Browser Security

Well the latest modern browsers including Firefox , Chrome can be tricked to show a URL in address bar while I push a different file from other website. Wondering what harm that can cause? Well lets say the cyber criminals design a website that looks like a video player and asks you to update flash player when you try to play, when you click download then you see in your browser address that you are bing redirected to adobe website (its a real adobe flash download URL) but a totally different file can be downloaded. See the screenshot below to have a clear understanding.

Firefox Browser
Firefox version casino online 15 latest stable version currently available.

http://cl.ly/image/0u462Z1m1w3x go here for full size picture.

Firefox 15 on Windows XP
Firefox 15 on Windows

http://cl.ly/image/3e2B1b261W2G go here for full size image

 This vulnerability works both in Firefox and Chrome , in Windows , Linux and Mac.

Update 1: The vulnerability can be seen on this link in a sanboxed environment (NO Harm will e done to your computer if you check this link) https://hack.me/101097/browser-url-spoofing.html

1 Million UDID leaks were not stolen from FBI.

Earlier there was a leak that said the 1 million Apple device UDID were stolen from FBI, is now found to be not true.

Its been now said that the leak was from a different source. It was a App developing company named BlueToad. They also gave official statement that says 98% of leaked data matched with their stored data. Apple also made a statement regarding this matter.

Apple commented on this matter to NBC as well:

As an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type,” Apple spokeswoman Trudy Mullter told NBC News on Monday. “Developers do not have access to users’ account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer.

And here is the full statement made by BlueToad.

A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet.

At BlueToad, we understand the importance of protecting the safety and security of information contained on our systems.

Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems.

When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information.

We have fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again. In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts.

We sincerely apologize to our partners, clients, publishers, employees and users of our apps. We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy.

BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information. The illegally obtained information primarily consisted of Apple device names and UDIDs – information that was reported and stored pursuant to commercial industry development practices.

Upon Apple’s recommendation several months ago, we modified our code base to discontinue the practice of reporting UDIDs. We have now also discontinued storing any UDID information sent to our servers by apps that have not yet been updated to the new code base.

We understand and respect the privacy concerns surrounding the data that was stolen from our system. BlueToad believes the risk that the stolen data can be used to harm app users is very low. But that certainly doesn’t lessen our resolve to ensure that all data is protected and kept from those who seek to illegally obtain it.

We will continue to monitor this situation and cooperate with law enforcement in the investigation of the parties responsible for this crime.

Personally I have found that before BlueToad made a statement, the company was made aware of the leak by a security researcher named David Schuetz on the blog post.

Share your views on comments.

If You Torrent, You Are Monitored!

Latest security research have confirmed that people who use Torrent to download pirated copies of latest movies , music,etc their IP is logged within 3 hours and they are monitored by copyright-enforcement authorities.

 

torrents

 

This fact was reveled by security researcher Tom Chothia in SecureComm Conference held in Padua, Italy. He had set up a fake torrent client which was found to be monitored . He said, “We only detected monitors in Top 100 torrents; this implies that copyright enforcement agencies are monitoring only the most popular content music and movie on public trackers,” the team says in its presentation paper. “Almost everyone that shares popular films and music illegally will be connected to by a monitor and will have their IP address logged.”

Are you safe while you Torrent? Share your thoughts in the comment.

Source: Published Paper by Tom Chothia. (PDF)

12 Million Apple device UDID stolen from FBI.

FBI Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team had 12 million Apple device UDID[to e specific 12,367,232 UDID ] in one single CVS file NCFTA_iOS_devices_intel.csv [not only UDID along with that Full Name, Address, Zip Code, Cell Number,etc were stored] on a Dell Vostro laptop which was stolen by using Java vulnerability exploit.[ AtomicReferenceArray vulnerability on Java. ]

 

 

UDID stored by FBI

 

 

Before we debate about was Apple right or wrong in implementing UDID. I really don”t understand how did FBI got hold of so many UDID ? Well I am sure that not all 12 million UDID belonged to criminals whom FBI have captured and noted down there devices UDID. So was Apple selling the info to FBI? Nope if that was the case the leaked file wont contain 5 UDID belonging to late Steve Und dazu konnen Sie sogar noch wahlen, ob sie im normalen Modus casino spiele n oder zu Expertenmodus wechseln mochten, ganz nach Ihrem eigenen Tempo – Cashapillar wird Ihnen auf jeden Fall stundenlang Spa? bereiten! Wir haben hier ein paar Tipps fur diejenigen von Ihnen zusammengestellt, die ihre Gewinnstrategie ausarbeiten mochten. Jobs. So how did FBI got such a huge volume of data, did they got it in a legitimate and legal way? Last time I checked UDID should not be sold or shared without users permission. And FBI was the organization to stop person from doing illegal things not do illegal things themselves.

And even if FBI has some strange power which given to them which allow to do them what they feels is correct, while a sensitive data of millions of people are getting stored in a digital format, one should apply enough security to store it in a secure way.

Along many common people few significant UDID stolen belong to famous people.

  • 5 UDID of Steve Jobs
  • 3 UDID of Bill Gates
  • 1 UDID of John Ive

The fact that FBI was storing UDID of common people was brought to light by the famous hacker group Anonymous. I would like to thank them to letting us know this fact, which we would not have known otherwise.

[Note: Me or this site is no way linked with Anonymous , this blog gives only my personal views]

Do share your thoughts on what do you think. How did the FBI got hold of so many UDID? What did they not protect their computer from Java Vulnerability?

 

 

What else Apple can sue.

You must have seen the news about Apple suing Samsung over copyright for its range of Android phones. Well I did came across some products which seems to be copied from Apple, that’s what occurred to me. But you decide. I will just provide with pictures as they say picture speaks a thousand words.

Number of new laptop all looks like Apple’s MacBook

 

Mac Mini look alike

Mac Mini look alike
Does any one else things that it looks like Mac Mini or is it just me?

 

What do you think? Have you came across any gadgets that looks like any Apple product? Do share them and your thoughts in the comments.

And if by any chance you are an Apple lawyer and planning to sue these products mentioned in this page, go ahead I wont sue you for copying my idea from my blog just send me a new iPhone 🙂 [just kidding]

 

“Win 8 Security System” has nothing to do with Windows8 ,its just a Fake Antivirus , rouge software.

There has been a lot of Fake Antivirus, it has been a trend that , the name of these softwares were always named in such a way that it can be confused with a Windows or Microsoft software. The latest one is “Win 8 Security System” it can be very easily confused with a software program or some software related to the upcoming Windows 8, by general computer users.

The Win 8 Security System works by installing a rootkit driver that takes the control of all the process of the operating system.

Win 8 Security
Win 8 Security, the Fake Antivirus software.

 

The rootkit is installed in the C:\Windows\system32\drivers\51991c15f7a6834.sys (note the numbers are random, your may be a different filename but the location is the same) The rootkit is of two  variant the 64bit , the rootkit disables the Windows 64bit kernel-mode driver signing. The cyber criminals also went ahead and slef signed the rootkit driver, note that the certificate date starts from 30th August (yesterday) !

Note the date of the certificate on the Fake Antivirus it starts on 30th August thats yesterday.

The virus also creates a Fake Action Center which shows the user that the computer is not fully protected.

Fake Windows Action Center

Browser Hijack, the proxy settings gets changed it happens both IE and Chrome , so whatever you type in the address bar it gives a fake  warning.

The main purpose of these fake antivirus is to scare the user and ask them to pay money and says that if you pay money the will get it out of your system and you should know this they wont! even if you have submitted your credit card (which is taken by the cyber criminals) I have seen many people who have regretted submitting their credit card. So, my request is that please do not submit your credit card, they will steal your money and not fix your computer.

They say to buy the software and they will fix your PC, but they wont trust me.

 

Clicking the shortcut icon to buy the software will add this to your computer registry   Target: C:\WINDOWS\system32\reg.exe add “HKCU\SOFTWARE\Microsoft\Windows NT” /v FrameworkBuild /t REG_DWORD /d 0 /f that will open the shopping cart

Shopping cart designed to steal your credit card information.

 

 

How to remove it?
You must be wonderring how to remove this from your PC. You can use the Hitman Pro software (you will get a free licence with the download)
 
Hitman Pro running on 64 bit machine.