Android Hack to make your phone faster and battery last longer

Android Kitkat

The ‘ART’istic Android: Making your Smart Phone Smarter

Android’s ‘KitKat’ version just replaced their penultimate update ‘Jelly Bean’ on October 31 and very recently, at the start of December, update 4.4.2 was released. What was the idea behind releasing updates in such a quick succession? What was there which Google couldn’t hold back till the New Year? Was it a sinister bug which required a fix or a Christmas goodie? The answer is ART; an update that would really position Android differently, if not ahead, of the competition.

ART or Android Run Time is responsible for running all the applications on the Android system. It has ousted its predecessor ‘Dalvik’ (named after the village of Dan Bornstein, Android’s Creator, in Iceland) which was performing the similar task since the time Android was first released. Compared to ART, as per the tech gurus across the globe, Dalvik was “not that great”. The update will provide the following benefits to the users:


1.      Speed

The previous version of the executer used the ‘Just-In-Time’ (JIT) process, which means that the app source of the application had to be converted into the executable program, every time the application started. Don’t be bewildered! Yes it does, in a jiffy.

Whereas, the new version uses ‘Ahead-Of-Time’ (AOT) process and the application is assembled and ready to be executed when the app is installed. To increase your bemusement, Dalvik’s jiffy is not that fast anymore. The application start time will be reduced by a further 50% and will have ‘The Fast Effect’ on the speed of your smart phone.

2.      Reduced Battery Downtime

The background processes will be running faster than before and the phone will actually work smart than working hard to run those background apps and processes. While using the phone you will not be able to see much of a difference, however, the battery which used to drain in the efforts to keep the processes running will now cool down, thus leaving a positive impact on the juice.

Reports from Google claimed an improved 30% boost in the IST (Idle Standby Time) however the users and the critics have their own point of view. Quoting the Technical Gurus the improvement was visible in the IST, however, not at 30% as claimed by the developer but to a significant 20%, keeping in mind the continuous updates and refinements.

The after effects of ART

As usual, the pros are always accompanied by the cons; the ART also has couple of ‘em attached to it.

1.      More Storage

The applications not only took a little long to be installed on the smart phone but they also ate up more space. In the previous version, due to the availability of JIT process the application freed-up the space when they were closed, however, with the use of ART the space acquired was 10%-20% more. This is due to the programs written in such a manner that this problem was visible and predictable. But if a 3 MB (Mega Bytes) application uses 3.3 MB or 3.5 MB, at max, space on your 32 GB smart phone, you would not worry much about it.

2.      Compatibility Issues

With the release of ART and the critics using it, it was cited that at the initial stages many applications were having compatibility issues including WhatsApp, however, with the latest update 4.4.2 the compatibility issues have been fixed. 99% of the major applications were found running smoothly with the fixed version. The list of the compatible apps is long and robust. For those finding any trouble with any frequently used applications, you may switch to and fro between Dalvik and ART.

How to use ART on the phone

If you run Android 4.4 on your handset, which should be a Google Nexus Series or a tailor-made ROM on an embedded device then you can easily upgrade the same, however, the other handset majors have planned to switch to Android ‘KitKat’ 4.4 in the first Quarter of 2014, a version which is more friendly to budget phones in contradiction to the predecessor versions. This is how you can change the phone settings:

    Go to settings then ‘About Phone’
    Tap the ‘Build Number’ repeatedly until you get the announcement you’re a developer
    Go back to settings where you will see a new ‘Developer options’ section
    In Developer options change ‘Select runtime’ to ‘Use ART’

The phone shall take 10-20 minutes for performing the reboot, in which it will convert the applications into ART compatible mode. Your data shall remain safe, however, be sure to back it up before applying these changes. Repeat the similar process should you wish to switch back to Dalvik.

Now sit back and enjoy being ‘ART’istic!

Antivirus firm ESET and BitDefender website defaced by Pro-Palestinian Hackers

A pro-Palestinian hacktivist group 'KDMS Team', who recently managed to briefly hijack the Metasploit website of security firm Rapid7 and become popular after Hacking World's largest Web Hosting Network Leaseweb website and antivirus vendors AVG, Avira as well as mobile messaging service WhatsApp's websites.

Now even I have to say that - Security is just an Illusion, because just now the group aligned with Anonymous has successfully hijacked another two Antivirus firm website - ESET and Bitdefender.

The KDMS Team successfully changed the DNS records of both sites to redirect people to a website playing the Palestinian national anthem and displaying a political message under the title "You Got Pwned".

Message posted on Bitdefender and Eset website says:

Hello bitdefender
Touched By KDMS team
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets Therefore we are here ..
And there is another thing .. do you know Palestine ?
There is a land called Palestine on the earth This land has been stolen by Zionist Do you know it ?
Palestinian people has the right to live in peace Deserve to liberate their land and release all prisoners from israeli jails We want peace Long Live Palestine

Both affected domains are registered from REGISTER.COM, INC. by companies, which is also a domain registrar for Metasploit website -- was hijacked yesterday via a spoofed change request faxed to Register.com. But the technical details on how hackers managed to hijack the ESET and Bitdefender website is not yet available, we are in contact with hackers.. Will update the article in a few hours. Stay Tuned !

Defacement of Security companies is really embarrassing and hacker's tactics allowed them to get their political message to millions of users. One of their team members tweeted, "When it's a matter of resistance no one will blame you. . Free Palestine .. Fight for Palestine"

Silk Road taken down by FBI

Notorious online marketplace "Silk Road" has been taken down by the FBI and the owner "Ross Ulbricht" a.k.a (Dread Pirate Roberts) has been arrested . Proving that "Perfect security is impossible"

He has been charged with  conspiracy to traffic narcotics, conspiracy to hack computers, and conspiracy to launder money.

The website now shows a "This Hidden Site Has Been Seized" message

Silk Road was the drug dealing website in the world .It used the "TOR hidden network" to hide itself and its users.It seems Ross Ulbricht was caught due to his own mistakes and NOT due to a vulnerability in the TOR network.


This site had been a major point used lawmakers and politicians to try to curtail the growth of the TOR
 network.And now the recent actions by the FBI against many hidden sites in the TOR network is indeed a very big setback for it.

All the transactions in silkroad were done using Bitcoins and since the news of Ross Ulbricht's arrest bitcoin value has dropped quite a bit (Due to paranoid selling). But this is just the currency stabilizing itself, when it stabilizes BTC value will rise again. And the removal of association from such illigal market places might actually be a good thing for bitcoins.

Jordan's PM's website hacked by Anonymous hacktivist

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

At the time of writing, the website(pmo.gov.jo) is offline.  You can still view the defacement in Google cache: http://webcache.googleusercontent.com/search?q=cache:http://pmo.gov.jo/PMO_Images/635159460595068250.htm

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

At the time of writing, the website(pmo.gov.jo) is offline.  You can still view the defacement in Google cache: http://webcache.googleusercontent.com/search?q=cache:http://pmo.gov.jo/PMO_Images/635159460595068250.htm - See more at: http://www.ehackingnews.com/2013/09/jordans-pms-website-hacked-by-anonymous.html#sthash.jNlmt3gn.dpuf

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

At the time of writing, the website(pmo.gov.jo) is offline.  You can still view the defacement in Google cache: http://webcache.googleusercontent.com/search?q=cache:http://pmo.gov.jo/PMO_Images/635159460595068250.htm - See more at: http://www.ehackingnews.com/2013/09/jordans-pms-website-hacked-by-anonymous.html#sthash.jNlmt3gn.dpuf

FBI demands SSL Keys from Secure-Email provider Lavabit in Espionage probe

During the summer, The Secure email provider 'Lavabit' and preferred service for PRISM leaker Edward Snowden decided to shut down after 10 years to avoid being complicit in crimes against the American people.

The U.S. Government obtained a secret court order demanding private SSL key from Lavabit, which would have allowed the FBI to wiretap the service’s users, according to Wired.

Ladar Levison, 32, has spent ten years building encrypted email service Lavabit, attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Ladar received the court orders to comply, intended to trace the Internet IP address of a particular Lavabit user, but he refused to do so.

The offenses under investigation are listed as violations of the Espionage Act and Founder was ordered to record and provide the connection information on one of its users every time that user logged in to check his e-mail.

The Government complained that the Lavabit had the technical capability to decrypt the information, but that Lavabit did not want to defeat its own system, So on the same day, U.S. Magistrate Judge Theresa Buchanan ordered Lavabit to comply, threatening Lavabit with criminal contempt.

FBI's search warrant also demanded all information necessary to decrypt communications sent to or from the Lavabit email account redacted including encryption keys and SSL keys.

But because Lavabit hadn’t complied till August 5, and a court ordered that Levison would be fined $5,000 a day beginning August 6, for every day he refused to turn over the key. 

On August 8, Levison finally decided to shut down Lavabit. “I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.”

16-Year School boy arrested for World's biggest cyber attack ever

16-Year-Old Teenager has been arrested over his alleged involvement in the World's biggest DDoS attacks against the Dutch anti-spam group Spamhaus.

 

The 16-year-old was detained by detectives at his home in south-west London after “significant sums of money” were found to be “flowing through his bank account”. He was also logged on to what officials say were “various virtual systems and forums” & had his computers and mobiles seized as officers worked through the night to secure potential evidence.

The March 20 attack on Spamhaus has been dubbed as the “biggest cyber attack in the history of the Internet” which saw server of the Dutch anti-spam organization being bombarded with traffic in tune of 300 billion bits per second (300Gbps).

 

A DDoS attack takes place when hackers use an army of infected computers to send traffic to a server, causing a shutdown in the process.

It's unclear what role the teenager played in the massive distributed denial of service (DDoS) attack. The boy has been released on bail until later this year. A 35-year-old Dutchman was detained and his computers, data carriers and mobile phones were seized, local media speculates that the person is none other than CyberBunker spokesman Sven Olaf Kamphuis.

 

FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

 

The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list.

The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. "The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda." they said. The FBI also has increased its surveillance of Syrians living in the US.

According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials.

 

Most recently, the group grabbed international attention after commandeering the websites of the New York Times, Washington Post and this week the recruitment website for the US Marine Corps.

The group's was able to compromise the multiple Associated Press (AP) Twitter feeds, then using them to issue bogus messages, including the following alert on April 23 i.e. "Breaking: Two Explosions in the White House and Barack Obama is injured." In the wake of that tweet, the White House confirmed that the president was unharmed, that there had been no explosions and that the FBI was investigating the hoax tweets.

So how did the SEA get better in only a few months? ''I don't think it would be unreasonable to suspect someone more skilled is helping them out,'' says Adam Myers, vice president of intelligence for security firm CrowdStrike.

Is the Syrian Electronic Army based in Syria? After Syria reestablished its Internet connection last week, following a blackout that lasted approximately 24 hours. Security Experts noticed that Syrian Electronic Army Hackers were online on twitter. These kinds of cuts do not affect the terrorists operating in Syria as they have their own US-supplied communication equipment.

The Syrian Electronic Army has multiple domains seized by its domain registration firm. Interestingly, The Syrian Electronic Army's first domain name was registered by the Syrian Computer Society, hosted on the network of the Syrian government.

“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” the FBI memo said. FBI request anyone who suspects they're under attack to call its CyWatch division at 855-292-3937.

Researchers Discover 'Hesperbot' - A New and Potent Banking Trojan

 

Security firm ESET has discovered a new and effective banking trojan, targeting online banking users and designed to beat the mobile multi-factor authentication systems.

Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom.

Trojan has functionalities such as keystroke logging, creation of screenshots and video capture, and setting up a remote proxy.

The attackers aim to obtain login credentials giving them access to the victim’s bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.

Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities.

The trojan also harvests email addresses from the infected system and sends them to a remote server. It is possible that these collected addresses were also targeted by the malware-spreading campaigns.

 

So far, the Trojan hasn't spread too far. The campaign was first detected in the Czech Republic where the attackers had used phishing emails impersonating the country’s postal service. Armed with this information, the crooks can try to log into victims' online bank accounts to siphon off their cash.

As for the UK, a special variant of the malware has been created, but ESET said it could not provide any further detail on it.

Hacking Facebook to delete any account; Facebook again refuses to pay Bounty

In the past few days, Facebook refused to pay bounty to Khalil Shreateh, the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg’s Timeline after Facebook Security rejected his attempts to report it.

Ehraz Ahmed, an independent Security Researcher claimed that he reported a critical vulnerability to the Facebook Security team, which allows the attacker to delete any account from Facebook.

But Facebook refuses to Pay Bug Bounty, because he tested flaw once on his friend's account, "I reported this bug to Facebook, I'm really not happy with them. After waiting for such a long time for their reply, they denied it saying that you used this bug only works for test accounts, where as I used it for removing real accounts and now the vulnerability is also fixed after their email." he said on his blog.

Vulnerable URL:

https://www.facebook.com/ajax/whitehat/delete_test_users.php? fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1

Where selected_users[0] and __user parameters are vulnerable to run exploit.

 

Secunia launches the next generation of Complete Patch Management: The Secunia CSI 7.0

Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National Institute of Standards and Technology under the US Department of Commerce (NIST).

The Secunia CSI 7.0 is the Total Package: Vulnerability Intelligence, Vulnerability Scanning with Patch Creation and Patch Deployment Integration.

To help IT teams counter the threat, vulnerability research company Secunia merges the in-house vulnerability expertise with a sophisticated patch management solution into the Secunia Corporate Software Inspector (CSI 7.0). The foundation of the Secunia CSI is a unique combination of vulnerability intelligence and vulnerability scanning, with patch creation and patch deployment integration.

Fake 'Grand Theft Auto V' Torrent Spreads Malware

Excitement continues .. Rockstar Games schedule the release of latest The Grand Theft Auto series, GTA 5 on September 17, but Cyber Criminals has already released a fake version of GTA 5 contains malware on torrent networks.

Romanian security firm BitDefender issued warning that GTA V hasn’t been leaked, and during installation you will be asked to complete a survey and send off a text message to gain the serial number. You will then be charged €1 per day on your phone bill and will be infected by a virus.

The PC version has yet to be announced, so trying to install it on your PC is a ridiculous idea; but that seems to be what a lot of people are doing.

"The survey opens in a web browser and, therefore, is able to perform a geographic redirect to the web page that corresponds to the area you are located in," said, Bitdefender Senior E-Threat Analyst Bogdan Botezatu.

This malware is a generic Trojan Trojan.GenericKDV.1134859, which can steal user information, tamper with system files or draft a computer into a botnet. This will result in you being charged for premium rate text messages sent by bogus firms.

The easiest way to avoid this malicious software is to not illegally download copies of GTA V, especially when the game isn't yet launched.

Code-sharing site GitHub now offers two-factor authentication to its users

Code repository GitHub offers two-factor authentication to beef up security around its users’ accounts. Github is a coding repository where developers used to build their projects projects that may turn out to be valued knowledgeable assets.

Two-Factor Authentication adds another layer of authentication to the login process, Now users have to enter their username and password, and a secret code in the second step, to complete the sign in. If a hacker manages to steal a user's credentials through phishing or trojans, cannot do anything, as they do need a second key to enter.

“We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub, but on other websites that support it,” the company says. This two-factor authentication for Githu can be turned on in your account settings.

GitHub hit 3.5 million users’ landmark along with 6 million repositories deposited on its 5th anniversary in April. Two-factor authentication can protect you from phishing attacks, where hackers try to trick you into giving over your information.

For receiving the second authentication factor, users can either choose to receive it via a text message or can use dedicated authentication mobile app i.e. Google Authenticator for Android/iPhone/BlackBerry or Duo Mobile for Android/iPhone or Authenticator for Windows Phone 7.

Fear of NSA PRISM : Indian Government may ban US email services for official communication

The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information.

The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe.

The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported.

The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have their Gmail IDs listed in government portals as their office email.

Last week, India's IT minister Kapil Sibal revealed that the new policy will enforce rules such as use of static IP addresses, virtual private networks and one-time passwords for accessing Indian government email services on all Indian officials who are stationed abroad.

“All Indian missions will use NIC servers which are directly linked to a server in India and that will keep government information safe.” Sibal said.

Apple Patents Tech Allowing Cops To Remotely Switch Off Their Devices

Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone.

Yes ! It's true, On June 2008 - Apple filed a patent (U.S. Patent No. 8,254,902) - titles “Apparatus and methods for enforcement of policies upon a wireless device” that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent.

All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence 'awkward citizens'.

Apple insists that the affected locations are normally cinemas, theaters and concert grounds, but Apple admits it could also be used in covert police or government operations that may need complete blackout conditions. 

"This technology would be a dangerous power to place in the hands of the government," Kurt Opsahl, a civil liberties lawyer at Electronic Frontier Foundation (EFF). "The government shutting down iPhone cameras and connectivity in order to prevent photos of political activity or the organization of the event would constitute a prior restraint on the free speech rights of every person affected, whether they're an activist or an observer" he added.

Apple also says that the user can be given a choice to approve changes being sent remotely, however one cannot rule out the possibility of some changes being applied to the device without user consent.

China hit by DDoS attack causes Internet inaccessible for hours

During the weekend China's Internet was taken down by a powerful distributed denial of service (DDoS) attack on the .cn domain slowed and blocked Internet access inaccessibility for hours.

Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single individual. The China Internet Network Information Center [CINIC] reported that the attack began at 02:00 local time on Sunday with a peek at 04:00 that made it the largest DDoS attack the country’s networks have ever faced. The CCINIC is responsible for registering sites in the .cn domain.

Before malicious coders can launch a DDoS attack, they must infect the computers of unsuspecting users, often by tricking people into installing malware on their computers.

The China Internet Network Information Center confirmed the attack with an official statement informing internet users that it is gradually restoring web services and that will operate to improve the security level of the Internet infrastructure of the country to prevent and mitigate further attacks.

Following the translated announcement: "8 May 25 at 0:00 or so, the State DNS node Denial of Service attacks, the China Internet Network Information Center disposal, to 2 pm, the service is restored to normal, early morning 3 through the official micro notice. Morning four o'clock, the state once again under DNS node biggest ever denial of service attacks, some websites analytical affected, leading to slow or interrupt access. 

In the notice, the attack continues, national domain name resolution services have been gradually restored. Ministry of Industry and Information Technology launched the "Domain Name System Security specific contingency plans" to further the protection of national domain name resolution services. China Internet Network Information Center, the affected user apologized to launch cyber attacks on the Internet stable behavior affect condemned. China Internet Network Information Center will work with the sector to work together to continue to enhance the service capabilities."

The Wall Street Journal was the first media agency that reported the important outage, the official source of Chinese Government confirmed that its network suffered the biggest distributed denial-of-service attack ever.

It's not currently known who attacked the Chinese domain or the motivations, CloudFlare CEO Matthew Prince said that there is no certainty that behind the attack there is a group of hackers, he added that "it may have well been a single individual".

FBI used Anonymous to attack foreign government systems, claims jailed hacker Hammond

Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as "Sabu" , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years.

Another Lulzsec Hacker Jeremy Hammond has claimed that the FBI used Sabu to coordinate attacks against foreign governments, by Anonymous hackers and Others.

The delays indicate that the FBI is not extracting information from Monsegur and this could mean that the hacker may be helping FBI with other covert operations as Jeremy Hammond claims.

Jeremy Hammond, released a statement on Thursday accusing the US government of asking Monsegur to encourage fellow hacktivists to infiltrate foreign government entities.

“What many do not know is that Sabu was also used by his handlers to facilitate the hacking of the targets of the government’s choosing including numerous websites belonging to foreign governments”, Hammond said.

“What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally”, Hammond added.

"Why was the US using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?"

Hammond pleaded guilty in May to hacking private intelligence firm Stratfor to expose millions of revelatory emails. The Illinois native faces up to 10 years in prison when he is sentenced, scheduled for 15th November.

Java 6 vulnerable to #0day exploit; added to Neutrino exploit kit

Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit.

The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo Hirvonen warned about the exploit over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463.

The exploit's proof-of-concept was made public last week, prior to in-the-wild attacks surfacing on Monday. Oracle is aware of the hole but, since Java 6 is no longer supported, the company will not patch the issue.

The vulnerability lies in Java Runtime Environment's 2D sub-component, which is used to make two-dimensional graphics. Because no patch is available, the exploits provides cybercriminals and other attackers an effective vehicle to launch attacks targeting users and organizations using Java 6.

The Neutrino crimeware kit was first spotted in March 2013, when it was identified as the source of a series of attacks that were exploiting Java vulnerabilities to install ransomware on victims' PCs, freezing them until users paid a fine that was supposedly being levied by the FBI and other law enforcement agencies.

The impact of this threat may be less for usual Internet users than for organizations/entities, who may not be quick to migrate to the latest software version due to business and/or operational continuity issues. 

Users should update their Java installations to the latest revision of version 7, which does not suffer from the issue. Users who don’t need Java in their everyday tasks should uninstall the software altogether.

Pinterest Exploit exposes user information of 70 Million accounts

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user's information of over 70 Million accounts.

The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest.

Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy. Dan has found the way to access to the information belonging to the owner of the Access token, as the researcher has shown it is possible to display them visiting the following URL.

https://api.pinterest.com/v3/users/me/?access_token=

MTQzMTYwMjozNTcxOTE5NTE2MDQyNjcxNzc6MnwxMzc3MDY4ODMyOjAtLTE2

ZWJjNDg4NzYxYTFmZWIwZmU0ODcxYzc3ZWUyN2E2YTdhOWNlN2I=

Substituting the "/me/" part of the link with the username of another Pinterest user it is possible to view its email address.

For example the following link shows the email address for user "pinterest" ... try your username , it works!

https://api.pinterest.com/v3/users/pinterest/?access_token=MTQzMTYwMjozNTcx

OTE5NTE2MDQyNjcxNzc6MnwxMzc3MDY4

ODMyOjAtLTE2ZWJjNDg4NzYxYTFmZWIwZmU0ODcxYzc3ZWUyN2E2YTdhOWNlN2I=

A black hat could use the Pinterest Exploit to retrieve all of the email addresses from a list of users for malicious purposes, lets' think for example to a spear phishing attack.

Dan also provided a simple solution to fix the Pinterest Exploit he has discovered, it is sufficient to to check the owner of the access token against the user whose information is being requested, in this way it is possible to prevent any abuse.

Dan Revealed that Pinterest Security Team is very efficient and careful with privacy issues, it has already confirmed that the Pinterest Exploit has been patched. Let's consider that the same Pinterest gave Dan permission to disclose the Pinterest Exploit differently from other company with similar security problems, they also included Dan's name in the Pinterest Heroes List.

Dan Melamed discovered the same type of security flaw in StumbleUpon, the researcher was able to view the full name, email address, age, gender, and location of its users, but the company never gave him permission to disclose the exploit, even after they patched it.

As highlighted by Dan flaws like Pinterest Exploit and StumbleUpon vulnerability would have allowed a hacker to collect over 100 million email addresses, security for social media is a serious issue.

Hacker reported vulnerability in Kaspersky website, Demonstrated malware spreading technique

The cyber Security Analyst  'Ebrahim Hegazy' (@Zigoo0) Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky".

Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as:

• Cloned websites (Phishing pages)
• It could also be used by Black Hats for Malware spreading

In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences.

Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware!

To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate a Black Hat's exploiting Unvalidated Redirection Vulnerability in Kaspersky website to serve a malware.

"Since I'm working on Cyber security analysis, I've seen many methods of black-hats to spread links, maybe this link is for Exploit kits, Java Applet, flash exploits, or maybe a direct link to their EXE file. Let's take an example on the Facebook spreading techniques of the attackers, you may notice that "Mediafire" website was used lately in wide Malware spreading attack on Facebook.com,Which caused a wide infection, as the infected user will start to send links from Mediafire.com to his friends and since "Mediafire" is a trusted website/source for users so they simply click it and download the file!

But what if the links are coming from a very well known Security solutions vendor such as Kaspersky? For sure people will trust the links. So, through "Unvalidated Redirection Vulnerability" in Kaspersky, attackers will be able to spread a link coming from Kaspersky.com but when the user clicks on that link, he will get redirected to the attacker's website which would download at Malware on their machines or even download a "Rogue Antivirus" to steal financial information such as credit card information!" explained Ebrahim Hegazy.

After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability, it is really a long time considering that if a hacker had found this flaw before Hagazy he could spread links using Kaspersky.com.

The consequences of unfixing of such vulnerability are critical

• Wide infection - since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com
• Very bad reputation for Kaspersky company.
• Your most trusted resource "Your Antivirus" will be your worst enemy! Would you trust anything else!

5 tips to make your Facebook account safer

Help better safeguard your Facebook profile with these 5 quick tips.

1. Make sure only your friends can see your profile

You wouldn't just go up to a stranger in the street and start telling them about your life, so why would you want them to see your Facebook profile?
Click on the cog icon that you see in the top right hand corner of the screen. Then click Privacy Settings.

Click Privacy - the third option down in the left hand pane.