Microsoft Pays $24,000 To A Hacker For Hacking Outlook Account

By

-

October 9, 2015

A security researcher, Wesley Wineberg at Synack, rewarded $24,000 from Microsoft for hacking Outlook Account. He find a critical flaw in its Live.com authentication system. It is a kind of outlook worm that could allow hackers to gain access to a user’s complete Outlook account or other Microsoft services.

Microsoft’s Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft services, including OneDrive, Windows Phone, Skype, and Xbox LIVE.

Wineberg first analysed the way in which Outlook allowed other apps to access it, using a standard set of authentication code known as OAuth. He discovered he could create an “evil app” containing an OAuth bypass, only needing to trick a user to visiting a website and they would effectively grant that naughty software access to everything in their account.

Also Read : More Than 50 Pakistani Websites Got Hacked By Indian Hackers As A Revenge For Hacking Kerala Govt. Website

But for most hackers, this kind of vulnerability, known as a cross-site request forgery (CSRF), is all too common across the web. Typically, these attacks end as soon as the legitimate user logs out, but in the case of Outlook anyone abusing Wineberg’s vulnerability would have permanent access to the account, Wineberg said. Most concerning of all, it could have been abused to create a nasty email worm, he added.

“The real danger of this vulnerability is that it would be very easy to turn into the classic email worm of decades past. After the first victim is compromised, this vulnerability could be used to email every one of their contacts with a link that would then compromise those users’ accounts as well”

Checkout the below video created by Wineberg to demonstrate how the attack is done.

Also Read : Microsoft Loves Linux : Microsoft Developed A Linux-Based Operating System

As can be seen in the video, all that is really necessary is to get the victim to visit your malicious webpage. Using this as a targeted attack definitely has a high impact, but this is also the perfect type of vulnerability to turn into a worm. With IMAP and contact book access, a worm could easily email all of a user’s contacts (or at least the ones who use Hotmail, Outlook.com, etc), with something enticing, “ILOVEYOU” virus style, and spread to every user who clicks the link.

The vulnerability was first discovered on August 23, 2015. And then he reported to Microsoft on August 25, 2015. And on September 15, 2015 Microsoft releases fix for issue, and pays $24,000 bounty to Wesley Wineberg.

Also Read : Top 15 Favourite Operating Systems Of Hackers

Facebook Being Testing ‘Sad’ , ‘Angry’ And Four Other Types Of Buttons To Express Your Emotions

By

TechLog360

-

October 9, 2015

Sometimes “Like” just doesn’t cut it. So how about Love or Angry? Haha or Sad? Or just Yay or Wow? So Facebook is preparing more buttons to express your emotions. Facebook will begin testing a new feature allowing users to express a range of emotions on posts in Ireland and Spain from Friday but there will be no “dislike” button, the social network said.

But Chris Cox, Facebook’s chief product officer, says in a post that the company plans to use the feedback from the test run to make improvements, with the hope of launching the buttons globally “soon.” So wait for buttons to express your emotions

“We are testing Reactions, an extension of the ‘like’ button, to give you more ways to share your reaction to a Facebook post in a quick and easy way,” — Facebook said in a statement.

Also Read : [p2p type=”slug” value=”world-wide-web-inventor-advices-to-just-say-no-to-facebook-internet-org” attributes=”target=’_blank'”]World Wide Web Inventor Advices To ‘Just Say No’ To Facebook’s Internet.org[/p2p]

Many Facebook users have been clamoring for the company to add a “Dislike” button for years, arguing that hitting the “Like” button in many instances—such as in reaction to a tragic news event—can seem a bit shallow, or even inappropriate. At the same time, typing out a thoughtful comment on a phone isn’t always easy.

During the trial, users in Ireland and Spain will be able to select six emotions, as well as the like button, as they consider how they feel about posts.The options for the trial are: “love,” “yay,” “wow,” “haha,” “sad,” and “angry,” and are similar to emojis used in text messaging. Each expression comes with a correspondingly themed emoji.

Also Read :[p2p type=”slug” value=”facebook-allows-anyone-to-see-all-photos-you-ever-liked-by-a-simple-search” attributes=”target=’_blank'”] Facebook Allows Anyone To See All Photos You Ever Liked By A Simple Search[/p2p]

Chris Toss, Facebook product manager, said Reactions would give users greater ways of engaging with stories and content. “It’s a much broader range of human emotions you can express,” he told Irish national broadcaster RTE, speaking from California. A spokesman had no information on the length of the trial or when it might be extended to Facebook users outside Ireland and Spain. Toss also said the social network decided a “dislike” button would not add value to the site.

Also Read : n[p2p type=”slug” value=”new-improved-facebook-profiles-has-been-unveiled” attributes=”target=’_blank'”][/p2p]

“Liking” something on Facebook also plays a key role in the social network’s algorithm, allowing users to see content they regularly engage with and enabling targeted advertising. The new range of empathy buttons could eventually be used for similar purposes, but not during the trial, according to Toss.

“If you’re coming for humorous content and you’re saying ‘ha ha’ to lots of funny cat videos, down the road we might use that to show you more cat videos, but as of the initial test you won’t see any of that,” — Toss said.

Also Read : [p2p type=”slug” value=”top-15-favourite-operating-systems-of-hackers” attributes=”target=’_blank'”]Top 15 Favourite Operating Systems Of Hackers[/p2p]

World Wide Web Inventor Advices To ‘Just Say No’ To Facebook’s Internet.org

By

TechLog360

-

October 8, 2015

Tim Berners-Lee – the man commonly known as the inventor of the World Wide Web – says that consumers should say no to initiatives such as Free Basics (formerly Internet.org), and added that if something that is being offered in the name of the Internet and isn’t the full Internet, then it’s not really free and public.

In a report published in The Guardian, Berners-Lee was speaking about the importance of privacy and the dangers of government snooping, before moving on to talk about attempts to offer access to cut-down versions of the Web, to which he says customers should “just say no”. This was part of his statement on dangers of government snooping, speaking at the the 800th anniversary of the signing of Magna Carta.

“In the particular case of somebody who’s offering … something which is branded internet, it’s not internet, then you just say no. No it isn’t free, no it isn’t in the public domain, there are other ways of reducing the price of internet connectivity and giving something … [only] giving people data connectivity to part of the network deliberately, I think is a step backwards.”

While Facebook’s CEO Mark Zuckerberg had appeared to be a net neutrality supporter, he has pitched his Internet.Org, as critical to getting India online.Free Basics, as the name suggests, offers free access to Reliance users to some applications and websites (including Facebook) to India’s poorest. However, it does so at the cost of creating a precedent that Internet access can be twisted and remodeled based on how a company sees it.

Since India has not formally established a stance on net neutrality, this can be a milestone for companies like Airtel, which can in the future “break the internet” – by offering people products like Whatsapp packs, YouTube packs and email packs, without letting them freely use the data they’ve paid for.

“There is this big struggle, debate in India now on how you balance these two things and this is an incredibly important debate because India is the country in the world with the most unconnected people,” — had had said.

Facebook Allows Anyone To See All Photos You Ever Liked By A Simple Search

By

Sabarinath

-

October 6, 2015

Facebook has a public but slightly hidden feature that lets anyone see all of the photos you ever liked by a simple search keyword.

By just heading to the search bar at the top and searching for “Photos liked by” a certain person, you can see all of the pictures that person has given the thumbs up to, through all of their history on Facebook.

Also See : [p2p type=”slug” value=”coming-soon-facebook-dislike-button” attributes=”target=’_blank'”]Soon There Will Be A Facebook Dislike Button[/p2p]

The same tool can be used on yourself, by typing “Photos liked by me”. Or it can be used for other things entirely — typing to look for friends who like a certain group will show everyone who is a fan of a certain page, for instance.Graph search mostly uses natural language, which means that you can search in the way that you’d expect if you were talking to a real human being.

Also See :[p2p type=”slug” value=”a-developer-filed-lawsuit-with-fraud-charges-against-facebook-ceo-mark-zuckerberg” attributes=”target=’_blank'”] A Developer Filed Lawsuit With Fraud Charges Against Facebook CEO Mark Zuckerberg In Silicon Valley Land Case[/p2p]

The tool only shows information that is otherwise publicly available elsewhere. But like the recent discovery of the potentially embarrassing “Favourite Quotes” section, Facebook has such a huge collection of often very old data about people that dredging it back up could still be embarrassing or against people’s wishes.

Also See : [p2p type=”slug” value=”new-improved-facebook-profiles-has-been-unveiled” attributes=”target=’_blank'”]New Improved Facebook Profiles Has Been Unveiled[/p2p]

India Is Becoming Strategic Target For Cyber Criminals

By

Sabarinath

-

October 4, 2015

India is fast becoming a “strategic target” for cyber-criminals with an estimated 38 per cent of organisations exposed to targeted attacks in the first half of 2015, a report said.

Security solutions firm FireEye’s ‘1H 2015 Regional Advanced Threat Report for Asia Pacific’ found that 38 per cent of organisations in India were exposed to targeted advanced persistent attacks in the first half of the year, a 23 per cent increase from the previous year.

“India is fast becoming a strategic target, in part because of the potentially sensitive information that is expected to be digitised through ambitious and high-profile projects such as Digital India,” — Report Says

Also See : [p2p type=”slug” value=”indian-scientists-developed-a-new-algorithm-to-prevent-cybercrime” attributes=”target=’_blank'”]Indian Scientists Developed A New Algorithm To Prevent Cybercrime[/p2p]

The focus on the country is reflected in the report that ranks India fourth in Asia-Pacific countries exhibiting the most command-and-control (CnC) infection callbacks. This indicates the presence of compromised systems that are actively communicating with the advanced persistent threat (APT) groups’ command-and-control infrastructure.

“As India embarks on ambitious technology projects, attackers are exploiting gaps to compromise critical networks. Indian organisations are more likely to be exposed to attacks than the global average,” — FireEye Chief Technology Officer (APAC) Bryce Boland said.“In the future, India’s growing economic clout and rising regional influence are likely to make it a more attractive target to threat groups” — he added.

Also See : [p2p type=”slug” value=”indian-it-firms-are-one-of-the-top-10-worst-paymasters-in-the-world” attributes=”target=’_blank'”]Indian IT Firms Are One Of The Top 10 Worst Paymasters In The World[/p2p]

In the first half of 2015, FireEye revealed two attacks likely conducted by China-based threat actors on Indian organisations.‘APT30’ conducted a decade-long cyber-espionage campaign that compromised, among others, an Indian aerospace and defence company, it said.

The ‘WATERMAIN’ campaign targeted India and its neighbouring countries and appeared to target information about ongoing border disputes and other diplomatic matters, it added. The report found over 50 per cent of telecommunications firms and government organisations have faced APT, with education and the high-tech industry not far behind across the APAC region.

“Geopolitical tensions in the region have steadily ratcheted up in recent months, and cyber activity reflects this. Organisations in every geography in APAC, including India, experienced a higher or equal rate to APT groups than the global average of 20 per cent,” — it said.

FireEye said Indian organisations should ensure existing security tools are up to date and should implement an adaptive defence security model that can help shorten the time it takes between finding a breach and stopping it. Organisations also need to develop new ways to collaborate with other corporations, trade groups, and governments to share threat intelligence, it added.

Also See :[p2p type=”slug” value=”pakistani-websites-got-hacked-by-indian-hackers” attributes=”target=’_blank'”] More Than 50 Pakistani Websites Got Hacked By Indian Hackers As A Revenge For Hacking Kerala Govt. Website[/p2p]

A Smart Glove That Translates Sign Language Into Text And Speech

By

Sabarinath

-

October 3, 2015

smart glove for translate sign language to text and speech

Sign language has helped the hearing impaired to communicate and show their feelings, but this long-standing language of gestures has now been given a 21st-century technological upgrade.A Student Hadeel Ayoub has invented a smart glove which translates sign language into text and speech. The smart glove recognises hand movements and translates sign language into the relevant text.

Inventor Hadeel Ayoub is a designer and media artist, who has just completed her MA in Computational Arts from the Department of Computing, from Goldsmiths, University of London created the wireless Sign Language Glove to improve communication between people with different disabilities. Earlier this year she won an Innovation and Entrepreneurship Prize for Saudi Students in the UK for an early glove prototype.

Also See : [p2p type=”slug” value=”philips-launched-web-enabled-lighting-philips-hue” attributes=”target=’_blank'”]Philips Launched Web-Enabled Lighting,Philips Hue In India[/p2p]

How Does It Work?

Her first experimental prototype translated sign language gestures into visual letters on a screen. The glove’s circuit comprised of flex sensors, an accelerometer, a microcontroller board, and a four digit graphic numerical display.

Five flex sensors were attached to the glove corresponding to the five fingers, detecting bends and curvatures then reporting the values to a serial monitor. An accelerometer was attached to detect the orientation of the hand.

Hadeel also developed a computer programme that identifies the output values of the sensors and accelerometer and matches them with a series of statements which determine what letters to display on a screen.

Also See : [p2p type=”slug” value=”samsung-announced-first-6gb-ram-chips” attributes=”target=’_blank'”]Samsung Going To Power Next Generation Smartphones With 6GB RAM Chips[/p2p]

Her second prototype was better, faster and more durable, with smaller hardware and more efficient software. She incorporated a smaller microcontroller and smaller flex sensors and redesigned the software to allow text to scroll on a screen, deleting the old and adding the new.

The third and latest prototype – which now incorporates a text-to-speech chip – went on display at the Goldsmiths MA/MFA Computational Arts end-of-degree show earlier this month. Much of the glove’s hardware is now sewn into a lining:

“I didn’t want all the wires to intimidate users, making them feel the glove will be complicated to use or really fragile,” — Hadeel explains. “People tend to lean to the cautious side when approached with new high-tech products which contradicts the main purpose of this glove, which is to help make lives easier.”

Hadeel is already working on a fourth version that includes a smart phone and tablet app which can receive the glove’s output over WiFi.

As an Arabic, French and English speaker, she also intends to introduce a translation feature into the app, enabling text translation in real-time. Hadeel plans to improve the glove’s accuracy with the introduction of a motion sensor for better mapping, and also wants to develop a smaller version of the glove to fit children – a new challenge to minimise the hardware.

Also See : [p2p type=”slug” value=”qualcomm-snapdragon-flight-the-technology-to-develop-advance-drones” attributes=”target=’_blank'”]Qualcomm Snapdragon Flight – The Technology To Develop Advance Consumer Drones Ever[/p2p]

She’s been approached by several companies interested in taking the glove into production. The fourth prototype is expected to cost around £255 to produce but Hadeel hopes that if the glove is made available on the mass market, users with disabilities will not have to pay for it. Instead, schools and companies will purchase them for their employees, students and patients.

Hadeel says: “I had one mission when I started this project and it was to facilitate communication between all kinds of disabilities, eliminating barriers between people who have a visual, hearing or speech impairment. The prototypes each have a new additional feature, an LED light, and a speaker for example, that took me one step closer to my goal.

“Once I’ve incorporated WiFi and translation features into it the glove will be useful for all – no exclusions as to who the user can reach, wherever, whoever, from any country at any time.”

Just like Google Translate can give anyone a basic grasp of a foreign language in an instant, this smart glove is designed to help sign language users make themselves understood by those who can’t usually interpret it.

Also See : [p2p type=”slug” value=”bluetooth-alternative-developed-a-new-technology-transfer-data-through-body” attributes=”target=’_blank'”]Forget Bluetooth,Researchers Developed A New Technology That Transmit Data Through Your Body[/p2p]

Stagefright 2.0 Vulnerability Compromised 1 Billion Android Phones With Hoaxer Audio Files

By

Sabarinath

-

October 2, 2015

Stagefright vulnerability was first discovered in April, the vulnerability allowed attackers to target Android phones over text or MMS, exploiting a weakness in Android’s multimedia preview function. And after three months its happening again, this time the bugs has new name – Stagefright 2.0.

The same team, Zimperium Mobile Threat Protection, zLabs VP of Research Joshua J. Drake again found a set of another two vulnerabilities and bug named Stagefright 2.0. The new vulnerability is attacking Android phones by encoding a malicious program into an audio file, delivered over mp3 or mp4. Once a user previews the file or visits a page where that file is embedded, Android’s audio preview will activate the program, infecting the device. And the worst part is he virus can also be deployed by an attacker on a public Wi-Fi network.

Also See : [p2p type=”slug” value=”major-security-flaw-in-android-lollipop-smartphone” attributes=”target=’_blank'”]Major Security Flaw In Android Lollipop Allows Anyone To Unlock Your Smartphone[/p2p]

The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. One of the exploits –assigned a Common Vulnerabilites and Exposures (CVE) number of CVE-2015-6602 – reportedly affects Android devices from 1.0 above, the second, unnumbered vulnerability affects devices running 5.0 and above.This second vulnerability may also affect third-party applications due to the issue being found within the libstagefright library used by some media players.

Also See : [p2p type=”slug” value=”virus-in-candy-crush-and-other-popular-games-attacking-android-users” attributes=”target=’_blank'”]Virus In Candy Crush And Other Popular Games Attacking Android Users[/p2p]

According to Motherboard, Zuk Avraham, Zimperium zLabs’ founder and Chief Technology Officer, said that 1.4 billion people are likely affected by the vulnerabilities, explaining, “I cannot tell you that all of the phones are vulnerable, but most of them are.”

Google’s latest Android operating system, Marshmallow, will reportedly carry the fix for the issue, though older devices that cannot be updated to Android Marshmallow may end up being stuck with vulnerabilities inside them.

Also See : [p2p type=”slug” value=”ransomware-porn-app-attacking-android-users” attributes=”target=’_blank'”]Ransomware In The Form Of A Fake Porn App Attacking Android Users[/p2p]

Edward Snowden Joined Twitter, Within Hours Got More Followers Than NSA

By

Sabarinath

-

September 30, 2015

Edward Snowden, the fugitive who exposed the mass-surveillance practices at the National Security Agency isn’t just a hashtag anymore. Finally Edward Snowden joined Twitter on Tuesday, using the @Snowden Twitter handle. And within few hours he got more number of followers than NSA – @NSAGov. The NSA is also the only Twitter account that Snowden follows. But @NSAGov was not — at least not officially — following him back.

His account, which has been verified by Twitter as authentic, isn’t hard to find: It’s @Snowden. His attorney, Ben Wizner of the American Civil Liberties Union, confirmed to the Los Angeles Times that Snowden himself controls the account.

Here is his first Tweet:

Can you hear me now?
— Edward Snowden (@Snowden) September 29, 2015

Also See : [p2p type=”slug” value=”pentagon-to-develop-scorecard-system-to-stay-away-from-hackers” attributes=”target=’_blank'”]Pentagon To Develop A New System Called Scorecard To Stay One-Step Ahead Of The Hackers[/p2p] Snowden gained almost more than half a million followers after he tweeted his first message Tuesday morning, while his former employer, the NSA, whose account only has 76,000 followers.

Today @Snowden joined Twitter, and here’s the world’s response. pic.twitter.com/d6HgVvdRsf — Twitter (@twitter) September 29, 2015

According to The Intercept – Twitter accommodated Snowden’s wish to join Twitter by clearing out an old account that had claimed the @Snowden handle but had not tweeted for three years.

Also See : [p2p type=”slug” value=”indian-scientists-developed-a-new-algorithm-to-prevent-cybercrime” attributes=”target=’_blank'”]Indian Scientists Developed A New Algorithm To Prevent Cybercrime[/p2p]

Twitter’s terms of service note that the company may collect a user’s “IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information.” In a recent interview with Fusion, Snowden noted that he was worried about joining social-media services for security reasons.

“Exploit codes [could be embedded] into the transactions I’m receiving from a legitimate service and compromise the security of my devices. I’ve been working for a long time on improving that and creating set-ups that are more robust and survivable when you do get owned,” — Snowden told Fusion, adding: “How do you limit the damage? How do you recover in the wake of a compromise? I’ve made a lot of strides in that and am looking forward to, hopefully, participating [on social networks] in a more open and active manner in the near future.”

Snowden, who has lived in Russia since turning over a trove of top-secret documents to reporters more than two years ago, has remained in the public eye thanks to frequent appearances and interviews using video links and sometimes even robots.

Also See : [p2p type=”slug” value=”aliens-is-contacting-earth-right-now-says-edward-snowden” attributes=”target=’_blank'”]ALIENS Are Attempting To Make Contact With Earth Right Now – Edward Snowden[/p2p]