iGyaan Network

Tag: hack

  • Hackers Bring Down Sony Pictures, Threaten to Release All Data

    Hackers Bring Down Sony Pictures, Threaten to Release All Data

    One of the major movie studios is facing a hack attack. Sony Pictures’ computers have been rendered inactive by a hacker group which calls itself Guardians of Peace (#GOP). The group took control of some official twitter accounts and was tweeting the same message across all accounts.

    Sony Pictures sits at the top brass of movie production studios in Hollywood. It has produced blockbuster franchises such as Spider-Man, Men in Black, Underworld, and Resident Evil. The hackers have captured the computers of Sony Pictures across the country with an image of CGI skeleton. This image warned that if GOP’s demands aren’t met then they will release sensitive information (that they have stolen from Sony’s repository) to the world at 6 p.m. Eastern Time today. Demands of GOP are unsure as of now.

    This image has been flashing on all Sony Pictures' computers across the country.
    This image has been flashing on all Sony Pictures’ computers across the country.

    The group has posted .zip files that contain the details of data that they have stolen. These include sensitive data such as financial documents and a lot of passwords. Reddit users are already working on uncovering the .zip files, and it does have a list of important documents including passport information of major stars. Looking at the severity of this hack, the employees were told to shut off their system and go home. Sony Pictures have just said that they are investigating the ‘IT matter’.

    Activism is an important aspect of society; it keeps the people in power under check. Hacktivists group like Anonymous constantly target websites and cyberinfrastructure to send out a message, but they do it ethically and don’t cause severe damage to the institutions they target. But this hack by GOP amounts to theft and blackmailing and can cause major harm to the company. Actions like this brings down the value of activism and changes perception of hackers in the eyes of the general public as high tech but lowly thieves. We still have to wait and see how this stand-off ends, but one thing is sure that this is a deplorable act by this hacking group.

  • Here’s How You Can Deceive WhatsApp’s Blue Tick

    Here’s How You Can Deceive WhatsApp’s Blue Tick

    In a recent attempt to intrude our private lives, WhatsApp added another layer of unnecessary information in the form of blue check marks, indicating that the recipient has indeed read the message.

    The addition of the blue check marks is utterly unwanted in our opinion, given that this brings back the social pressure to reply – what most users consider an interruption of privacy. In the interest of privacy, WhatsApp earlier added the choice to conceal the ‘last seen’ notification that informs the other party when that person was last available on the messaging platform.

    Well, there is a way around to avoid this new feature. Rahul Banker, a blogger and head of India’s Google Developers Group, has revealed the method to avoid this feature in a blogpost.

    whatsapp-convo

    Basically, when you read the message you received on WhatsApp, the app uses your Wi-Fi or Data connection to notify the sender that the message has been read via blue tick marks. So, if you read the message offline, the app won’t be able to send the information to the sender.

    So, if you don’t want the sender to know whether you have read the message or not, you just need to switch off your internet and Wi-Fi connections, then open WhatsApp and read the message. Close the app, reconnect to your data or Wi-Fi, and the check marks remain grey.

  • Nokia X Gets Hacked To Run Google apps

    Nokia X Gets Hacked To Run Google apps

    The recently launched Nokia X, the Android powered device that is intended to promote Microsoft’s services via Android, has been hacked to run Google’s services instead. Basically, you will now be able to run any Google Mobile Services – PlayStore, Gmail, Maps, Notes, etc, on the device. 

    The forked version of Android will not include Play Store or any Google App, like Chrome, Maps etc, however, it can still manage to run the Android applications you want. These X smartphones from Nokia will instead include, Skype, Here maps, Outlook and more services. 

    The first thing to remember about running Android is that any attempt to release a feature or app exclusively for one device family will only result in the hack/mod-minded Android community extracting and sharing said treasure with those running other Android-based devices.

    The hack is pretty simple and we could see a good number of Nokia X models running Google services in the future. A developer named KashaMalaga, by using the popular rooting application, FramaRoot, which lets you avail admin privileges in just one-click, found a quick way to bypass the Nokia X’s bootloader and make it fit for installing a modified version of the operating system (custom ROM).

    [Via]

  • Google Chrome Saves Sensitive User Data In Plaintext

    Google Chrome Saves Sensitive User Data In Plaintext

    Google Chrome browser may be storing sensitive data in such a way that it would be relatively easy for a malicious third party to dig it up and steal your identity, among other things.

    Security researchers at Identify Finder said they performed a series of deep scans on several employee computers using the latest version of Sensitive Data Manager (SDM). The scans revealed a bunch of Google Chrome SQLite and protocol buffers storing user information such as names, addresses, email addresses, phone numbers, bank account info, credit card details, and even social security numbers.

    “We confirmed with each employee that sensitive data, such as social security and bank account numbers, were only entered on secure, reputable websites,” claims Identity Finder.

    The data is not protected in the cache, which means that anyone with access to it can extract the information. This does not necessarily mean local access, as malicious software running on a user’s computer, and even social engineering, may yield the same results.

    Handing over the computer to a computer repair shop, sending it in to the manufacturer, or selling it may provide third parties with access to sensitive information stored by the browser.

    Google Chrome is the world’s third most popular web browser with a 16% market share; Firefox has a 19% share and Internet Explorer holds a 58% share, according to Net Applications.

    This is the second finding of a profound Chrome shortcoming in three months. Last July, NSS Labs analyzed the privacy mechanisms built into Internet Explorer, Firefox, Chrome and Safari and found Chrome offering the poorest privacy protection.

    A statement by Google on The Verge reads : 

    Google Chrome is the most secure browser and offers you control over how it uses and stores data. Chrome asks for permission before storing sensitive information like credit card details, and you don’t have to save anything if you don’t want to. Furthermore data stored locally by Chrome will be encrypted, if supported by the underlying operating system. For example, Chrome OS encrypts all data stored locally by default. We recommend people use the security measures built into their operating system of choice.

  • Fake iMessage App For Android Surfaces, Raises Security Concerns

    Fake iMessage App For Android Surfaces, Raises Security Concerns

    There’s something fishy about this iMessage app for Android, and it’s not the fact that it’s using an outdate iOS 6 skin. While that should be a first warning sign, the reality is that the app, which recently appeared in the Google Play Store, is the work of a third-party developer. It by no means provides official cross-platform access to Apple’s popular messaging service.

    9to5Mac reports that scrutiny of the .apk file – the form the program takes outside the Play Store ecosystem – suggests that there is a serious potential risk to personal data. The app works by using the developer’s own server as a proxy to spoof messages into appearing to come from an iPad Mini, thus bypassing the strict “Apple Only” nature of the iMessage protocol. However, in doing so, it means that the developer has access to all of your message data.

    People that have tried the app reported varying results – some report that they can only message other Android users, while others have only some Apple contacts.

    In addition to these security flaws, the iMessage app requires you to sign in with a working Apple ID. As you probably already know if you have one, your Apple ID stores payment information and personal data, and serves as your gateway into a number of Apple services.

    The iMessage for Android app is available as a free download in the Google Play Store and is by a developer called Daniel Zweigart.

  • Hackers Bid To Enslave London’s Santander Bank Foiled

    Hackers Bid To Enslave London’s Santander Bank Foiled

    Police have foiled a plot to steal millions of pounds after a gang allegedly took control of a bank’s computer remotely.

    Scotland Yard described the cyber-attack on a Santander branch in Surrey Quays shopping centre, south-east London, as the most sophisticated case of its kind that police had encountered.

    The hackers were hoping to use highly sensitive information displayed on the computer to access accounts and drain money from them, but the Hollywood-style cyber heist was foiled.

    The men allegedly fitted a computer within the branch in Surrey Quays shopping centre, southeast London, with a “keyboard video mouse” (KVM).

    The device, which can be purchased online for as little as £10, allowed them to transmit the contents of the computer’s desktop and take control of the machine remotely.

    A spokesman for the Metropolitan Police said it was not clear whether any money was taken, but Santander said “no money was ever at risk”.

    Police added that detectives and bank officials had thwarted a “very significant and audacious cyber-enabled offence” that would have cost Santander millions of pounds. 

    Although it is not the first time police have seen the device used, a Met spokesman said it was the first time it had been used by “an organised criminal network”.

    Det Insp Mark Raymond said: “This was a sophisticated plot that could have led to the loss of a very large amount of money from the bank, and is the most significant case of this kind that we have come across.

    [Via]

  • All Apple Developer Services Back Online With Free One Month Extension

    All Apple Developer Services Back Online With Free One Month Extension

    Apple today restored the Developer Center – the place where it stores all of its resources and information for third-party app creators. A message on the website read :

    We are pleased to let you know that all our developer program services are now online. Your patience during this time was sincerely appreciated. 

    We understand that the downtime was significant and apologize for any issues it may have caused in your app development. To help offset this disruption, we are extending the membership of all developer teams by one month. If you need any further assistance, please contact us.

    The short update to developers, which apologizes for the service outage that lasted just over three weeks, comes five days after Apple announced plans to have the portal at full capacity by the end of this week.

    As promised, Apple has extended developer memberships to make up for all of the down time. Devs will be pleased to see that 1 month has been added to their remaining membership time, meaning if you were set to expire next May, it’s now next June.

    A Turkish security researcher by the name of Ibrahim Balic came forward shortly after the outage and claimed responsibility as the intruder that breached the Dev Center’s database. No personal data was stolen from users, but Apple decided the breach warranted a complete rebuild of the backend.

  • Apple Set To Restore Developer Services This Week

    Apple’s developer portal went down without warning mid-July, the victim of a minor hack the company took very, very seriously.

    While few, if any, sensitive information was compromised, Apple took down the developer portal to rework the security backend and plug the hole. Today, the company has confirmed that most of the important developer tools will be returned to users this week.

    Developers with accounts set to expire during the downtime have been extended for the same period, so any apps about to be removed due to non-payment will remain in the App Store for a little while longer.

    “We plan to reinstate most of the remaining services this week: Xcode automatic configuration as well as access to license agreements, TSIs, program enrollments, and renewals in Member Center,” Apple said in an e-mail that went out to developers Monday morning.

    Following the breach, Apple promised that it would be performing an “overhaul” of its developer systems, including security updates and a rebuilding of the company’s database. In its initial status updates on the security breach Apple promised that no “sensitive” information had been accessed, but as always we recommend a password change and two-factor authentication for any registered Apple developer whose information may be at risk.

  • iOS 7 Beta 4 Fixes Charger Hack

    iOS 7 Beta 4 Fixes Charger Hack

    Apple is said to have fixed a powerful charger-based hack, which previously allowed iDevices to be compromised by hackers using a modified power charger in under a minute.

    As Reuters reports, Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

    “We would like to thank the researchers for their valuable input,” Apple spokesman Tom Neumayr said.  The researchers were Billy Lau, a research scientist at the Georgia Institute of Technology, and graduate students Yeongjin Jang and Chengyu Song.

    Andy Greenberg, Forbes technology and information security reporter explains that the researchers took advantage of a security flaw in Apple’s developer model, which allows anyone with a developer license to install third-party apps on a registered device.

    ios 7

    iOS 7 prompts a new warning message to the user when they plug their iOS device to any device that attempts to establish a data connection informing them that “Trusting this computer will allow it full access to your device and all its data.”

    Of course, this leaves iPhones and iPads that won’t get the iOS 7 update vulnerable. According to the researchers, all other versions of iOS can be hacked in this manner.

    However, end users will have to wait for iOS 7 before the fix arrives.

  • Bluebox Security Reveals That 99% Android Devices Have Major App Vulnerability

    Bluebox Security Reveals That 99% Android Devices Have Major App Vulnerability

    The company Bluebox security, has found a security hole in Android’s operating system. What’s even more scary about this news is the report states that this security hole has been around since Android 1.6 Donut. Apparently what can happen is malicious developers can change the APK of a legitimate company, without any breaks to its cryptographic signature. This basically means that if an app is hacked on Android, the user would not know and could be entering their information and sending it to the malicious hackers unknowingly.

    Android apps (packaged as an “APK”) are signed with an encryption key (just like iOS apps) to prevent a malicious party from changing the code. Signed apps are expressly designed to enable the system to detect any tampering or modification.

    Since verified apps are granted complete access to the Android system and all applications on a phone, the security weakness is potentially huge, although it remains theoretical since it is unclear how malicious apps and updates would be served to users.

    Apps listed on the Google Play store are immune from this tampering, so a hacker would need to lure a user into downloading a malicious version of an app in other ways, perhaps via a third-party app store or fake app links. A phishing email with a link to a fake update for a popular app, for example, might generate some downloads. 

    If Google has not done anything up to this point, it makes you wonder if they taking this security issue as seriously as they should. Smartphone malware is becoming a huge problem and in order to prevent threats, the security companies along with the OS developers must work together, to stop this ongoing threat. 

    As SlashGear reports, according to Bluebox, it informed Google of this Android vulnerability in February of this year. To take care of the issue, every device manufacturer will need to create a patch and roll it out to its users, who will then need to install it. The security firm says it will release “tools/material” and more info about this vulnerability during Blackhat USA 2013, which takes place later this month.

    [Via]

  • Some iOS Developers Targeted With iMessage “Denial Of Service” Attack

    Some iOS Developers Targeted With iMessage “Denial Of Service” Attack

    The Next Web is reporting that a group of iOS developers has been targeted with a series of rapid-fire messages on iMessage, creating a sort of denial-of-service (DoS) attack that crashes the iMessage app.

    App developers iH8sn0w, well known for his jailbreak tool, and Grant Paul were among those targeted by the DoS attack that overwhelmed their respective Messages inboxes with a load of automatically-generated transmissions. 

    imessage

    The two devs believe the messages to have been sent one after another from the Messages app on OS X, with a simple AppleScript effecting the barrage that prompts a victim to constantly clear notifications and text.

    Grant Paul, one of the targeted iOS developers explains how the attack worked:

    “What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” Paul says.

    The second part of that, he explains, is that if a user sends a ‘complex’ text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively ‘break’ the Messages app on iOS by forcing it to close and stop it from re-opening because it can’t render that text.”

    iH8sn0w mocked up a proof-of-concept AppleScript to demonstrate how such an attack may work. If Apple doesn’t limit the influx of messages, a user’s app will quickly become filled with what amounts to piles of spam.

    The attacks hit at least a half-dozen iOS developer and hacker community members, and appear to have originated with a Twitter account involved in selling UDIDs, provisioning profiles and more that facilitate in the installation of pirated App Store apps which are re-signed and distributed.

    Currently, there is no way to block particular senders in iMessage, though iH8sn0w said it should be possible for Apple to notice the bursts of messages and block them as repetitive spamming. Victims can also disable iMessage entirely.

    [The Next Web, Mac Rumors]

  • New Loophole Lets Attacker Reset An Apple ID With Only Your Birthday And Email Address

    New Loophole Lets Attacker Reset An Apple ID With Only Your Birthday And Email Address

    A worrying new security hole allows for an Apple ID to be hacked, simply by knowing the user’s email address and date of birth. The Verge first reported the vulnerability after being tipped off to the hack.

    The Verge reports:

    [T]oday a new exploit has been discovered that affects all customers who haven’t yet enabled [two-step verification]. It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools. We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page.

    The vulnerability affects all customers yet to upgrade to the two-step verification process, leaving those users’ accounts wide open to anyone who knows those not-exactly-hard-to-track down pieces of basic data. 

    apple

    The bad news is that two-step verification is not yet available in many countries. According to the Apple FAQ:

    Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time. When your country is added, two-step verification will automatically appear in the Password and Security section of Manage My Apple ID when you sign in to My Apple ID.

    After the discovery, Apple subsequently took down the iForgot password reset page “for maintenance,” and updated the iCloud System Status webpage to inform users of the issue. 

    In a statement to The Verge the company said, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.”

    At the time of posting, Apple has taken down the iForgot page to avoid further hacks.

    Update : Several online sources report that the loophole has been fixed.

    [Via The Verge]

  • Apple To Release iOS 6.1.2 Next Week To Fix Major Security Issue

    Apple To Release iOS 6.1.2 Next Week To Fix Major Security Issue

    Apple’s promised fix for an iOS 6.1 bug that enables intruders to by-pass a user’s passcode and access certain areas of the phone, could be released this week.

    According to a report from German site iFun, which was dead-on about the release of iOS 6.1.1, the iOS 6.1.2 release date could come as soon as next week, possibly by February 20th.

    The rollout of iOS 6.1 hasn’t gone as smoothly for Apple as the company would have liked.

    Not only did the initial release introduce the security issues and battery problems, in addition to a wallop of a 3G connectivity bug for iPhone 4S users in Europe, the follow-up version, iOS 6.1.1 released last week, introduced a bunch of new issues.

    iPhone users are still reporting Exchange connectivity bugs, so severe that Microsoft is suggesting affected devices be booted from the server so as not to slow down the rest of the network.

    Earlier this week a video was posted online showing how a complex series of button pushes could nullify the passcode and unlock photo albums, calling logs, voicemail and enable the hacker to modify contacts.

    Apple has acknowledged the problem, which is almost identical to one which surfaced in 2010, and said it is hastily working on a fix.

  • Android 4.2 Camera Ported to Galaxy Nexus on 4.1.1

    Android 4.2 Camera Ported to Galaxy Nexus on 4.1.1

    Sporting a Galaxy Nexus, and love the camera on the new Android 4.2 Jelly Bean? Then you might just be in luck, as a user from  Android Central’s forums has ported the camera app and is now available to download for your Nexus Running 4.1.1.

    Its as easy as moving files into location and changing the permissions. Interested?. check out the link below for more instructions.

    [Android Central Forums]

  • Microsoft Releases Internet Explorer Security Bugfix

    Microsoft Releases Internet Explorer Security Bugfix

    Microsoft has released a temporary software fix for a bug in its Internet Explorer web browser. Cybercriminals used the flaw to install the Poison Ivy trojan on users’ computers. This piece of malware can steal data or take remote control of a PC.

    [quote]”Earlier this week, an issue impacting Internet Explorer affected a small number of customers. The potential exists, however, that more customers could be affected… On September 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels,” Trustworthy Computing Director Yunsun Wee said on the Microsoft Security Response Centre website. [/quote]

    The solution will be automatically installed on PCs running on Microsoft’s Windows operating system if the machine is set up to receive important updates, Wee added. 

    Microsoft had began offering a temporary patch for the problem on September 19. 

    “We have released a Fix it (on September 19) that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer,” Wee said. 

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.