Information Security Blog | Cyber Security Blog


Information Security Blog | Cyber Security Blog

others (95)

Read More

Now a day’s nothing seems to be inevitable for hackers, even the CEO of Twitter can’t escape from becoming a prey of these invaders. Jack Dorsey joins the expanding list of High profile CEO’s whose social networking accounts are hacked.

A group of hackers under the name OurMine had hacked Dorsey’s Twitter account and posted few benign videos. The hacker tweeted “Hey, it’s OurMine, we are testing your security” from Jack’s account. It all happened at 2:50 AM ET and they linked the tweet to their website.

Twitter was quick to react and deleted those tweets within a short time. The attackers actually posted these messages via Dorsey’s Vine account which they have used a source to get access to the Twitter account.

Jack Dorsey probably had an old/shared password on his Vine account which may link it to another service that was compromised. Another reason for this incident can be Dorsey is using the same Vine’s password for a long time.

It had given a way for intruders to get into the company’s CEO account. It’s the same technique that OurMine had followed in its previous hacks of other famous people.

Whatever may be the reason Hackers proved that even high profiled people’s social networking accounts are not 100% secured.

This issue seems to be growing and is increasing user’s privacy concerns. Social networking platforms should find a permanent solution to these type of problems. On user’s part, everyone should follow some basic steps to prevent these hacks. Make sure you’re using a different password for every site, if you are unable to do you can use password managers like 1Password or LastPass.

Frequently update passwords of all your accounts and most importantly turn on two-factor authentication for services that have it. This authentication method sends a pin number via text message to your linked mobile number.

The same group named as OurMine were behind the hacks of social media accounts of Google and Facebook’s CEOs.

Read More

Charles King, central investigator at Pund-IT, Inc. says quantum PCs are unique in relation to traditional PCs in a few vital ways.

“For one, while traditional frameworks are outlined on parallel standards (where opening/shutting semiconductor entryways speaks to on/off, or 0/1) quantum frameworks use “qubits’ which can be on, off or both on and off. In principle, that will permit coming about frameworks to perform capacities on information using wonders from quantum mechanics, for example, superposition and snare,” King disclosed to TechCrunch in an email.

IBM has made its own quantum chip running at 5 qubits. Chow evaluates that it could take a machine running somewhere around 50 and 100 qubits to surpass the abilities of today’s speediest super PCs. We have an approaches to go here, yet this is a decent beginning stage.

However, arriving is harder than basically taking after Moore’s Law with advanced PCs on silicon chips. While IBM is as yet utilizing silicon, there are two or three gigantic obstacles required in getting more steady utilization. As a matter of first importance there is building the PC and second making sense of how to program it, Earl Joseph, who covers superior computing for IDC clarified in an email.

“This test gives the chance to an expansive gathering of individuals to begin to figure out how to program quantum PCs, which will create approaches to utilize this new kind of innovation,” Joseph composed.

He brings up there are other such tests in advancement. “NASA Ames and Google are doing some exceptionally intriguing work. The vast grand slam will be from a more broadly useful and huge size quantum PC. I think it will be a transformative procedure, with more applications going ahead line like clockwork.”

The trust is that by offering this instrument, it will push intrigue and comprehension of quantum computing and make a group of intrigued people, foundations and specialists who can cooperate to propel information about these PCs in the coming years.

Read More

A team of anonymous hackers has claimed a $1 million (£648,000) bounty for remotely jailbreaking Apple's latest mobile operating system, iOS9.

Jailbreaking is the practice of removing Apple's restrictions on their devices, allowing users to install a range of unauthorised apps and tweaks on their phones and tablets.

Jailbreaking is often done willingly by people looking to customise their device, but since it bypasses the security restrictions, jailbreaking can also be a technique used by hackers to break into phones and install spyware.

The hefty prize was offered by cybersecurity company Zerodium, who offered $1 million to any person or team who could come up with a browser-based untethered jailbreak for iOS9 in September this year.

The conditions of the competition required that the hacking process "should be achieveable remotely, reliably, silently and without requiring any user interaction except visiting a web page or reading a SMS/MMS."

In other words, the winning team found a way to remotely install an app on phones running iOS9 simply by getting the the user to open a certain webpage or read a text message.

The terms required that the break-in would have to be truly remote - any solutions that involved the iPhone being plugged in to a computer, or being accessed through Bluetooth or NFC did not qualify.

Read More

China's Tianhe-2 supercomputer has retained its position as the world's most powerful system for the sixth consecutive time, according to a biannual Top500 list of supercomputers released Monday.

Tianhe-2, or Milky Way­2, with a performance of 33.86 petaflops per second (Pflop/s), was developed by China's National University of Defense Technology and deployed at the National Supercomputer Center in Guangzhou. It has held the title since June 2013.

The Chinese system is almost twice as fast as the next on the list, Titan of the US Department of Energy, which has a performance of 17.59 Pflop/s.

In fact, there has been no change among the ranking of the world's top5 supercomputers since June 2013 in the latest edition of the closely watched list.

"The top five computers are very powerful and expensive," Jack Dongarra, professor of the University of Tennessee and editor of the report, said in an email. "It will take perhaps another year before a new system enters the top five."

Among the significant changes to this list from July 2015's list is the sharp decline in the number of systems in the United States, now at 201.

"This is down from 231 in July and is the lowest number of systems installed in the US since the list was started in 1993," the statement said.

In contrast, China made "a great leap" to 109 systems.

"China received a big boost from Sugon, Lenovo and Inspur," said Dongarra. "The large number of submissions came from Sugon."

According to the Top500 statement, Sugon has overtaken IBM in the system category with 49 systems, while Lenovo, which acquired IBM's x86 server business last year, has 25 systems in the list, up from just three systems on the July 2015 list.

In addition, some systems that were previously listed as IBM are now labeled as both IBM/Lenovo and Lenovo/IBM.

Inspur, the third vendor from China, now has 15 systems on the list.

"China is ... carving out a bigger share as a manufacturer of high performance computers with multiple Chinese manufacturers becoming more active in this field," the statement concluded.

Overall, HP leads the list with 156 systems followed by Cray with 69 systems and China's Sugon with 49 systems. IBM ranks fourth with 45 systems. Lenovo ranked sixth while Inspur ranked eighth on the list.

The Top500 list is considered one of the most authoritative rankings of the world's supercomputers. It is compiled on the basis of the machines' performance on the Linpack benchmark by experts from the United States and Germany.

Read More

A single hacker from a small town in Russia compiled a whopping 272 million unique stolen email addresses and passwords, researchers say.

A strange recent transaction with a young Russian hacker left the security research firm Hold Security and the Russian with an enormous trove of compromised email addresses and passwords, the firm says.

It started when Tanya Tabakar, an analyst at cybersecurity firm Hold Security, found a post on a Russian-language dark net forum—the type where stolen data and credentials, often sometimes old and repackaged, are often bought and sold. The hacker insisted on being paid for the account information—even though he only charged 50 rubles ($0.75). “I am just getting rid of it but I won’t do it for free,” he said, as Tabakar wrote. After she told him ethically couldn’t pay, he eventually agreed to trade the information for a like on his page on the popular Russian social media site VK.

“Honestly, it’s the first time I personally saw such a big amount of data,” Tabakar told Vocativ. Estimates vary on just how much personal data is traded on such forums, though it’s undeniably huge. Previous studies estimate about half of Americans are hacked in some form each year. Email accounts that don’t enable two-factor authentication—registering a phone number, for example, which must be verified before a user can change their password—are at far greater risk.

Tabakar was able to glean precious little about the hacker, and how he was able to acquire that information. A resident of a small town in rural Russia, he didn’t fit the mold of a criminal mastermind. “He’s a real young person and he was very friendly,” Tabakar said. The fact that he possessed such data doesn’t mean he was the first to acquire or even to compile it—it’s just noteworthy that such a person was in possession of it, and could share it for next to nothing.

“He has a lot of friends all over the world [on VK],” she said. “Hackers like him play a lot of online games and that’s how they meet people and talk to people.”

The actual number of accounts the hacker sent her was nearly a billion addresses—917 million—but some of those were duplicates, and far more weren’t original, and existed in previous known data dumps from other hackers. Still, that left 272 million unique ones. More half of those came from popular email services like Yahoo, Gmail and AOL. Russian mail site was the hardest hit, with more than 56 million accounts compromised.

Read More

We’ve heard a lot about sales and projections for smartphones in China – such as 199 percent smartphone growth in the past year – but how about active mobiles in the hands of Chinese users? The cross-promotion and ads platform Umeng has released its newest report accompanied by an infographic. It shows that, at the end of 2012, China has 160 million active Android users, with 85 million engaged in using iOS.

Newly activated Android devices really started to rocket in numbers last summer, the report notes. Across both platforms, smartphones are now so ingrained in the lives of Chinese mobile user that mobile app sessions rose 16-fold in 2012, with a 12-fold increase in the time spent within the apps that Umeng observed.

As well as lots of interesting demographics and app trends in the infographic, it also points out that iOS jailbreaking is on the decline in the long-run – down from 42.4 percent of Apple iOS gadgets in September 2012 to just 32.3 percent a few weeks ago.

Read More

Apple really doesn't want you to record videos where it's forbidden.

The company is working on a technology that can disable phones' photo and video recording capabilities using an infrared signal, a newly approved patent filing has shown.

The technology could stop people from making illegal recordings at concert venues, in cinemas or theaters.

The patent described how an infrared signal could be fired in places where video recording is prohibited. The phone would detect the signal and either alter what's shown on the screen or shut down its video features completely.

The patent approval was first reported by Patently Apple.

The patent filing suggests video capabilities would only be disabled if the phone is pointed in a certain direction. So users would be still able to take photos of their friends in the crowd, but their camera would switch off if they point it at the stage.

Apple also suggested the infrared signal could be used to alter what the user sees on their screen and provide extra information. For example, if pointed at a piece of art in a museum, the phone could display details about the artwork.

Read More

Facebook users are falling for a chain status update hoax that claims to protect their personal information under copyright laws.

The message has a few variations with date modifications to continually trick new users into reposting the scam. A nearly identical hoax which attempted to entice victims to sites filled with malware and viruses merged back in 2011, reports CBS. The first variation claims that Facebook will begin to charge a subscription fee to maintain private accounts:

“Now it’s official! It has been published in the media. Facebook has just released the entry price: $5.99 to keep the subscription of your status to be set to “private”. If you paste this message on your page, it will be offered free (paste not share) if not tomorrow, all your posts can become public. Even the messages that have been deleted or the photos not allowed. After all, it does not cost anything for a simple copy and paste.”

The second alludes to irrelevant treaties that will supposedly protect a user’s Facebook information from copyright infringement. This misleading post, which has been around since 2012, reads:

“As of September 28 2015 1146 am Eastern standard time, I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, or posts, both past and future. By this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. You MUST copy and paste.”

Facebook does not own users’ media as Facebook spokesman Andrew Noyes announced in a statement reported by USA Today:

“We have noticed some statements that suggest otherwise and we wanted to take a moment to remind you of the facts–when you post things like photos to Facebook, we do not own them. Under our terms, you grant Facebook permission to use, distribute, and share things you post, subject to the terms and applicable privacy settings.”

Read More

Google usually announces a new version of Android at its annual developer conference called I/O. This year, however, we've already seen two Android N Developer Preview releases, so the search giant doesn't have anything new to announce - or does it?

Today the company is pushing out the third big release of the Android N Developer Preview. According to the company, this is the first "beta quality" iteration of the next OS version, so you may even get away with installing it on your main device without any nastiness (then again, "beta" doesn't mean "bug free", keep that in mind).

Aside from the usual battery of performance improvements and fixes and whatnot, this release brings with it a new update mechanism that emulates the one used in Chrome OS. Basically, whenever a new software update is available, your device will automatically download it in the background, and then automatically install it the next time you restart your phone or tablet.

No more notifications telling you that an update is available, and no need to then confirm that you want to download and install. It will all be a much more seamless process, and booting up after an update is applied should be faster than it used to be too, because the infamous "Android is upgrading" screen is gone.

Read More

The tool purchased from a private party and used to access an iPhone belonging to one of the San Bernardino shooters only works on a "narrow slice" of phones, FBI Director James Comey said Wednesday night.

Speaking to a group at Kenyon College in Gambier, Ohio, Comey said the government is considering whether to share with Apple how officials were able to access an iPhone 5c used by Syed Farook.

"We’re having discussions within the government about, 'OK, so should we tell Apple what the flaw is that was found?'" he said. "That is an interesting conversation because if we tell Apple, then they're going to fix it and we’re back where we started from."

Federal officials announced last month they successfully cracked into an iPhone used by Farook and no longer needed Apple's help in unlocking the device. The Department of Justice and Comey have said all along that the solution they sought in breaking into Farook’s phone would only work on this one phone -- the 5c running iOS 9.

Comey did not reveal the third party that helped the FBI crack into the phone, but said he knows "a fair amount about them" and is confident they'll keep the method used to access the phone private.

"The FBI is very good at keeping secrets and the people we bought this from -- I know a fair amount about them and I have a high degree of confidence that they are very good at protecting it and their motivations align with us," he said.

Apple has been staunch in its position that creating a backdoor for government officials would undermine the security of millions of users. However, Comey said the "slippery slope" argument is a "fallacy."

"The controversy over the Apple case, the challenge of encryption more broadly, has been chock full of slippery slope arguments and absolutist arguments," he said. "Every time you hear someone making a slippery slope argument, an alarm should go off in your head."

"The notion that privacy should be absolute or the government should keep their hands off our phones, to me just makes no sense given our history and our values," he said.

After the Department of Justice dropped its case against Apple last month, the company issued a statement saying legal action should never have been brought.

"From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred," Apple said. "We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated."

"This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion," the company added.