Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5

Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5 

The RHEL 6x series get another important update as Red Hat Inc, the world's leading provider of open source solutions announced the general availability of Red Hat Enterprise Linux 6.5, the latest version of Red Hat Enterprise Linux 6. According to the official press release of Red Hat -RHEL 6.5 expands Red Hat’s vision of providing an enterprise platform that has the stability to free IT to take on major infrastructure challenges and the flexibility to handle future requirements, with an extensive partner and support ecosystem. 

Red Hat Enterprise Linux 6.5 is mainly designed for those who build and manage large, complex IT projects, especially enterprises that require an open hybrid cloud. From security and networking to virtualization, Red Hat Enterprise Linux 6.5 provides the capabilities needed to manage these environments, such as tools that aid in quickly tuning the system to run SAP applications based on published best practices from SAP.“Red Hat Enterprise Linux 6.5 provides the innovation expected from the industry’s leading enterprise Linux operating system while also delivering a mature platform for business operations, be it standardizing operating environments or supporting critical applications. The newest version of Red Hat Enterprise Linux 6 forms the building blocks of the entire Red Hat portfolio, including OpenShift and OpenStack, making it a perfect foundation for enterprises looking to explore the open hybrid cloud.”-said Jim Totton, vice president and general manager of Red Hat Inc. Now lets take a closer look to the main highlights of RHEL 6.5 : 

Securing the Next-Generation Enterprise

Red Hat Enterprise Linux 6.5 continues the push for integrated security functionality that combines ease-of-use and up-to-date security standards into the platform. The addition of a centralized certificate trust store enables standardized certificate access for security services. Also included are tools that meet leading security standards, including OpenSCAP 2.1, which implements the National Institute of Standards and Technology’s (NIST’s) Security Content Automation Protocol (SCAP) 1.2 standard. With these additions, Red Hat Enterprise Linux 6 provides a secure platform upon which to build mission-critical services and applications.

Networking – When Every (Micro)Second Matters

In the financial services and trading-related industries, application latency is measured in microseconds, not seconds. Now, the latest version of Red Hat Enterprise Linux 6 fully supports sub-microsecond clock accuracy over the local area network (LAN) using the Precision Time Protocol (PTP). Precision time synchronization is a key enabler for delivering better performance for high-speed, low latency applications. Red Hat Enterprise Linux 6.5 can now be used to track time on trading transactions, improving time stamp accuracy on archived data or precisely synchronizing time locally or globally. Thanks to other networking enhancements in Red Hat Enterprise Linux 6.5, system administrators now have a more comprehensive view of network activity. These new capabilities enable sysadmins to inspect IGMP (Internet Group Management Protocol) data to list multicast router ports, multicast groups with active subscribers and their associated interfaces, all of which are important to many modern networking scenarios, including streaming media.

Virtualization Enhancements

Red Hat Enterprise Linux 6.5 continues Red Hat’s commitment to improving the overall virtualization experience and includes several improvements that make it a compelling choice for running in virtualized environments. Sysadmins can now dynamically enable or disable virtual processors (vCPUs) in active guests, making it an ideal choice for elastic workloads. The handling of memory intensive applications as Red Hat Enterprise Linux guests has also been improved, with configurations supported for up to 4TB of memory on the Kernel-based Virtual Machine (KVM) hypervisor. The KVM hypervisor also integrates with GlusterFS volumes to provide direct access to the distributed storage platform, improving performance when accessing Red Hat Storage or GlusterFS volumes. Finally, guest drivers have been updated to improve performance of Red Hat Enterprise Linux 6.5 running as a guest on supported third-party hypervisors.

Evolving Ease-of-Use, Storage, and More

As application deployment options grow, portability becomes increasingly important. Red Hat Enterprise Linux 6.5 enables customers to deploy application images in containers created using Docker in their environment of choice: physical, virtual, or cloud. Docker is an open source project to package and run lightweight, self-sufficient containers; containers save developers time by eliminating integration and infrastructure design tasks. Red Hat Enterprise Linux 6.5 stays current with the advancements in Solid-State Drive (SSD) controller interface, introducing support for NVM Express (NVMe)-based SSDs. The NVMe specification aims to standardize the interface for PCIe-based SSDs and its inclusion in Red Hat Enterprise Linux 6.5 positions the platform to support an expanding range of future NVMe-based devices.

Improvements have also been added to improve enterprise storage scalability within Red Hat Enterprise Linux 6.5. It is now possible to configure more than 255 LUNs connected to a single iSCSI target. In addition, control and recovery from SAN for iSCSI and Fibre Channel has been enhanced, and updates to the kexec/kdump mechanism now make it possible to create debug (dump) files on systems configured with very large memory (e.g. 6TB).

Red Hat Enterprise Linux 6.5 makes it easier to track and manage subscription consumption across the enterprise, integrating subscription tracking into existing business workflow. Usability enhancements include support for remote access to Windows clients and servers that use a newer version of the RDP protocol, including Windows 7 and 8 desktops and Windows Server 2012. 

To Download Red Hat Enterprise Linux 6.5 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5 "https://www.voiceofgreyhat.com/2013/11/redhat-enterprise-linux-rhel-6.5-released.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services

Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services 

Windows Azure the cloud computing platform of Microsoft for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters  faced an unwanted disaster due to organized cyber attack which interrupted its service world wide. While looking at the scenario the Redmond based software giant sincerely apologize for the interruption and any issues it has caused and declared that they will  refund Windows Azure customers impacted by the said outage last week caused by an expired SSL certificate. The Windows Azure Storage outage affected at least 52 services, including Xbox Live on Thursday night and Friday. 

In a blog post while describing the situation Microsoft said - "HTTP traffic was unaffected but the event impacted a number of Windows Azure services that are dependent on Storage.  We executed the repair steps to update the SSL certificate on the impacted clusters and availability was restored to >99% worldwide by 1:00 AM PST on February 23.  At 8:00 PM PST on February 23, we completed the restoration effort and confirmed full availability worldwide. Given the scope of the outage, we will proactively provide credits to impacted customers in accordance with our SLA. The credit will be reflected on a subsequent invoice.  Our teams are also working hard on a full root cause analysis (RCA), including steps to help prevent any future reoccurrence."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services"https://www.voiceofgreyhat.com/2013/02/Hackers-Hit-Windows-Azure-Caused-12-Hour-Outage.html</a>

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java. 

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.

• Web Browser
• Google Chrome on Windows 7 ($100,000)
• Microsoft Internet Explorer, either
• IE 10 on Windows 8 ($100,000), or
• IE 9 on Windows 7 ($75,000)
• Mozilla Firefox on Windows 7 ($60,000)
• Apple Safari on OS X Mountain Lion ($65,000)
• Web Browser Plug-ins using Internet Explorer 9 on Windows 7
• Adobe Reader XI ($70,000)
• Adobe Flash ($70,000)
• Oracle Java ($20,000)

The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.

Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-

Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars"https://www.voiceofgreyhat.com/2013/01/Pwn2Own-2013-Hack-and-Earn-in-Million.html</a>

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes 

This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."

Security Feature Enhancements

The JDK 7u10 release includes the following enhancements:

• The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

For more information, see Setting the Level of Security for the Java Client and Java Control Panel.

Bug Fixes

Notable Bug Fixes in JDK 7u10

The following are some of the notable bug fixes included in JDK 7u10.

Area: java command

Description: Wildcard expansion for single entry classpath does not work on Windows platforms.

The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).

This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.

See 7146424.

For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page. 

The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes"https://www.voiceofgreyhat.com/2012/12/Oracle-Released-Java7-update-10.html</a>

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Gordon Lyon also known as Fyodor, the author of world's most popular security scanner 'Nmap' announced another update. Almost after five months we got this new version that is Nmap 6.25. This release of Nmap  contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!  It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer. 

Here are the most important change since 6.01:

• Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them).  Added 373 fingerprints, bringing the new total to 3,946.  Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.

• Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)!  Our signature count jumped by more than 400 to 8,645.  We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. 

• Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/.  Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.

• Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes. 

• Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output 

• [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.  

• [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode.  These provide compatibility with Hobbit's original Netcat. 

• Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.

• Many of the great features in this release were created by college and grad students generously sponsored by Google's Summer of Code program.  Thanks, Google Open Source Department!  This year's team of five developers is introduced at http://seclists.org/nmap-dev/2012/q2/204 and their successes documented at http://seclists.org/nmap-dev/2012/q4/138

• [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine. 

• Updated our Nmap Scripting Engine to use Lua 5.2 (and then 5.2.1) rather than 5.1. See http://seclists.org/nmap-dev/2012/q2/34 for details. 

• [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They are all listed at http://nmap.org/nsedoc/

For additional information and to know the full change log of this release click Here. To download Namp 6.25 (Source Code & Binary Packages) for Windows, Linux, Mac, Unix & few other OS click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance"https://www.voiceofgreyhat.com/2012/12/Nmap-6.25-Released-With-85-NSE.html</a>

Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB

Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB

Near about five months ago Microsoft announced that they will introduce a tablet computer of its own design that runs a new version of its Windows operating system, and that tablet was named 'Surface'. After this announcement we got the long awaited Surface tablet based on Windows RT. Now the software giant announced that the next version of its tablet computer which will run on full version of Windows 8 Pro is ready for sale. in a blog post Microsoft confirmed that the device will start at $899 for the 64GB model, with the 128GB version setting you back $999. Both of those are what's Microsoft's dubbing the "standalone" model, which means you'll get a Surface pen/stylus, but have to shell out extra for a Touch or Type Cover (each over $100). Both will be available in January, although there's no specific date or word on pre-orders yet. The current Surface uses the slimmed down Windows RT operating system. As a result, it runs only specially designed applications from Microsoft and others sold through the company's online store. The Pro version of Surface will also run regular Windows applications written for desktops and laptops. "It's a full PC AND a tablet," Surface general manager Panos Panay wrote in a blog post Thursday.

Both Surface RT & Pro looks similar to the including the same "VaporMg" casing and built-in kickstand, and it also boasts a 10.6-inch display with a 16:9 aspect ratio. A key difference with that latter bit, though, is that the screen packs a full 1920 x 1080 resolution as opposed to the 1366 x 768 found on the RT model. You'll also get a third-gen Core i5 processor with Intel HD Graphics 4000 (no more specifics on that just yet), 4GB of RAM, a Mini DisplayPort that can output a 2560 x 1440 resolution, a full-size USB 3.0 port and, of course, Windows 8 Pro with support for all your traditional desktop applications. All that expectedly makes the tablet itself a bit heftier than its RT-based counterpart -- it's just over half-an-inch thick and weighs in at two pounds on the nose.

The spec list confirmed that the Surface Pro will have a 42 W-h battery, but Microsoft has now also expanded on that in a tweet, saying that the device is expected to "have approximately half the battery life of Surface with Windows RT." Based on our testing of the RT version, that should translate to just over four-and-a-half hours.

-Source (Microsoft, Engadget)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB"https://www.voiceofgreyhat.com/2012/12/Microsoft-Launching-Surface-With-Windows8-Pro.html</a>

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 

Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.

-Source (The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10"https://www.voiceofgreyhat.com/2012/11/VUPEN-Researchers-Have-0Day-Exploit-for-Windows8-IE10.html</a>

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

The long awaited and the most advanced windows operating system by Microsoft is ready and available to buy from Microsoft Store. Earlier we got three Pre-release version of Windows 8 -Consumer Preview, Developer Preview & Release Preview. Along with these the Redmond based software giant also released an Enterprise Edition of Windows 8. With those releases, Microsoft declared that they will start selling Windows 8 from October 26. As per the schedule Microsoft opened its virtual store and began selling upgrades to Windows 8 Pro for $39.99, making good on a promise made last summer. The upgrade, which must be downloaded and installed via a utility called "Windows 8 Upgrade Assistant," can be applied to Windows XP-, Vista-, and Windows 7-powered systems. So far so good, but not that good as it looking, recently a security hole has been spotted in the wild which is allowing Windows user to buy a license for Windows 8 Pro for just $14.99 by faking the details on the WindowsUpgradeOffer page. According to a post from Technology Personalized -For the uninitiated, the MRP of Windows 8 Pro version is $169.99 and during the promotional offer period, which runs till Jan 31st 2013, Microsoft is offering a big $130 discount to encourage early adaption of the latest Windows OS. So, the existing Windows 7/Vista/XP users can upgrade to Windows 8 for just $39.99 (or INR 1999). Additionally, Microsoft had announced that those who bought a Windows 7 PC between June 2, 2012, and January 31, 2013 are eligible for a further discount and can actually upgrade for a meagre $14.99. Moreover, users get to download the ISO and/or save Windows 8 as bootable USB.

Shockingly, the WindowsUpgradeOffer page requires people to enter some extremely basic details about their Windows 7 PC purchase as shown below. As you can see, the details they ask for can no way be used to validate the purchase. It neither asks for a serial number nor Windows 7 key, but just the PC brand and model! As you can see, we entered some random info into each of the fields.

Once the details are submitted, user will get a confirmation email about the registration. Within a few minutes, another email with the promo code is sent to the same email address. This promo code can be used to purchase the Windows 8 Pro edition via the Windows 8 Upgrade assistant app, for a nominal fee of USD 14.99. Unbelievable, isn’t it? 

So far Microsoft did not responded about this issue, but for those who want to buy Windows 8 Pro (Download) click Here & those who want to get Windows 8 Pro shipped to you click Here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99"https://www.voiceofgreyhat.com/2012/10/Security-Flaws-in-Windows-Upgrade.html</a>

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.

Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.

• Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
• Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones

• Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.

Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability"https://www.voiceofgreyhat.com/2012/09/Microsoft-Issues-fixit-To-Close-IE-0day-Vulnerability.html</a>

BlackHole Exploit Kit 2.0 Released !! (Collection of Latest Exploit Modules)

BlackHole Exploit Kit 2.0 Released !! (Collection of Latest Exploit Modules)

BlackHole exploit kit - which is so far recognized as the most successful exploit kit that includes a collection of exploits to take advantage of vulnerability in the target's machine to download malwares & infect the victim, now became more power full as The BH developers have unleashed a new version of their exploit toolkit on the net. With BlackHole 2.0, the software has been "rewritten from scratch" to fool antivirus & firewall, said the unknown developers in a Russian-language release announcement on Pastebin. In their posting, they advertise new features such as temporary exploit URLs that are only valid for a few seconds, making them harder to analyse. The other features are also quite worthy and makes it a quite faster exploit kit like the new version doesn’t rely on plugindetect to determine the Java version installed. This will speed up the malware download routine. As the link to the malicious payload was easily identified by security software earlier, the BlackHole 2.0 comes with a feature that allows the customer to choose the link. The creators of the exploit kit claim that this way none of the commercial antivirus solutions is able to detect it. Old exploits that were causing the browser to crash have been removed. 

A total of 16 improvements have been claimed to be done in BlackHole’s administrator panel. Now it’s faster, statistics are easier to view, and mobile phones and Windows 8 have been added to allow customers to see precisely what types of devices are infected. The price for the services are quite comparative. All you need is criminal intent and money. The toolkit can now even be rented for a $50 a day and will then run on a server that is owned by the BlackHole team. The annual licence fee for criminals who use their own servers is $1,500. Detailed information about BH 2.0 can be here. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BlackHole Exploit Kit 2.0 Released !! (Collection of Latest Exploit Modules)"https://www.voiceofgreyhat.com/2012/09/BlackHole-Exploit-Kit-2.0-Released.html</a>

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)

Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer preview, developer preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 

"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)"https://www.voiceofgreyhat.com/2012/09/Windows8-Users-are-Vulnerable-to-Active-Flash-Exploits.html</a>

Microsoft Releases Windows Server 2012 [Download Now]

Microsoft Releases Windows Server 2012 With Complete Virtualization, Cloud Services, Improved Scalability & Performance [Download Now]

In March this year software giant Microsoft has announced the availability of Windows Server 8, later in April it has been renamed to Windows Server 2012. Windows Server powers many of the worlds' largest datacenters, enables small businesses around the world, and delivers value to organizations of all sizes in between. Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of business value. With Windows Server 2012, Microsoft delivers a server platform built on our experience of building and operating many of the world's largest cloud-based services and datacenter. Whether you are setting-up a single server for your small business or architecting a major new datacenter environment, Windows Server 2012 will help you cloud-optimize your IT so you can fully meet your organization's unique needs. 

Features at a Glance:- 

Beyond Virtualization:- Offers a dynamic, multitenant infrastructure to help you scale and secure workloads and build a private cloud. Windows Server 2012 can help you provide:

• Complete Virtualization Platform- A fully-isolated, multitenant environment with tools that can help guarantee service level agreements, enable usage-based chargeback, and support self-service delivery.
• Improved Scalability and Performance- A high-density, scalable environment that you can modify to perform at an optimum level based on your needs.
• Connecting to Cloud Services- A common identity and management framework to enable highly secure and reliable cross-premises connectivity.

The Power of Many Servers, the Simplicity of One:- Delivers a highly available and easy to manage cloud-optimized platform. Windows Server 2012 can help you provide:

• Flexible Storage- Diverse storage choices that can help you achieve high performance, availability, and storage resource efficiency through virtualization and storage conservation.
• Continuous Availability- New and improved features that provide cost-effective, highly available services with protection against a wide range of failure scenarios.
• Management Efficiency- Automation of a broad set of management tasks and simplified deployment of workloads as you move toward full, lights-out automation.

Every App, Any Cloud:- Offers a cloud-optimized server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud, or across both. Windows Server 2012 can help you deliver:

• Flexibility to Build On-Premises and in the Cloud- A consistent set of tools and frameworks that enables developers to build symmetrical or hybrid applications across the datacenter and the cloud.
• A Scalable and Elastic Infrastructure- New features to help you increase website density and efficiency, plus frameworks, services, and tools to increase the scalability and elasticity of modern applications.
• An Open Web and App Development Environment- An open platform that enables mission-critical applications and provides enhanced support for open standards, open-source applications, and various development languages.

Modern Workstyle, Enabled:- Provides users with flexible access to data and applications while simplifying management and maintaining security, control, and compliance. Windows Server 2012 can help you offer:

• Access to Applications and Data from Virtually Anywhere, Any Device- Seamless, on-demand access to virtualized work environments from virtually anywhere.
• A Full Windows Experience Anywhere- A personalized and rich user experience from virtually any device that adapts to different network conditions quickly and responsively.
• Enhanced Data Security and Compliance- Granular access to data and corporate resources based on strong identity, data classification, and centralized policy administration and auditing.

To Download Windows Server 2012 (Both iso & VHD) Click Here

-Source (Microsoft) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Releases Windows Server 2012 [Download Now]"https://www.voiceofgreyhat.com/2012/09/Microsoft-Releases-Windows-Server-2012-Download-Free.html</a>

VMware Announces The Availability of VMware Workstation™ 9 (Download Free Trial)

VMware Announces The Availability of VMware Workstation™ 9 (Download Free Trial)

The global leader in virtualization and cloud infrastructure, VMware globally announced the general availability of its Workstation Version 9, the latest version of its award-winning personal virtualization software. VMware Workstation 9 delivers best-in-class Windows 8 support and innovative new features that transform the way technical professionals work with virtual machines whether they reside on the PC or on enterprise private clouds.  “For over a decade we have consistently delivered innovative new technologies with each Workstation release and Workstation 9 continues this tradition,” said Vittorio Viarengo, vice president, End-User Computing, VMware. “Workstation 9 brings the power of VMware virtualization to any IT professional desk and enables them to leverage the latest evolution of operating systems, processors and other technologies to be more productive and effective.”

Key  features in VMware Workstation 9 include:-

• Windows 8 Support– Easy install simplifies the task of creating virtual machines for Windows 8 that can run simultaneously with a variety of legacy operating systems. Unity mode intelligently works with Windows 8 applications, and multi-touch support ensures a true Windows 8 experience. 

• More Powerful Virtual Machines – Faster startup performance, USB 3.0 support for Windows 8 virtual machines, Intel™ Ivy Bridge compatibility, more powerful virtualization extensions, virtual performance counters, support for OpenGL 2.1 on Linux and improved 3D graphics performance make running highly demanding applications simple and efficient.

• Increased Mobility – A new Web interface allows access to virtual machines running in Workstation or on VMware vSphere® from tablets, smart phones, laptops or desktop PCs.  This high performance, Web-based interface delivers a native desktop experience and does not require flash or browser-based plug-ins.

• Restricted Virtual Machines – IT administrators and instructors can create virtual machines and configure them to prevent employees or students from dragging and dropping files between virtual and physical desktops, attaching devices, or tampering with the virtual machine settings.  Once restrictions are configured, the virtual machines can be encrypted and distributed to run on Mac, Windows, or Linux PCs with VMware Fusion® 5 Professional, Workstation 9, or VMware Player™ 5.

• Better 3D Graphics- With faster 3D graphics and support for DirectX 9.0c Shader Model 3 and OpenGL 2.1 3D graphics in a Windows and now Linux virtual machine, VMware Workstation easily handles demanding 3D applications like AutoCAD, Solidworks, and many current games.

To know detailed information about VMware Workstation 9 click Here. To Download a free trial Click Here.

-Source (VMware)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VMware Announces The Availability of VMware Workstation™ 9 (Download Free Trial)"https://www.voiceofgreyhat.com/2012/09/VMware-Announces-VMware-Workstation-9.html</a>

Registration Open For Microsoft’s Imagine Cup 2013, Prize Money Boosted

Registration Open For Microsoft’s Imagine Cup 2013, Prize Money Boosted 

After the success of  'Blue Hat' Security Contest, now it is the time for Microsoft’s Imagine Cup. Redmond based software giant Microsoft has been organizing its Imagine Cup student technology competition for the last 10 years and today, the company opened registration for the 2013 edition of this event. Students ages 16 and older can now register for their national events and the winners of these local events will be flown to St. Petersburg, Russia, where the worldwide finals will take place from July 8 to 11. For this edition of Imagine Cup, Microsoft has doubled the prize money to $300,000. Since the first Imagine Cup in 2003, says Microsoft, over 1.65 million students across the globe have participated in Imagine Cup and a number of the teams that made it to the finals (and many that have not) went on to create startups.

Here is Microsoft’s description of the new core competitions:

• World Citizenship: Honors the software application developed on Microsoft platforms with the greatest potential to make a positive impact on humanity. For example, a project might address education-, social- or healthcare-related problems.
• Games: Honors the most engaging and entertaining games targeting teens and youth, built on Microsoft platforms (Windows 8, Windows Phone, Kinect for Windows Software Development Kit, and Xbox Indie Games).
• Innovation: Honors apps that give consumers inspiration and innovation at their fingertips, whether it be a new spin on social networks, online shopping or search, built with Microsoft tools and technology.

The winners of each of these competitions will get $50,000. In addition to the core competitions, students can also compete in a number of online challenges focused on specific technologies and platforms, including Windows 8, Windows Azure and Windows Phone. For detailed information click Here.

-Source (Microsoft, Imagine Cup & TC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Registration Open For Microsoft’s Imagine Cup 2013, Prize Money Boosted"https://www.voiceofgreyhat.com/2012/09/Registration-Open-For-Microsoft-ImagineCup.html</a>