New Browser-based iOS 'jailbreak' (Based on PDF exploit)

Posted by Avik Sarkar On 7/07/2011 11:49:00 am


Hackers have once again released a "jailbreak" for iOS devices that can be completed through the Mobile Safari Web browser, taking advantage of an exploit found in the operating system's PDF reader.
The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4. The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.
The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.
The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.
Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.
The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.
This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.
Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Secret Service is Investigating Fox News Twitter Hacking Case

Posted by Avik Sarkar On 7/07/2011 11:40:00 am


The Secret Service said Monday that it will investigate the recent hacking of the Fox News political Twitter account. Hackers took control of the account on Sunday and used it to tweet fake news of President Obama’s assassination.
Fox News said in a statement that it had alerted the Secret Service of the incident and was told by spokesperson George Ogilvie that the law enforcement agency would do “appropriate follow up.” 
Meanwhile, the Think Blog at Stony Brook University said that it had spoken with a representative of the group that claimed to be responsible for the hack, The Script Kiddies. Late Sunday night, the hackers changed the logo of the Fox News account to a Script Kiddies logo and referenced the group, tweeting at the @AnonymousIRC account, for instance, that “TheScriptKiddies would love to assist.” These tweets were removed before the six tweets regarding Obama’s fake assassination were posted on Monday. Several Script Kiddies accounts that bragged about the hack have also been removed. The Secret Service, whose job it is to protect the president, has made it clear that it doesn’t take talk of the president’s assassination lightly, even on social networks. When a Facebook poll asked “Should Obama be killed?” in 2009, the Secret Service tracked its source to a juvenile (no charges were filed). Similarly, two Twitter accounts that tweeted “ASSASSINATION! America, we survived the Assassinations and Lincoln & Kennedy. We’ll surely get over a bullet to Barrack Obama’s head” and “You Should be Assassinated!! @Barack Obama” after the healthcare reform vote last year both inspired Secret Service investigations.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

UK is Enhancing Cyber Security to fight Against Hackers

Posted by Avik Sarkar On 7/07/2011 12:11:00 am

The fight against cyber crime needs a stronger common international legal framework to enable perpetrators outside the country of their victims to be tracked down and punished, a British security official said on Tuesday.
James Brokenshire, a Home Office (Interior Ministry) Minister for Crime and Security, added in remarks to reporters that governments and companies had to work much more closely together to fight the "scammers, fraudsters and hackers" who were creating a truly global problem.
"Active international partnerships are central to tackling cyber crime," he said. "There needs to be an international response including international treaties, bilateral treaties and common agreements between countries." A priority for governments is to find ways of hunting criminals across borders and ensuring they are punished, but many nations lack a common definition of cyber crime or common legal standards that would enable prosecutions of criminals operating offshore. Security experts have long said the core problem has been that nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation.
High-profile online assaults in recent weeks have targeted the International Monetary Fund, the U.S. Central Intelligence Agency and the U.S. Senate, and companies such as Citigroup and Lockheed Martin Corp. The raids have raised doubts about the security of government and corporate computer systems and the ability of law enforcement to track down hackers. Saying there should be "no safe haven" for online criminals, Brokenshire added that governments had to work with the private sector to provide technical expertise to police in those countries that lacked the resources to fight cyber criminals.

He was speaking at the launch of the International Cyber Security Protection Alliance (ICSPA), a global not-for-profit organisation that aims to channel funding, expertise and help directly to law enforcement cyber crime units around the world.The venture, which will seek funding from the European Union, governments of the United States, Canada, Australia, New Zealand and Britain, and private sector companies, plans to work in partnership with European police agency EUROPOL.
Rik Ferguson, Director of Security Research at Trend Micro said areas of concern to ICSPA included Brazil, which had expertise in banking malware, China, where computers were often used by criminals elsewhere to host attacks in third countries, and Russia and Ukraine.Companies supporting the venture include McAfee , Cassidian, Trend Micro, Yodel, Core Security Technologies, Visa Europe , Shop Direct group, A&REdelman, Transactis and Article10. Cyber crime costs the British economy some 27 billion pounds ($43.5 billion) a year and appears to be "endemic", according to the first official government estimate of the issue published in February 2011.
Brokenshire's call echoes remarks by U.S. Secretary of Homeland Security Janet Napolitano who said last week that cyber criminals were outwitting national and international legal systems that fail to embrace technological advances.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Isolator ++ (Easy Unit Testing for C++)

Posted by Avik Sarkar On 7/06/2011 10:57:00 pm


Typemock, the leading provider and pioneer of easy unit testing solutions announced today the launch of Isolator++ for Linux. Isolator++ for Linux enables easy unit testing of C++ on the Linux distributions, Ubuntu, Fedora (Red Hat) and SUSE (Novell). This release marks Typemock’s ability to offer unit testing tools and mocking frameworks for multiple platforms and enable organizations that work on Windows and Linux to benefit from one solution for both platforms. 
Isolator++ for Linux enables unit testing – the foundation of agile development - of any C/ C++ code (including complex code such as statics, globals and non virtual method) by allowing the test to intercept and fake behaviours. The API is specifically designed to make tests more concise, more resistant to production code changes and easier to understand for new users which ensures that time is not wasted re-writing unit tests. It also protects the code from regression bugs and allows organizations to feel confident that their final product meets industry standards. Isolator++ for Linux enables developers to fake any part of the code seamlessly, without the need to redesign for testability as opposed to other unit testing solutions that require many sections of code to be re-written in order to be testable. It replaces the need for manual validation with automatic C++ unit tests. This ensures full code integrity before the code reaches QA. The launch of Isolator++ for Linux demonstrates Typemock’s ability to now offer multi-platform easy unit testing solutions for both Linux developers in addition to Windows C++ and .NET. This gives organizations the flexibility to implement unit testing practices in any of these development environments.
 “We’re very excited to help Linux developers unit test and perform TDD easily.” commented Eli Lopian Typemock‘s founder and CEO. “Following the success of our Windows .NET and C++ Isolation Frameworks and with an increasing number of developers and organizations using the Linux platform we’re delighted to now offer a single multi-platform solution that removes the complexities and friction of testing code.”

With today’s high demand for smart phones and other advanced technologies the use of C++ is on the rise. Writing correct, secure, code is imperative, especially for the military, avionics, automotive and medical device industries where an error in the code can be critical. Isolator++ for Linux will ensure that the final product surpasses all regulatory requirements. 
For more information & download click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Lulzec released their final Message for the Friends Around the Whole Spectrum

Posted by Avik Sarkar On 7/06/2011 04:44:00 pm



Lulzec released their final Message for the friends around the whole spectrum
Anon also twited About this Messages:-

 

The Message of Lulzsec Follows:-

"Friends around the globe, We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us. For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself. While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did. Again, behind the mask …"

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Spammers are Exploiting Google+

Posted by Avik Sarkar On 7/06/2011 02:57:00 pm


Scammers have begun exploiting the launch of Google’s new Google+ social network, with a growing raft of spam emails that imitate Google+ invitations. Google+ is currently still in the testing phase following its launch last week, and users need to be invited by another Google+ member before they can sign up.

Fake invitations:-

However, some of those Google+ invitations are fake, and their links direct traffic to an online business called Canadian Family Pharmacy, which sells Viagra, according to Sophos. Sophos said the emails, distributed by a Canadian hacking group called Partnerka, look authentic.
“The spammers are no doubt hoping that the email will be hard to resist, as many people are eager to see what is being billed as Google’s answer to Facebook,” said Graham Cluley, senior technology consultant at Sophos, in a statement. “Research shows that last year alone, 36 million Americans bought drugs from online pharmacies, so this is a technique that is clearly continuing to work for spammers.”
Overall the scam is “amateur” in that it makes no attempt to use a site that looks like Google+ to harvest users’ personal information, Sophos said. While Facebook doesn’t allow friends lists to be exported to Google+, an extension is now available for Google’s Chrome browser that allows users to export friends data in a format that can be imported into Google+. Facebook has, however, begun modifying accounts to prevent the tool from working, according to Mohamed Mansour, who developed the Facebook Friend Exporter tool.

Google’s answer to Facebook:-

Google unveiled Google+ last week as its answer to Facebook, which has racked up some 700 million users in six-plus years. Seizing on the market leader’s seemingly cavalier attitude toward user privacy, Google envisions Google+ as a more nuanced approach to social networking that tries to give users complete control over what content they share online and with whom they share it. Available to users by invitation only for now, Google+ comprises four major components: Circles, Sparks, Hangouts and mobile, which includes instant photo and video uploads and group messaging.
Social Circles has been rumoured since March, and was at the centre of a clumsy smear campaign by Facebook which attempted to brand Google’s privacy as poor. Circles is a sharing service that lets users add circles, or groups of users united by common interests by dragging and dropping their profiles into a circle. Circles could include family, friends and colleagues.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wikileaks Will Take Legal Action Against PayPal, MasterCard & Visa

Posted by Avik Sarkar On 7/06/2011 01:24:00 am


There hasn't been much talk lately over the fact that PayPal, MasterCard and Visa all cut off Wikileaks late last year, after the US government freaked out about the release of some State Department Cables. None of the firms has done a very good job explaining why this makes sense (or why they continue to allow other groups, such as the KKK to receive funding, while singling out Wikileaks). I'm sure those three firms, which took quite a public bashing when the news originally dropped, would prefer that there not be any more talk about it. However, Wikileaks and the payment firm they used, DataCell, are apparently planning to file a legal complaintthis week against all three firms in Europe. A draft of the complaint, which was obtained by Andy Greenberg at Forbes (linked above and embedded below), claims that the three firms violated Articles 101 and 102 of the EU Treaty, effectively a form of antitrust law. While I tend to think many antitrust claims are merely attacks on successful companies, this seems like a case where they could make sense. Here you have basically the only three ways for most people to transfer money easily, all agreeing to block a single (small) client from receiving money, despite no legal ruling against the operation (hell, charges haven't even been filed). It certainly would make for an interesting case.

-News Source (techdirt)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search