More
Home Blog Page 312

Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

By
Sabarinath
-
MediaTek Powered Android Smartphones Vulnerable

If you own a Android device which is powered by MediaTek chipsets, then your device is vulnerable to cyber attack. Yes recent reports officially confirms that a software bug in MediaTek powered Android smartphones made them vulnerable to attacks.

Also Read : Google Confirms Security Issue in the Mainline Linux Kernel is Not a Major Threat for Android

LogBook : MediaTek Powered Android Devices Vulnerable to Attack

MediaTek has officially confirmed the existence of a software bug that has put several MediaTek powered Android devices at risk.

The vulnerability was originally reported by security researcher Justin Case earlier this month, the bug could potentially allow an attacker to enable root access on a vulnerable device.

Back on January 13th, Case reported to MediaTek the issue at hand. At that time, MediaTek responded that they are working on a patch and expect it to be ready shortly.

Also Read : ISIS Offering $10,000 To Indian Hackers To Steal Government Data

These comments were made over Twitter due to MediaTek’s lack of a security concern email and/or comment form. They’d be following up with their “Product Security Taskforce”, so they said.

Explaining the vulnerability, Case told Gadgets360 that MediaTek software has a “backdoor” that allows a user – or a malicious app – to enable root access. “Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc,” – Case said

MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices and told that  that the vulnerability exists on devices running Android 4.4 KitKat.

“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”

“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.” – MediaTek Spokesperson

The bug is noted to reside in many MediaTek powered Android smartphone but MediaTek declined to specify the smartphone models and the number of handsets that are impacted.

MediaTek says that the patch is on the way, so if you own a MediaTek powered Android smartphone, it would be prudent for you to keep a watch on strange behaviour in your smartphone.

Also Read : NSA Chief Hacker Explains How To Avoid NSA Spying

NSA Chief Hacker Explains How To Avoid NSA Spying

By
Avinash A
-
NSA Chief Hacker Explains How To Avoid NSA Spying

We already discussed about enemies of our internet freedom, there are some top government organisation who are spying our online activity. In that list, I think National Security Agency [NSA] hold top most position for spying our online activity. Recently NSA chief hacker explained how to protect your network from intruders… such as, oh, let’s say the NSA’s Tailored Access Operations Unit.

Also Read : Former Yandex Employee Arrested for Trying to Sell Search Engine Source Code for $25,000

LogBook : NSA Chief Hacker Tip To Avoid NSA Spying

Rob Joyce, the head of the National Security Agency’s Tailored Access Operations unit or let say NSA chief hacker, give some advice to a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

NSA’s Tailored Access Operations [TAO]—the government’s top hacking team who identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States. It has been active since at least circa 1998.

Rob Joyce has been working with the NSA for more than 25 years and became head of the TAO division in April 2013.

Register reported  Joyce’s presentation on Wednesday at the Enigma conference, a new security conference in San Francisco, explaining how TAO operates, and advising the attendees on how to prevent state-level actors from infiltrating and exploiting their networks and IT systems.

Also Read : Edward Snowden Doubts Security of Telegram, but Founder Pavel Durov Disagrees

How NSA Gets You ?

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.

He said the goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.

Once weak points are identified, intruders who can’t simply use stolen credentials to loot data from a system will plant various malware tools, create “back door” access for themselves, and otherwise establish the presence they need to carry out the rest of the six-stage attack plan.

Joyce noted that malware tools have become difficult to detect, with today’s threats coming from people who know their stolen data begins losing its value the moment they are discovered.

He also pointed out that many of these malware tools are relatively simple pieces of code, because it’s distressingly easy to trick users into downloading and activating them.

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

How To Stay From Intruders ?

“If you really want to protect your network you have to know your network, including all the devices and technology in it,” Joyce said. “In many cases we know networks better than the people who designed and run them.”

To protect against this, admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.

Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective – if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.

Joyce stressed that off-site backups are more important than ever for big networks, because nation-state hackers are sometimes interested in destroying data, not just copying it.

He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.

Also Read : Edward Snowden Joined Twitter, Within Hours Got More Followers Than NSA

Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

By
Sabarinath
-
Google Has Rewarded Over $6 Million To Security Researchers Since 2010

Google recently announced that it has paid over $6 million to security researchers since launching its bug bounty program in 2010. Google claims that financial rewards help them to make their services, and the web as a whole, safer and more secure.

Also Read : Google Confirms Security Issue in the Mainline Linux Kernel is Not a Major Threat for Android

LogBook : Google Paid Over $6 Million To Security Researchers

Google Vulnerability Reward Program (VRP) has been started from the year 2010.

Since 2010, Google has paid $6 million to security researchers for finding flaws.

In 2015 alone, Google has rewarded more than 300 different security researchers over $2 million for finding more than 750 bugs.

Google Has Rewarded Over $6 Million To Security Researchers

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

Security researchers from around the world—Great Britain, Poland, Germany, Romania, Israel, Brazil, United States, China, Russia, India to name a few countries—participated in Google’s bug bounty program in 2015

Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.

In June 2015, Google launched Android Vulnerability Reward Program, where the company paid more than $200,000 to security researchers for their work, including the company’s largest single payment of $37,500 to an Android security researcher.

Google also began to provide researchers with Vulnerability Research Grants,  lump sums of money that researchers receive before starting their investigations.

The purpose of these grants is to ensure that researchers are rewarded for their hard work, even if they don’t find a vulnerability. Google said they already found positive result from Vulnerability Research Grant program.

Also Read : Google Asked to Remove 558 Million “Pirate” Links from Search Results in 2015

Google said that : “Kamil Histamullin a researcher from Kasan, Russia received a VRP grant early last year. Shortly thereafter, he found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. After the issue was reported, our teams quickly fixed it and the researcher was was rewarded $5,000 in addition to his initial research grant. Kamil detailed his findings on his personal blog in March.”

Google also shared two interesting stories about its bug bounty program in 2015.

  • Tomasz Bojarski, the most prolific researcher of the year, found 70 bugs on Google in 2015. He even found a bug in Google’s vulnerability submission form.
  • Sanmay Ved, a researcher who bought google.com for one minute on Google Domains, received $6,006.13 (“google” spelled-out numerically). Google doubled the amount when Ved donated his reward to charity.

Since these types of bug bounty programs will help to motivate individuals and groups of hackers not only to find flaws, but to disclose them properly, instead of using them maliciously or selling them to parties that will.

Also Read : Researchers from Google Discovered How to Hack a Corporate Network just by Sending an Email

ISIS Offering $10,000 To Indian Hackers To Steal Government Data

By
Jenna Jose
-
ISIS Offering $10,000 To Indian Hackers

Recent reports states that ISIS is now luring Indian hackers with top dollar to hack into government websites and steal sensitive data. Experts believe that many Indian hackers are already picked up the offer because of the attractive salary package.

Also Read : Pictures of Female Facebook Users in India Being Used to Promote Porn Sites

LogBook : ISIS Offers $10,000 To Indian Hackers

It is being reported that ISIS is willing to pay Indian hackers thousands of dollars to hack into government websites and gain access to sensitive documents.

For each successful ‘ job ‘, ISIS is ready to pay $10,000 and more to Indian hackers.

Experts are saying this has been the most anyone has been offered in the hacking community.

The hackers are being asked to create a database of potential Indian candidates from social media sites like Facebook and Twitter.

“There are various underground communities online where hackers interact regularly. Our investigation reveals that for the past six months, lucrative offers for stealing government data came pouring in and hackers were offered a huge sum. Such amount has never been offered to any Indian hackers before. We found that the offers were being made to spread ISIS reach in the country,” said Kislay Choudhary, a cyber crime expert who works with several security agencies. Kislay also added that stealing a government secured data is a part of ISIS’s intelligence gathering exercise.

Also Read : PlayStation 4 Hacked to Run Linux

ISIS supporters are using Facebook and Twitter to propagate its radical ideology and brainwash the youth.

Experts believe that unfortunately many of the hackers have already accepted the offer as over 30,000 have been reportedly in contact with the extremist organisation in India till now.

The recruited hackers are communicating on internet-based services like Skype, Silent Circle, Telegram, and WhatsApp with their Syrian handlers, say experts.

Security agencies say they have initiated counter measures and have taken down ISIS-related content on web and also the Indian government is all set to create a 24/7 war room to monitor social media.

Also Read : Twitter Sued Over ISIS Attacks

Do You Want To Speed Up Your Android Smartphone, Then First Uninstall Official Facebook App

By
Sabarinath
-
Spammers Are Using Facebook Messenger To Spread The Notorious Locky Ransomware

Most of us are using official Facebook App to connect with our loved ones through the smartphone. But the bad news is it sucks our device battery life, eating up more RAM and more.

In fact, Android Central recently noticed that an end user could improve the Android experience pretty drastically by simply uninstalling the app.

Uninstall Official Facebook App To Speed Up Your Smartphone

According to Android Central, simply uninstalling official Facebook App can speed up your smartphone. Reddit user “pbrandes_eth” has run some tests that point to just having the Facebook app as slowing down their device.

“Pbrandes_eth” open 15 different apps on an LG G4 were started 3 times in a row, ranging from Kindle to Gmail, and timed how long it took to execute each task with Facebook installed, and again with it uninstalled.

First Uninstall Official Facebook App

The end result found that it took an average of 7 seconds to open the apps with Facebook and Facebook Messenger installed on the system. And after removing Facebook and Facebook Messenger Apps from the system it took 6 seconds to complete the same tasks.

6 seconds might not seem like much all things considered, but it actually shows a 15 percent increase in speed, all because the user removed two apps.

Many users claim that the app even runs when their device is not connected to any data source. According to some users, Facebook-owned app  WhatsApp also has the same issue, to a minor degree. Facebook is not the only culprit to slow down your device, there may be much more Apps in this category.

The best alternative for official Facebook App is Facebook Lite, a low data usage app from Facebook or you can use any mobile web browser to access Facebook. Like Facebook Lite there are also many other lightweight Android apps that use less RAM and save your battery from draining.

Skype Now Hides IP Address By Default In PC And Mobile

By
Avinash A
-
Skype Now Hides IP Address

With new update Skype will now hides IP address by default in PC and mobile. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address. This was the feature that was requested by many users – especially gamers.

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

LogBook : Skype Now Hides IP Address By Default

Microsoft has announced that the skpe will now hides IP address of users by default.

The latest change is very significant that will benefit Skype gamers playing online. Gamers sometimes struggle to prevent distributed denial of service (DDoS) attacks as rivals can look at their Skype ID, find the IP address via resolver service and attack the IP address with traffic so that the gamer is thrown offline.

Also Read : Jeff Bezos’ Blue Origin Beaten SpaceX To Became First Company To Re-Launch And Land Its New Shepard Rocket Back To The Earth

“Skype is fully committed to delivering as safe and secure of an experience as possible to our customers. We have recently introduced the ability to hide a Skype user’s IP address and we’ve set this as a default status in the latest versions of Skype,” says Skype. “Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”

The problem did not affect only gamers. However, gamers were the most targeted group of attacks. The latest update will definitely help many users, but gamers will appreciate the change in particular.

Also Read : WhatsApp Now Wants To Share Your Data With Facebook

A Group Of Gamers Recreating Entire GTA 5 In Minecraft

By
Jenna Jose
-
GTA 5 In Minecraft

Another awesome insane work with Minecraft. Recently a group of gamers are working in the recreation of entire GTA 5 in Minecraft, block for block and the results are pretty impressive.

Also Read : After 6,607 Failed Attempts, A Gamer Made Super Mario To Save The Princess In Less Than 5 Minutes

LogBook : GTA 5 In Minecraft

GTA 5 in Minecraft comes from Youtube user N11ck, who decided to team up with a bunch of friends and rebuild the city of Los Santos, as well as the surrounding areas, from scratch.

They began the project back in January of 2015, which means now they are celebrating first year of GTA 5 in Minecraft.

Following is a clip the team recently put together called “GTA 5 In Minecraft Cinematic #1,” which sums up much of the work the team has pulled together so far.

The team isn’t making a world that looks like the game world of Grand Theft Auto V, but are instead building the entire map in a 1:1 scale.

The whole shebang measures around 7,500 by 7,500 blocks and it includes Los Santos itself, as well as the mountainous region of the surrounding Blaine County.

There are also certain underwater parts of the game which have to be replicated as well in order to make this a true one to one recreation.

N11ck regularly updates his channel with progress reports on the project.

Earlier we’ve seen people create games within the game, a working cell phone, a recreation of the lands of Westeros from A Game of Thrones, , the Starship Enterprise, and even Minis Tirith from The Lord of the Rings.

WhatsApp Now Wants To Share Your Data With Facebook

By
Sabarinath
-
WhatsApp Now Wants To Share Your Data With Facebook

As many of you guys know, Facebook owns WhatsApp, and for the longest time ever both apps and platforms remained relatively independent of each other, but that could soon change. In recent update WhatsApp drops its yearly subscription fee and now they are going to share your data with Facebook.

Also Read : Leaked Images Shows WhatsApp Going to Add Video Call Feature Soon

LogBook : WhatsApp Want To Share Your Data With Facebook

According to a recent discovery by developer Javier Santos (via Cult of Android), it seems that in a future version of WhatsApp, there is mention about sharing data with Facebook.

WhatsApp Want To Share Your Data With Facebook

Also Read : Pictures of Female Facebook Users in India Being Used to Promote Porn Sites

According to the message in the screenshot above, in the Account settings page now you have new option, “Share my WhatsApp account information with Facebook to improve my Facebook experience.”

If you enable the “Share my account info” option, WhatsApp will start share your data with Facebook.

But it is unclear as to what kind of information is shared with Facebook, but it sounds like maybe it might have something to do with finding more friends on Facebook via your WhatsApp contacts, and possibly vice versa as well.

If you’re a regular user of both Facebook and WhatsApp, then this might not be all that worrying for you. But if you don’t use Facebook regularly, you might not like the idea of sharing your private WhatsApp data with it.

The good news is that in the discovery the feature was disabled by default, meaning that users still had the choice of turning it on if they wanted to.

Another new feature found in beta include a new end-to-end encryption option, which makes your messages even more secure “so WhatsApp and third parties can’t see it.

And also there’s a new “Documents” section where you’ll be able to find all of the files you receive from your WhatsApp contacts.

Since its a beta release so it is unclear if any of these things will make it into a final version of the WhatsApp app.

Also Read : Why we are Addicted to Facebook ? – Interesting Survey Results

1...311312313...328Page 312 of 328

© 2025 Copyright - TechLog360