‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet

 ‘Pervasive Vulnerability’ Found in  The Robotic Aircraft of Drone Fleet

Unmanned aerial vehicle (UAV), widely known as a drone has always been gone through with several controversies in case of both defense and cyber security. Yet again several question arises regarding the security system and the control algorithms of drone. According to the Pentagon’s premier science and technology division a a “pervasive vulnerability” have been found in the robotic aircraft of drone. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the Defense Advanced Research Projects Agency. There’s simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers.

In our homes and our offices, this weakness is only a medium-sized deal: developers can release a patched version of Safari or Microsoft Word whenever they find a hole; anti-virus and intrusion-detection systems can handle many other threats. But updating the control software on a drone means practically re-certifying the entire aircraft. And those security programs often introduce all sorts of new vulnerabilities. “The traditional approaches to security won’t work,” Fisher tells Danger Room.

Fisher is spearheading a far-flung, $60 million, four-year effort to try to develop a new, secure way of coding and then run that software on a series of drones and ground robots. It’s called High-Assurance Cyber Military Systems, or HACMS. For detailed information about this story click Here. 

While talking about drone and its security we would like to give you reminder that in 2011 we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. Also in 2012 drone was in controversy where researcher have figured out that drone fleets are vulnerable to GPS spoofing and it can be hijacked by any malicious attacker or terrorist. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href="> ‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet"https://www.voiceofgreyhat.com/2013/01/Pervasive-Vulnerability-Found-in-Drone.html</a>

'Mickey Virus' The Upcoming Bollywood Movie Based on Hacking

'Mickey Virus' The Upcoming Bollywood Movie Based on Hacking 

'Mickey Virus' many of you may think it may be the name of another cyber threat, but let me assure you that; its not a virus or cyber threat. Mickey Virus is the name of an upcoming Bollywood movie based of hacking and cyber world. Sounds interesting, yes it is as this is the first Indian movie which have been subjected to such fields. Before Mickey Virus, we have seen several Indian movies where the matter hacking have been shown, among them we can take the name of  16 DECEMBER, Players & so on. But the main difference between those movies and Mickey Virus will be, here the main story is based on cyber world and specially hacking. According to sources popular television anchor Manish Paul is set to make his Bollywood debut with "Mickey Virus", where he plays a computer hacker. The film hits the screens May 17. Directed by debutant Saurabh Verma, the film also features actor Manish Chaudhary of "Rocket Singh: Salesman Of The Year" fame. "The film is called 'Mickey Virus' and Manish Paul has acted in it. Other than this, we have Manish Chaudhary, who was also there in 'Rocket Singh...'," Verma told IANS.

With Delhi as its backdrop, the story of the film revolves around computer hackers. Asked if Verma harboured any apprehensions since the cast and the crew of the film are relatively new, he said: "I have no apprehensions. The film is such, it has been made for people like us. It is extremely interesting." Verma has been in showbiz for the past 15 years, but was involved in the distribution and production aspects of the film industry. "I always had this movie in mind. I have been in this business for many years now. This film was not made overnight. The pre-production itself took about six months," he said.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Mickey Virus' The Upcoming Bollywood Movie Based on Hacking"https://www.voiceofgreyhat.com/2013/01/Mickey-Virus-Upcoming-Hacking-Movie.html</a>

American Farm Bureau Federation (AFBF) Official Site Hacked & Infected With Malware

American Farm Bureau Federation (AFBF) Official Site Hacked & Infected With Malware 

The official website of American Farm Bureau have been fallen victim to cyber criminals. If you try to visit the farm Bureau site we have to face a malware warning as shown in the picture below.. 

According to sources some unnamed hacker managed to breach the server of Farm Bureau and infected that with malware. So far the reason of this cyber attack is unknown, but according to sources the American Farm Bureau Federation  (AFBF) authority did not released any press statement or neither commented about the breach. The attack took place in the night of first January, but still the index page of the site is showing virus warning. The last update is saying that the AFBF cyber team is restoring the server. 

Brief about AFBF:- The American Farm Bureau Federation (AFBF), commonly referred to as the Farm Bureau, is a nonprofit organization and the largest general farm organization in the United States. The stated mission of AFBF is "working through our grassroots organizations to enhance and strengthen the lives of rural Americans and to build strong, prosperous agricultural communities." AFBF is headquartered in Washington, DC. There are 50 state Farm Bureau affiliates and one in Puerto Rico.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">American Farm Bureau Federation (AFBF) Official Site Hacked & Infected With Malware"https://www.voiceofgreyhat.com/2013/01/Farm-Bureau-Federation-Hacked-Infected-With-Malware.html</a>

More Leaks are Coming in 2013 Said WikiLeaks Founder Julian Assange

More Leaks are Coming in 2013 Said WikiLeaks Founder Julian Assange

The government are trying their best to dominate WikiLeaks founder Julian Assange, while blocking public search containing WikiLeaks, blocking banking donations, keeping him in under house arrest. But its is a undeniable that the enthusiasm and the will power of Assange can never be ruled or dominated. Again the above fact came into light when Julian Assange announced in a defiant speech from the balcony of Ecuadorian embassy here as his supporters shouted, and sang Christmas carols. In his speech Assange said that WikiLeaks have planned to release over one million new secret documents that would affect "every country in the world" 

It was his second ``balcony’’ address since he sought refuge there six months ago to avoid extradition to Sweden over allegations of sexual assault. And he made clear he had no intention of leaving the cramped mission which he described as ``my home, my office and my refuge’’ until ``this immoral investigation continues’’.

Referring to the impasse over his extradition, Mr Assange said that as long as long as the American government sought to prosecute him and his native country, Australia, refused to defend his journalism, he would remain in the embassy. But, he said, he was open to negotiations. "However, the door is open, and the door has always been open, for anyone who wishes to use standard procedures to speak to me or guarantee my safe passage," he said.

Mr Assange has been given asylum by Ecuador but is prevented by the British Government from leaving the country arguing that it is under a legal obligation to extradite him to Sweden. He will be arrested the minute he steps out of the embassy. Police say he broke his bail conditions when he sought refuge in the Ecuadorian embassy without informing them. Mr Assange claims the case against him is politically motivated and fears that Sweden would hand him over to Americans who have threatened to prosecute him for publishing confidential diplomatic cables.

While talking about Jullian Assange and WikiLeaks, we would like to give you reminder that in this year we got several leaks from WikiLeaks, among them -'Detainee Policies' containing more than 100 classified or otherwise restricted files from the United States Department of Defense covering the rules and procedures for detainees in U.S. military custody. SpyFiles, GI Files (Global Intelligence Files & Five Million E-mails From Stratfor) & The Syria Files Containing 2.5 Million Emails of Syrian Politicians, Govt, Ministries & Companies.

-Source (The Hindu)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">More Leaks are Coming in 2013 Said WikiLeaks Founder Julian Assange"https://www.voiceofgreyhat.com/2012/12/More-Leaks-are-Coming-Said-Julian-Assange.html</a>

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Verizon one of the most popular and largest Network provider and ISP of America faced a large scale cyber attack. A hacker going by the name of TibitXimer claimed to have breached one of major server of Verizon, by which he managed to gain access inside the database of Verizon customer. This data breach effected more than 3 Million Verizon FiOS customers including full names, addresses, mobile serial numbers, the opening date of each account, and account passwords. However, he said that figure was an estimate and had "no clue" exactly how many records there were, and that it was a "low estimate based on the size of one record and the size of all the files." A fraction of leaked data have been allegedly posted on pastebin, but later the post was removed. In a report Zdnet said that the cyber attack was taken place earlier in July, this year which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw. Though Tibit denied to mention the reason of this hack, and also he did not expose the nature of the vulnerability by which he managed to get access in the server. The hacker also said that after he informed Verizon of the exploit, the company "ignored my report," and did not comment. 

 He also noted that the exploit "still exists." "The worst part of it all, every single record was in plain text," he said. "I did not have to decrypt anything." He said he couldn't understand "why they still haven't fixed the exploits," months after informing the company of its poor network security.

Immediately after this hack Verizon authorities posted a notice while saying- "This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.

....

There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers...."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Breached Verizon Server & Stolen 3 Million Customer Data"https://www.voiceofgreyhat.com/2012/12/Hacker-Breached-Verizon-Server.html</a>

'Indian OS' DRDO Introducing It's Own Operating System to Harden Cyber Security

'Indian OS' DRDO Introducing It's Own Operating System to Harden Cyber Security 

On the 3rd Worldwide Cyber security Summit, Telecom and IT Minister of India, Kapil Sibal said the Indian Government will invest $200 million in coming 4 years. This high tech plan of Indian govt in now getting executed, as Defence Research and Development Organisation (DRDO) along-with other premier institutes is developing India's own operating system (OS), which is likely to be ready in next three years. One of the key purpose of developing this operating system named "Indian OS" to enhance cyber security and strengthen the cyber and digital fence of India. In September the Prime Minister of India Dr. Manmohan Singh  said the government is working on a robust cyber security structure, and this project of introducing the own and secure OS can be calculated as one of the very major part of that very robust cyber security system. 

Speaking to newsmen on sidelines of NAVCOM-2012', two-day international conference on Navigation and Communication that began here, Saraswat, Scientific Adviser to Defence Minister, said, "We have already started a major programme and are one-and-half-years into that programme. It (Indian OS) is a major effort requiring large number of software engineers working together." In his speech the Director-General of DRDO said "One of the major elements of cyber security is having our own operating system because today we are dependent on all OS systems which are imported whether it is based on Windows, Linux which is likely to be having malicious worms/things and hence it is essential that we have our own OS" 

He also said that 150 engineers were working across the country on creating Indian OS, and added it will take at least three more years for getting the Indian OS ready.

So, till that time being, we have to keep patience and wait. We the Team VOGH congratulates DRDO for making such a fruitful Operating System (Indian OS). We strongly believe that day by day the cyber fence of India will be safer and secure. Along with this, the Indian OS will definitely strengthen the nation's cyber security. 

 -Source (TOI)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Indian OS' DRDO Introducing It's Own Operating System to Harden Cyber Security"https://www.voiceofgreyhat.com/2012/12/DRDO-developing-IndianOS-to-Harden-Cyber-Security.html</a>

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes 

This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."

Security Feature Enhancements

The JDK 7u10 release includes the following enhancements:

• The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

For more information, see Setting the Level of Security for the Java Client and Java Control Panel.

Bug Fixes

Notable Bug Fixes in JDK 7u10

The following are some of the notable bug fixes included in JDK 7u10.

Area: java command

Description: Wildcard expansion for single entry classpath does not work on Windows platforms.

The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).

This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.

See 7146424.

For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page. 

The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes"https://www.voiceofgreyhat.com/2012/12/Oracle-Released-Java7-update-10.html</a>