Wednesday 9 November 2016

HOW RS 500 AND RS 1000 NOTES BAN WILL EFFECT COMMON MAN !!



November 8th 2016 will go down in Indian history as a red letter day. It marks the day, Indian economy moved from Black economy to white.

In what will be known as a ground breaking, historical move, On November 8th, Prime Minister Narendra Modi announced the demonetization of Rs 500 and Rs 1000 currency notes.

So what does this mean for the common man?

India had been a cash based economy. Nearly 14 Lakh Crore Rupees is in currency notes - about $220 billion worth, is held in cash notes of Rs 500 & Rs 1000. This implies that the impact to Indian economy will be huge - very huge.

Impact on Common Man

Day-1-10: Near panic in local markets. Number of transactions drop by more than 50%. Today on November 9th, almost all businesses have reported more than 50% drop in transactions. I chatted with a Uber driver and a small coffee shop owner. Both reported the same. Uber driver was willing to give me 10% discount for cash payment in Rs 100 notes vs PayTM!

Common people in cities will rush towards digital payments like PayTM.

Immediate impact: Deep Deflation. The amount of money in circulation will drop dramatically while supply of goods will remain stable - hence prices of goods will drop.

Gold prices, stock prices, commodity prices will drop. People will congratulate government for making this bold move. BJP will win elections in UP and Punjab.

Day-10-50: People who have legally earned cash, will start depositing it in bank. This will help improve bank's Cash Reserve Ratios and increase bank deposits. This will lead to more lending. Increase lending activity will make it easier for legal businesses to raise capital and economy will grow.

People who have earned their money illegally, such as bribes, smuggling, Narcotics etc. will have a big problem on their hands. These people will be afraid to deposit it in a bank. Some of them will find ways to deposit this money into a bank, and will declare it as income and pay taxes on it.

Many of these guys - who had easy money flowing will continue to stay out of legal system and will count on their luck or bad luck and sit on their stash of Rs.500 and Rs.1000 notes. This money will be effectively taken out of circulation and that aids deflation.

Day 50-200


Deflation will ease out, and inflation will return. Inflation will happen slowly because lending activities will not happen overnight and will take time. Lending will broaden money supply, creating demand for raw materials and capital goods. This leads to a steady growth of Indian economy.

Real Estate prices will crash. Builders & developers who were eager to sell for cash can no longer sell. They will be forced to lower the price by 10-20%. Already by 1 PM on November 9th, Share prices of DLF is down 21%!

Real estate developers will have to wait for demand from white economy to pick up. Once the economy picks up and with easy availability of bank loans, real estate prices will come back to pre Nov. 8th levels, and by end of 2017, the robust demand will ensure real estate prices to go up.

Real estate developers will be forced to go with legal transactions and play in white economy.

Big Losers


The biggest losers in this are corrupt government officials & Politicians who are sitting on tonnes of cash. They cannot convert the older de-monitized notes to newer ones to avoid risk of tax investigations, and will be willing to lose their illegal money.

Real Estate businessmen, who cannot convert all their hordes of cash will also be hurt by low demand.

Other illegal business owners: Money lenders, hawala finance transactions. These people will find it difficult to conduct their business in the new system. Particularly when government can track newer Rs 2000 currency notes via RF chips.

Closing Thoughts

This is just my opinion based on my knowledge of economy. I may be wrong in some aspects, but overall I am sure Indian economy will go through a cycle of deflation, followed by robust growth and the some creeping inflation.

Let's wait and see how things pan out!

GOOGLE CHROME BROWSER VULNERABILITY MADE 300,000 ANDROID DEVICES HACKED!!!!

A vulnerability in Chrome for Android is actively being exploited in the wild that allows hackers to quietly download banking trojan apps (.apk) onto victim's’ device without their confirmation.

You might have encountered a pop-up advertisement that appears out of nowhere and surprise you that your mobile device has been infected with a dangerous virus and instructs you to install a security app to remove it immediately.

This malicious advertising web page automatically downloads an Android app installation (.apk) file to your device without requiring any approval.

Citing malware threats on your mobile device, attackers trick you to change your device's settings to allow installation of the third-party apps from stores other than Google Play Store and install the banking trojan app on your device.

Kaspersky researchers Mikhail Kuzin and Nikita Buchka discovered one such widespread malicious advertising campaign across Russian news sites and popular websites.

Since this August, the Trojan has infected over 318,000 Android devices across the world — thanks to Google AdSense advertisements that was being abused to spread malicious mobile banking trojan, dubbed Svpeng.

"When an APK file is broken down into pieces and handed over to the save function via Blob() class, there is no check for the type of the content being saved, so the browser saves the APK file without notifying the user," the duo explains in a blogspot.

Google has acknowledged the issue, blocked the malicious ads and planned to patch it, although it is unclear when the next Android Chrome version will be released.
However, if Google sticks to its six-week release cycle, users can expect an update on 3rd December 2016. So, malicious actors have over three weeks to exploit the flaw.

"[The] next time they (criminals) push their adverts on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past; After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?" the pair say.

Even if the Google patch this issue with its next software update, attackers still have an evergreen technique to trick users into downloading malicious apps by exploiting vulnerabilities in popular websites.

For example, a recently disclosed XSS (Cross-Site Scripting) flaw, discovered by Indian security researcher Jitendra Jaiswal, on WhatsApp's official websites could allow attackers to trick users into downloading malware applications.

So, it is always a good idea to install apps from official Google Play Store as well as not to change default Android settings that prevent the installation of third-party apps.

So, the best recommendation for users is to think twice before installing any app (no matter how legitimate it looks) from untrusted sources or clicking on suspicious-looking links.

Tuesday 8 November 2016

FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

 FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

In August, Facebook introduced a hugely controversial data plan to start harvesting data from its WhatsApp messaging app from September 25 for delivering more relevant ads on the social network.

Many users were not happy with the move, because there was no real way of opting out from the data sharing – WhatsApp users could only do so within a short period – and even if users did opt out then, some data would still be shared.

Eventually, some countries like Britain stood up and opposed the decision.

The Information Commissioner's Office (ICO) of the United Kingdom has asked Facebook and WhatsApp to better explain the changes to its customers in the U.K. And if they don't, the ICO could hand out a heavy fine.


What's the good news?

In response, the social media giant has agreed to "pause" sharing of data, including their phone numbers, between WhatsApp and Facebook in Britain to target advertisements on its core social network.

"We have now asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data will be used, and to giving users ongoing control over that information," Elizabeth Denham, the Information Commissioner, wrote in a blogspot.

"I don't think users have been given enough information about what Facebook plans to do with their information, and I don't think WhatsApp has got valid consent from users to share the information.

"When Facebook announced this deal late August, Denham said she would investigate the changes to the Britain's data protection laws, and has now issued an update revealing the social networking giant has agreed to hold off data sharing from UK users.Denham said that its users right to have control over their data and she now wanted Facebook and WhatsApp to let users restrict access to their information beyond the existing 30-day period, and let them completely opt-out of the agreement at any time.

When Facebook acuired whatsapp for $19billion in 2014, users were worried about the company's commitment to protecting its users' privacy. But, WhatsApp reassured them that their privacy would not be compromised in any way.

But after the deal, the WhatsApp users felt betrayed by the company.

After introducing end-to-end encryption, WhatsApp has become one of the most popular secure messaging apps, but this shift in its privacy policy may force some users to switch to other secure apps like Telegram and Signal.

Neither Facebook nor WhatsApp has yet responded to the Information Commissioner's announcement.

Monday 7 November 2016

DDOS ATTACKS ON WIKILEAKS:US ELECTIONS EFFECT

Wikileaks Gets DDoS after Leaking 8,200 DNC Emails One Day before Elections

With just two days before the presidential election, WikiLeaks late Sunday night published a new trove of emails apparently hacked from the Democratic National Committee (DNC).

The most recent dump of more than 8,000 emails came after the whistleblowing site, on a daily basis over last four weeks, has already leaked over 50,000 emails stolen from the key figure in the DNC – Hillary Clinton's campaign chairman John Podesta.

However, this time, not everything went as planned by WikiLeaks.

WikiLeaks early Monday morning announced on Twitter that shortly after the release of hacked DNC emails the organization was the target of a major Distributed Denial of Service (DDoS) attack.

What's more?

Soon after WikiLeaks reported the DDoS attack on its email publication servers, Twitter also went down, and the outage lasts for at least 30 minutes.

According to a status monitor, the Twitter outage began at around 6.45am GMT and continued for nearly half an hour, though reports suggested that the impact vary from user to user and many users were still experiencing issues in Japan over a couple of hours later.

Here's what WikiLeaks then posted on its Facebook page:

"We are still under a DoS attack on our e-mail publication servers, and it appears that Twitter is down as well, we are unable to confirm if this is an attack on Twitter at this time."


WikiLeaks Down! Twitter Down! Any Connection?



At this moment, there is no connection between both the incidents, although some Twitter users quickly linked the two outages.

"Twitter went down because Wikileaks released #DNCleak2 It has begun! They are trying to suppress the truth from coming out!!!," a Twitter user said.
"So Twitter was down due to the #DNCLeak2 released by @wikileaks - we should be worried, global censorship is heading our way," another user said.

One of the leaked emails saw former Clinton Foundation fundraiser Doug Band slamming Chelsea Clinton for allegedly spending funds from the Clinton Foundation to help pay for her wedding.

Earlier this year, the FBI argued to investigate the Clinton Foundation for potentially giving donors special favors and political access, but just yesterday, the agency cleared Clinton of any criminal wrongdoing after a review of the latest trove of her leaked official emails.

TESCO BANK HACKED:MONEY FROM 20,000 ACCOUNTS HAVE BEEN STOLED!!




Tesco Bank has taken the drastic measure of temporarily halting all online transactions after thousands of customers have seen hundreds of pounds wiped from their savings accounts over the weekend due to an online hacking attack.

The bank has now suspended online transactions for current account holders.

Customers affected by the block will still be able to withdraw cash and use other services.

On Twitter customers reported seeing as much as £700 disappearing from their available balance.
.

Benny Higgins, chief executive of Tesco Bank, on Monday, confirmed that that about 20,000 customers have had money taken from their accounts, with "suspicious activity" identified in another 20,000.

The total is considerably more than the figure the bank was quoting on Sunday of fewer than 10,000 accounts.

Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend.

As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the “online criminal activity.”

However, customers can still use their debit and credit cards for cash withdrawals and card-based payments.

Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend.

The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a "big number but not a huge number."

If you have been affected by this incident, don’t worry!Higgins has apologized for the "inconvenience" and announced that customers are not at financial risk, as any financial loss that results from this fraudulent activity will be borne by the bank.

“We are working hard to resume normal service on current accounts as soon as possible,” Higgins said.




Others complained about a lack of communication from the bank and hours spent on hold.

Higgins said the bank is "taking every step to protect" customers.

Speaking to the BBC, Higgins sought to reassure customers saying he was "very hopeful" customers would be refunded within 24 hours.

Higgins said: "That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers."

INDIAN EMBASSY WEBSITES IN 7 SEVEN COUNTRIES HACKED: DATABASE LEAKED ONLINE!!!

Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad.

This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns.

Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.

In pastebin link shared on their Twitter account, the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad.

The pair exploited a simple vulnerability in the targeted websites in an effort to gain unauthorized access to the databases.

The Hacker News team has analyzed those hacked sites and found they are vulnerable to SQL Injection vulnerability that allows an attacker to inject malicious SQL commands (payloads) to the web application and steal database containing sensitive information.


"We did it because their security was poor, and several domains related to the Indian Embassy had the same vulnerability. This proves that a lot of people can not trust the "Embassy." We hope that this problem will be fixed in the future." hackers told The Hacker News via email.
"We did not do it for the lulz or something, but we did just for them to pay attention to the issues with their crucial websites. Also, we did not leak anything like their real address, city or zip code, which is available in the database." The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.

Is India Prepared for Cyber Attacks?

This is not just the first time when hackers have targeted Indian embassies. In the month of June, Seven other High Commission websites in Tajikistan, Romania, Greece, Turkey, Mexico, Sao Paolo and Pretoria were hacked and defaced by Pakistani hackers.

However, it seems like the Indian government did not take the incident as a lesson to tighten the security of its critical infrastructure that is all time favorite target of black hat and nation-state actors and could put nation’s security at risk.

Since past two and a half years, from when Narender Modi has come into power as Prime Minister, we have heard so much about Digital india programme – an initiative championed by Government of India that aims at making all government services electronically available as well as providing high-speed Internet connectivity nationwide.

The Department of Telecommunications has stated multiple times that the Indian government is very serious about the cyber security threats and is taking all the necessary initiatives in this direction.
The initiative also includes vision to broaden digital infrastructure in the country with new technologies, but so far we have not seen any ground level initiative to tighten up the security of at least websites that represent various crucial government departments, agencies, services, and programs.

Not convinced yet? Let me put some stats to make my point clear.

A report from cyber security company Fire Eye found that 38% of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, that's 23% increase from the previous report.

"India is fast becoming a strategic target, in part because of the potentially sensitive information that is expected to be digitized through ambitious and high-profile projects such as Digital India," the report stated.

Last year, an annual report from CERT-In noted that over 26,244 India websites were hacked, which includes hundreds of government websites.

Also, more than 35 Indian central and state government websites have recently been hacked by Pakistani hackers after India did surgical strikes across the Line of Control (LoC), Economic              times reports.

Another survey says that cyber crime incidences in India have drastically jumped in past year, with 72% companies in the country falling victim to online attacks.

So far we haven't completely tackled security of our websites and a stream of Internet of things cyber attacks have dramatically increased t

Friday 4 November 2016

WARNING:Your mobile device can be hijacked and tracked without your knowledge!!

Here's a new danger to your smartphone security: Your mobile device can be hijacked and tracked without your knowledge.

Remember Stringrays?

The controversial cell phone spying tool, also known as "IMSI catchers," has long been used by law enforcement to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts calls and Internet traffic, sends fake texts, and installs spyware on a victim's phone.

Setting up such Stingrays-type survelliance devices, of course, is expensive and needs a lot of efforts, but researchers have now found a new, cheapest way to do the same thing with a simple Wi-Fi hotspot.Yes, Wi-Fi network can capture IMSI numbers from nearby smartphones, allowing almost anyone to track and monitor people wirelessly.

IMSI or international mobile subscriber identity is a unique 15-digit number used for authentication of a person when moving network to network. The number is stored in the read-only section of a SIM card and with the mobile operator.

Note: Don't confuse the IMSI number with the IMEI number. IMSI is tied to a user, while IMEI is tied to a device.


Stealing your Fingerprints to Track you Everywhere
In a presentation at BlackHat Europe, researchers Piers O'Hanlon and Ravishankar Borgaonkar from Oxford University have demonstrated a new type of IMSI catcher attack that operates over WiFi, allowing anyone to capture a smartphone's IMSI number within a second as the users' pass by.

The attack would then use that IMSI number to spy on the user's every movement.

The actual issue resides in the way most modern smartphones, including Android and iOS devices, in the world connect to Wi-Fi networks.

There are two widely implemented protocols in most modern mobile operating systems:


Extensible Authentication Protocol (EAP)
Authentication and Key Agreement (AKA) protocols


These protocols allow smartphones to auto-connect to public WiFi hotspots.

Modern smartphones are programmed to automatically connect to known Wi-Fi networks by handing over their IMSI numbers to log into the network, without owner's interaction.

So, attackers exploiting the WiFi authentication protocols could allow them to set up a "rogue access point" masquerading as a well-known WiFi network and trick smartphones in that range to connect.

Once connected the rogue access point extracts their IMSI numbers immediately. This captured unique identifier of your smartphone would then allow attackers to track your movements wherever you go.


Intercepting WiFi Calling to Steal Your Unique Identity Number


The researcher also demonstrated another attack vector whereby attackers can hijack the WiFi callingfeature offered by mobile operators.

This technology is different from voice calling on WhatsApp or Skype app which uses voice over Internet Protocol.

Whereas, WiFi calling, which is supported on iOS and Android devices, allows users to make voice calls over WiFi by connecting to the operator's Edge Packet Data Gateway (EPDG) using the encrypted IP security (IPSec) protocol.

Like the WiFi auto connect feature, the Internet Key Exchange (IKEv2) protocol used for authenticating WiFi calling is also based on identities such as the IMSI number, which are exchanged over EAP-AKA.

EAP-AKA exchanges are encrypted, but the problem is that they are not protected by a certificate.

This issue exposes the feature to man-in-the-middle (MITM) attacks, allowing attackers to intercept the traffic from a smartphone trying to make the call over WiFi and quickly extract the IMSI number in seconds, the researchers said.

The good news is that you can disable the Wi-Fi calling feature on your device, but Wi-Fi auto connect can only be disabled when such a network is in range.

The researchers reported the issues to both the mobile OS companies, including Apple, Google, Microsoft and Blackberry, and the operators such as GSMA, and have been working with them to ensure the future protection of the IMSI number.

Apple, as a result of conversations with the duo researchers, has implemented a new technology in iOS10 that allows handsets to exchange pseudonyms and not identifiers, helping mitigate the threat.

The duo concluded their research by showing a proof-of-concept system that demonstrates their IMSI catcher employing passive as well as active techniques.

ANONYMOUS TRYING TO TAKE DOWN WHOLE COUNTTY'S INTERNET!!!!

ANONYMOUS TRYING TO TAKE DOWN WHOLE COUNTTY'S INTERNET!!!! 


Someone is trying to take down the whole Internet of a country by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware.

It all started early October when a cybercriminal publically released the sourcebcode of mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.

Just two weeks ago, the Mirai IoT Botnet caused vast inernet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000participated in the attacks.Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state.

One such incident is happening from past one week where hackers are trying to take down the entire Internet of Liberia, a small African country, using another Mirai IoT botnet  known as Botnet14.Security researcher Kevin Beaumont has noticed that Botnet 14 has begun launching DDoS attacks against the networks of "Lonestar Cell MTN ", the telecommunication company which provides the Internet to entire Liberia via a single entry point from undersea fiber cable.

"From monitoring, we can see websites hosted in country going offline during the attacks — Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack," Beaumont said in a blogpostpublished today.According to Beaumont, transit providers confirm that the attacks were over 500 Gbps in size, but last for a short period. This volume of traffic indicates that the "Shadows Kill" Botnet, as the researcher called it, is "owned by the actor which attacked Dyn."

Why Taking Down Liberia's Internet Is easy?

Over a decade of civil war in Liberia destroyed the country's telecommunications infrastructure, and at that time a very small portion of citizens in Liberia had access to the internet via satellite communication.

However, some progress were made later in 2011 when a 17,000 km Africa Coast to Europe (ACE) submarine fiber-optic cable was deployed from France to Cape Town, via the west coast of Africa.

The ACE fiber cable, at depths close to 6,000 meters below sea level, eventually provides broadband connectivity to more 23 countries in Europe and Africa.What's shocking? The total capacity of this cable is just 5.12 Tbps, which is shared between all of the 23 countries.

Since massive DDOS attack used a Mirai botnet of just 100,000 hacked IoT devices to close down the Internet for millions of users, one can imagine the capability of more than 1 Million hacked IoT devices, which is currently in control of the Mirai malware and enough to severely impact systems in any nation state.

This is extremely worrying because, with this capacity, not just Liberia, an attacker could disrupt the Internet services in all 23 countries in Europe and Africa, which relies on the ACE fiber cable for their internet connectivity.

The root cause? More insecure, vulnerable IoT devices, more Mirai bots.

So, in order to protect yourself, you need to be more vigilant about the security of your smart devices because they are dumber than one can ever be.

In our previous article, we provided some basic, rather effective, solutions, which would help you protect your smart phone devices from becoming part of the Mirai botnet. You can also check also yourself if your IoT device is vulnerable to Mirai malware.

Thursday 3 November 2016

GOOGLE latest stable update for chrome browser comes with vulnerabilities:creates hacker a chance to Denial of Service attack!!!

GOOGLE latest stable update for chrome browser comes with vulnerabilities!!!



This week, Google released the latest stable update for its chrome browser addressing three high priority security vulnerabilities. Version 49.0.2623.87 of Chrome is available now for Windows, Mac and Linux computers, and although Google isn’t willing to discuss the fixes in detail, a recent blog post explains the basics of the bugs.The stable channel has been updated to 54.0.2840.87 for Windows, Mac, and 54.0.2840.90 for Linux. This will roll out over the coming days/weeks.CVE-2016-1643, the first of the three security issues, is a type confusion within Blink, which ZDNet describes as a rendering engine used by the Chrome browser. The researcher who discovered the vulnerability was rewarded $5,000.



CVE-2016-1644, the second issue, was also a Blink-related issue. The use-after-free vulnerability in Blink was a memory corruption problem which could have given hackers the ability to execute code on the browser remotely. The researcher behind this discovery, Atte Kettunen of the Oulu University Secure Programming Group was granted $3,500.

CVE-2016-1645, the third and final flaw, was an out-of-bounds write issue in PDFium (Chrome’s PDF rendering engine). Google credits an anonymous researcher working with HP’s Zero Day Initiative for this discovery, but didn’t announce any sort of reward.

As long as you’ve closed and reopened your Chrome browser in the past couple of days, chances are that your browser has been automatically updated. But if you want to make sure, just tap the menu button in the top right corner of the browser, click Settings and then navigate to the About tab on the left-hand side of the screen.

If you see “Google Chrome is up to date,” then you’re good to go. Otherwise, the update should be in the process of downloading. Let it finish, then restart your browser. Now you’re safe from those vulnerabilities.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


[$NA][659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative



The latest Google Chrome browser update comes with 33 vulnerability patches, including 13 that are high-severity. It’s all thanks to community contributors and bug fighters who submitted fixes for Chrome’s bug bounty program program.

Many of the vulnerabilities fixed in this release were part of the browser’s engine Blink, but some of the more high-severity discoveries were for Chrome’s built-in PDF reader, PDFium.

This big rollout of bug fixes follows another busy month, where 48 vulnerabilities were patched in July alone. Some of the bug bounty contributors netted themselves quite a bit of cash too, up to $7,500 per cross-site scripting bug caught.

The beauty of a bug bounty program is that anyone with some programming and security know-how can examine the code of the program in question and find potential security risks.

If the security vulnerability is verified, the researcher is compensated for their work by the company that set the bounty, and we, the consumers, all have a safer experience for it.

Thousands of software companies now offer bug bounties for researchers to find security flaws in their programs, from small firms to large enterprises.

And it’s not just companies that offer such rewards. Recently, the US Department of Defense created its own bug bounty called “Hack the Pentagon,” which rewarded 138 researchers for their discoveries of critical security flaws in national defense infrastructure.

The Chrome update will be rolled out over the next few weeks. Google says that details about the bugs may be kept under wraps until most users have updated.

Flaws in MYSQL gives Hackers root acess to servers!!!

Flaws in MYSQL gives  Hackers root acess to servers!!! 

Over a month ago we reported about two critcal day zero viulnerabilities in the world's 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details andproof -of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later.

On Tuesday, Golunski has released proof-of-concept (POC) exploits for two vulnerabilitieOne is the previously promised critical privilege escalation vulnerability (CVE-2016-6664), and another is a new root privilege escalation bug (CVE-2016-6664) that could allow an attacker to take full control over the database.

Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks — Percona Server and MariaDB.

Privilege Escalation/Race Condition Bug (CVE-2016-6663)
The more severe of the two is the race condition bug (CVE-2016-6663) that can allow a low-privileged account (with CREATE/INSERT/SELECT grants) with access to the affected database to escalate their privileges and execute arbitrary code as the database system user (i.e. 'mysql').

Once exploited, an attacker could successfully gain access to all databases within the affected database server.


Root Privilege Escalation (CVE-2016-6664)
Another critical flaw in MySQL database is a root privilege escalation bug that could allow attackers with 'MySQL system user' privilege to further escalate their privileges to root user, allowing them to fully compromise the system.The issue actually stems from unsafe file handling of error logs and other files, which comes under MySQL system user privileges, allowing it to be replaced with an arbitrary system file, which opens the door to root privileges.

What's more troublesome? An attacker with a low-privileged account can also achieve root privilege by first exploiting the Privilege Escalation flaw (CVE-2016-6663) to become 'MySQL system user' and thus allow attackers to fully compromise the targeted server.

All these vulnerabilities could be exploited in shared hosting environments where users are assigned access to separate databases. By exploiting the flaws, they could gain access to all databases.

Golunski has published the proof-of-concept exploit code (EXPLOIT1, EXPLOIT2) for both the flaws and will soon upload videos

MySQL has fixed the vulnerabilities and all of the patches ultimately found their way into Oracle's quarterly Critical Patch Update last month.

Administrators are strongly advised to apply patches as soon as possible in order to avoid hackers seeking to exploit the vulnerabilities.

If you are unable to immediately apply patches, then as a temporary mitigation you can also disable symbolic link support within your database server configuration to this setting — my.cnf to symbolic-links = 0 — in an attempt to protect yourself against cyber attacks.

Wednesday 2 November 2016

19-year teenager behind Ddos for hire service earned $385000!!!

Teenage hacker earned around $385000 who is the cause of Ddos attacks!!!!


Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data.

A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly became one of the most popular DDoS booter tools in the market to conduct distributed denial of service (DDoS) attacks.

Dubbed Titanium Stresser, the tool was used to conduct coordinated DDoS attacks around the world and brought Adam Mudd an income of more than US$385,000 (£315,000 A$505,000), according to the Eastern Region Special Operations Unit (ERSOU).On 28 October at the Old Bailey, Mudd pleaded guilty to two counts of the Computer Misuse Act and one count of money laundering offense and will be sentenced in December.

Mudd, who was arrested at his home in 2015, admitted to committing unauthorized acts of creating the DDoS service, using it himself, and then renting it to other cyber criminals through the service's website.




Prosecutor Jonathan Polnay says the teenager allegedly launched 592 DDoS attacks against 181 IP addresses between December 2013 and March last year.

"Titanium Stresser is a computer program created by the defendant, and it is not an unimpressive piece of software in terms of design," Polnay told the court. "It carried out DDoS attacks, and it takes down computer networks and websites."


Moreover, from the detailed logs authorities discovered in his home, investigators were able to determine that other criminals had used Titanium Stresser to launch a whopping 1.7 Million DDoS attacks on targets worldwide.

It has also been believed that the infamous Lizard Squad gang used the source code of Titanium Stresser as a base for its Lizard Stresser -- another DDoS-for-hire service most famously used to take down the PlayStation and Xbox Live networks in 2014.

Mudd is scheduled to be sentenced in December 2016.