My Smart Work: Security

Showing posts with label Security. Show all posts

Easy Way to Remove Ask.com Conduit toolbar (Adware) on browser

Disturbing Adware

Recently emerging unwanted toolbars appear in your web browser. Do you often find your default search engine changed to a search engine that is unfamiliar? It is an attack of adware (advertisement attack) that originated from the application installation mistake on your computer. Most providers download a free application that is in the top rank in Google is working with advertising companies to try to trick you also install the toolbar, addons, or other forms of advertisement in your browser. As usual, you will hit next, next and next to install an application on your computer, and you have been unconsciously install adware which will also interfere with your daily activities a day using your browser.

This simple article will give you an easiest way to remove all Adware in all of your browsers (Firefox, Chrome, IE, Opera, etc.) with only 2 clicks.

Check out simple tutorial below :

Download adware remover HERE !!
Turn off all current browsers
Open AdwCleaner, click Search then wait Search process complete
Click Delete, and reboot your computer after the deleting process is completed.
Cheer, your browser has been cleaned up.

The following is an adware that could be removed by this simple program :

Remove Absolute Uninstaller - Ask Toolbar
Remove Ad-ware - Google Chrome
Remove Anvir Task Manager Free - Dealio Toolbar
Remove Any Video Converter - Google Chrome
Remove AVG Free - Yahoo Toolbar
Remove AVG Linkscanner - Yahoo Toolbar
Remove Conduit Toolbar
Remove Bitcomet - Google Toolbar
Remove BitTorrent - Ask Toolbar
Remove BS.Player - BS. ControlBar
Remove Burn4free - 1Click DVD Copy Pro
Remove BurnAware Free - Ask Toolbar
Remove CDBurnerXP - OpenCandy
Remove Clamwin - Ask Toolbar
Remove COMODO Internet Security - Ask Toolbar
Remove Core Temp - Search Enhancement
Remove Darkwave Studio - OpenCandy
Remove Defraggler - Google Toolbar
Remove Driver Sweeper - OpenCandy
Remove ExtractNow - Registry Reviver
Remove Flashget - Google Toolbar
Remove FLVPlayer4Free - Video Download Toolbar
Remove Free Commander - eBay Shortcuts
Remove Facemoods Toolbar
Remove HwMonitor
Remove ICQ - ICQ Toolbar
Remove IE7Pro - Grab Pro Toolbar
Remove ImgBurn - Ask Toolbar
Remove Immunet - Ask Toolbar
Remove IObit SmartDefrag - IObit Toolbar
Remove IrfanView - Google Toolbar
Remove MediaCoder - Nitro PDF Reader
Remove MediaInfo - OpenCandy
Remove µTorrent - µTorrent toolbar
Remove Orbit Downloader - Grab Pro
Remove PC Tools Spyware Doctor - Google Toolbar
Remove PC Wizard - Ask Toolbar
Remove PicPick - Bing Toolbar
Remove Recuva - Yahoo Toolbar
Remove Spyware Terminator - Web Security Guard
Remove Webshot - OpenCandy
and Remove other suspicous malware / adware on your registry.

http://thousand-tips.blogspot.com

11 Security Holes Addressed by Google in Chrome 26

shahid Mandokhail Chrome , Google

Chrome 26 is officially out and, as always, the latest stable channel update comes with a number of improvements in the security section. However, on this occasion, only 2 high-severity vulnerabilities have been addressed.
One of the high-severity flaws has been uncovered by Atte Kettunen of OUSPG. The expert has been rewarded with $1,000 (780 EUR) for a use-after-free issue in Web Audio.

By fixing the other high-severity bug, Google ensures that isolated websites run in their own processes.

Of the four medium-severity vulnerabilities, one – a use-after-free with pop-up windows in extensions – affects only the Linux variant.

Five low-severity bugs have also been identified.

Most of the issues have been found by the Google Chrome Security Team and members of the Chromium development community.

Subho Halder, Aditya Gupta, and Dev Kar, all three of xys3c, and “t3553r” have also been credited for finding security holes.

Saudi Arabia Government Threatens to Ban Skype, WhatsApp and other VOIP Services

shahid Mandokhail Privacy , Saudi Arabia

VoIP services regularly get into trouble in countries where governments like to keep a solid grip on what people are talking about and with whom.

No, not the US this time, Saudi Arabia is the latest to join the anti-Skype brigade as it threatens to ban essentially all VoIP communications in the country unless those communications fall within the regulations.

Regulations that involve the government being allowed to snoop in on communications, which can't be done practically if the communications are encrypted.

While the government hasn't said exactly why these apps are being targeted, it did mention Skype, WhatsApp and Viber as falling outside the rules. All three are very popular VoIP services, the latter two mostly on mobile phones.

Saudi Arabia has a history of going against communication methods it can't control, it banned BlackBerry's built-in messaging service temporarily a few years ago over the use of encryption.

Twitter Hacked, 250,000 Email and Password Compromised

shahid Mandokhail China , Privacy

If you find that your Twitter password doesn't work the next time you try to login, you won't be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users.

"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Bob Lord, Twitter's director of information security, writes in a blog post.

According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls "limited user information," including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords.

The encryption on such passwords is generally difficult to crack – but it's not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them.

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide.

If yours is one of the accounts involved, you'll need to enter a new password the next time you login. Lord reminds all Twitter users to choose strong passwords – he recommends 10 or more characters, with a mix of letters, numbers, and symbols – because simpler passwords are easier to guess using brute-force methods. In addition, he recommends against using the same password on multiple sites.

Lord says Twitter's investigation is ongoing, and that it's taking the matter extremely seriously, particularly in light of recent attacks experienced by The New York Times and The Wall Street Journal:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Although the attack took place this week, it seems to have no relationship to the outage that took Twitter offline for several hours on Thursday. On the other hand, however, Lord's post does make rather cryptic mention of the US Department of Homeland Security's recent recommendation that users disable the Java plug-in in their browsers. He mentions Java twice, in fact.

While it's true that the Java plug-in contains multiple known vulnerabilities and that numerous security experts have warned that it should be considered unsafe, the connection between Java and the attack Twitter experienced isn't clear and twitter is yet to respond to our request for clarification.

Advance DDOS Tools: Encrypted Layer Attacks and Server-Based Botnets

shahid Mandokhail DDos Attack , Enterprise Security

Application security solutions provider Radware has released its 2012 Global Application and Network Security Report. According to the study, distributed denial-of-service (DDOS) attacks are becoming more sophisticated and more severe.

In addition, cybercriminals have started deploying new attack tools, such as server-based botnets and encrypted layer attacks, to make their campaigns more effective.

While server-based botnets make the attacks more powerful, by weaponizing the encryption layer, cybercriminals can ensure that their operations escape detection and remain hidden.

The recent DDOS attacks launched by Izz ad-Din al-Qassam Cyber Fighters against US banks are a perfect example of how efficient these new tools are.

Besides the new attack tools, the report also highlights the fact that the number of DDOS and DOS attacks lasting more than one week doubled in 2012.

On the other hand, organizations are still not investing enough resources to ensure that they’re protected against such attacks.

While it’s becoming more and more difficult for organizations to protect their networks against cyberattacks, cybercriminals can turn to all sorts of relatively cheap services and kits that can help them achieve their goals.

“The Radware ERT sees hundreds of DoS/DDoS attacks each year, and we’ve found attacks lasting more than one week have doubled in frequency during 2012. Through empirical and statistical research coupled with front-line experience, our team identified trends that can help educate the security community,” noted Avi Chesla, chief technology officer at Radware.

“Through highlighting significant trends found in this report, our goal is to provide actionable intelligence to ensure organizations can better detect and mitigate these threats that plague their network infrastructure.”

The complete report is available here.

Foxit Reader Vulnerable to Critical Remote Code Execution Flaw

shahid Mandokhail Foxit Reader , Pdf

Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.

Details about the vulnerability and how it can be exploited were publicly disclosed last week by Andrea Micalizzi, an independent security researcher from Italy.

No official patch is yet available, according to an advisory from vulnerability intelligence and management company Secunia. The security firm rated the flaw as highly critical because it can be exploited remotely to gain system access.

Foxit's developers have identified the cause of the vulnerability and are working on creating a patch, a Foxit sales and service representative said Friday via email. The patch is expected to be released within one week, she said.

"The vulnerability is caused due to a boundary error in the Foxit Reader plugin for browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via e.g. an overly long file name in the URL," Secunia said. "Successful exploitation allows execution of arbitrary code."

The vulnerability has been confirmed in npFoxitReaderPlugin.dll version 2.2.1.530, which is installed by Foxit Reader 5.4.4.1128—the latest version of the program. However, older versions might also be affected, Secunia said.

By default, Foxit Reader installs the plug-in for Mozilla Firefox, Google Chrome, Opera, and Safari Web browsers.

Reputation as secure alternative reader
In the past, Foxit Reader has been suggested by some people in the security community as a more secure and less attacked alternative to Adobe Reader. In fact, Foxit, the company that develops the application, claims on its website that Foxit Reader is "the most secure PDF reader" and is "better than Adobe PDF Reader and Acrobat." According to the company, the program is used by over 130 million users.

"We have confirmed the vulnerability using Firefox, Opera, and Safari," Chaitanya Sharma, advisory team lead at Secunia, said Thursday via email. "At the moment the best mitigation is to disable this add-on in browsers and use other software e.g. Adobe Reader."

The Foxit representative, too, recommended avoiding using the Foxit browser plug-in for Firefox, Chrome, Opera or Safari, but instead suggested using Internet Explorer to view online PDF files.

EVMBME6EJAKF

Lithuanian Online Game Site Miestukarai Hacked, 24,000 Users Data Leaked

shahid Mandokhail Data-Leak , Gaming

A hacker called AnonVoldemort claims to have gained access to the databases of Miestukarai.lt, a Lithuanian online game that appears to have almost 35,000 players.

In the tweet announcing the hack, AnonVoldemort revealed that he had leaked over 24,000 accounts, both free and premium.

The data has been removed since from Pastebin. It’s possible that the site’s administrators have learned of the leak and have requested Pastebin to remove the information.

However, according to CWN – who had analyzed the leak before it was removed –, usernames, email addresses, IP addresses and hashed passwords were published by the hacker.

If there are any Miestukarai players reading this, I advise them to immediately change their passwords. Not only the ones protecting their game accounts, but all the passwords that are the same with the one leaked by the hacker.

Hackers Steals 36,000 Individual Details from US Army Database

shahid Mandokhail Data-Leak , Hackers

Earlier this month, unknown hackers managed to gain illegal access to the details of around 36,000 individuals who were somehow connected to the US Army command center formerly located at Fort Monmouth.

According to APP, the details of Communications-Electronics Command (CECOM) and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) personnel were accessed by the hackers.

Nongovernmental personnel and Fort Monmouth visitors are also affected by the breach.

The hack, discovered on December 6, exposed names, dates of birth, social security numbers and salaries, Army representatives said. After the incident, the targeted databases have been taken offline.

CECOM and C4ISR were relocated from Fort Monmouth to Aberdeen Proving Ground back in September 2011.

The affected individuals are being offered one year of free credit monitoring services.

XSS and Cookie Handling Vulnerabilities Identified on HTC Website, Allows Attacker to Hijack Account

shahid Mandokhail Htc , Security

16-year-old security researcher Thamatam Deepak has identified a number of three cross-site scripting (XSS) vulnerabilities and a cookie handling flaw on the website of world-renowned smartphone manufacturer HTC.

The expert said the vulnerabilities – which affected pages such as product security, account information, and smartphone presentation – have been addressed by HTC after he notified them, according to The Hacker News

If unfixed, the XSS vulnerabilities could have been leveraged by a remote attacker to inject arbitrary content, while the cookie handling flaw might have been exploited to hijack user accounts.

This isn’t the first time when security experts find XSS bugs on HTC’s website. Back in April, researcher Shadab Siddiqui identified similar flaws and reported them to the company.

However, at the time, they failed to respond to his notifications and the vulnerabilities remained unfixed for months.

Google begins scanning of Chrome Extensions & Stops Auto-Install

shahid Mandokhail Chrome , Chrome extensions

Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser.

Like many other browsers, Chrome allows users to install “extensions”, apps that add functionality. Google even runs the “Chrome Web Store” to promote extensions.

Security outfit Webroot recently pointed out that some of the extensions in the store are illegitimate, data-sucking privacy invaders that trick users with offers to do things like change the colour of Facebook and then suck out all their data.

Google has responded in two ways, one of which is a new service “To help keep you safe on the web” that will see the company “analyzing every extension that is uploaded to the Web Store and take down those we recognize to be malicious.”

Changes are also coming in the forthcoming version 25 of the browser, which will no longer allow extensions to install without users’ knowledge. That’s currently possible because Chrome, when running on Windows, can is designed to allow unseen installs “to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application.”

“Unfortunately,” Google now says in a blog post, “this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgement from users.”

Chrome 25 will therefore remove the auto-install feature, replacing it with a new system that presents the Windows Vista-esque screen below when extensions try to ingratiate themselves with the browser.

As ever, Google’s blog posts and support notice on the changes position them as responsible enhancements that show, yet again, Google is doing the world a favour.

A more critical analysis could consider the announcements in light of malware found in Google Play and take Google’s decision to more aggressively curate the Chrome Web Store as an admission it needs to devote more attention to this stuff, lest Chrome and other Google products become malware-ridden quagmires that users don’t trust.

Default Configuration Flaw in W3 Total Cache Exposes Tens of Thousands of Sites

shahid Mandokhail Security , Vulnerability

W3 Total Cache, which boasts high-traffic sites like Mashable and Lockergnome among its users, has serious vulnerabilities, according to this post on the Full Disclosure list.

The default setup – that is, when users simply choose “add plugin” from the WordPress catalogue – left cache directory listings enabled, according to poster Jason Donenfield.

This, he said, allows database cache keys to be downloaded on vulnerable installations – and that could expose password hashes. “A simple google search of "inurl:wp-content/plugins/w3tc/dbcache" and maybe some other magic reveals this wasn't just an issue for me”, he writes.

Donenfield later amended the search term to “inurl:wp-content/w3tc”.

“Even with directory listings off,” he continues, “cache files are by default publicly downloadable, and the key values / file name of the database cache items are easily predictable.”

Donenfield says the developer of the plug-in intends to release a fix “soon”. In the meantime, he notes that “deny from all” should be set in the .htaccess file.

Kaspersky Anti-Virus & Internet Security 2013 Final + Key

shahid Mandokhail Antivirus , Download

Kaspersky Anti-Virus & Internet Security 2013 provides a wide range of technologies to protect your privacy and your identity – including two unique security features for entering personal information online.

Secure Keyboard is a new Kaspersky technology that automatically activates whenever you open a bank website or payment website – or you enter a password within any web page – to ensure that information you enter using your physical keyboard can’t be accessed by keyloggers

For our ultimate protection, Kaspersky’s improved Virtual Keyboard feature allows you to use mouse-clicks to enter your banking information – so that keystrokes can’t be tracked or stolen by keyloggers, hackers or identity thieves

Prevents malware from exploiting vulnerabilities in your PC

If your PC has application or system vulnerabilities that haven’t been updated with the latest fixes, cyber criminals and malware could gain entry. In addition to scanning for vulnerabilities, Kaspersky Internet Security 2013 analyses and controls the actions of programs that have vulnerabilities – so they can’t cause any harm.

Keeps your children safe and responsible

Award-winning family protection features help you to keep your children safe and also give you greater control over your children’s access to the PC, the Internet, applications, games and websites. You can block, limit or log your children’s Instant Messaging and social network communications – and block the transfer of private data, such as phone or credit card numbers.

Compatible with Windows 8

Kaspersky Internet Security 2013 is fully compatible with Microsoft’s latest operating system – Windows 8 – and is integrated with Microsoft’s latest IT security innovations. In addition, Kaspersky Now – a new application that has been developed to support Microsoft’s new user interface – lets you monitor your PC’s security status and launch vital security features.

Identifies suspicious websites and phishing websites

Advanced anti-phishing technologies proactively detect fraudulent URLs and use real-time information from the cloud, to help ensure you’re not tricked into disclosing your valuable data to phishing websites. Our URL Advisor also adds colour-coded tags to all web links – to advise you of the danger level of the link and subsequent pages.

Download

Kaspersky AntiVirus

Kaspersky Internet Security

Kaspersky AntiVirus Key

0E0A7B9F.key
0E0E3271.key
0E138758.key
0E2F719B.key
0E494F82.key
0E5CEDF1.key
1118D639.key
1175578C.key
11C5E29C.key
12270E7B.key

Kaspersky Internet Security Key

114447A2.key
1279BD2F.key

New Set of Bugs discovered in MySQL

shahid Mandokhail MySQL , Orable

A series of posts on ExploitDB by an author signing as "King Cope" reveal a new set of MySQL vulnerabilities – along with one issue that could just be a configuration issue.

The vulnerabilities, which emerged on Saturday, include a denial-of-service demonstration, a Windows remote root attack, two overrun attacks that work on Linux, and one privilege escalation attack, also on Linux.

The overflow bugs crash the MySQL daemon, allowing the attacker to then execute commands with the same privileges as the user running MySQL. “King Cope” also demonstrated a user enumeration vulnerability.

The privilege escalation vulnerability, in which an attacker could escalate themselves to the same file permissions as the MySQL administrative user, has provoked some to-and-fro on the Full Disclosure mailing list, with one writer stating that “CVE-2012-5613 is not a bug, but a result of a misconfiguration, much like an anonymous ftp upload access to the $HOME of the ftp user.”

Red Hat has assigned CVEs to the vulnerabilities, but at the time of writing, Oracle has not commented on the issues.

How to Resolve Plagiarism Blog

shahid Mandokhail Articles , blogging

Avoid Plagiarism - Disable copy paste on blogger - What should I do when my article being copied -- It feels really uncomfortable after many minutes even hours to write, suddenly came the thieves article. Casually and without guilt they copy-paste our articles to their blogs. I actually does not mind if I copy-paste text if it does not damage the SEO blogs and articles in Google SERP ranking. The problem is, Google often does not know where the original article and which the copy-paste. So it is not uncommon article first appeared loot compared to the original article. Even the few cases where the original article sentenced to Google Panda. So, how to deal with theft of an article?

JUMP to HEADLINE below :

1. Report to the DMCA Google.
2. Find out the article thief
3. How To Disable Copy-Paste on blogger
4. The negative impact of articles in the copy-paste

Resolve Plagiarism Blog

If you write articles which are original works of your own in your blog, and you write with full dedication. With some difficulty to find references, arranged one after another, and make it readable in writing a complete article and attract readers, then you will feel satisfied. Readers will also be pleased. However, there are some readers who are so happy and then copy-paste an entire article to the blog. His intentions may be good, so that the information is read by visitors to his blog.

However, the consequences are not good especially for the source of the article is in the eyes of Google search. Because if there are two or more posts exact same thing, only one paper to be selected by Google to appear in Google search. And troublesome, which appears not always to the original article. Not infrequently the copy - paste article it to appear over the top of the original writing. The point is, copy-paste can be very damaging to SEO writing origin.

To overcome this, there are two ways. First, contact the blogger who copied your article and ask to remove posts that the cheat sheet. Or remove most of the article and give backlink / source for the next article.

Second, ask DMCA Complaints to Google that article on her blog removed from Google search.

HOW TO REPORT TO DMCA GOOGLE COMPLAINTS

If second way that taken, then who the original atthor an article may file a lawsuit to the DMCA complaints to Google in order to article on another blog plagiarism recalled Google Search which will return the traffic to your blog on Google.

Here's a guide:
1. Visit Google online form and fill it.
- In the "Identify and describe the copyrighted work", insert text and a summary of the text which being copy-paste.
- In the "Where can we see an example of the work authorized?", Write the url address that being copy-paste.
- In the "Location of the allegedly infringing material", write the url address that copy-paste your article to be submit to Google to be removed from Google.

2. Click on Submit.

You will then receive an email reply from Google as follows:

"Thank you for using our online AdSense DMCA complaint form. We have received your complaint and have queued it for review. Once our investigation of your complaint is complete, we will send you an email confirmation."

HOW TO KNOW BLOG SITE THAT COPIED YOUR ARTICLE

Visit Google.com
Write a headline for your article with enclosed quotes. Example, "How to Resolve Plagiarism Blog"
Press Enter.
It would appear the site - other sites that copy-paste your article containing the same word.
Visit the site - these sites one by one to find out whether the quoted 100% or only partially.

HOW TO DISABLE COPY-PASTE ON BLOGGER

Disable the feature highlight and copy-paste may also reduce the potential for thieves to steal the article you original articles. Do the following:

Login into blogger.com
Click the "Layout"
Click add gadget, select HTML / JavaScript
Enter the following code in the box provided.


<!--Disable Copy And Paste-->

<script language="JavaScript1.2">

function disableselect(e){

return false

}

function reEnable(){

return true

}

document.onselectstart=new Function ("return false")

if (window.sidebar){

document.onmousedown=disableselect

document.onclick=reEnable

}

</script>

5. Save.

THE NEGATIVE IMPACT OF ARTICLES IN THE COPY-PASTE

The main negative impact when that original article in the copy paste is as follows:

Original articles will go down the rankings in Google because it is a duplicate article.
Original articles is sometimes considered plagiarism articles, while that copy-paste the article is considered that original article. When this happens, then the original article will disappear from Google search or Google hit by Panda.
If one of the articles are being punished by Google Panda, then it will affect your ranking in the SERP article - another article. So, it's dangerous and a large negative impact of the article robber.

Now we already know what a danger of theft of the article, then, as soon avoid. Remember, google love originality. Internet tips and trick, http://thousand-tips.blogspot.com

Russian hacker exploit Mac apps on OS X, Everything is Free

shahid Mandokhail Apple , Apps

Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple today announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac.

That's right. Borodin's new hack allows Mac users to circumvent the payment process and essentially steal in-app content, just like his previous one did for iOS. The new "In-Appstore for OS X" service uses a similar method to fake transactions made to Apple's servers, according to "Getting started to receive your in-app for free on OS X."

To use this "trick" yourself, you need to perform the following steps (for the record, I do not recommend doing this, especially given that you have to hand over your login credentials):

Install CA certificate and in-appstore.com certificate
Change DNS record in Wi-Fi settings
Running Grim Receiper application (to save your original AppStore receipts)

Until Apple stepped in, iOS developers had no way of protecting their apps, and this looks to be the same situation for Mac app developers. Using store receipts doesn't work as Borodin's service simply needed a single donated receipt, which it could then use to authenticate anyone's purchase requests. His circumvention technique relies on installing certificates (for a fake in-app purchase server and a custom DNS server), changing DNS settings to allow the authentication of "purchases," and finally emulating the receipt verification server.

The only difference this time around (apart from the different store), is that Borodin has developed an app called "Grim Receiper." It must be run on the local machine, and as far as I can tell its main purpose is to collect receipts for reuse. "That's the tool to keep your original receipts in safe place (locally, of course) during you are using in-appstore.com," says Borodin.

Affected iOS apps treated Borodin's server as an official communication because of how Apple authenticates a purchase. The same thing goes for Mac apps. The problem is that Apple does not tie a given purchase directly to a customer or device, meaning a single purchased receipt can be used again and again.

It's not yet clear if Cupertino is transmitting its customers' Apple IDs and passwords in clear text just like it was for iOS (Apple assumed it would only ever be communicating with its own server). If so, whoever operates in-appstore.com could easily be gathering everyone's iTunes login credentials (as well as unique device-identifying data) in the same type of man-in-the-middle attack that was used for iOS.

When Apple first tried (and failed) to stop Borodin, the company managed to disable his PayPal account. Borodin started taking donations via BitCoin, and for this Mac app hack he's doing the same: "Help the project by bitcoin 15GCBL7gHbf2p8bapozSrZhNaXdrKUWRFF. Thanks."

Apple’s in-app purchasing process circumvented by Russian hacker

shahid Mandokhail Apple , Apps

Russian developer ZonD80 has figured out how to circumvent Apple's iOS In-App Purchase program, allowing iPhone, iPad, and iPod touch users to grab digital game items, upgrade to full versions of apps, and purchase additional content for free. As first spotted by Russian blog i-ekb, the video above shows an "in-app proxy" (no jailbreak required!) that lets you make in-app purchases without actually making a purchase.

The hack reportedly works on all Apple devices running anything from iOS 3.0 to iOS 6.0 (the In-App Purchase program requires iOS 3.0 or later). That being said, certain in-app purchases do not work in specific regions around the world (possibly because the developers properly protected their apps). To use this "trick" yourself, you need to perform the following steps (for the record, I do not recommend doing this, especially given that you have to hand over your login credentials, and I do not condone it either, as it is stealing):

Install two certificates: CA and in-appstore.com.
Connect via Wi-Fi network and change the DNS to 62.76.189.117 (update: he's change it to 91.224.160.136).
Press the Like button, enter your Apple ID and password.

Essentially, this circumvention technique relies on installing certificates for a fake in-app purchase server as well as a custom DNS server. The latter's IP address is then mapped to the former, which in turn allows all "purchases" to go through. What's really worrying, however, is that ZonD80 could easily be gathering everyone's iTunes login credentials (as well as unique device-identifying data) in a classic man-in-the-middle attack. In other words, this is not a good hack to try.

ZonD80 runs a website called In-AppStore.com where everything is hosted for the hack to work, and he is accepting donations to support the development of the project as well as keep the servers up and running, according to 9to5Mac. The webpage does not load for me, but it does for my colleagues. Given the nature of this news, the server may be under additional stress. Either way, if you can't access the site, you can't try this hack because it requires files from the server.

Hackers expose 453,000 login data allegedly taken from Yahoo service

shahid Mandokhail D33Ds , Hacking

Hackers posted what appear to be login credentials for more than 453,000 user accounts that they said they retrieved in plaintext from an unidentified service on Yahoo.

The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," a brief note at the end of the dump stated. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Attempts to reach Yahoo representatives for comment weren't immediately successful. Because many people use the same credentials for multiple accounts, PHT isn't identifying the address of the website that published the disclosure. But at time of writing, the URL wasn't hard to find.

The TrustedSec blog is reporting that the hacked service may be Yahoo Voice, aka Associated Content. That speculation is based on the string "dbb1.ac.bf1.yahoo.com" included in the dump. The subdomain is associated with the voice service, the post said.

How To Protect Yourself From DNSChanger

shahid Mandokhail Internet , Malware

In July the Internet Systems Consortium will permanently shut down DNS servers deployed to serve as temporary surrogates for rogue DNS servers shut down as part of Operation Ghost Click, an FBI operation that brought down an Estonian hacker ring last year. If your PC is one of the more than 1 million computers infected that carry DNSChanger you might unknowingly be relying on one of the FBI's temporary servers to access the Internet, and if you don't eliminate DNSChanger from your PC before the FBI pulls the plug on its servers, you'll be left without Internet access. Read on to learn how to discover whether you're infected with DNSChanger, and what you can do to eliminate it from your system.

How to Tell Whether DNSChanger Has Infected Your PC

To figure out whether you've been infected with DNSChanger, just point your Web browser to one of the (admittedly amateur-looking) DNSChanger Check-Up websites that Internet security organizations maintain across the globe. The link above will take you to a DNS Changer Check-Up page in the United States that the DNS Changer Working Group maintains; if you live outside the United States, you can consult the FBI's list of DNSChanger Check-Up websites to find an appropriate service for your region.

Unfortunately, if your router is infected, those websites will think that your PC is infected, even though it may be clean; worse, if your ISP redirects DNS traffic, your PC may appear to be clean even though your DNS settings may have been maliciously altered. If you want to be certain that your PC is free of DNSChanger malware, you need to manually look up the IP addresses of the DNS servers that your PC contacts to resolve domain names when browsing the Web.

To look up which DNS servers your Windows 7 PC is using, open your Start menu and either run the Command Prompt application or type cmd in the Search field. Once you have a command prompt open, type ipconfig /allcompartments /all at the command line and press Enter. A big block of text should appear; scroll through it until you see a line that says 'DNS Servers', and copy down the string(s) of numbers that follow (there may be more than one string here, meaning that your PC accesses more than one DNS server).

It's even easier for Mac OS X users to determine the IP addresses of the DNS servers that their PC uses. Open the Apple menu (usually located in the upper-left corner of the screen) and select System Preferences. Next, click the Network icon to open your Network Settings menu; navigate to Advanced Settings, and copy down the string(s) of numbers listed in the DNS Server box.

Once you know the IP addresses of the DNS servers that your PC is using, head over to the FBI DNSChanger website and enter those addresses into the search box. Press the big blue Check Your DNS button, and the FBI's software will tell you whether your PC is using rogue DNS servers to access the Internet.
What to Do If Your PC Is Infected by DNSChanger

If your PC is infected with DNSChanger, you'll have to do some intensive work to get rid of it. DNSChanger is a powerful rootkit that does more than just alter DNS settings; if you've been infected with DNSChanger, your safest course is to back up your important data, reformat your hard drive(s), and reinstall your operating system.

If you're leery of reformatting your entire PC, you can try rooting out the DNSChanger rootkit with a free rootkit removal utility such as Kaspersky Labs' TDSSKiller. As the name implies, Kaspersky released the program to help PC owners seek and destroy the TDSS rootkit malware, but it also detects and attempts to eliminate DNSChanger and many other forms of rootkits.

If the infected PC is on a network, you'll have to check every other PC on the network for signs of infection, and then check your router's settings to ensure that it isn't affected (DNSChanger is programmed to change router DNS settings automatically, using the default usernames and passwords of most modern routers). To do this, copy down your router's DNS server IP addresses (located in your router's settings menu) and check them against the FBI's IP address database mentioned above. If your router is infected, reset the router and confirm that all network settings are restored to the manufacturer's defaults.

When you're done, repeat the steps outlined above to verify that your PC is no longer infected with DNSChanger. With all traces of this vicious malware eliminated, you should have nothing to fear when the FBI shuts down the ISC's temporary DNS servers in July.

Keeping Data Safe on the Internet

shahid Mandokhail Security , tips and trick

Keeping Data Safe on the Internet - An owner of a small shed blood, sweat, tears perhaps even to build their businesses. For some, they've had dreams of $ 20is comes with sacrifice. However, how many ever stop and think about the fact that more terrible than business ownership?

Of a number of studies, only a few employers who understand how an attack could easily destroy the security of the business they built. More recently, the FBI issued a warning for the SMEs about online fraud that has stolen banking details and used to send U.S. $ 11 million from small and medium enterprises the United States to a number of companies in China.

"The threat is very real and ignored can cause destruction of your business. So, how do you protect yourself? "Said Darric Hor, General Manager, Indonesia & Philippines in Jakarta, 26 September 2011. Here are some tips to consider in order to maintain data security.

Use common sense
Remove attachment dubious-especially if he is sent from unknown sources. For example, do not download the lucrative animation of the site seems very unprofessional. And do not click on links in messages that seem strange or unusual, although he was sent by 'friends'. Methods commonly used by attackers were disguised as a friend and send messages with infected files to other users with malware.

Smart when downloading
Internet Security Threat Report shows that the number of daily web-based attacks in 2010 were 93 percent higher than in 2009. This confirms the need to avoid downloading files which can not be sure you are safe, including freeware, screensavers, games and other executable program - any files with the extension *. Exe or *. Com like 'coolgame.exe'. If you need to download from the Internet, be sure to scan each program before running it. Save all downloaded into one folder, then run a virus / malware on anything in that folder before using it.

Be careful with email attachments and links
April 2011 MessageLabs Intelligence Report indicates that 1 in 168 emails contained malware. Check all incoming email attachments for malware, although the employees recognize and trust the sender. Attackers are increasingly often applied method is directed where they researched the victim is important in every company and use of social engineering based attacks that have been adapted to achieve access to the victim's network. The malicious code can then be entered into the system with the present as if from an unknown source.

In addition, make sure the email program does not automatically download attachments. Please refer to the security options or preferences menu belongs to your email program for further instructions.

Use a reliable security solution
Current security solutions - whether present as a software or through a centralized service - could do more than just preventing viruses. They scan the file on a regular basis to see unusual changes in file size, which according to the program's database software is malware, suspicious email attachments, and other warning signs. This is an important step that can be done by small businesses to keep the computer clean of malware.

Keep up to date
A security solution is only as good as how often it is updated. Viruses, worms, Trojan horses and other new malware born every day, and their variations may be missed by the software is not updated. A good solution is to do this directly, but if you want to reduce the burden entirely, you could also use a centralized service, which will automatically update transparently through an Internet connection to help keep the system's employees kept up to date and consistent with policy companies, both when they are in office or in the field.

Make sure you educate employees on these points and implement policies that ensure that your company follows the guidelines above. May require investment of time and money in the beginning, but preventive measures will save more time and money in the future. Do not let your company faces the risk of becoming victims of malware attacks.

By using a 5 point on top, then you are safer in the use of data on the internet.
http://thousand-tips.blogspot.com

Anonymous Launches a DDOS Attack on Internet's root DNS Server

shahid Mandokhail Anonymous , DDos Attack

Summary: The Anonymous hacktivist movement is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool.

According to a note left by members of the Anonymous hacktivist movement on Pastebin.com, the group is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool specifically created for ‘Operation Global Blackout’.

We have compiled a Reflective DNS Amplification DDoS tool to be used for this attack. It is based on AntiSec’s DHN, contains a few bug fix, a different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it,we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers,instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us.

Since the attack will be using static IP addresses, it will not rely on name server resolution, thus enabling us to keep the attack up even while the Internet is down. The very fact that nobody will be able to make new requests to use the Internet will slow down those who will try to stop the attack. It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.

Based on a message update issued by Anonymous, the group has said that it still has the capability to target the Root Internet Servers.

Despite the fact that current Internet infrastructure allows the execution of DNS amplification attacks, the Anonymous hacktivist movement is surely lacking the capabilities to execute such an attack, despite the high number of recruited users that may be participating in the attack.

For the time being, the Low Orbit Ion Cannon (LOIC) ICMP flooder, and the RefRef web script remain the primary attack tools used by the Anonymous hacktivist collective.

Learn more about DNS Amplification attacks, what they are, how they work, and how can Internet Service Providers mitigate the threat posed by them.