Showing posts sorted by date for query social networking. Sort by relevance Show all posts
Showing posts sorted by date for query social networking. Sort by relevance Show all posts

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter & Yahoo Tightening Their Security to Prevent Eavesdropping of NSA

Posted by Avik Sarkar On 11/30/2013 03:33:00 am

Twitter & Yahoo Tightening Their Security to Prevent Eavesdropping of NSA & Other Govt Agencies 
Last month a untold and sensational story came to light, when the whistle blowers Edward Snowden unveiled one of the top secret program of NSA called called “Muscular” Former NSA contractor Snowden himself disclosed that the National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world in order to collect and snoop the private data of millions of internet users. NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video. Both Yahoo & Google said that they had never gave access to nay Govt agency to their data centers. Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.” Google’s chief legal officer, David Drummond said “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” 

 But the matter of fact is that NSA has indeed sniffed the personal & private communication of million internet users of tech giants like Yahoo and Google. To get rid of this kind of privacy breach, now the tech giants who hold the personal record and credential of mass, are tightening and enhancing their existing security system. According to Marissa Mayer, CEO of Yahoo "We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it." Yahoo also says it will encrypt all information moving between its data centers by the end of the first quarter, and it will work on getting international partners to enable HTTPS encryption in Yahoo-branded Mail services.Yahoo says it will give users an option to encrypt all data flow to and from Yahoo. "Yahoo has never given access to our data centers to the NSA or to any other government agency ever. There is nothing more important to us than protecting our users’ privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL - Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014." added Marissa Mayer.

Not only Yahoo, but the social networking giant Twitter, who have registered users of almost 550 million with an active user of 250 million across the globe has also taken immediate steps after this breathtaking story of spying by NSA get the spot light. Twitter is implementing new security measures that should make it much more difficult for anyone to eavesdrop on communications between its servers and users. The entire security mechanism has been taken to tighten the data privacy of its users. According to a blog post of twitter the company has implemented "perfect forward secrecy" on its Web and mobile platforms, which made eavesdropping almost impossible. "As part of our continuing effort to keep our users’ information as secure as possible, we’re happy to announce that we recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com. On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic." -said the blog post.

While talking about Muscular program of NSA, we would also like to remind you that couple weeks ago we came to know about 'Royal Concierge' another secret program of GCHQ & NSA to spy foreign diplomats through hotel bookings uncovered by Edward Snowden.

-Source (CIO & PC World) 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Controversial Cyber Security Bill CISPA Passed Again By The US House

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Controversial Cyber Security Bill CISPA Passed Again By The US House

Couple of months ago we reported that the White House is planning for an executive cyber security order, from some official sources it has also come to know that the U.S. President Mr. Barack Obama has a special plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA). Today that deceleration get executed as the US House of Representatives has passed the controversial Cyber Information Sharing and Protection Act. This is the second time when CISPA have been passed by the White House, first it was rejected by the Senator while saying that the bill did not do enough to protect privacy. But yet again with the initiative of Obama and a substantial majority of politicians in the House backed the bill. Though there is a huge chance of getting rejected. According to some relevant sources it has been came to light that, this time also CISPA could fail again in the Senate after threats from President Obama to veto it over privacy concerns. Sources are saying that the main reason of re-introducing CISPA is the the President Barack Obama expressed concerns that it could pose a privacy risk. The White House wants amendments so more is done to ensure the minimum amount of data is handed over in investigations.  The law is passing through the US legislative system as American federal agencies warn that malicious hackers, motivated by money or acting on behalf of foreign governments, such as China, are one of the biggest threats facing the nation.  "If you want to take a shot across China's bow, this is the answer," said Mike Rogers, the Republican politician who co-wrote CISPA and chairs the House Intelligence Committee. 

On the other hand CISPA has also secured the backing of several technology firms, including the CTIA wireless industry group, as well as the TechNet computer industry lobby group, which has Google, Apple and Yahoo as members. By contrast, some other big names like Mozilla, Reddit has been vocal in its opposition to the bill. In the beginning the social networking giant Facebook supported CISPA but later they took back its support. The American Civil Liberties Union has also opposed CISPA, saying the bill was "fatally flawed". The Electronic Frontier Foundation (EFF), Reporters Without Borders and the American Library Association have all voiced similar worries.


-Source (BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Posted by Avik Sarkar On 3/31/2013 03:21:00 pm

Facebook Hacker Cup 2013Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 
 (Hacker Cup 2103 Finalist)
 (Competition is on)
 (The Prestigious Trophy) 
(Electric Moment)
(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)
Brief About Facebook Hacker Cup:-
Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 
As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'

Posted by Avik Sarkar On 2/23/2013 02:01:00 pm

Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'

The scenario of hackers targeting another hacker has became a very common matter, in last two years we have seen many instances of the above matter where a hacker hit another hacker's site, community, blog, forums and so on. Today the story which I will about to discuss is the same matter where infamous hacker community named 'Anonymous' fallen victim. A newly formed hacker group calling them selves "Rustle League" targeted one of the officially recognized twitter account (@Anon_Central) belongs to hacktivist group which have more than 160,000 followers. According to security experts  "the reason Anonymous fell victim is probably human weakness." Or in other word many of twitter accounts get hacked due to choosing week passwords. "Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack. Everyone should learn better password security from incidents like this - if it can happen to an account run by Anonymous supporters, it could happen to you" said another expert of security firm Sophos. The hack on Anonymous twitter account placed Thursday morning and three hours later, those running the feed tweeted that they had gained back control of their account. 
While talking about attack on Twitter, we would like to remind you that, in this month a sophisticated cyber attack compromised the security system of the social networking giant twitter, where more than 250,000 twitter users have fallen victim. Though the hack of Anonymous twitter account does not resembles to the said matter, but the hack can be considered in the list of twitter hacking, widely known as #twithackery; where hackers gain temporary access of celebrity and famous twitter accounts. If you did the history we will find the following names, WWE champion John CenaStar Rita OraJustin BieberTeyana Taylor,American pop singer KeshaNBC NewsFox News PoliticsUSAToday, Lady Gaga’s Twitter AccountAnders BreivikMahesh Bhatt, Huffington Postthese are the famous names who have fallen victim to twithackery





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hacked By The Same Group Who Attacked Facebook

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship) 
Freedom of social media in India has been revoked, as the Indian govt has implemented several policy by which they made the social network completely censored. Though this step has been criticized randomly but the decisions has remain unchanged. And the result is in front of us; when a man from Agra get busted. The incident occurs immediately after he made a posts on social networking site Facebook targeting Prime Minister Manmohan Singh, union Communications Minister Kapil Sibal and Uttar Pradesh's ruling Samajwadi Party (SP) chief Mulayam Singh Yadav. According to police the post which the man from Agra made violated the policy of Indian govt and that's why it is taken as "communal and inflammatory." the man named Sanjay Chowdhary, a resident of the Dayalbagh suburb of Agra, was arrested late Monday and his laptop, sim card and data card impounded.
Police in Agra, about 360 km from here, said the arrest, which some see as an attempt to muzzle freedom of speech and expression on social networking sites, that the arrest was made on "specific information" about certain "communal and inflammatory" posts by Chowdhary. However, officials here admitted that the "case became hypersensitive after some remarks were made on the SP chief".
Senior Superintendent of Police (SSP) Agra, Subhash Chandra Dubey said police had acted "purely on law and order basis" in the matter.
"We are not involved in the political angle of the whole issue, our concern were the inflammatory comments and posts on the Facebook wall of this man and we acted to prevent any communal flare up," Dubey told the media. Some officials, however, said the case was "fast tracked" once cartoons lampooning the three leaders were posted on his Facebook wall.
Soon after his arrest, the inflammatory posts were deleted from his Facebook profile and later his account was deactivated. Chowdhury, a civil engineer and chairman of a public school, was booked under sections 153 A of the Indian Penal Code (IPC) and 66 A of the Information Technology (IT) Act.
"We have arrested him and he is being sent to jail under the due process of law," a police official said.



-Source (Yahoo News)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hired Kristen Paget, Renowned Hacker & Former Security Expert of Microsoft

Posted by Avik Sarkar On 12/11/2012 05:53:00 pm

Apple Hired Kristen PagetRenowned Hacker & Former Security Expert of Microsoft 

 To become  the very best along with that to maintain and hold your position, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. For that we have to gather the very best guy with as. The above fact took place again, when Apple hired a renowned computer security researcher who helped Microsoft to rid Windows Vista from glaring exploits. I think, you already started guessing, let me tell you that yes you are absolutely right. Kristen Paget formerly known as Chris Paget who was part of an elite team of security experts of Microsoft has now been hired by Apple to lend her expertise to securing the company's operating systems. Apple, slowly, has been trying to make inroads into the security community. This summer, an Apple engineer spoke at the Black Hat security conference for the first time. So it is a bit predictable that why Apple is looking for security experts. Paget's exact charge at Apple is still somewhat of a mystery, with company representatives declining to comment on the specifics of what she'll be working on. After leaving Microsoft and prior to her move to 1 Infinite Loop, Paget was employed by security firm Recursion Ventures. According to sources, this past July, she'd departed stating that she wished to focus on developing security-related hardware.  
According to a report by Wired - Paget’s work at Microsoft had been similarly secretive. She’d been forbidden from speaking about it for five years after her work there ended.
But in 2011, the NDA expired, and she spilled the beans on her Vista hacking at the Black Hat Las Vegas conference. In short: Microsoft’s security team had expected Vista to be pretty clean when Paget got her hands on it, but they were wrong.
“We prevented a lot of bugs from shipping on Vista,” Paget said, according to a recording of her talk. “I’m proud of the number of bugs we found and helped get fixed.” Paget and company’s bug-hunt was so successful, in fact, that it forced Microsoft to push back Vista’s ship date. When the work was done, the hackers received special T-shirts, signed by Microsoft Vice President of Windows Development Brian Valentine. They read: “I delayed Windows Vista.” 
Until this past summer, Paget had been chief hacker at Recursion Ventures, a company that specializes in hardware security. When she left in July, she said she was looking for a break from bug-finding, hoping to find a job that involved building “security-focused hardware.”
“I’ve done too much breaking of things, it’s time to create for a change,” she said on Twitter. She was hired in September as a core operating system security researcher at Apple, according to her Linkedin Profile. 
Paget made headlines in 2010 when she built her own cellphone-intercepting base station at the Defcon hacker conference. Back then, Paget was known as Chris. She switched genders last year.

While talking about hiring geniuses by giant firms, we would like to remind you that very recently Apple has hired search guru Bill Stasior to oversee Apple's Siri voice-activated personal assistant. Along with this, few months ago social networking giant Twitter had appointed famous whitehat hacker Charlie Miller, to boost up its security.  Also in late 2011 Nicholas Allegra, the world-famous hacker known as "Comex", creator of JailbreakMe.com comes was also hired by Apple.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Help! I Think My Child Might Be a Cyberbully (Special Article)

Posted by Avik Sarkar On 12/08/2012 05:57:00 pm

Help! I Think My Child Might Be a Cyberbully (Special Article)

Our society grows more and more connected. We have smart phones, computers, tablets, social media sites and other tools constantly creating new connections between people. This is generally a good thing, but there is a negative side to this enhanced communication—cyberbullying. Although bullying in the playground or classroom has been around since we started putting kids in schools, cyberbullying brings a new aspect to bullying. It is more difficult to stop because, in many cases, the bully is anonymous.

Cyberbullying Can Lead to Suicide

Cyberbullying is using the internet, cell phones or other devices to post pictures, text, videos or other information intended to hurt or embarrass another person. According to the National Crime Prevention Association, cyberbullying affects almost half of all American teens. Although many feel cyberbullying is not a big deal, the consequences can be severe. As evidenced by the amount of suicides—particularly of gay teens—in the last few years, cyberbullying can have a devastating effect on the victim and their family. Because of the nature of cyberbullying, it is difficult to tell if your child is involved—either as a victim or an aggressor.

Prevent Your Child From Becoming a Cyberbully

There are some simple ways to prevent your child from becoming a cyberbully. Be a model for them. Don’t use abusive language when referencing workmates, other parents or kids. Make sure the language you use around your child does not lead them to believe it is alright for them to use abusive language. Children look to their parents as guides for how to operate in the world. Make sure, as a guide, you're pleasant, kind and non-aggressive.
Keep an eye on your child’s social networking profile. See if they are getting involved in harassing other children. This could be a precursor to them becoming the primary bully themselves. If you do find evidence they are harassing others, do not let it stand. Talk to them about it. Explain the better, healthier ways to deal with their aggression or anger towards their friends and classmates. Make sure they understand that harassment is not an acceptable type of behavior. There are ways to assure your child's social network site can't be hacked.

Keep Your Child's Social Network From Being Hacked

Cyberbullying is not exclusive to hateful or aggressive comments or messages. Many kids have their social networking site hacked, and the hacker shares embarrassing information or posts things the actual user would not post. There is software to track the sites that have been accessed on your computer and that can help you to protect your child against identity theft. Utilize the tools available to make sure your child has not stolen another kid’s identity.
The best way to stop cyberbullying is to prevent your child from ever becoming one in the first place. Have open conversations about bullying and its effects on others. Show through example the best way to solve problems is not through threats and anger but through calm and reasoned action.



Special Article By 
Jennifer Stone
Guest Editor VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Posted by Avik Sarkar On 12/02/2012 07:01:00 pm

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.
That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.


-Source (TNW & FB)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Started Enabling HTTPS by Default for North American Users

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

Facebook Started Enabling HTTPS by Default for North American Users

The social networking giant Facebook has started securing all data traffic to the social networking site using HTTPS by default. The change started rolling out to all North American users last week, while users in the rest of the world should see HTTPS enabled by default soon. This change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Switching to HTTPS by default will mean that all connections and data, including cookies, will be transmitted over SSL in encrypted form and should no longer be able to be easily read and used for fraudulent purposes by attackers. While Facebook has used HTTPS connections to protect users' login credentials for some time, it only started offering an HTTPS option for the entire site in January 2011. The feature was not turned on by default and instead required users to manually enable the HTTPS option in their Facebook account settings.
Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to in and manually make the change in order to get the better protection of HTTPS. 
Now, users will have to manually turn HTTPS off if they don't want it, a distinction that is a major change, especially for Facebook's massive user base, which has become a major target for attackers





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

Posted by Avik Sarkar On 10/28/2012 04:38:00 am

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India (DSCI) announced that the Annual Information Security Summit 2012 will be held on 11-12 December at Taj Lands End, Mumbai. The NASSCOM-DSCI Annual Information Security Summit this year will focus on the national cyber security elements- Framework, Machinery, Responsibility & Operations for all the critical information sectors like power, energy and finance where deliberation will take place on operating technologies like smart grid and industrial control system; the security and privacy imperatives of eCommerce, mCommerce and eGovernance application and platforms. The Summit will provide an opportunity to have focused discussions with government leaders along with global experts who will talk about the security ramifications at the global level. Special features such as celebrating the success of women leaders in the field of security, Workshop on IT Act and release of DSCI assessment frameworks will also be part of the annual summit. The addition of DSCIExcellence Awards 2012 to Corporate and LEAs this year along with Annual summit will truly make this as a platform where India Meets for Security. 

Who Should Attend:-

Organizations:
  • User Organization – Banks, Finance, Telecom, Manufacturing, Energy
  • Government & PSUs
  • Technology & Service Providers
  • Security Product/ Services Companies
  • Academia
Individuals:
  • Business Leaders
  • IT Leadership
  • Security & Privacy Leadership
  • Security Professionals
  • Security Implementer | Administrator | Officer

Participation benefits:
  • Learn about new challenges, threats and vulnerabilities
  • Gain Strategic direction & practical guidance
  • Explore new approaches, practices, technologies and services
  • Discover market developments and get a feel of technology products
  • Discuss on public policies for cyber security and privacy
  • Interact with national, government and global leadership
Agenda:- 
 
Tentative Agenda Topics for Annual Information Security Summit’12 : Day 1
Time
Session
0930 to 1015
Inaugural + Key Note
1015 to 1115
National Imperatives of Securing Operational Technologies … Smart Grids, Oil & Gas, & Public Utilities
1115 to 1140
Tea Break
1140 to 1200
Platinum Session 1 by Verizon
1200 to 1250
Protecting Key Economic Assets, Securing Financial Backbone
…. Stock Exchange, Payment Infrastructures & Financial Switches
1250 to 1310
Platinum Session 2 by TCG
1310 to 1415
Lunch Break
1415 to 1430
Special feature
1430 to 1520
Architecting Security for New Age Banking
… Business Models, Technology Transformations & Channel Revolutions in the midst of Organized, Focused, Advanced & Persistent Cyber Threats
1520 to 1540
Special feature by HP
1540 to 1640
Revolution named Clobile, Nightmare for Security? … Enterprise Mobility, Mobile Apps and Cloud Enablement Data driven Businesses
1640 to 1700
Tea Break
1700 to 1800
Data driven Businesses – Data reason for Empowerment and Concern
… Big Data, Context Computing & Social Media Computing
1800 to 1900
Networking and Exhibition
1900 to 2030
DSCI Excellence Awards 2012
  • Corporate
  • Law Enforcement
2030 Onwards
Cocktail Dinner
Day 2
Time
Session
0930 to 1030
Cyber Security, from National Responsibility to Global Accountability
… Cyber diplomacy, converging national and international interests
1030 to 1100
Special Feature by CISCO
1100 to 1130
Tea Break
1130 to 1230
Securing Technology Transformation of Governance … eGovernance projects, Security Challenges & Solutions
1230 to 1315
Rendezvous with Women Security Leaders: Special Interaction …. Security, Challenges and Opportunities for Women
1315 to 1415
Lunch Break
1415 to 1515
Security Enablement of Growing Electronic & Mobile Commerce
… Rising Volume & Growth of Commerce, Security as Enabler
1515 to 1600
Securing core, edge, access & connect: reappearance of network on agenda of security
… Finding the role of network security: Infrastructure Core, Hyer-extensive organizations, Access complexities, Mobility & External exposures
1600 to 1630
Tea Break
1630 to 1730
Consumer Behaviors and Business Responsibilities In the Information Age … Responsible Behaviors, Fair Business Practices & Enabling Technologies

To Get Yourself Registrar For the Event Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search