Bootloader Unlocker Tool By HTC

Posted by Avik Sarkar On 8/17/2011 01:29:00 pm


The good news is that as promised phone-maker HTC has launched a new web tool that you can use to unlock the bootloader on selected Android smartphones. The bad news is that right now selected smartphones means the European version of the HTC Sensation… and that’s it.
Soon HTC plans to add the HTC Evo 3D and HTC Sensation 4G phones from Sprint and T-Mobile in the US to the list, but for now US customers are going to have to stick with unofficial bootloader unlocking tools.
The bootloader is a program that loads the operating system on your device. By locking the bootloader HTC could tighten security on a smartphone. But by giving users the ability to unlock their own bootloaders, HTC is making it easier for customers to load custom software such as CynaogenMod or other complete operating system replacements onto their phones.
While HTC is making it easier for users to unlock their bootloaders, the company is not officially supporting phones once the bootloader is unlocked. In other words, if you use the HTC tool to unlock your device you’ll void your warranty.
The unlocking process is a little complicated, and requires you to have the Android software development kit installed, Java running, and HTC Sync software.

Fore More Information Click Here

-News Source (HTC & Mobiputing)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The NCP White Paper : SSL VPNs Pose Serious Network Security Risks

Posted by Avik Sarkar On 8/17/2011 01:29:00 pm


The use of secure sockets layer (SSL) virtual private networks (VPNs) opens up networks to security risks, according to a white paper by NCP Engineering.

The NCP white paper:– 
Debunking the Myths of SSL VPN Security - warns that vulnerabilities are endemic is SSL to the point where banks have their customer data stolen at “an alarming rate" and "web application developers create a false sense of security by trusting the confidence and credibility of a protocol that is likely to fail them before they can get through a single development cycle.”
Many of the attack vectors used against SSL are from other technologies using SSL or that SSL makes use of, such as block ciphers, stream ciphers, document format, and authentication and authorization schemes, according to the white paper.
The white paper exposes what it terms “myths” about SSL VPN. One myth is that SSL VPN is clientless. It warns that clientless SSL VPN products from multiple vendors can enable an attacker to use these devices to bypass authentication or conduct other web-based attacks.

“By convincing a user to view a specially crafted web page, a remote attacker is able to obtain VPN session tokens and read or modify content, including cookies, script or HTML content, from any site accessed through the clientless SSL VPN. This effectively eliminates same origin policy restrictions in all browsers. For example, the attacker is able to capture keystrokes, while a user is interacting with a web page”, according to the white paper.

“Clientless is a nice marketing term. It sounds great”, commented Rainer Enders, one of the authors of the report and chief technology officer for the Americas with NCP Engineering. “Guess what, it is not clientless”, he told Infosecurity.
Another myth identified by the white paper is that online banking via SSL sessions is secure. Banks use SSL for web browser banking sessions to provide secure transfer of sensitive information from customers or partners. Hackers exploited a weakness in the SSL connection and the web browser to breach Citigroup credit card customers information, the white paper noted.

“If your browser has security flaws, your SSL VPN has security flaws”, warned Enders.

Another myth, according to the paper, is that using trusted certificates from a certificate authority is secure. “Certificates used to authenticate an SSL connection allow for the certain identification of each party and for the negotiation of an encrypted channel for communication. The certificates themselves are files whose alteration can be easily detected and whose origin are verified by a trusted certificate authority, such as Comodo or VeriSign”, the white paper explained.
The problem is that the trusted certificate authority can be hacked, as happened with Comodo earlier this year. A half dozen of Comodo’s registration authorities (RAs) were hacked into, and the hackers obtained digital certificates. The hackers could spoof the certificates, enabling them to pose as Google and Yahoo and gained access to information over a secure connection, the white paper said.
Enders recommends using a hybrid solution - similar to one offered by his company - that includes both SSL VPN and IPSec to address security issues with both technologies.

-News Source (Info Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Us Boiling Springs & Baptist Church's Site (Including Sub-domains) Hacked By ZHC

Posted by Avik Sarkar On 8/17/2011 01:29:00 pm


Us Boiling Springs, First Baptist Church's Domain and Sub Domains Hacked and Defaced by ZHC UNKNOWN To Deliver The MSG To the peoples Of USA that....  

"Muslims in General are not your Enemy Stop Killing innocent Muslims .They are also Human Being..."

Hacked Sites:-
 
http://stewardship.bsfbc.info/
http://video.bsfbc.info/
http://stats.bsfbc.info/
http://cgi-bin.bsfbc.info/
http://upgrd.tar.gz.bsfbc.info/
http://wp-admin.bsfbc.info/
http://wp-content.bsfbc.info/
http://wp-includes.bsfbc.info/
http://bsfbc.info/
http://audio.bsfbc.info/


Mirror Links-

http://zone-h.org/mirror/id/14690347
http://zone-h.org/mirror/id/14690348
http://zone-h.org/mirror/id/14690349
http://zone-h.org/mirror/id/14690350
http://zone-h.org/mirror/id/14690351
http://zone-h.org/mirror/id/14690352
http://zone-h.org/mirror/id/14690353
http://zone-h.org/mirror/id/14690354
http://zone-h.org/mirror/id/14690355
http://zone-h.org/mirror/id/14690367


The Official Message Of ZHC:-

"- The insidious evil of Zionism from the standpoint of US lies in inspiring the alliance of US Zionists and Neocons. These political factions have joined in a commitment to maintain a racist Jewish colony in Palestine by means of the brutal oppression and suppression of the natives.

- Wake up American's! The Palestinians; Pakistani's; Muslims in general are not your enemy! Your enemy walks in the corridors of your administration! The ones sending your son's to kill Muslim Children and to be killed - for Israel; for The New World Order (NWO) Globalist agenda; for greed!

- You may be inspired by misguided feelings of guilt and a confused need for atonement - but how much guilt do you wish to pass onto your children as surely every empire weakens and America is weakening - what will they answer when asked ' why did your forefathers kill so many of our children and rape so many of our women' - What atonement will they receive?

- You burn the Holy Quran, You use drones to kill innocent muslims in Pakistan, You cause controversy in the arab lands for oil, You ban the niqab, You kill innocent muslims in palestine, You torture innocent muslims in guantanamo bay, You rape & torture muslim women(aafia siddiqui), yet we are the terrorists. . . . . . . ."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Posted by Avik Sarkar On 8/17/2011 03:57:00 am


Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mac OS X Lion Said Good-Bye to Analog Communications (Modem)

Posted by Avik Sarkar On 8/17/2011 03:57:00 am


Mac OS X Lion has killed off a number of things including, but not limited to Rosetta, visible scrolls bars, Quicken (see Rosetta), and unnatural scrolling. Now another casualty is the venerable analog modem.
According to users on MacRumors Forums it is true that Apple has killed off support for the analog Apple USB Modem in Mac OS X Lion since the device is no longer working after they upgraded from Mac OS X Snow Leopard.
When you will try to plug your Apple USB Modem into an available USB port on your iMac and MacBook Air (both running Mac OS X Lion) we will receive the following error message.
"You can not use Apple usb Modem withn this computer"
The problem is being blamed on two issues: the required modem drivers are missing and the drivers only work when your Mac kernel is running in 32-bit mode. Since Lion generally runs in 64-bit kernel mode by default the drivers will not work unless you boot your machine into 32-bit mode. A lively discussion about 32 vs. 64-bit mode can be found here.
The forum discussion included a work around that required modification of your system files and instructions on starting your Mac in 32-bit kernel mode. Unfortunately at press time I wasn’t able to get the suggested work around to work on either of my Macs.
One person, HellDiverUK, on the forum made a comment that I can agree with when they asked, “Modem?” followed by “Last millennium is calling, it wants its outdated technology back. ”  We think Apple agrees and that they are telling you that it looks like it is time to say good-bye to the analog modem and look to alternatives like encrypted email, zip files, PDFs, or secure FTP.

For more information and help to resolve this click Here

-News Source (Culture Of Mac)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Army India Facebook Page Hacked Albanian Hacker

Posted by VOGH On 8/17/2011 03:57:00 am


Cyber Army India, official Facebook Page Hacked by Albanian Hacker. They also gave message to Indian Hackers...

"Albanian Hackers Are Here !
India Cyber Army Respect Brothers !
But Next Time Be More Careful !
Peace From Albania !

Writed By : !.. Toni AHG ..!..DriLoN Alla .. !"

Hacked FB Page:-
http://www.facebook.com/www.cyberarmy.in



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Punjab University of Agriculture Website Hacked By ZHC

Posted by Avik Sarkar On 8/16/2011 06:49:00 pm


Punjab University of Agriculture official website Hacked and defaced by ZCompany Hacking Crew (ZHC)

Hacked Site:-

Mirror  Link:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search