Google cracked one of the building blocks of web encryption..!

Google researchers did something that rather seemed impossible before, they have managed to produce two different documents which have the same SHA-1 hash signatures. This shows nothing is impossible.

Why is it such a big deal? Well, it has everything to do with the fact that SHA-1 is widely used across the Internet. It’s used for HTTPS certificates which are used to protect your browsing and also in Git repositories. It is also used to find if data in many forms like PDFs, emails, source code, website certificates and so on, have not been tampered with by hackers or not.

Coming back to the present, Google has managed to prove that it is, possible to create a hash collision by just altering a PDF without changing the SHA-1 hash value of it. It means that people can be tricked into thinking the altered document or duplicate document was actually the original one, which is worrisome.

In a blog post, Google wrote saying, 

“Today, 10 years after the SHA-1 was first introduced, we are today announcing the first practical technique for generating a collision. This represents the culmination of two years of research which sprung from a collaboration between the Google and the CWI Institute in Amsterdam”.

What is the Purpose of doing all these?

This is a common question arising in minds. Why should Google try to crack the algorithm which was used all over the internet for encryption? The simple answer is that - if Google had not, some other attacker might have. And its good that Google made the world aware about the faulty SHA-1 hash algorithm. 

This industry cryptographic hash function standard is used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates.

The purpose of this entire effort and spending two years of research into this was to show the tech community that it is necessary to stop the SHA-1 usage. Google has supported the deprecation of SHA-1 for many years, especially when it comes to signing the TLS certificates, due to this type of problem. Chrome has been slowly phasing out of using SHA-1 ever since 2014.

“We hope our practical attack on this encryption type will cement that the protocol should no longer be considered secure,” the team added, pushing the tech industry towards using a safer alternative such as SHA-256.

Read More

AMD's new Processor beats Intel's i7 and costs Half the Price..!

AMD is all set to release three tiers of AMD Ryzen 7 chips which will feature eight cores and 16 threads on March 2. The cost will be half the price compared to Intel’s high-end processors.

AMD Unveils Ryzen 7 CPUs, Beats Intel’s Core i7 And Costs Half The Price

Advanced Micro Devices (AMD) is all set to compete with Intel in a bigger way, AMD on Wednesday shared their plans to “hard launch” their Ryzen series of processors on March 2. Guess what? These chips are said to outperform Intel’s bests, and at the same time, the cost will be half the price compared to Intel’s high-end processors.

Well, AMD is all set to release three tiers of AMD Ryzen 7 chips which will feature eight cores and 16 threads. The AMD Ryzen 7 1800X will be accessible at $499, and it performs 9% better than Intel Core i7 6900L. The base clock speed will be 3.6Ghz, and the boosted clock speed is 4.0 GHz.

The next in the Ryzen series is AMD Ryzen 7 1700X which will be available at $399, and it performs 39% better than Intel Core i7 6800K. The base clock speed will be 3.4Ghz, and the boosted clock speed will be 3.8Ghz.

The last at the Ryzen Series is AMD Ryzen 7 1700 which performs 46% better than Intel Core i7 7700K, and it will be available at $329. The base clock speed of the processor will be 3.0 GHz and can be boosted up to 3.7Ghz.

Well, the price of the processors is almost 35& – 50% lesser if compared to the Intel’s. The Ryzen series of processors are all set to give tough competition to its competitors. AMD is always known to deliver high performance at lower prices.

AMD Ryzen series of processors will be one sale on over 180 different retailers across the world and will be sold individually and in OEM configuration. The pre-order of AMD Ryzen processors are already started and you can grab it from Amazon.

Retailers will start taking pre-orders on Wednesday, with AMD Ryzen 7 devices to be formally unveiled on Thursday next week - it's unclear whether they will be available from then, however.

"Four years ago we began development of our 'Zen' processor core with the goal to deliver unprecedented generational performance gains and return choice and innovation to the high-performance computing market," said Dr Lisa Su, president and CEO of AMD. 

She added: "On March 2, enthusiasts and gamers around the world will experience 'Zen' in action, as we launch our Ryzen 7 family of processors and reinvigorate the desktop computing market."

AMD claims that the flagship Ryzen 7 1800X is the world's best-performing eight-core desktop microprocessor, while the Ryzen 7 1700 is the world's lowest-power eight-core desktop processor.

The devices launched today are intended for PC gamers, creators and animators, and enthusiasts who want to buy or build the most powerful systems that they can, claimed the company.

 

Read More

Different ways to run Linux Softwares on Windows..!

So far we have covered important and basic concepts of Linux. Here is a small list of topics covered :

• About Linux
• Advantages of Linux
• Best uses of Linux
• Linux Distributions
• Types of Linux Distros

As I told in my last article that we will see how to install Linux in next article. But as I got one question in mind and the line to tutorial changed. I bet many of you don't know about the stuff I wrote in this article. So let's start..

I know that everyone of us is using Windows Operating System now-a-days. But as now you also know the importance of Linux, you might be willing to install Linux on your PC. But you might be afraid to lose Windows OS. So, here I will provide a guidance to install Linux over Windows Machine.

You might be knowing the two methods of installing Linux :

1. Creating a separate partition on HDD and installing Linux on it.
2. Running Linux Live without installing to get it temporarily worked.

But here are some other methods which are easier and better to creating separate partition and running temporarily. (If you don't know the above two methods, don't worry.. I will provide the tutorial in my next article.)

Virtual Machines

Virtual machines allow you to run any operating system in a window on your desktop. It allows you to run Linux in a separate window on Windows OS, just as we are using software in a separate window. You can install the free VirtualBox or VMware Player, download an ISO file for a Linux distribution such as Ubuntu, and install that Linux distribution inside the virtual machine like you would install it on a standard computer.

When you need to boot up your Linux system, you can do it in a window on your desktop — no need for rebooting and leaving all your Windows programs behind. Everything but demanding games and advanced 3D effects should work just fine, but you likely won’t want to use those, anyway.

Ubuntu’s default Unity desktop uses 3D effects and the desktop interface doesn’t perform as smoothly in a virtual machine as past desktops did. Xubuntu uses Xfce, which is much more lightweight. So, you can install Xubuntu as an option to Ubuntu.

You could even try using VirtualBox’s seamless mode or VMware’s unity mode to run Linux applications directly on your desktop - they’ll be running in the virtual machine, but their windows will be present on your Windows desktop instead of trapped in a single virtual machine window. It's like using two software applications in different windows at the same time (E.g. VLC and Browser).

More information about using VirtualBox, its advantages and installing different OS is a part of separate tutorial. Also you can install more than one OS on VirtualBox. Hence, it is not limited to installing only one OS. You can install different Linux Distros like Kali, Ubuntu, Debian at the same time without partitioning your HardDrive.

Click to view full size image

Cygwin

Cygwin is a collection of tools that offer a Linux-like environment on Windows. It’s not a way to run existing Linux software on Windows - the software will have to be recompiled. However, much software has already been recompiled. Cygwin will give you a Linux-like terminal (not exactly Linux) and command-line environment with many of the command-line programs you may already be used to.

We will later see installing and using Cygwin. You can even use Cygwin to install an OpenSSH server and get SSH access to a Windows system.

This solution is ideal for users missing crucial Linux utilities on Windows — it’s not a way to run a full Linux desktop.

Click to view full size image

Install Ubuntu via Wubi

This method is technically installing Linux, not running Linux software on Windows. You’ll have to reboot each time you want to use your Linux system just as if you had installed it in a standard dual-boot configuration.

However, Wubi doesn’t install Ubuntu in the normal way. Instead, it creates a special file on your Windows partition and uses that file as your Ubuntu drive. This means that you can install Ubuntu and use it without any partitioning and you can uninstall Ubuntu from the Windows Control Panel when you’re done. It is similar to installing and using any application software and uninstalling it when the job is done.

If the partitioning your HardDisk is holding you back, give Wubi a try. Performance won’t be quite as good as a normally installed Linux system when it comes to disk read and write times, but it should be faster than a virtual machine. Here, you can install Ubuntu without partitioning your HDD is the main advantage.

Click to view full size image

Ported and Compiled Programs

Many common Linux programs have already been ported to Windows and compiled versions have been made available online. If you really miss Emacs (Linux text-editor), you’ll find versions of Emacs for Windows. If you want to run a specific program on Windows, perform a Google search for the name of that program and “Windows” — there’s a good chance you’ll find a version of the program that ‘s been ported to Windows.

This trick is mainly used when you want to run only a single software available in Linux on your windows. Instead of installing complete Linux OS, you can find the compiled or ported version of that software for windows.

Click to view full size image

The above were several methods available to use Linux on Windows. Now, it depends on individual which method to use, depending on his/her preference and work.

Read More

Kaspersky launches its own Hack-Proof OS, No Linux now..!

The popular cyber security and antivirus company Kaspersky has unveiled its new hack-proof operating system: Kaspersky OS.

The new operating system has been in development for last 14 years and has chosen to design from scratch rather than relying on Linux.

Kaspersky OS makes its debut on a Kraftway Layer 3 Switch, Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch.

The Layer of 3-switch is the very first tool for running the Kaspersky OS, which is designed for networks with extreme requirements for data security and aimed at critical infrastructure and Internet of Things (IoT) devices.

Purpose of designing Kaspersky OS :

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things.

The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing.

The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure.

It's quite easy for most companies to get rid of the virus-infected computer, as they all need to do is unplug the infected ones from the network, according to Kaspersky.

But since industrial control systems (ICS) are usually managing critical operations or infrastructure that must be powered on all the time and can not be taken offline for even a while, the malware targeting these ICS systems is a challenging problem.

So, according to Kaspersky, the solution lies in a secure operating system with strict cyber security requirements that could help reduce the chances of undocumented functionality and thus mitigates the risk of cyber attacks targeting ICS or IoT devices.

What's new in Kaspersky OS than others?

Kaspersky OS is based on Microkernel Architecture: The new secure OS is based on microkernel architecture that enables users to customize their own operating system accordingly. So, depending on a user's specific requirements, Kaspersky OS can be designed by using different modifications blocks of the operating system.

Kaspersky OS is non-Linux: Yes, one of the three major distinctive features of the new OS mentioned by Kaspersky is that the GUI-less operating system has been constructed from scratch and does not contain "even the slightest smell of Linux."

"All the popular operating systems are not designed with security in mind, so it is simpler and safer to start from the ground up and do everything correctly. Which is just what we did," says Kaspersky.

But what makes Kaspersky OS Hack-Proof?

It is the operating system's inbuilt security system. Yes, Kaspersky OS inbuilt security system has the ability to control the behavior of applications and the OS modules.

Kaspersky OS claims itself as practically unhackable OS, because for gaining unauthorized access, any hacker would need to break the digital signature of an account holder, which is possible only with a quantum computer. 

"In order to hack this platform a cyber-baddie would need to break the digital signature, which – anytime before the introduction of quantum computers – would be exorbitantly expensive," says Kaspersky.

Kaspersky talked about the recent DDoS attacks that affected numerous websites in past few months. He guaranteed that Kaspersky OS would protect devices, such as industrial control systems, SCADA or ICS, and IoTs, from cyber attacks.

The most severe one was the recent massive DDoS attack on Dyn's DNS servers, which knock down popular sites like Amazon and Twitter. The attack was carried out by Mirai botnets that had infected smart devices like security cameras. Also the source code of Mirai was leaked on Github for a while.

So, Kaspersky says it is mandatory to protect the IoT and other critical infrastructure (like industry, transport, and telecoms) from IT threats.

"I also hope it's clear that it's better – no matter how difficult – to build IoT/infrastructure devices from the very beginning in such a way that hacking them is practically impossible. Indeed, that is a fundamental goal with Kaspersky OS," he says.

It’s Secure, But KasperskyOS is not Linux!

Yes, this OS is not just another Linux flavor.

The new OS has been designed to allow programs to execute only documented operations under its strict security policy. Only what is defined by the policy can be executed, including the functionality of the OS itself.

The customers can also examine the source code of KasperskyOS to make sure the operating system has no undocumented capabilities. The OS also has independent security engine that lets users enforce the policy that suits their security objectives.

KasperskyOS is not a general-purpose operating system; instead, it is designed for embedded devices, including IoT, telecommunication equipment, connected cars, and industrial control systems.

To create a package that could be applied in several different areas of granular customization, Kaspersky has developed three products:

• An Operating System (KasperskyOS)
• A standalone secure hypervisor (KSH) for running virtual machines
• A system for secure interaction between OS components (KSS)

KasperskyOS was designed to not only solves security issues but also addresses organizational and business challenges related to secure application development for embedded systems.

More detailed technical specifications of the OS can be found on the official KasperskyOS page and the KasperskyOS whitepaper.

 

So, what do you think..! Has Kaspersky overtook the Linux systems? Because till now, the most secure web-servers were running on Linux. Also. though Kaspersky is most secure, will the hosting servers change their OS? Because, its very difficult to change OS when you are maintaining and sharing data online.

Read More

How to Cross-check your Facebook Profile Visitors..!

Everyone loves to find out who is more interested in him and it is a human tendency. It has made this undeclared feature of facebook as a most wanted feature. Now coming back to the point. Everyone is curious to know who visited their Facebook profile.Be it a girl or a boy, they tend to have an etching desire to find out who visited their Facebook profile as they are filled with these common questions- “Whether my crush checks my profile?” , “Who views my pics?”, “Which girl/Boy always views my profile?” and so on…Its natural, but i have seen many people getting tricked by 3rd party software that doesn’t provide appropriate results but just spams on their Facebook Wall’s.

Manual Method To Check Who Visited My Facebook

As I said it is not recommended to use any third party facebook applications blindly. However it is not completely impossible to know who looks at my facebook. The title of this method suggests you that this is a manual procedure and you have to work out on your own to get the results. But this is a very simple trick and so there is no problem working out with it. It provides the desired results within seconds.

Just follow these steps and you’ll succeed in finding out who visited your Facebook Profile!

Step 1: Login to your Facebook Account using any browser (Suggested :- Chrome or Mozilla). Its mandatory to use Laptop or PC to accomplish this task. 

Step 2: Go to your Facebook Timeline (Profile).

Step 3: Right click on your Browser (First go to your timeline) and click "View Page Source".

Click to view full size image

Step 4: You will be Redirected to a new Page which contains the code of your Facebook Timeline Page. (This is the HTML+CSS combo of your facebook timeline page.)

Step 5: Now, as there is a huge page containing code, and you have to work only on a specific part of code. So press CTRL+F on your keyboard to open the Find menu. (This will open a textbox at the bottom of your page/browser.) 

Step 6: Type “InitialChatFriendsList” (Do not include quotes) in that textbox and search for it.

Step 7: Next to that word, you’ll see a list of numbers, these are the profile ID’s of people who visit your timeline.

Click to view full size image

Step 8: Now, open a new tab in browser and type "www.facebook.com/profile_id". Replace "profile_id" with the id you want to search for. In my case, let be the first ID I want to search for. The ID is 100011540109189 (see the above image). Note that the first word is 100011540109189-2 but the ID part is only 100011540109189. (Neglect -2.) So, I will visit : "www.facebook.com/100011540109189".

Step 9: Done..! You will see the profile of the person who visited your facebook timeline.

As shown in the image above, there is a huge list of IDs. So how will you know : who visited your profile frequently and who does not?  The answer is :

The first ID shows the one who visits profile more often while the last ID never visits your profile!

Post recommended by :- Golu

Read More

Footprinting and Reconnaissance - Location Information and People Search

In last article, I mentioned the steps to determine the Operating System of the target. And here, we are going to study about determine the geographic location of the target, as well as using online people search services.

So. first you might think 'Why determining the location in important in Hacking?'. It holds a lot importance as many things can be determined from the location of a company. A few of them are listed below :-

• Services provided by the company.
• Nature of the society at that place.
• Mindset of workers (people residing there).
• And many more...

Now, but might think 'What is the importance of all the above mentioned things!'. Basically, these all things comes into light when we perform social engineering attacks (will be taught in later articles) on the target company.

 

Tools for finding geographical location :-

• Google Maps - https://maps.google.com
• Wikimapia - http://www.wikimapia.org 
• National Geographic Maps - http://maps.nationalgeographic.com 
• Bing Maps - https://www.bing.com/maps 

 

But only knowing the geographic location doesn't help you to perform social attacks. Many other information is needed to perform such attacks. From the list of information needed, only two information gathering tricks are mentioned here. One is location information (mentioned above) and other is People Search (see below).

Social networking sites are the great source of personal and organizational information. Information about an individual can be found at various people search websites. The people search returns the following information about a person or organization :-

• Residential addresses and Email addresses
• Contact numbers and Date-of-Birth
• Photos and Social Networking Profiles
• Blog URLs
• Satellite pictures of Private Residencies 
• Upcoming projects and operating environments.

People Search Online Services :-

• AnyWho - http://www.anywho.com
• US Search - http://www.ussearch.com
• Intelius - http://www.intelius.com
• 411 - http://www.411.com
• PeopleFinders - http://www.peoplefinders.com
• PeopleSmart - http://peoplesmart.com
• Veromi - http://www.veromi.net
• PrivateEye - http://www.privateeye.com
• People Search Now - http://www.peoplesearchnow.com
• Public Background Checks - http://www.publicbackgroundchecks.com

NOTE :- These services are mostly for US people. That means, you can only find the data of citizens of US and not other countries. I am still finding such server for other countries database. Till then enjoy with this.

 

Post your problems and feedback at the bottom of this page in the comment box. Thank you.. 

Read More

President Donald Trump's Website got Hacked..!

During the 2016 presidential election campaign, we reported about how insecure was the mail servers operated by the Trump organization that anyone with little knowledge of computers can expose almost everything about Trump and his campaign.

Now, some unknown hackers calling themselves "Pro_Mast3r" managed to deface an official website associated with President Donald Trump's presidential campaign fund-raising on Sunday.

The hacker, claiming to be from Iraq, reportedly defaced the server, secure2.donaldjtrump.com, which is behind CloudFlare's content management system and security platform.

The server appears to be an official Trump campaign server, reported Ars, as the certificate of the server is legitimate, "but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure." 

The page, now displaying an image of a man in a fedora, displays the following text:

Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq 

At the time of writing, the server is now offline, and there is no official statement from Trump-Pence campaign team yet.

According to a blog post published by Italian IT journalist Paolo Attivissimo, the source code of the defaced server does not contain any malicious script.

Instead, the server includes a link to javascript on a now-nonexistent Google Code account, 'masterendi,' which was linked to cyber attacks on three other sites in the past. 

Read More

How to Unlock Pattern Lock or Password In Android Smartphone?

Android is the most used Mobile OS in the world and Engineers from Google work so hard to make it more secure after every update. If you ever forget your mobile pattern or password you can reset your mobile and get your device back. But in this case you will lose all your data if you want to recover your device without losing data. Follow the below steps. Hope this article will be helpful to you.

1st Method :- Unlock Pattern Lock On Android Using Aroma File Manager Without Loosing Data

Prerequisites :-

• Aroma File Manager.
• You android device either locked by pattern lock or password lock.
• A memory card for android device.

 

Steps To Unlock Android Pattern Lock

Step 1. After downloading Aroma File Manager, place it in your memory card (SD card). Insert the memory card into your locked android device.

Step 2. Open Stock Recovery Mode with reboot your android device and pressing Power Key and Volume up key simultaneously. Different phones may be have different methods to open stock recovery mode so if you face any problem Google it.

Step 3. After entering into recovery mode use Volume+ and Volume- buttons to scroll up and down. For select use middle button.

Step 4. From there click on “Install Zip from SD Card” and give a path to install “Aroma File Manager” from SD card.

Step 5. After installing, it will open in recovery mode.

Step 6. From the Aroma File Manager navigate to settings >> go to bottom and click on“Automount all devices on start” and then exit.

Step 7. Repeat Step 4 & 5 again. (To open Aroma File Manager because there is no other way to open it. It opens up only after installing.)

Step 8. After this you will get “Aroma File Manager” opened again.

Step 9. Now navigate to Data Folder >> System Folder  and find >> “gesture.key”or“password.key” for pattern lock or password lock respectively.

Step 10. Delete that any one file and then exit aroma file manager and reboot your android device. After rebooting you will notice that password or pattern lock not removed. But don’t worry draw any pattern and you will open your android device but remember or note that pattern.

2nd Method :- Unlock Pattern Lock On Android Without Losing Data Using ADB

1. First Requirement is Download Android SDK and here I will show you How To download and install Android SDK Tools.

• Download and install Android SDK Tools  to run ADB commands. Now select platform according to your download and install it.
• After installing open it, unchecked the other packages and check Android SDK Platform-tools and then click on install packages according to the image given below.

2. So the other requirement is USB Debugging should be enabled before your android device is locked.

3. The process will not be helpful if you doesn’t have specific and compatible drivers for your phone. So you should be very careful While installing your device compatible drivers.

NOTE : You can also use Minimal ADB Drivers if they are already installed on your system. But the thing is, they should run properly and detect your device.

Steps To Unlock Android Pattern Lock

Step 1. Connect your locked android phone with PC/Laptop via USB.
 

Step 2. Open folder where you installed Android SDK Tools Users >> App Data >> Local >> Android >> Android-SDK >> Platform-Tools and then click on blank space hold shift and click right mouse button and select “open command window here”.

Step 3. It will open you command window now you have to put some commands in the command window:-

To check if your device is connected or not, insert the command:-

adb devices 

Step 4. If your device is listed, that means your device is detected by ADB and there is no problem. If not, there is some problem with either ADB or device drivers. (Solve the problem and then continue.)

Now put these commands :-

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name=’lock_pattern_autolock’;
update system set value=0 where name=’lockscreen.lockedoutpermanently’;
.quit

If above commands not working put :- 

adb shell rm /data/system/gesture.key

  

Step 5. Once you done you have rebooted your android device. Now its all done. After rebooting your device you will see the pattern lock disabled. So in this method USB Debugging should be enabled before locked and it is must. But If it is not enable then you cannot proceed further steps.

Method  3rd:- Unlock Pattern With Factory Settings (Data Will Lost)

If you don’t have a PC or if USB Debugging is not enabled then follow the below steps :-

Step 1. First Switch off your Locked Android Device.

Step 2. Now, boot your Android device into “Recovery Mode” using specific keys by holding power key and volume up key simultaneously. (According to device, this procedure may vary. Kindly search Google for "how to open recovery mode in xyz device") 

Step 3. After opening Recovery Mode

• Select “Factory Data Reset” option and give “Yes“.
• Select “Wipe Cache Partition” to wipe cache data. 

Step 4. After above steps Reboot your device. 

Step 5. All Done ! Now, your device will start from the scratch.

If you have any problems in the procedure, kindly post your comments below.

Subscribe this blog for more updates in your email and post your response in comments below..

Read More

A 7-Year-Old Girl Wrote To Google CEO Sundar Pichai For A Job. Here’s What He Replied..!

‘I have a dream. Someday I’ll work at Google.’ – said every average Indian engineer ever. Forget working at Google, people are known to say ‘Cleared third round of interview with Google‘ in their CVs. That’s the reputation of this 75 Billion USD tech giant.

A lot has been spoken about the work culture of Google and its splendid offices. This just adds to the insane amount of exposure which one might get by working at one of the biggest innovators of this millennium. Everyone wishes to work at Google, at least once in our lifetime.

Similar are the wishes of a 7-year-old girl from the UK, Chloe Bridgewater.

As kids, our ambitions weren’t constrained by societal pressure and fear. We dreamt of things that genuinely excited us. We all loved to do what we liked, not taking care of the society. For Chloe, working at Google is that dream.

This 7-year old girl , wrote a letter to the CEO of Google as she was asking for her wish to be true.

The 7-year old’s adorable letter to the Google Boss is breaking the internet for many reasons. Have a look.

 

This small girl described her wish. One can see the pure heart of the girl. The same happened with Sundar Pichai (CEO of Google). He felt so good that he took time to reply to this small girl. Else who would take extra time to reply to such stupid job applications! But he did it. And the response he gave was..

Dear Chloe, 

Thank you so much for your letter. I’m glad that you like computer and robots,and hope you will continue to learn about technology. I think if you keep working hard and following your dreams, you can accomplish everything you set your mind to — from working at Google to swimming in the Olympics. I looke forward to receiving your job application when you are finished with school! 🙂

All the best to you and your family.

Andy Bridgewater, the girl’s father, shared Pichai’s response on Twitter.

You can see his twitter post by clicking here..

This conversation is winning the hearts of everyone and we bet you won’t see anything better on the internet today.

Read More

Yahoo Hacked once again..!

It was not so far when Yahoo was Hacked. But the security team applied a patch to the fault and were successful to regain the respect.

Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack.

Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts. (The security breach took place in 2013 and Yahoo admitted about it in 2016!)

But the same happened once again..! Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords.

The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts.

The warning message sent Wednesday to some Yahoo users read:

"Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."

The total number of customers affected by this attack is still unknown, though the company has confirmed that the accounts were affected by a security flaw in Yahoo's mail service.

The flaw allowed "state-sponsored attackers" to use a "forged cookie" created by software stolen from within the company's internal systems to gain access to Yahoo accounts without passwords.

"Forged cookies" are digital keys that allow access to accounts without re-entering passwords.

Here's how the attack works:

Instead of stealing passwords, hackers trick a web browser into telling the company that the victim had already logged in by forging little web browser tokens called cookies.

You use cookies every time you log into any service and check that box that says "keep me logged in," or, "remember me."

So, even if you close the window, or shutdown your system, you will not have to log back into your account because the cookie stored by your browser tells the online service that you already submitted your username and password.

Here's what a Yahoo spokesperson said about the recently disclosed breach:

"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password." 

"The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders."

The warning notification has been sent out to almost all affected Yahoo users, although investigations are still ongoing.

The notice sent to Yahoo's customers on Wednesday, the same day it was reported that Verizon is slashing the price the telecom service will pay for Yahoo by at least $250 Million, following revelations of two security breaches last year, according to a report by Bloomberg.

As Yahoo was Hacked two times repeatdely, one might think of closing their Yahoo accounts. This might be the situation when yahoo lost the trust in the market.

Read More

Russian Hackers can Steal iPhone data...!

Not only iPhone data, but the malware that hacked 2016 presidential election was also the same.

 

Security researchers have discovered a new Mac malware allegedly developed by APT28 Russian cyber espionage group who is believed to be responsible for 2016 presidential election hacking scandal.

A new variant of the X-Agent spyware is now targeting Apple macOS system that has previously been used in cyber attacks against Windows, iOS, Android, and Linux devices.

The malware is designed to steal web browser passwords, take screenshots of the display, detect system configurations, execute files and exfiltrate iPhone backups stored on the computer.

The X-Agent malware is tied to Russian hacking group known as APT28 — also known as Fancy Bear, Sofacy, Sednit, and Pawn Storm — that has been operating since at least 2007 and is allegedly linked to the Russian government.

"Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation," Bitdefender reported in a blog post published Tuesday. 

"For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel."

Like variants for other platforms, the Mac version of X-Agent spyware is also act as a backdoor with advanced cyber-espionage capabilities that can be customized depending on the objectives of an attack.

Moreover, X-Agent is being planted by exploiting a vulnerability in the MacKeeper software installed on the targeted computers and known malware dropper Komplex — a first-stage trojan that APT28 uses to infect machines.

Above mentioned evidence indicates that the newly discovered Mac version of X-Agent is also created by the same Russian hacking group.

Once successfully installed, the backdoor checks for the presence of a debugger and if it finds one, it terminates itself to prevent execution. But if not, the backdoor waits for an Internet connection to communicate with the command-and-control servers.

"After the communication has been established, the payload starts the modules. Our preliminary analysis shows most of the C&C URLs impersonate Apple domains," Bitdefender researchers said. 

"Once connected to the C&C, the payload sends a HelloMessage, then spawns two communication threads running in infinite loops. The former uses POST requests to send information to the C&C, while the latter monitors GET requests for commands."

The Research is still ongoing and Bitdefender security researchers right now only have the Mac malware sample and not a full picture of how an attack works.

APT28 is one of the two Russian-linked cyber-espionage groups that have been accused of hacking into the U.S. Democratic National Committee's email server last year and interfering with the 2016 presidential election.

Read More

Say Goodbye to Torrent Websites..! Are they really Banned?

As per a report published in TorrentFreak, the officials of search engine firms including Google met the people from entertainment industry in UK and a deal is on the cards. British Intellectual Property office has also played a very important role in this deal. There has been a decision of banning all the torrent websites which provide with content that is copyrighted, such as music, TV shows and movies.

According to Baroness J.P. Buscombe of Digital Economy Bill committee,

“Since the idea was last discussed in Parliament, Intellectual Property Office officials have chaired a further round table meeting between search engines and representatives of the creative industries.”

The authorities of UK want to see this bill come into power by June 1, 2017. Buscombe also said that the search engines “have been very co-operative, making changes to their algorithms and processes, but also working bilaterally with creative industry representatives to explore the options for new interventions and how existing processes might be streamlined”.

As far as future of torrent websites in India is concerned, the Indian government has already started working as well as taken some steps to ban them through local internet service providers, such as Tata, Airtel and other telecom operators. The deal is being signed in UK but it may inspire India as well to go for such a deal.

Are we really going to stop using torrent? Because there are many ways to open blocked contents! But is this rule that hard? Will it block any type of access to torrent websites!?

Read More

Methods to determine the OS of the target system

I have mentioned in my previous article about why determining the OS of target's system is so important when attacking. In this article, I am going to tell you the methods that can be used to determine the OS of the target.

Generally there are many methods that can be used to accomplish this task. But we are just referring to the easiest methods. Operating system of a server can be found using :

• Linux command shell
• Online tools
• Search Engines
• And many more..

Linux command shell is a hard to implement now as you might not be having knowledge of Linux commands. (Also, I am posting articles on Linux system but commands are not posted yet.) So, for this time, we are just skipping the Linux coding part. The remaining two methods are easier to implement and here is a brief tutorial on it.

Using online tools such as Netcraft :

If you have read my previous post about finding the restricted URLs of a company, then you might be aware about netcraft. But if you aren't, don't worry. Here is the complete method :

1. Open https://www.netcraft.com/ in a new browser window.
2. Search the Home Page of netcraft for text 'What's that site running?'
3. You will find out a search box besides the text written 'Find out what technologies are powering any website'.
4. Type the name of the server you want to search for. E.g. www.microsoft.com (Here, im my case its ldce.ac.in).
5. Enjoy with the results.

Using Shodan search engine :

Ever heard about Shodan search engine..!! If you are new to it, make a practise of remembering this name as it becomes most useful in Hacking compared to Google. Also, Hackers refer it as the Most Dangerous Search Engine. To read more about it and learn how to hack using Shodan, click here.

Now, back to this article...Shodan search engine lets you to find specific computers (routers, servers, etc..) using a variety of filters. Follow these steps to find OS using shodan.

1. Visit : https://www.shodan.io/.
2. In the search box, type the website you want to search for. (See the image above, click on it to get full size view.)
3. Its Done..! Enjoy the results.

As you can see, Shodan gives you the extra results about the website's hosting server, the company providing the SSL certificate, etc. These are only the basics. Shodan can provide you a complete information about any server. But this part of the tutorial is limited. I have posted new article on Shodan Search Engine if you want to know more about it.

Read More

Spy on someone's facebook data in one click..!

Ever wondered how to spy on your someone's facebook account. Obviously, you would open his/her profile on facebook and look it up. But the facebook profile only shows his/her posts and the posts they are tagged in.

Now what if you want to see :

• The posts they commented on?
• The posts they liked?
• The places they visited?
• Their interests?
• Groups they are joined in?
• Pages they have liked?
• Applications he/she has logged into using his/her facebook account? (like teenpatti, 8-ball pool and others)
• And much more!

You can find obviously all these using facebook's search bar. But you might be facing two problems :

• You might not know what to type in the facebook's search bar to get the desired results!
• Even if you know what to type, you will have to perform different search for every result you want.

So, today I am here to make you aware of an online tool which does this for you. Also, I am mentioning the steps to use that tool.

A Belgian ethical hacker has created an online tool, named Stalkscan, that shows you how powerful Facebook’s search tool is and what kind of information is available on the social network publicly. All you need to do is type the URL of a person’s profile in the web interface and you’re good to go. The creator of the tool also outlines that the tool doesn’t violate Facebook’s privacy policies.

How to use this tool :

Follow these simple steps to use this tool and spy of someone's activity like a pro.

1. Open any web-browser and login into your facebook account. (Here, the browser should not be opened in incognito mode.)
2. Now, open a new tab and goto : https://stalkscan.com/. The site might be opened in Dutch language (official language of netherlands).
3. To open the site in English language, click the EN tag on top right corner. Or else visit : https://stalkscan.com/en/.
4. Now, enter the link of your target's facebook profile in the search box and search for it.
5. Results will be fetched. Just click on the tabs shown below according to the result you want to see.

You can also apply constraints to the search results. They are helpful when you want to :

• Search contents on time basis i.e. Last week, Last months, Any selected year, etc.
• Search contents of his/her friends, family members, co-workers, etc.
• Search contents on the basis of gender i.e. when you want to find out the girls'/boys' pictures on which he/she commented or liked and more.
• Also extra features like age and relationship status are available.

Now, some might be having doubt on how to get the target's facebook profile link. So for that read the steps below.

How to get someone's facebook profile link?

Follow these quick steps.

1. Open any web-browser and login into your facebook account.
2. Search for the target with his/her name and open their facebook profile.
3. Copy the link in the address bar of your browser.
4. That's it....It is the target's facebook profile link.

Read More

Stalkscan - A Creepy Tool That Exposes All Your Facebook Public Information In One Click

A Belgian ethical hacker has created an online tool, named Stalkscan, that shows you how powerful Facebook’s search tool is and what kind of information is available on the social network publicly. All you need to do is type the URL of a person’s profile in the web interface and you’re good to go. The creator of the tool also outlines that the tool doesn’t violate Facebook’s privacy policies.

Back in 2013, Facebook launched a feature called Graph Search to help the users find things easily. Given the amount of data Facebook has, its search has become so powerful, much more than you realize.

Now, a Belgian ethical hacker has created an online tool to tell you how much of Facebook data is public. Others can also use this tool to snoop for all your public pictures. I guess that’s why it’s called Stalkscan.

Before going ahead and telling you more about it, let me tell you that its creator declares that the tool doesn’t violate any privacy settings of Facebook. Also, the site isn’t affiliated with Facebook. One can use this creepy search engine for Facebook to filter users on the basis of sex, location, relationship status, etc. Wondering what pictures your crush liked today, Stalkscan can tell you that. You can see his/her comments, interests, friends, etc. 

Please note that if someone, who isn’t in your Facebook friend, is using privacy settings intelligently, Stalkscan won’t be able to sniff much. So, do make appropriate changes and harden your Facebook profile.

Many of you might be thinking that Stalkscan does nothing extraordinary, it just tells you what’s out there. Well, its true. But, it helps you ditch all those complex search strings to make use of Facebook’s Graph Search. Now everything is just a click away.

It’ll be also interesting to see how Facebook reacts. Will Facebook allow this service to live? Don’t forget to share your views and feedback.

To know more on how to use this tool, click here..

Read More

Footprinting and Reconnaissance - Determining the Operating System

Determining the Operating System on which the server runs is the most important part of Hacking. Mostly, hacking is breaking-into the target's system to steal data or any such purpose. Hence, the security of the system becomes thing of prime importance.

Why is determining the Operating System so important?

A few important things depends on the type of operating system of the server. These are :

• Programs that can be installed on the server : Suppose you want to install malware like keyloggers or other spying software on the target's system, then you must know the type of OS he/she is using. Its because, there comes different software for different OSes. Like you can't run IOS apps on Android and vice versa. Also, you can't run windows EXEs on Linux.
• Commands that can be executed : This is important in the case when you want to remotely control a system. Suppose that we found a vulnerability in the system and installed a malware in it which allows us to remotely control the server via its Shell. Here, we need to know the shell codes (CMD in windows and BaseShell in Linux). Also, knowing only the shell codes is not enough. It is useless until you know the system on which you have to execute the scripts.
• The storage location of the information about users and passwords : When you want to steal username and password information of users or admin from the server, this is important. It is because, Windows and Linux like Operating Systems have a predefined file (located at a specific path) which stores the sensitive information. So, when you come to know the OS, you just have to move to that path to steal the data information.
• Vulnerabilities for a given operating system : Some of the Operating Systems possess vulnerabilities that can be exploited by attackers. Linux operating system provides the highest security than windows. When you have knowledge about the vulnerability inside an OS, you can target any server running on that OS, exploiting that vulnerability. Recently, windows 10 was attacked by a Zero Day attack and the vulnerability still exists.

Not only determining the OS but also determining the version of operating system is of great use. We know that new versions are released as a patch to bugs in the old versions. Suppose, the target luckily runs on the old version..!! Here, it becomes easy to hack into the system as we are aware to the bugs in the old versions.

Each operating system has a unique set of features and the hacker must know them..

Steps for how to determine the Operating System of a server will be mentioned in my Next Article.

Read More