Wednesday 9 November 2016

HOW RS 500 AND RS 1000 NOTES BAN WILL EFFECT COMMON MAN !!



November 8th 2016 will go down in Indian history as a red letter day. It marks the day, Indian economy moved from Black economy to white.

In what will be known as a ground breaking, historical move, On November 8th, Prime Minister Narendra Modi announced the demonetization of Rs 500 and Rs 1000 currency notes.

So what does this mean for the common man?

India had been a cash based economy. Nearly 14 Lakh Crore Rupees is in currency notes - about $220 billion worth, is held in cash notes of Rs 500 & Rs 1000. This implies that the impact to Indian economy will be huge - very huge.

Impact on Common Man

Day-1-10: Near panic in local markets. Number of transactions drop by more than 50%. Today on November 9th, almost all businesses have reported more than 50% drop in transactions. I chatted with a Uber driver and a small coffee shop owner. Both reported the same. Uber driver was willing to give me 10% discount for cash payment in Rs 100 notes vs PayTM!

Common people in cities will rush towards digital payments like PayTM.

Immediate impact: Deep Deflation. The amount of money in circulation will drop dramatically while supply of goods will remain stable - hence prices of goods will drop.

Gold prices, stock prices, commodity prices will drop. People will congratulate government for making this bold move. BJP will win elections in UP and Punjab.

Day-10-50: People who have legally earned cash, will start depositing it in bank. This will help improve bank's Cash Reserve Ratios and increase bank deposits. This will lead to more lending. Increase lending activity will make it easier for legal businesses to raise capital and economy will grow.

People who have earned their money illegally, such as bribes, smuggling, Narcotics etc. will have a big problem on their hands. These people will be afraid to deposit it in a bank. Some of them will find ways to deposit this money into a bank, and will declare it as income and pay taxes on it.

Many of these guys - who had easy money flowing will continue to stay out of legal system and will count on their luck or bad luck and sit on their stash of Rs.500 and Rs.1000 notes. This money will be effectively taken out of circulation and that aids deflation.

Day 50-200


Deflation will ease out, and inflation will return. Inflation will happen slowly because lending activities will not happen overnight and will take time. Lending will broaden money supply, creating demand for raw materials and capital goods. This leads to a steady growth of Indian economy.

Real Estate prices will crash. Builders & developers who were eager to sell for cash can no longer sell. They will be forced to lower the price by 10-20%. Already by 1 PM on November 9th, Share prices of DLF is down 21%!

Real estate developers will have to wait for demand from white economy to pick up. Once the economy picks up and with easy availability of bank loans, real estate prices will come back to pre Nov. 8th levels, and by end of 2017, the robust demand will ensure real estate prices to go up.

Real estate developers will be forced to go with legal transactions and play in white economy.

Big Losers


The biggest losers in this are corrupt government officials & Politicians who are sitting on tonnes of cash. They cannot convert the older de-monitized notes to newer ones to avoid risk of tax investigations, and will be willing to lose their illegal money.

Real Estate businessmen, who cannot convert all their hordes of cash will also be hurt by low demand.

Other illegal business owners: Money lenders, hawala finance transactions. These people will find it difficult to conduct their business in the new system. Particularly when government can track newer Rs 2000 currency notes via RF chips.

Closing Thoughts

This is just my opinion based on my knowledge of economy. I may be wrong in some aspects, but overall I am sure Indian economy will go through a cycle of deflation, followed by robust growth and the some creeping inflation.

Let's wait and see how things pan out!

GOOGLE CHROME BROWSER VULNERABILITY MADE 300,000 ANDROID DEVICES HACKED!!!!

A vulnerability in Chrome for Android is actively being exploited in the wild that allows hackers to quietly download banking trojan apps (.apk) onto victim's’ device without their confirmation.

You might have encountered a pop-up advertisement that appears out of nowhere and surprise you that your mobile device has been infected with a dangerous virus and instructs you to install a security app to remove it immediately.

This malicious advertising web page automatically downloads an Android app installation (.apk) file to your device without requiring any approval.

Citing malware threats on your mobile device, attackers trick you to change your device's settings to allow installation of the third-party apps from stores other than Google Play Store and install the banking trojan app on your device.

Kaspersky researchers Mikhail Kuzin and Nikita Buchka discovered one such widespread malicious advertising campaign across Russian news sites and popular websites.

Since this August, the Trojan has infected over 318,000 Android devices across the world — thanks to Google AdSense advertisements that was being abused to spread malicious mobile banking trojan, dubbed Svpeng.

"When an APK file is broken down into pieces and handed over to the save function via Blob() class, there is no check for the type of the content being saved, so the browser saves the APK file without notifying the user," the duo explains in a blogspot.

Google has acknowledged the issue, blocked the malicious ads and planned to patch it, although it is unclear when the next Android Chrome version will be released.
However, if Google sticks to its six-week release cycle, users can expect an update on 3rd December 2016. So, malicious actors have over three weeks to exploit the flaw.

"[The] next time they (criminals) push their adverts on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past; After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?" the pair say.

Even if the Google patch this issue with its next software update, attackers still have an evergreen technique to trick users into downloading malicious apps by exploiting vulnerabilities in popular websites.

For example, a recently disclosed XSS (Cross-Site Scripting) flaw, discovered by Indian security researcher Jitendra Jaiswal, on WhatsApp's official websites could allow attackers to trick users into downloading malware applications.

So, it is always a good idea to install apps from official Google Play Store as well as not to change default Android settings that prevent the installation of third-party apps.

So, the best recommendation for users is to think twice before installing any app (no matter how legitimate it looks) from untrusted sources or clicking on suspicious-looking links.

Tuesday 8 November 2016

FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

 FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

In August, Facebook introduced a hugely controversial data plan to start harvesting data from its WhatsApp messaging app from September 25 for delivering more relevant ads on the social network.

Many users were not happy with the move, because there was no real way of opting out from the data sharing – WhatsApp users could only do so within a short period – and even if users did opt out then, some data would still be shared.

Eventually, some countries like Britain stood up and opposed the decision.

The Information Commissioner's Office (ICO) of the United Kingdom has asked Facebook and WhatsApp to better explain the changes to its customers in the U.K. And if they don't, the ICO could hand out a heavy fine.


What's the good news?

In response, the social media giant has agreed to "pause" sharing of data, including their phone numbers, between WhatsApp and Facebook in Britain to target advertisements on its core social network.

"We have now asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data will be used, and to giving users ongoing control over that information," Elizabeth Denham, the Information Commissioner, wrote in a blogspot.

"I don't think users have been given enough information about what Facebook plans to do with their information, and I don't think WhatsApp has got valid consent from users to share the information.

"When Facebook announced this deal late August, Denham said she would investigate the changes to the Britain's data protection laws, and has now issued an update revealing the social networking giant has agreed to hold off data sharing from UK users.Denham said that its users right to have control over their data and she now wanted Facebook and WhatsApp to let users restrict access to their information beyond the existing 30-day period, and let them completely opt-out of the agreement at any time.

When Facebook acuired whatsapp for $19billion in 2014, users were worried about the company's commitment to protecting its users' privacy. But, WhatsApp reassured them that their privacy would not be compromised in any way.

But after the deal, the WhatsApp users felt betrayed by the company.

After introducing end-to-end encryption, WhatsApp has become one of the most popular secure messaging apps, but this shift in its privacy policy may force some users to switch to other secure apps like Telegram and Signal.

Neither Facebook nor WhatsApp has yet responded to the Information Commissioner's announcement.

Monday 7 November 2016

DDOS ATTACKS ON WIKILEAKS:US ELECTIONS EFFECT

Wikileaks Gets DDoS after Leaking 8,200 DNC Emails One Day before Elections

With just two days before the presidential election, WikiLeaks late Sunday night published a new trove of emails apparently hacked from the Democratic National Committee (DNC).

The most recent dump of more than 8,000 emails came after the whistleblowing site, on a daily basis over last four weeks, has already leaked over 50,000 emails stolen from the key figure in the DNC – Hillary Clinton's campaign chairman John Podesta.

However, this time, not everything went as planned by WikiLeaks.

WikiLeaks early Monday morning announced on Twitter that shortly after the release of hacked DNC emails the organization was the target of a major Distributed Denial of Service (DDoS) attack.

What's more?

Soon after WikiLeaks reported the DDoS attack on its email publication servers, Twitter also went down, and the outage lasts for at least 30 minutes.

According to a status monitor, the Twitter outage began at around 6.45am GMT and continued for nearly half an hour, though reports suggested that the impact vary from user to user and many users were still experiencing issues in Japan over a couple of hours later.

Here's what WikiLeaks then posted on its Facebook page:

"We are still under a DoS attack on our e-mail publication servers, and it appears that Twitter is down as well, we are unable to confirm if this is an attack on Twitter at this time."


WikiLeaks Down! Twitter Down! Any Connection?



At this moment, there is no connection between both the incidents, although some Twitter users quickly linked the two outages.

"Twitter went down because Wikileaks released #DNCleak2 It has begun! They are trying to suppress the truth from coming out!!!," a Twitter user said.
"So Twitter was down due to the #DNCLeak2 released by @wikileaks - we should be worried, global censorship is heading our way," another user said.

One of the leaked emails saw former Clinton Foundation fundraiser Doug Band slamming Chelsea Clinton for allegedly spending funds from the Clinton Foundation to help pay for her wedding.

Earlier this year, the FBI argued to investigate the Clinton Foundation for potentially giving donors special favors and political access, but just yesterday, the agency cleared Clinton of any criminal wrongdoing after a review of the latest trove of her leaked official emails.

TESCO BANK HACKED:MONEY FROM 20,000 ACCOUNTS HAVE BEEN STOLED!!




Tesco Bank has taken the drastic measure of temporarily halting all online transactions after thousands of customers have seen hundreds of pounds wiped from their savings accounts over the weekend due to an online hacking attack.

The bank has now suspended online transactions for current account holders.

Customers affected by the block will still be able to withdraw cash and use other services.

On Twitter customers reported seeing as much as £700 disappearing from their available balance.
.

Benny Higgins, chief executive of Tesco Bank, on Monday, confirmed that that about 20,000 customers have had money taken from their accounts, with "suspicious activity" identified in another 20,000.

The total is considerably more than the figure the bank was quoting on Sunday of fewer than 10,000 accounts.

Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend.

As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the “online criminal activity.”

However, customers can still use their debit and credit cards for cash withdrawals and card-based payments.

Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend.

The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a "big number but not a huge number."

If you have been affected by this incident, don’t worry!Higgins has apologized for the "inconvenience" and announced that customers are not at financial risk, as any financial loss that results from this fraudulent activity will be borne by the bank.

“We are working hard to resume normal service on current accounts as soon as possible,” Higgins said.




Others complained about a lack of communication from the bank and hours spent on hold.

Higgins said the bank is "taking every step to protect" customers.

Speaking to the BBC, Higgins sought to reassure customers saying he was "very hopeful" customers would be refunded within 24 hours.

Higgins said: "That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers."

INDIAN EMBASSY WEBSITES IN 7 SEVEN COUNTRIES HACKED: DATABASE LEAKED ONLINE!!!

Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad.

This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns.

Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.

In pastebin link shared on their Twitter account, the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad.

The pair exploited a simple vulnerability in the targeted websites in an effort to gain unauthorized access to the databases.

The Hacker News team has analyzed those hacked sites and found they are vulnerable to SQL Injection vulnerability that allows an attacker to inject malicious SQL commands (payloads) to the web application and steal database containing sensitive information.


"We did it because their security was poor, and several domains related to the Indian Embassy had the same vulnerability. This proves that a lot of people can not trust the "Embassy." We hope that this problem will be fixed in the future." hackers told The Hacker News via email.
"We did not do it for the lulz or something, but we did just for them to pay attention to the issues with their crucial websites. Also, we did not leak anything like their real address, city or zip code, which is available in the database." The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.

Is India Prepared for Cyber Attacks?

This is not just the first time when hackers have targeted Indian embassies. In the month of June, Seven other High Commission websites in Tajikistan, Romania, Greece, Turkey, Mexico, Sao Paolo and Pretoria were hacked and defaced by Pakistani hackers.

However, it seems like the Indian government did not take the incident as a lesson to tighten the security of its critical infrastructure that is all time favorite target of black hat and nation-state actors and could put nation’s security at risk.

Since past two and a half years, from when Narender Modi has come into power as Prime Minister, we have heard so much about Digital india programme – an initiative championed by Government of India that aims at making all government services electronically available as well as providing high-speed Internet connectivity nationwide.

The Department of Telecommunications has stated multiple times that the Indian government is very serious about the cyber security threats and is taking all the necessary initiatives in this direction.
The initiative also includes vision to broaden digital infrastructure in the country with new technologies, but so far we have not seen any ground level initiative to tighten up the security of at least websites that represent various crucial government departments, agencies, services, and programs.

Not convinced yet? Let me put some stats to make my point clear.

A report from cyber security company Fire Eye found that 38% of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, that's 23% increase from the previous report.

"India is fast becoming a strategic target, in part because of the potentially sensitive information that is expected to be digitized through ambitious and high-profile projects such as Digital India," the report stated.

Last year, an annual report from CERT-In noted that over 26,244 India websites were hacked, which includes hundreds of government websites.

Also, more than 35 Indian central and state government websites have recently been hacked by Pakistani hackers after India did surgical strikes across the Line of Control (LoC), Economic              times reports.

Another survey says that cyber crime incidences in India have drastically jumped in past year, with 72% companies in the country falling victim to online attacks.

So far we haven't completely tackled security of our websites and a stream of Internet of things cyber attacks have dramatically increased t

Friday 4 November 2016

WARNING:Your mobile device can be hijacked and tracked without your knowledge!!

Here's a new danger to your smartphone security: Your mobile device can be hijacked and tracked without your knowledge.

Remember Stringrays?

The controversial cell phone spying tool, also known as "IMSI catchers," has long been used by law enforcement to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts calls and Internet traffic, sends fake texts, and installs spyware on a victim's phone.

Setting up such Stingrays-type survelliance devices, of course, is expensive and needs a lot of efforts, but researchers have now found a new, cheapest way to do the same thing with a simple Wi-Fi hotspot.Yes, Wi-Fi network can capture IMSI numbers from nearby smartphones, allowing almost anyone to track and monitor people wirelessly.

IMSI or international mobile subscriber identity is a unique 15-digit number used for authentication of a person when moving network to network. The number is stored in the read-only section of a SIM card and with the mobile operator.

Note: Don't confuse the IMSI number with the IMEI number. IMSI is tied to a user, while IMEI is tied to a device.


Stealing your Fingerprints to Track you Everywhere
In a presentation at BlackHat Europe, researchers Piers O'Hanlon and Ravishankar Borgaonkar from Oxford University have demonstrated a new type of IMSI catcher attack that operates over WiFi, allowing anyone to capture a smartphone's IMSI number within a second as the users' pass by.

The attack would then use that IMSI number to spy on the user's every movement.

The actual issue resides in the way most modern smartphones, including Android and iOS devices, in the world connect to Wi-Fi networks.

There are two widely implemented protocols in most modern mobile operating systems:


Extensible Authentication Protocol (EAP)
Authentication and Key Agreement (AKA) protocols


These protocols allow smartphones to auto-connect to public WiFi hotspots.

Modern smartphones are programmed to automatically connect to known Wi-Fi networks by handing over their IMSI numbers to log into the network, without owner's interaction.

So, attackers exploiting the WiFi authentication protocols could allow them to set up a "rogue access point" masquerading as a well-known WiFi network and trick smartphones in that range to connect.

Once connected the rogue access point extracts their IMSI numbers immediately. This captured unique identifier of your smartphone would then allow attackers to track your movements wherever you go.


Intercepting WiFi Calling to Steal Your Unique Identity Number


The researcher also demonstrated another attack vector whereby attackers can hijack the WiFi callingfeature offered by mobile operators.

This technology is different from voice calling on WhatsApp or Skype app which uses voice over Internet Protocol.

Whereas, WiFi calling, which is supported on iOS and Android devices, allows users to make voice calls over WiFi by connecting to the operator's Edge Packet Data Gateway (EPDG) using the encrypted IP security (IPSec) protocol.

Like the WiFi auto connect feature, the Internet Key Exchange (IKEv2) protocol used for authenticating WiFi calling is also based on identities such as the IMSI number, which are exchanged over EAP-AKA.

EAP-AKA exchanges are encrypted, but the problem is that they are not protected by a certificate.

This issue exposes the feature to man-in-the-middle (MITM) attacks, allowing attackers to intercept the traffic from a smartphone trying to make the call over WiFi and quickly extract the IMSI number in seconds, the researchers said.

The good news is that you can disable the Wi-Fi calling feature on your device, but Wi-Fi auto connect can only be disabled when such a network is in range.

The researchers reported the issues to both the mobile OS companies, including Apple, Google, Microsoft and Blackberry, and the operators such as GSMA, and have been working with them to ensure the future protection of the IMSI number.

Apple, as a result of conversations with the duo researchers, has implemented a new technology in iOS10 that allows handsets to exchange pseudonyms and not identifiers, helping mitigate the threat.

The duo concluded their research by showing a proof-of-concept system that demonstrates their IMSI catcher employing passive as well as active techniques.

ANONYMOUS TRYING TO TAKE DOWN WHOLE COUNTTY'S INTERNET!!!!

ANONYMOUS TRYING TO TAKE DOWN WHOLE COUNTTY'S INTERNET!!!! 


Someone is trying to take down the whole Internet of a country by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware.

It all started early October when a cybercriminal publically released the sourcebcode of mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.

Just two weeks ago, the Mirai IoT Botnet caused vast inernet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000participated in the attacks.Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state.

One such incident is happening from past one week where hackers are trying to take down the entire Internet of Liberia, a small African country, using another Mirai IoT botnet  known as Botnet14.Security researcher Kevin Beaumont has noticed that Botnet 14 has begun launching DDoS attacks against the networks of "Lonestar Cell MTN ", the telecommunication company which provides the Internet to entire Liberia via a single entry point from undersea fiber cable.

"From monitoring, we can see websites hosted in country going offline during the attacks — Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack," Beaumont said in a blogpostpublished today.According to Beaumont, transit providers confirm that the attacks were over 500 Gbps in size, but last for a short period. This volume of traffic indicates that the "Shadows Kill" Botnet, as the researcher called it, is "owned by the actor which attacked Dyn."

Why Taking Down Liberia's Internet Is easy?

Over a decade of civil war in Liberia destroyed the country's telecommunications infrastructure, and at that time a very small portion of citizens in Liberia had access to the internet via satellite communication.

However, some progress were made later in 2011 when a 17,000 km Africa Coast to Europe (ACE) submarine fiber-optic cable was deployed from France to Cape Town, via the west coast of Africa.

The ACE fiber cable, at depths close to 6,000 meters below sea level, eventually provides broadband connectivity to more 23 countries in Europe and Africa.What's shocking? The total capacity of this cable is just 5.12 Tbps, which is shared between all of the 23 countries.

Since massive DDOS attack used a Mirai botnet of just 100,000 hacked IoT devices to close down the Internet for millions of users, one can imagine the capability of more than 1 Million hacked IoT devices, which is currently in control of the Mirai malware and enough to severely impact systems in any nation state.

This is extremely worrying because, with this capacity, not just Liberia, an attacker could disrupt the Internet services in all 23 countries in Europe and Africa, which relies on the ACE fiber cable for their internet connectivity.

The root cause? More insecure, vulnerable IoT devices, more Mirai bots.

So, in order to protect yourself, you need to be more vigilant about the security of your smart devices because they are dumber than one can ever be.

In our previous article, we provided some basic, rather effective, solutions, which would help you protect your smart phone devices from becoming part of the Mirai botnet. You can also check also yourself if your IoT device is vulnerable to Mirai malware.

Thursday 3 November 2016

GOOGLE latest stable update for chrome browser comes with vulnerabilities:creates hacker a chance to Denial of Service attack!!!

GOOGLE latest stable update for chrome browser comes with vulnerabilities!!!



This week, Google released the latest stable update for its chrome browser addressing three high priority security vulnerabilities. Version 49.0.2623.87 of Chrome is available now for Windows, Mac and Linux computers, and although Google isn’t willing to discuss the fixes in detail, a recent blog post explains the basics of the bugs.The stable channel has been updated to 54.0.2840.87 for Windows, Mac, and 54.0.2840.90 for Linux. This will roll out over the coming days/weeks.CVE-2016-1643, the first of the three security issues, is a type confusion within Blink, which ZDNet describes as a rendering engine used by the Chrome browser. The researcher who discovered the vulnerability was rewarded $5,000.



CVE-2016-1644, the second issue, was also a Blink-related issue. The use-after-free vulnerability in Blink was a memory corruption problem which could have given hackers the ability to execute code on the browser remotely. The researcher behind this discovery, Atte Kettunen of the Oulu University Secure Programming Group was granted $3,500.

CVE-2016-1645, the third and final flaw, was an out-of-bounds write issue in PDFium (Chrome’s PDF rendering engine). Google credits an anonymous researcher working with HP’s Zero Day Initiative for this discovery, but didn’t announce any sort of reward.

As long as you’ve closed and reopened your Chrome browser in the past couple of days, chances are that your browser has been automatically updated. But if you want to make sure, just tap the menu button in the top right corner of the browser, click Settings and then navigate to the About tab on the left-hand side of the screen.

If you see “Google Chrome is up to date,” then you’re good to go. Otherwise, the update should be in the process of downloading. Let it finish, then restart your browser. Now you’re safe from those vulnerabilities.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


[$NA][659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative



The latest Google Chrome browser update comes with 33 vulnerability patches, including 13 that are high-severity. It’s all thanks to community contributors and bug fighters who submitted fixes for Chrome’s bug bounty program program.

Many of the vulnerabilities fixed in this release were part of the browser’s engine Blink, but some of the more high-severity discoveries were for Chrome’s built-in PDF reader, PDFium.

This big rollout of bug fixes follows another busy month, where 48 vulnerabilities were patched in July alone. Some of the bug bounty contributors netted themselves quite a bit of cash too, up to $7,500 per cross-site scripting bug caught.

The beauty of a bug bounty program is that anyone with some programming and security know-how can examine the code of the program in question and find potential security risks.

If the security vulnerability is verified, the researcher is compensated for their work by the company that set the bounty, and we, the consumers, all have a safer experience for it.

Thousands of software companies now offer bug bounties for researchers to find security flaws in their programs, from small firms to large enterprises.

And it’s not just companies that offer such rewards. Recently, the US Department of Defense created its own bug bounty called “Hack the Pentagon,” which rewarded 138 researchers for their discoveries of critical security flaws in national defense infrastructure.

The Chrome update will be rolled out over the next few weeks. Google says that details about the bugs may be kept under wraps until most users have updated.

Flaws in MYSQL gives Hackers root acess to servers!!!

Flaws in MYSQL gives  Hackers root acess to servers!!! 

Over a month ago we reported about two critcal day zero viulnerabilities in the world's 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details andproof -of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later.

On Tuesday, Golunski has released proof-of-concept (POC) exploits for two vulnerabilitieOne is the previously promised critical privilege escalation vulnerability (CVE-2016-6664), and another is a new root privilege escalation bug (CVE-2016-6664) that could allow an attacker to take full control over the database.

Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks — Percona Server and MariaDB.

Privilege Escalation/Race Condition Bug (CVE-2016-6663)
The more severe of the two is the race condition bug (CVE-2016-6663) that can allow a low-privileged account (with CREATE/INSERT/SELECT grants) with access to the affected database to escalate their privileges and execute arbitrary code as the database system user (i.e. 'mysql').

Once exploited, an attacker could successfully gain access to all databases within the affected database server.


Root Privilege Escalation (CVE-2016-6664)
Another critical flaw in MySQL database is a root privilege escalation bug that could allow attackers with 'MySQL system user' privilege to further escalate their privileges to root user, allowing them to fully compromise the system.The issue actually stems from unsafe file handling of error logs and other files, which comes under MySQL system user privileges, allowing it to be replaced with an arbitrary system file, which opens the door to root privileges.

What's more troublesome? An attacker with a low-privileged account can also achieve root privilege by first exploiting the Privilege Escalation flaw (CVE-2016-6663) to become 'MySQL system user' and thus allow attackers to fully compromise the targeted server.

All these vulnerabilities could be exploited in shared hosting environments where users are assigned access to separate databases. By exploiting the flaws, they could gain access to all databases.

Golunski has published the proof-of-concept exploit code (EXPLOIT1, EXPLOIT2) for both the flaws and will soon upload videos

MySQL has fixed the vulnerabilities and all of the patches ultimately found their way into Oracle's quarterly Critical Patch Update last month.

Administrators are strongly advised to apply patches as soon as possible in order to avoid hackers seeking to exploit the vulnerabilities.

If you are unable to immediately apply patches, then as a temporary mitigation you can also disable symbolic link support within your database server configuration to this setting — my.cnf to symbolic-links = 0 — in an attempt to protect yourself against cyber attacks.

Wednesday 2 November 2016

19-year teenager behind Ddos for hire service earned $385000!!!

Teenage hacker earned around $385000 who is the cause of Ddos attacks!!!!


Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data.

A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly became one of the most popular DDoS booter tools in the market to conduct distributed denial of service (DDoS) attacks.

Dubbed Titanium Stresser, the tool was used to conduct coordinated DDoS attacks around the world and brought Adam Mudd an income of more than US$385,000 (£315,000 A$505,000), according to the Eastern Region Special Operations Unit (ERSOU).On 28 October at the Old Bailey, Mudd pleaded guilty to two counts of the Computer Misuse Act and one count of money laundering offense and will be sentenced in December.

Mudd, who was arrested at his home in 2015, admitted to committing unauthorized acts of creating the DDoS service, using it himself, and then renting it to other cyber criminals through the service's website.




Prosecutor Jonathan Polnay says the teenager allegedly launched 592 DDoS attacks against 181 IP addresses between December 2013 and March last year.

"Titanium Stresser is a computer program created by the defendant, and it is not an unimpressive piece of software in terms of design," Polnay told the court. "It carried out DDoS attacks, and it takes down computer networks and websites."


Moreover, from the detailed logs authorities discovered in his home, investigators were able to determine that other criminals had used Titanium Stresser to launch a whopping 1.7 Million DDoS attacks on targets worldwide.

It has also been believed that the infamous Lizard Squad gang used the source code of Titanium Stresser as a base for its Lizard Stresser -- another DDoS-for-hire service most famously used to take down the PlayStation and Xbox Live networks in 2014.

Mudd is scheduled to be sentenced in December 2016.


Monday 31 October 2016

Ultra fast Wifi is ready To Replace the present day Wifi in 2017..Get Ready to boost your internet speed!!!!

WiGig To Replace the present day Wifi in 2017..Get Ready to boost your internet speed!!!!


Get ready for faster Internet because the WiFi you know today is about to change and get much, much faster.

The WiFi Alliance, a self-described "worldwide network of companies that brings you Wi-Fi," has finally certified "WiGig," an ultra-fast, short-range wireless network technology that will nearly double Wi-Fi's current top speed.

As many as 180 Million devices, including routers, smartphones, laptops, tablets, and other devices, arriving by the end of next year will support WiGig or multi-gigabit Wi-Fi 802.11ad on the 60 gigahertz band, the Alliance announced.



This certification program aims to encourage the production of devices and hardware that not only operate in the "less congested" 60 GHz spectrum but can also fall back to the regular Wi-Fi – 2.4 or 5 gigahertz bands – for maximum interoperability.

"Wi-Fi has delighted users for more than 15 years, and WiGig now gives users even higher performance in a rich variety of applications unleashing an unparalleled Wi-Fi experience," Wi-Fi Alliance CEO Edgar Figueroa said.

"WiGig further expands the Wi-Fi CERTIFIED portfolio into 60 GHz, and will augment existing and developing Wi-Fi programs and technologies."
WiGig can provide speeds of up to 8 Gbps, or nearly 1GB per second from a distance of up to 33 feet (10 meters). 8 Gbps is around three times faster than the best available devices on 802.11ac protocol right now.

This speed boost will help you download high-quality HD movies in just seconds. Also, the technology will make it possible to have super-fast wireless docks and wireless VR and AR headsets.


However, both ends of a connection should support WiGig the technology to achieve supported speeds.

The major issues with WiGig are adoption and compatibility. The WiFi Alliance also uncovered the first five certified WiGig products from Intel, Qualcomm, and Dell, among others.

The first certified consumer products to carry the WiGig standard is the Dell's Latitude 7450 and 7470 laptops, though the technology is eventually making its way into routers, tablets, notebooks, smartphones, and other categories.

Both Intel and Qualcomm have also certified router solutions. However, some companies such as Samsung have already released uncertified WiGig hardware.

The Wi-Fi Alliance expects its new WiGig standard to take off by 2017.

Friday 28 October 2016

"CELEBGATE"-HACKER PRISONED FOR 18 MONTHS FOR HACKING CELEBRITY NUDE PHOTOS!!!

The hacker who stole nude photographs of female celebrities two years ago in a massive data breach — famous as "The Fappening" or "Celebgate" scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday.

36-year-old Lancaster, Pennsylvania Ryan collins in March and charged with hacking into "at least 50 iCloud accounts and 72 Gmail accounts," most of which owned by Hollywood stars, including Jennifer Lawrence, Kim Kardashian, and Kate Upton.



Now, a judge in Harrisburg, Pennsylvania, on Wednesday sentenced Collins to 18 months in federal prison after violating the Computer Fraud and Abuse Act.



Here's How Collins Stole Celebrities' Nude Photos
Federal prosecutors said Collins ran phishing scheme between November 2012 and September 2014 and hijacked more than 100 people using fake emails disguised as official notifications from Google and Apple, asking victims for their account credentials.


"When the victims responded, Collins then had access to the victims' e-mail accounts. After illegally accessing the e-mail accounts, Collins obtained personal information including nude photographs and videos," the Justice Department said in a statement.
"In some instances, Collins would use a software program to download the entire contents of the victims' Apple iCloud backups. In addition, Collins ran a modeling scam in which he tricked his victims into sending him nude photographs."


Many of the compromised accounts belonged to famous female celebrities including Jennifer Lawrence, Kim Kardashian, Kate Upton, Kirsten Dunst, Aubrey Plaza, Rihanna, Avril Lavigne and Gabrielle Union.

Another suspect, EDWARD MAJERCZYK, 28-years-old of Illinois, pleaded guilty in July and charged with hacking 300 Gmail and icloud Accounts. However, authorities have yet to identify the uploader or 'leaker' of the photographs stolen by Collins and Majerczyk.

According to officials, Collins and Majerczyk hacked over 600 victims by their social engineering tricks.

Collins faced a maximum of five years in prison, but as part of his plea deal, prosecutors proposed a lighter sentence of only 18 months.

HACKERS OF IPHONE6S AND GOOGLE NEXUS 6P EARNED $215,000

The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016  contest run by Trend Micro's Zero Day Initiative (ZDI) in Tokyo, Japan.

Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple's iPhone 6S as well as Google's Nexus 6P phones.


Hacking iPhone 6S

For hacking Apple's iPhone 6S, Keen Lab exploited two iOS vulnerabilities – a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device, for which the team was awarded $52,500.



The iPhone 6S exploit successfully worked despite the iOS 10 update rolled out by Apple this week.

Earlier this week, Marco Grassi from Keen Lab was credited by Apple for finding a serious remote code execution flaw in iOS that could compromise a victim's phone by just viewing "a maliciously crafted JPEG" image.

However, a tweet from Keen Team indicated it was able to make the attack successfully work on iOS 10.1 as well.

The Keen Lab also managed to install a malicious app on the iPhone 6S, but the app did not survive a reboot due to a default configuration setting, which prevented persistence. Still, the ZDI awarded the hackers $60,000 for the vulnerabilities they used in the hack.




Hacking Google's Nexus 6P

For hacking the Nexus 6P, the Keen Lab Team used a combination of two vulnerabilities and other weaknesses in Android and managed to install a rogue application on the Google Nexus 6P phone without user interaction.

The ZDI awarded them a whopping $102,500 for the Nexus 6P hack.

So, of the total potential payout of $375,000 from the Trend Micro's Zero Day Initiative, the Keen Lab Team researchers took home $215,000.

Monday 24 October 2016

HOW TO ENCODE AND DECODE A AUDIO FILE:HELPS IN SECRET FILE SHARING



We generally told understand the Mr.Robot TV show. In naturalize 1, Elliot hid his friends’, employees’, etc’s front page new, in audio CDs.




Requirement:

– DeepSound



Step 1:

After runway, the as a matter of choice screen you handle will have two options on the header.

Select “Hide Data Inside Audio”.



Click on “open attack aircraft file” and add to payroll audio.


Set “High” produce audio indict quality.


Click on “Add Secret file”.


Select your urge hiding lost the audio.


Click on “Encode close to one chest file”.


Select Output format, Output Directory.


Select Encrypt close to one chest file (AES 256),Enter Password.


Now be of one mind on “Encode separate file” and in a second you will win an Information dialog box.

When you rollick the audio, it will rollick seamlessly. Nobody will know that you encoded word in that audio.


Steps for Decoding:

After Encoding/Hide disclosure we crave to decode/Recover front page new .

Click on prove carrier indict And engage encrypted audio.


It requires a code book when you unmask it. Enter your password.

You manage your files that you encoded in this audio.

Click on Extract individual files.

TIPS TO CRACK WIFI: ITS WORKING!!!



This posting discusses how inconsequential is to point someone’s wifi euphemism by the agency of wifite and cudaHashcat.

Tools hand me down :

kali linux (O.S.)

cudaHashcat

A lucky album (for wpa/wpa2)

First of en masse, you behooves ensure that you have a transmission adapter letter (alpha nod, TP-LINK, netgear etc.)

I am let us suppose that you have the am a source of strength of your hacking machine. Now let’s start.

Boot directed toward kali linux and Open the fatal and description airmon-ng for checking that you have a having a full plate wireless adapter how do you do .

Now read your route facing inspect fixed attitude per the commands:

airmon-ng has a look see kill

airmon-ng burn up the road wlan0 (in my action it is wlan0)

Then name of tune the keep under one thumb wifite (to resist multiple WEP, WPA or WPS encrypted networks)

It automatically sniffs for the most part the wi-fi networks accessible in the air.When you are done urge ctrl c for act like a wet blanket scanning.

After scanning you comparatively have to add to payroll which ssid you please to attack. Now the after steps are your decision.

First it is mended to examine for wps ogle attack. If wps at hand (you can prevent it manually) additionally it is in working order to deauthenticate generally told the clients and has a look see for handshake (in wpa/wpa2 security)

Now when you got the handshake just oblige into that directory. It is in the .cap had the law on field of reference, assume form of it into the .hccap breadth file by the agency of the command:

aircrack-ng one.cap -J another(it automatically takes the extension hccap)

Now in the terminal humor the boss for cracking the hccap file:

hashcat -m 2500 another.hccap dic.txt

Explanation :

hashcat : it is in my status it could be march to a diverse drummer on different platforms

m: mode of hash

2500 : is for wpa/wpa2

If the password is hinge on in the dictionary, you are done.

XIAOMI PHONE CAN SILENTLY INSTALL APP :CHANCE TO A HACKER

Do you seize an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus?

If yes, before you intend be interested that at the point of generally told smartphone manufacturers laid at a well known feet custom ROMs appreciate CyanogenMod, Paranoid Android, MIUI and others by the barring no one of some pre-loaded themes and applications to pick up the device's performance.

But do you have complete idea roughly the pre-installed apps and services your skilled worker has connected on your device?, What are their purposes? And, Do they pose entire threat to your money in the bank or privacy?

With the related curiosity to meet face to face answers to these questions, a Computer Science senior and warranty enthusiast from Netherlands who enjoy a Xiaomi Mi4 smartphone directed an long hard look to gets through such head the motive of a out view pre-installed app, dubbed AnalyticsCore.apk, that runs 24x7 in the blackout and reappeared someday if you exterminate it.

Xiaomi is a well known of the world's largest smartphone manufacturers, which has earlier been criticized for growing along the ground malware, voyage handsets mutually pre-loaded spyware/adware and crooked version of Android OS, and covertly stealing users' disclosure from the stylistic allegory without their permission.

Xiaomi Can Silently Install Any App On your Device

After asking roughly the motive of AnalyticsCore app on company’s vow forum and getting no life, Thijs Broenink dance to a different tune engineered the sense of duty and bottom that the app checks for a new inform from the company's idol server a throw 24 hours.

While making these requests, the app sends allusion identification information by the whole of it, including phone's IMEI, Model, MAC devote, Nonce, Package appoint as amply as signature.

If there is an updated app accessible on the server by the whole of the filename "Analytics.apk," it will automatically gain downloaded and accessible in the blackout without addict interaction.

"I couldn't clash entire proof gut the Analytics app itself, so I am assumed that a higher off the hook Xiaomi app runs the runway in the display," Broenink says in his blog post.

Now the confirm is, Does your dial runs it up a flagpole the modesty of the APK, and does it ratiocinate sound sweeping is approximately an Analytics app?

Broenink hang that there is no paper trail at all to flash which APK is getting accessible to user's phone, which way of doing thing there is a behavior for hackers to use for one arrest ends this loophole.

This besides means Xiaomi gave a pink slip remotely and silently install entire application on your antithesis comparatively by renaming it to "Analytics.apk" and hosting it on the server.

"So it looks relish Xiaomi bouncecel transport entire (signed?) parcel they prefer silently on your anticlimax within 24 hours. And I’m not sure when this App Installer gets called, notwithstanding I read if it’s ready willing and able to apartment your own Analytics.apk inner the approved dir, and warble for it to win connected," Broenink said.

Hackers Can Also Exploit This Backdoor

Since the finder of fact didn't clash the no ifs and or buts end of the AnalyticsCore app, nor yet on Googling nor on the company's website, it is intimately to charge why Xiaomi has laid away this latent "backdoor" on its millions of devices.

As I once said: There is no a well known backdoor that me and my shadow its creator boot access.

So, but hackers or complete intelligence agency the way one sees it untrue at which point to milk this backdoor to silently persuade malware onto millions of Xiaomi devices within just 24 hours?

Ironically, the allusion connects and engage updates everywhere HTTP banding together, exposing the whole process to Man-in-the-Middle attacks.

"This sounds appreciate a jeopardy to me anyway, as they have your IMEI and Device Model, they can install whole APK for your allusion specifically," Broenink said.

Even on the Xiaomi deduction forum, endless users have discovered their concerns roughly the mortal being of this latent APK and its purpose.

"Don't comprehend what motive does it serve. Even at the heels of deleting the indict it reappears trailing some presage," one addict said.

Another circulating, "if I go to battery nature app, this app is till death do us part at the top. It is eating so at staple I believe."

How to Block Secret Installation? As a in wink of an eye workaround, Xiaomi users can sell all connections to Xiaomi thick domains via a firewall app.

No one from Xiaomi set has someday commented on its forum roughly the assess raised by Broenink. We'll explain the specific as urgently as we noticed from the company.

Meanwhile, if you are a Xiaomi user and has like a one man band anything dubious on your anticlimax, flay the comments little and let us know.

Official Statement From Xiaomi

A Xiaomi spokesperson has reached out The Hacker News by the whole of an little tin god definition for the claims obligated by Thijs Broenink close but no cigar a backdoor that let hackers, as readily as Xiaomi itself, to behind one back install any application on the millions of hooked devices, saying:

"AnalyticsCore is a deep-rooted MIUI system element that is secondhand by MIUI components for the purpose of data experiment to uphold improve user go through, one as MIUI Error Analytics."

Although the attend did not take wind out of sails or observation anything approximately its right to automatically install any app onto your analogy in the blackout without your interaction, the spokesperson has clarified that hackers would not be suited to milk this "self-upgrade" feature.

"As a security held a candle to, MIUI checks the writ by hand of the Analytics.apk app far and wide installation or brake the bank to prove that me and my shadow the APK mutually the idol and approved signature will be installed," the colleague added.

"Any APK without an official signature will discount to install. As AnalyticsCore is sharps and flat to ensuring has a jump on user get, it supports a self-upgrade feature. Starting from MIUI V7.3 declared publicly in April/May, HTTPS was enabled to further have data grant, to prohibit any man-in-the-middle attacks."

SAMSUNG PHONES BUG LETS HACKER ENTER INTO PHONE !!!



SAMSUNG PHONES LETS HACKER ENTER INTO PHONE:


More than 600 Million users of Samsung Galaxy smartphones, including the latterly released Galaxy S6, are potentially subordinate to a software anger that allows hackers to secretly gat an eyeful of the phone's camera and microphone, put question messages and install callous apps.


The uncertainty is guerdon to a problem by all of the Samsung inbred upright piano app that enables easier predictive text.


One of the upright piano app tale, SwiftKey IME, that comes prepackaged mutually Samsung's latest Galaxy smartphones could had the way of doing thing for a low down and dirty hacker to remotely heed code on user's put a call through at some future timetually when if they are not by the upright piano app.


Users cannot gain rid about Flaw


The app cannot be uninstalled or gone to pieces by the users of the Samsung smartphone devices, so it take care of Samsung to untangle the prompt bug.



The cause for alarm was dug up by NowSecure mobile stake researcher Ryan Welton, who notified Samsung close nonetheless no cigar the annoy in December get along year.



The keyboard app occasionally prompts a server whether it needs barring no one updating, but Samsung devices do not encrypt the executable indict, making it ready willing and able for complete hacker to conform the traffic for an unhealthy Wi-Fi alliance and fly a hard payload to a phone in decision to earn control of it.



This behavior is constantly known as a Man in the Middle or MITM take up the gauntlet, and encryption is regular used to prevent malicious hackers from exploiting them.


Swift has an arm and a leg privileges in the course of action, which means it gave a pink slip write files in a phone’s flash from the past and can secure most of its functions.






If distressed, the failure could let an hyper critic to quietly install malware on a user's smartphone;



access the phone's microphone, camera and GPS; hang on words on matter in hand messages and calls; fine-tune the process of distinctive apps and even skulk photographs and text messages from the phone.

Monday 3 October 2016

INDIA'S HAMMERING ON PAKISTAN TERRIOSTS:SURGIACL ATTACK REAL SCRIPT




Mission LoC: How India punished Pakistan with surgical strikes


The Indian military launched “surgical strikes” against Pakistani terrorists across the Line of Control in Pakistan-occupied Kashmir last night, killing “up to 38 terrorists and Pakistani soldiers,” . The raids were based on “very specific and credible information that some terrorist units had positioned themselves to infiltrate” into the country, the Indian Army’s Director General of Military Operations said.

The raids were clearly designed to retaliate for the Sept. 17 attack by Pakistan-based Jaish-e-Mohammed on an Indian Army base in Uri in the Indian state of Jammu and Kashmir. 17 soldiers were killed in the deadly raid.


India will neither forgive nor forget, Prime Minister Narendra Modi declared less than a week after the Uri outrage. It wasn’t just rhetoric: Modi had already okayed a strike against Pakistani terrorist launchpads across the Line of Control (LoC).

The decision to punish Pakistan was conveyed to defence minister Manohar Parrikar and National Security Adviser Ajit Doval on September 23, and the build-up to D-day began the next day.

It was no rash decision. The diplomatic route was chosen before unsheathing the iron fist. Immediately after the September 18 attack on the Indian Army at Uri, Modi called Doval for information on the perpetrators and how they managed to get inside the brigade headquarters.

The Pakistan connection became evident from the GPS sets found on the four dead terrorists as well as from the interrogation of their two guides caught by Uri villagers.That was the inflection point, when the idea of a military response began to crystallise.

Late on September 22, Modi, Parrikar and Doval were briefed by director general of military operations Lt General Ranbir Singh on LoC strike options as well as the posture of the Pakistan army. Army chief General Dalbir Singh was present at this briefing in the War Room of the ministry of defence. By this time, Pakistan had activated all its radars along the LoC and its forces were on high alert.

After examining the options put up by Doval in consultation with the three service chiefs, the surgical strike option was chosen by September 23.

Once the decision had been taken, Doval, Army chief Gen. Dalbir Singh and other operational planners discarded their mobile phones. All communications were direct or through highly secured lines only. Constant monitoring of the Pakistani political leadership and army brass, including the Rawalpindi-based X Corps in charge of PoK as well as the Gilgit-based commander of the Northern Areas, was carried out. As the strike plan was hammered out, Modi chaired some of the meetings.



The Army chief tasked his Northern Army Commander Lt Gen DS Hooda to segregate special forces troops from the 1, 4 and 9 parachute at his disposal, and prepare for action. The army build-up began on September 24. Meanwhile, the National Technical Research Organisation (NTRO) programmed Indian satellites to monitor the target area using GPS coordinates and link-ups as a result of which Delhi had real-time imagery of the strike through helmet-mounted cameras of Indian soldiers on D-day. Video footage of the entire action exists but has not been released to the public.Given that Pakistan had activated its radars across the LoC, insertion of special forces through helicopters was ruled out. Special forces squads with night-vision devices, Tavor 21 and AK-47 assault rifles, rocket-propelled grenades, shoulder-fired missiles, Heckler and Koch pistols, high explosive grenades and plastic explosives crossed the LoC on foot. The teams were 30-strong each and had specific targets.

While the corps commanders were getting their men ready, the planners in Delhi went below the radar. Starting September 26, Doval held three meetings with the three military chiefs, foreign secretary, two intelligence chiefs, NTRO chief and the DGMO. No uniforms were allowed at these meetings; unmarked cars were used to meet at discreet locations around Delhi to discuss the plan as well as possible Pakistani retaliation.

Operational planners had narrowed things down to eight contingencies. It comes as no surprise that evacuation of civilians living close to border in Jammu and Kashmir and Punjab started at 10 pm on September 27, an hour before Indian soldiers went across.

D-day began with Special Forces squads slipping across the LoC towards designated targets. The plan was such that teams with distant targets left early on September 27 evening so that all strikes would be coordinated. The instructions were that all teams would engage the terrorists simultaneously so that none could rescue another. Using mortar and machine-gun fire from the Indian side to pin Pakistani troops down, the soldiers of the special forces crawled to their targets without meeting any resistance.

Sentries at the launchpads were neutralised by snipers before the troops went in and finished the job. Barring one soldier who stepped on a landmine, all teams returned to their bases by 9am on September 28. The surprise had been complete and there had hardly been any retaliatory fire.

Even as the operation was on, Doval received a call from his US counterpart Susan Rice. Although the US later said that Rice had offered India help against terrorism, the Modi government has kept this conversation top secret.

Throughout the operation, Modi, Parrikar, Doval, the service chiefs, DGMO, intelligence chiefs, NTRO chief, Northern Army Commander and his two corps commanders were awake and in touch. After the troopers returned, the operational planners, led by Doval, met Modi and briefed him.

Six launchpads had been razed to the ground with Indian troopers gunning down 45 terrorists at various locations. Uri had been avenged.

After the operation, Modi called a meet of the Cabinet Committee on security, and DGMO Ranbir Singh called his Pakistani counterpart to inform him about the strike. Former prime minister Manmohan Singh was briefed by Modi after the CCS meet. Starting with Congress president Sonia Gandhi, Opposition leaders were briefed directly or at the all-party meeting held later the same day

PAKISTAN REPLY ON ATTACKS:

The Pakistan military’s Inter-Services Public Relations directorate (ISPR) denied that India launched “surgical strikes” against “alleged terrorist bases.” From the ISPR statement posted on its Facebook page:

There has been no surgical strike by India, instead there had been cross border fire initiated and conducted by India which is existential phenomenon. As per rules of engagement same was strongly and befittingly responded by Pakistani troops.

The notion of surgical strike linked to alleged terrorists bases is an illusion being deliberately generated by Indian to create false effects.This quest by Indian establishment to create media hype by rebranding cross border fire as surgical strike is fabrication of truth. Pakistan has made it clear that if there is a surgical strike on Pakistani soil, same will be strongly responded.
The Indian military has stated that it recorded the operation (see point number five in the list above), so it can easily refute Pakistan’s denial of a cross-border raid against the “alleged terrorist camps.”

While Pakistan denies the existence of terrorist camps on its soil, Syed Salahuddin, the leader of Hizb-ul-Muhajideen, a terrorist alliance that operates in Kashmir and includes groups such as Lashkar-e-Taiba and Jaish-e-Mohammed, said in 2011 that the Pakistani military allows it to operate freely and run hundreds of training camps.
Pakistan’s high commissioner to India Abdul Basit was summoned on September 21 and given a protest letter detailing the involvement of a terror group based in his country. Pakistan chose denial as its response, with Prime Minister Nawaz Sharif raising Kashmir in his speech at the United Nations.

That was the inflection point, when the idea of a military response began to crystallise.

Late on September 22, Modi, Parrikar and Doval were briefed by director general of military operations Lt General Ranbir Singh on LoC strike options as well as the posture of the Pakistan army. Army chief General Dalbir Singh was present at this briefing in the War Room of the ministry of defence. By this time, Pakistan had activated all its radars along the LoC and its forces were on high alert.

After examining the options put up by Doval in consultation with the three service chiefs, the surgical strike option was chosen by September 23.

Once the decision had been taken, Doval, Army chief Gen. Dalbir Singh and other operational planners discarded their mobile phones. All communications were direct or through highly secured lines only. Constant monitoring of the Pakistani political leadership and army brass, including the Rawalpindi-based X Corps in charge of PoK as well as the Gilgit-based commander of the Northern Areas, was carried out. As the strike plan was hammered out, Modi chaired some of the meetings.



The Army chief tasked his Northern Army Commander Lt Gen DS Hooda to segregate special forces troops from the 1, 4 and 9 parachute at his disposal, and prepare for action. The army build-up began on September 24. Meanwhile, the National Technical Research Organisation (NTRO) programmed Indian satellites to monitor the target area using GPS coordinates and link-ups as a result of which Delhi had real-time imagery of the strike through helmet-mounted cameras of Indian soldiers on D-day. Video footage of the entire action exists but has not been released to the public.Given that Pakistan had activated its radars across the LoC, insertion of special forces through helicopters was ruled out. Special forces squads with night-vision devices, Tavor 21 and AK-47 assault rifles, rocket-propelled grenades, shoulder-fired missiles, Heckler and Koch pistols, high explosive grenades and plastic explosives crossed the LoC on foot. The teams were 30-strong each and had specific targets.

While the corps commanders were getting their men ready, the planners in Delhi went below the radar. Starting September 26, Doval held three meetings with the three military chiefs, foreign secretary, two intelligence chiefs, NTRO chief and the DGMO. No uniforms were allowed at these meetings; unmarked cars were used to meet at discreet locations around Delhi to discuss the plan as well as possible Pakistani retaliation.

Operational planners had narrowed things down to eight contingencies. It comes as no surprise that evacuation of civilians living close to border in Jammu and Kashmir and Punjab started at 10 pm on September 27, an hour before Indian soldiers went across.

D-day began with Special Forces squads slipping across the LoC towards designated targets. The plan was such that teams with distant targets left early on September 27 evening so that all strikes would be coordinated. The instructions were that all teams would engage the terrorists simultaneously so that none could rescue another. Using mortar and machine-gun fire from the Indian side to pin Pakistani troops down, the soldiers of the special forces crawled to their targets without meeting any resistance.

Sentries at the launchpads were neutralised by snipers before the troops went in and finished the job. Barring one soldier who stepped on a landmine, all teams returned to their bases by 9am on September 28. The surprise had been complete and there had hardly been any retaliatory fire.

Even as the operation was on, Doval received a call from his US counterpart Susan Rice. Although the US later said that Rice had offered India help against terrorism, the Modi government has kept this conversation top secret.

Throughout the operation, Modi, Parrikar, Doval, the service chiefs, DGMO, intelligence chiefs, NTRO chief, Northern Army Commander and his two corps commanders were awake and in touch. After the troopers returned, the operational planners, led by Doval, met Modi and briefed him.

Six launchpads had been razed to the ground with Indian troopers gunning down 45 terrorists at various locations. Uri had been avenged.

After the operation, Modi called a meet of the Cabinet Committee on security, and DGMO Ranbir Singh called his Pakistani counterpart to inform him about the strike. Former prime minister Manmohan Singh was briefed by Modi after the CCS meet. Starting with Congress president Sonia Gandhi, Opposition leaders were briefed directly or at the all-party meeting held later the same day.

Monday 5 September 2016

NANI AS "MAJNU" TRAILER RELEASED!!!!

Natural star Nani 's upcoming movie Majnu trailer out!!! Uyala JAMPALA fame viranchi varma is directing this movie.

Nani with his unique way of selecting stories made him to get on success track,Nani is growing as star with his natural acting.He is known for his timing in acting.Now he is coming up with a love story.Nani's recent hits tells one how particular he is in  selecting stories.With no backgrounf in industry Nani  turned into a star today.

Coming to the director Viranchi Varma who made his debut hit with Uyalajampala is expected alot in this movie.So far the trailer seems to fresh with a confused love track.The director known for his freshness in his Screenplay expected same  in "MAJNU".'
The teaser already been a hit and now songs & theatrical aare out!! This movie is expected to be realsed in the month of september 2016.

Nani who was a RadioJackey in his starting of his career turned into a assistant director for the movie "RADHA GOPALAM" grown as actor and made his debut with "ASHTA CHAMA".As a beginner he to tasted some flops then realised in selecting different stories.

Now this "GENTLEMAN" is working with Viranchi varma as "MAJNU" expecting to run the box office into Blockbuster,


KALAYAN RAM'S NEW COMBINATION WITH PURIJAGANATH AS "IZAM "-TRAILER OUT!!

check out the latest trailer of Nandamuri Kalayan ram 's "IZAM" movie trailer.A typical Puri jaganadhs trailer.Kalayan ram totally with a new rugged look making the expectations high.From the known film sources Jagapathi Babu is being shown as the most stylish villian ever in the tollywood.
So far the trailer is trying to depict hero  character a street fighter.The trailer is built perfectly with high lift in hero character where puri jaganath is known far.Both puri and kalayan ram who are in hunger of hits hope this movie wolud get them back into their forms with huge collections.

So far this is from me.need to wait for the movie until it gets unfolded

HOW DOES SPACE ROCKET WORKS ?????

Space rockets



A space rocket is a vehicle with a very powerful jet engine designed to carry people or equipment beyond Earth and out into space. If we define space as the region outside Earth's atmosphere, that means there's not enough oxygen to fuel the kind of conventional engine you'd find on a jet plane. So one way to look at a rocket is as a very special kind of jet-powered vehicle that carries its own oxygen supply. What else can we figure out about rockets straight away? They need great speed and a huge amount of energy to escape the pull of gravity and stop them tumbling back down to Earth like stones. Vast speed and energy mean rocket engines have to generate enormous forces. How enormous? In his famous 1962 speech championing efforts to go to the Moon, US President John F. Kennedy compared the power of a rocket to "10,000 automobiles with their accelerators on the floor." According to NASA's, the Saturn V moon rocket "generated 34.5 million newtons (7.6 million pounds) of thrust at launch, creating more power than 85 Hoover Dams."

Forces

Rockets are great examples of how forces make things move. It's a common mistake to think that rockets move forward by "pushing back against the air"—and it's easy to see that this is a mistake when you remember that there's no air in space to push against. Space is literally that: empty space!

When it comes to forces, rockets perfectly demonstrate three important scientific rules called the laws of motion, which were developed about 300 years ago by English scientist Isaac Newton (1642–1727).

A space rocket obviously doesn't go anywhere unless you start its engine. As Newton said, still things (like rockets parked on launch pads) stay still unless forces act on them (and moving things keep moving at a steady speed unless a force acts to stop them).
Newton said that when a force acts on something, it makes it accelerate (go faster, change direction, or both). So when you fire up your rocket engine, that makes the force that accelerates the rocket into the sky.
Rockets move upward by firing hot exhaust gas downward, rather like jet planes—or blown-up balloons from which you let the (cold) air escape. This is an example of what's often called "action and reaction" (another name for Newton's third law of motion): the hot exhaust gas firing down (the action) creates an equal and opposite force (the reaction) that speeds the rocket up. The action is the force of the gas, the reaction's the force acting on the rocket—and the two forces are of equal size, but pointing in opposite directions, and acting on different things (which is why they don't cancel out).

Thrust and drag

The force that pushes a rocket upward is called thrust; it depends on the amount (mass) and speed of gas that the rocket fires and the way its exhaust nozzle is shaped to squirt out that gas in a high-pressure jet. When a rocket's engine develops enough power, the thrust force pushing it upward will be bigger than its own weight (the force of gravity) pulling it down, so the rocket will climb into the sky. As the rocket climbs, air resistance(drag) will try to pull it back too, fighting against the thrust. In an upward-climbing rocket, thrust has to fight both drag and weight. This is slightly different to an airplane, where thrust from the engines makes the plane fly forward, drag pulls the plane backward, and the forward motion of air over the wings generates lift, which overcomes the plane's weight. So a key difference between a rocket and a jet plane is that a rocket's engine lifts it directly upward into the sky, whereas a jet's engines simply speed the plane forward so its wings can generate lift. A plane's jet engines fire it forwards so its wings can lift it up; a rocket's engines lift it up directly.

The faster things move and the more their shape disturbs the air, the more drag they create and the more energy they waste, uselessly, as they speed along. That's why fast-moving things—jet airplanes, high-speed trains, space rockets... and even leaping salmon—tend to be long, thin, and tube-shaped, compared to slower-moving things like boats and trucks, which are less affected by drag.


Escape velocity

Rockets burn huge amounts of fuel very quickly to reach escape velocity of at least 25,000 mph (7 miles per second or 40,000 km/h), which is how fast something needs to go to break away from the pull of Earth's gravity. "Escape velocity" suggests a rocket must be going that fast at launch or it won't escape from Earth, but that's a little bit misleading, for several reasons. First, it would be more correct to refer to "escape speed," since the direction of the rocket (which is what the word velocity really implies) isn't all that relevant and will constantly change as the rocket curves up into space. (You can read more about the difference between speed and velocity in our article on motion). Second, escape velocity is really about energy not velocity or speed. To escape from Earth, a rocket must do work against the force of gravity as it travels over a distance. When we say a rocket has escape velocity, we really mean it has at least enough kinetic energy to escape the pull of Earth's gravity (though you can never escape it completely). Finally, a rocket doesn't get all its kinetic energy in one big dollop at the start of its voyage: it gets further injections of energy by burning fuel as it goes. Quibbles aside, "escape velocity" is a quick and easy shorthand that helps us understand one basic point: a huge amount of energy is needed to get anything up into space.

Parts of a space rocket

A rocket contains about three million bits,of all shapes and sizes, but it's simpler to think of it as being made up of four separate parts. There's the structure (the framework that holds the whole thing together, similar to the fuselage on a plane), the propulsion system (the engine, fuel tanks, and any outer rocket boosters), the guidance system (the onboard, computer-based navigation that steers the rocket to its destination), and the payload (whatever the rocket is carrying, from people or satellites to space-station parts or even nuclear warheads). Modern space rockets work like two or three independent rockets stuck together to form what are called stages. Each stage may have its own propulsion and guidance system, though typically only the final stage contains the rocket's all-important payload. The lower stages break away in turn as they use up their fuel and only the upper stage reaches the rocket's final destination.

Some rockets (the Space Shuttle and the European Ariane) look like a whole bunch of rockets "strapped" together: a fat one in the middle with some skinnier ones either side. The big central rocket is the main one. The thinner rockets either side are what are called booster rockets. They're little more than fat fireworks: disposable engines that provide a thump of extra power during liftoff to get the main rocket up into space.


Rocket engines
The biggest (and arguably the most interesting) part of a rocket is the propulsion system—the engine that powers it into the sky. As we've already seen, rockets differ from jet planes (and other fuel-powered vehicles that work on Earth) because they have to carry their own oxygen supply. Modern space rockets have main engines powered by a liquid fuel (such as liquid hydrogen) and liquid oxygen (which does the same job as the air sucked into a car engine) that are pumped in from huge tanks. The fuel (also called the propellant) and oxygen (called the oxidizer) are stored at low temperatures and high pressures so more can be carried in tanks of a certain size, which means the rocket can go further on the same volume of fuel. External rocket boosters that assist a main rocket engine typically burn solid fuel instead (the Space Shuttle's were called solid rocket boosters, or SRBs, for exactly that reason). They work more like large, intercontinental ballistic missiles, which also burn solid fuels.


A closer look at a scientific rocket
It's not rocket science, even when it is! Rockets might be super complex, but if you think about them carefully, you'll find the bits inside are arranged in a very logical way that soon makes sense. To see what I mean, let's explore a very early rocket design in a bit more detail. It was developed by Robert Hutchings Goddard(1882–1945), an American physicist widely considered to be the father of the modern space rocket.

This artwork comes from a patent that Goddard filed in 1914 for a rocket that could rise to high altitudes and take photos. Remember that this was back in the early 20th century, long before satellites had entered space or astronauts had plodded over the moon.

Goddard's clever idea here was to put a rocket inside a rocket, which is a bit like the modern idea of a rocket with stages. You can see the entire rocket in Figure 1 on the right. The main rocket engine is colored red. You light it with a fuse (14), which burns up and ignites disks of fuel (12). Once all the fuel is burned up and the rocket has reached a fairly high altitude, the second rocket (blue) mounted on top ignites, separates, and fires off even higher. Because the second rocket weighs much less than the first one, a certain amount of fuel will make it rise very much higher into the sky than if that fuel had to lift both rockets together.

The rocket keeps its stability by spinning round at high speed as it flies along, just like a bullet fired from a gun. Figure 3 shows how this happens. It's a cross-section through the rocket at the point marked 3—3 in Figure 1 (where the blue and red rockets meet). Inserts of fuel (16) burn and send jets of hot gas outward at tangents, making the rocket body rotate. Unlike the main rocket engine, the spinning jets are ignited by an electrical circuit shown as 18, 19, and 20, which enables them to fire simultaneously. In practice, you'd fire up these tangential rockets to make the rocket spin around on its stand (Figure 5), on ball bearings (22) and, once it's spinning, light the main fuse (14) to blast it into the sky.

The business part of the rocket—the part that does our useful work—is the payload section on the top. This is shown in Figure 2 on the left. Goddard's rocket was designed for taking photographs from high altitude, so we have a camera (orange, 36) and a gyroscope and induction motor (purple, top) which keeps it pointing in the same direction while the rocket spins.

So it's nothing like as complicated as it looks!

Thursday 1 September 2016

"BIG DATA ANALYTICS" READY MAKE TO BIGGER CHANGES IN FUTURE!!!

  WHAT IS BIG DATA ANALYTICS?

 Big data analytics examines large amounts of data to uncover hidden patterns, correlations and other insights. With today’s technology, it’s possible to analyze data and get answers from it immediately – an effort that’s slower and less efficient with more traditional business intelligence solutions.


 HISTORY AND EVOLUTION OF BIG DATA ANALYTICS


 The concept of big data has been around for years; most organizations now understand that if they capture all the data that streams into their businesses, they can apply analytics and get significant value from it. But even in the 1950s, decades before anyone uttered the term “big data,” businesses were using basic analytics to uncover insights and trends. The new benefits that big data analytics brings to the table, however, are speed and efficiency. Whereas a few years ago a business would have gathered information, run analytics and unearthed information that could be used for future decisions, today that business can identify insights for immediate decisions. The ability to work faster – and stay agile – gives organizations a competitive edge they didn’t have before.

 WHY IS BIG DATA ANALYTICS IMPORTANT?


 Big data analytics helps organizations harness their data and use it to identify new opportunities leads to smarter business moves, more efficient operations, higher profits and happier customers. In his report Big Data in Big Companies, IIA Director of Research Tom Davenport interviewed more than 50 businesses to understand how they used big data. He found they got value in the following ways: 1. Cost reduction. Big data technologies such as Hadoop and cloud-based analytics bring significant cost advantages when it comes to storing large amounts of data and plus they can identify more efficient ways of doing business.
 2. Faster, better decision making. With the speed of Hadoop and in-memory analytics, combined with the ability to analyze new sources of data, businesses are able to analyze information immediately which makes decisions based on what they’ve learned. Big Data Analytics: A Concept National Conference on Recent Trends in Computer Science and Information Technology 2 | Page (NCRTCSIT-2016) 3. New products and services. With the ability to gauge customer needs and satisfaction through analytics comes the power to give customers what they want. Davenport points out that with big data analytics, more companies are creating new products to meet customers’ needs. 

BIG DATA ANALYTICS IN TODAY’S WORLD

 Most organizations have big data. And many understand the need to harness that data and extract value from it. These resources cover the latest thinking on the intersection of big data and analytics. High-performance analytics lets user do things you never thought about before because the data volumes were just way too big. For instance, it can get timely insights to make decisions about fleeting opportunities, get precise answers for hardto-solve problems and uncover new growth opportunities and using while using IT resources more effectively 

Who is using it?

 1.1. Travel and hospitality. Keeping customers happy is key to the travel and hotel industry, but customer satisfaction can be hard to gauge in a timely manner. Resorts and casinos have only a short window of opportunity to turn around a customer experience that’s going south fast. Big data analytics gives these businesses the ability to collect customer data, apply analytics and immediately identify potential problems before it’s too late. 

1.2. Health care Big data is a given in the health care industry. Patient records, health plans, insurance information whereas other types of information is difficult to manage – but are full of key insights once analytics are applied. That’s why big data analytics technology is so important to heath care. By analyzing large amounts of information – both structured and unstructured, health care providers provide lifesaving diagnoses or treatment options almost immediately.
1.3. Government Certain government agencies face a big challenge: tighten the budget without compromising quality or productivity. This is particularly troublesome with law enforcement agencies, which are struggling to keep crime rates down with relatively scarce resources. Many agencies use big data analytics; the technology streamlines operations while giving the agency a more holistic view of criminal activity. 

1.4. Retail Customer service has evolved in the past several years, as savvier shoppers expect retailers to understand exactly what they need, when they need it. Big data analytics technology helps retailers meet those demands. Armed with endless amounts of data from customer loyalty programs, buying habits and other sources, retailers have an in-depth understanding of their customers, they can also predict trends, recommend new products and boost profitability.

Big data analytics is the process of examining large data sets to uncover hidden patterns, unknown correlations, market trends, customer preferences and other useful business information. The analytical findings can lead to more effective marketing, new revenue opportunities, better customer service, improved operational efficiency, competitive advantages over rival organizations and other business benefits.

Big data analytics examines large amounts of data to uncover hidden patterns, correlations and other insights. With today’s technology, it’s possible to analyze your data and get answers from it almost immediately – an effort that’s slower and less efficient with more traditional business intelligence solutions.

Although the demand for big data analyticsis high, there is currently a shortage of data scientists and other analysts who have experience working with big data in a distributed, open source environment. In the enterprise, vendors have responded to this shortage by creating Hadoop appliances to help companies take advantage of the semi-structured and unstructured data they own.

Big data can be contrasted with small data, another evolving term that's often used to describe data whose volume and format can be easily used for self ervice nalytics.A commonly quoted axiom is that "big data is for machines; small data is for people."
Big data can be contrasted with small data another evolving term that's often used to describe data whose volume and format can be easily used for self service analytics. A commonly quoted axiom is that "big data is for machines; small data is for people."

In some cases,Hadoop clusters and NoSQL systems are being used as landing pads and staging areas for data before it gets loaded into a data warehouse for analysis, often in a summarized form that is more conducive to relational structures.

High-performance analytics lets you do things you never thought about before because the data volumes were just way too big. For instance, you can get timely insights to make decisions about fleeting opportunities, get precise answers for hard-to-solve problems and uncover new growth opportunities – all while using IT resources more effectively.

History and evolution of big data analytics


The concept of big data has been around for years; most organizations now understand that if they capture all the data that streams into their businesses, they can apply analytics and get significant value from it. But even in the 1950s, decades before anyone uttered the term “big data,” businesses were using basic analytics (essentially numbers in a spreadsheet that were manually examined) to uncover insights and trends.

The new benefits that big data analytics brings to the table, however, are speed and efficiency. Whereas a few years ago a business would have gathered information, run analytics and unearthed information that could be used for future decisions, today that business can identify insights for immediate decisions. The ability to work faster – and stay agile – gives organizations a competitive edge they didn’t have before.

Why is big data analytics important?

Big data analytics helps organizations harness their data and use it to identify new opportunities. That, in turn, leads to smarter business moves, more efficient operations, higher profits and happier customers. In his report Big Data in Big Companies, IIA Director of Research Tom Davenport interviewed more than 50 businesses to understand how they used big data. He found they got value in the following ways:
Cost reduction. Big data technologies such as Hadoop and cloud-based analytics bring significant cost advantages when it comes to storing large amounts of data – plus they can identify more efficient ways of doing business.

Faster, better decision making.  With the speed of Hadoop and in-memory analytics, combined with the ability to analyze new sources of data, businesses are able to analyze information immediately – and make decisions based on what they’ve learned.
New products and services. With the ability to gauge customer needs and satisfaction through analytics comes the power to give customers what they want. Davenport points out that with big data analytics, more companies are creating new products to meet customers’ needs.
  
Increasingly though, big data vendors are pushing the concept of a Hadoop data lake that serves as the central repository for an organization's incoming streams of raw databases. In such architectures, subsets of the data can then be filtered for analysis in data warehouses and analytical databases, or it can be analyzed directly in Hadoop using batch query tools, stream processing software and SQL on Hadoop technologies that run interactive, ad hoc queries written in SQl.

Big data can be analyzed with the software tools commonly used as part of advanced analytics disciplines such as predictive analytics, datamining, text analytics and statsitical analytics. Mainstream BI software and data visulazition tools can also play a role in the analysis process.

Potential pitfalls that can trip up organizations on big data analytics initiatives include a lack of internal analytics skills and the high cost of hiring experienced analytics professionals. The amount of information that's typically involved, and its variety, can also cause data management headaches, including data analytics and consistency issues. 

In addition, integrating Hadoop systems and data warehouses can be a challenge, although various vendors now offer software connectors between Hadoop and relational databases, as well as other data integration tools with big data capabilities