Windows 7 key, but just the PC brand and model! As you can see, we entered some random info into each of the fields.

Once the details are submitted, user will get a confirmation email about the registration. Within a few minutes, another email with the promo code is sent to the same email address. This promo code can be used to purchase the Windows 8 Pro edition via the Windows 8 Upgrade assistant app, for a nominal fee of USD 14.99. Unbelievable, isn’t it? 

So far Microsoft did not responded about this issue, but for those who want to buy Windows 8 Pro (Download) click Here & those who want to get Windows 8 Pro shipped to you click Here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99"https://www.voiceofgreyhat.com/2012/10/Security-Flaws-in-Windows-Upgrade.html</a>

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

One of world's most popular web-browser Google Chrome has fallen victim at Pwnium 2 security contest which took place earlier on 10th October, at the Hack In The Box conference in Kuala Lumpur, Malaysia. A teenage hacker who goes by the pseudonym "Pinkie Pie" was successfully able to "fully exploit" Chrome, escaping the sandbox using only bugs within Chrome. The hack was done on a fully patched 64-bit Windows 7 system running the latest stable branch of Chrome. For his work, Pinkie Pie will receive the top prize of $60,000 from Google. 

This isn't the first time that "Pinkie Pie", also the name of a "My Little Pony - Friendship is Magic" character, has won money for exploiting Chrome. In March of this year, he was rewarded for vulnerabilities he used at Google's Pwnium contest, which took place during the Pwn2Own competition at CanSecWest, to break out of the browser's sandbox and execute code. In order to get his code to execute on the test system at the time, he had to combine a total of six vulnerabilities; the holes were later closed with the release of Chrome 18. Along with security specialist Sergey Glazunov, Pinkie Pie also won this year's Pwnie Award for the Best Client-Side Bug. What ever the full results of the Pwnium 2 competition will be announced during a talk by Google Software Engineer Chris Evans today that means, 11th October.

We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPal, Facebook & many other has already started this paid bug bounty program. These bug bounty programs & such security contest indeed enhancing the security. 

-Source (The-H & SC Magazine)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000"https://www.voiceofgreyhat.com/2012/10/Pwnium2-Pinkie-Pie-Exploited-Google-Chrome.html</a>