Showing posts with label News. Show all posts

Password hack: Yahoo fixes security glitch

Yahoo
Password hack: Yahoo fixes security glitch

Yahoo has announced that it has fixed a glitch in its security software that allowed hackers access to 450,000 email addresses and passwords.
In a statement on the company blog, a Yahoo spokesman said the firm has deployed additional security measures for its affected users.
"Yahoo recently confirmed that an older file containing approximately 450,000 email addresses and passwords was compromised," the spokesman wrote.
"We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls and are in the process of notifying affected users.
In addition, we will continue to take significant measures to protect our users and their data," he added.
According to The Telegraph, hackers belonging to a group called D33Ds Company posted the Yahoo account information on a public website in what they described as 'a wake-up call' last week.
"We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call, and not as a threat," the hackers said in a message posted along with the leaked data.
"There have been many security holes exploited in web servers belonging to Yahoo. that have caused far greater damage than our disclosure. Please do not take them lightly. The sub-domain and vulnerable parameters have not been posted to avoid further damage," they added.

Source: Times of India

Seven journalists charged over British phone hacking

Seven journalists charged over British phone hacking
Seven journalists charged over British phone hacking

LONDON: Seven senior journalists, including two former editors, have been charged in Britain with conspiring to intercept the voicemails of 600 victims, The Independentreported Tuesday. 

Rebekah Brooks and Andy Coulson, Rupert Murdoch's former editors, are charged with conspiring to hack the phone of missing schoolgirl Milly Dowler, the Crown Prosecution announced. 

Glenn Mulcaire, the paper's private detective, will also face charges in relation to four victims, including former home secretary Charles Clarke and TV cook Delia Smith. 

They are the first charges for phone hacking to be brought for six years, since 2006 when the News of the World royal editor, Clive Goodman, was prosecuted for hacking the phones of three royal aides, the newspaper said. 

Rupert Murdoch closed the News of the World in July last year after it emerged that the Sunday paper had hacked the mobile phone of Milly Dowler. 

Anger over the news led to Prime Minister David Cameron establishing the Leveson Inquiry into press standards. 

All seven journalists - including former managing editor Stuart Kuttner and news editor Ian Edmondson - will be charged. 

At a press conference in central London, the Crown Prosecution Service's senior lawyer Alison Levitt said they were being charged at with conspiring to hack the phones of 600 as yet un-named victims between 2000 and 2006. 

They are also all charged with additional conspiracy to intercept communications offences linked to specific victims, according to the newspaper. 

Levitt said: "All, with the exception of Glenn Mulcaire, will be charged with conspiring to intercept communications without lawful authority, from Oct 3, 2000 to Aug 9, 2006."

Source: Times of India

ATM card clone case: Crooks reveal tricks of trade to cops


ATM card clone case: Crooks reveal tricks of trade to cops
ATM card clone case: Crooks reveal tricks of trade to cops
RANCHI: A team of cyber experts, based in Bangalore and Kolkata, is cloning debit cards to withdraw money unlawfully from the ATM.

Police sources said "engineers" behind the scene provide technical know-how as to how can one duplicate ATM cards and use stolen PIN numbers to withdraw bucks.
Three cyber criminals, brought from Bangalore on transit remand on Friday, have revealed to the cops here about a fake ATM card racket that operates all across the country. On a two-day police remand the trio, accused of unlawfully withdrawing crores of rupees via dubious ATM cards in Ranchi last year, is being interrogated by cyber experts and district police.

Ranchi SSP Saket Kumar Singh said the criminals have made important revelations that police would use to crack other cases too. "The investigation is still on," said the SSP.

Varun Kamal Kumar from Hyderabad, Ajay Lal Mathur from Delhi, and Jamir Sheikh from Mumbai have confessed to the crime. They are also wanted by cops in Bangalore, Hyderabad, and other cities for unlawfully withdrawing money from the bank accounts of gullible people.

The criminals use unique methods to swindle money from people. They put up car polish selling counters by the roadside in Ranchi in June 2011. At the shops, local workers were hired to sale the car polish lotions at a discount. It drew crowds of car owners and as they did not have immediate cash, the fraudsters made them swipe ATM cards to purchase the polish. The special machines used to swipe the ATM cards were able to copy data and PIN numbers.

Jagannathpur police inspector Arvind Chaudhary said that the criminals have confessed that they used to send the data and PIN to their masterminds in Kolkata and Bangalore. "The crooks used to duplicate ATM cards with the information they received and withdrew money," said Chaudhary.
Sources in the police informed that similar cases were recorded in Bangalore, Hyderabad, Kolkata and other cities as well. Cases of unlawful withdrawal were reported from an ATM in Jagannathpur locality on June 19 last year. Cash was also withdrawn on June 18 from a bank's ATM in Doranda locality. Following the incident, several FIRs were lodged with Jagannathpur, Doranda and Argora police stations.
"All the previous cases are being reviewed and the criminals are being interrogated accordingly," said Ranchi SP (city) Vipul Shukla.

Meanwhile, Jharkhand police is set to conduct a daylong workshop on cyber defence at DPS Ranchi campus on Tuesday. "It is an initiative to sensitize the students about cyber defence. Today the world can't run without computers and internet. Thus the risks of security have also gone up," said Shukla.

"The workshop, which is being organized in association with NIIT, will be held in other parts of the state later."

Source: Times of India.

Exploiting Software Bible - over 200 pages of the latest exploiting and protecting techniques

Exploiting Software Bible
Exploiting Software Bible
I'd like to share with you that Hakin9 has published a more than 200 pages issue consisting of the best articles published in Exploiting Software Magazine up to this time. Now also single issues are available! You can download Exploiting Software Bible herehttp://hakin9.org/exploiting-software-bible/

You can also subscribe to Hakin9 Magazine here http://hakin9.org/subscription/?a_aid=nataliaboniewicz&a_bid=8f6377e8

A one year subscription covers 50 new issues every (4 new issues every month) plus all issues published since 2005. Subsription covers 4 magazines: Hakin9, Hakin9 Extra, Exploiting Software Hakin9 and Hakin9 On Demand. 

Yahoo Security Breach — More than 450,000 username and passwords were compromised in the breach.

Yahoo Security Breach
Yahoo Security Breach — More than 450,000 username and passwords were compromised in the breach.
A new name can be added to the list of companies who have been hacked this year:  Yahoo. If you know anyone with a Yahoo account, there’s a chance you received a strange e-mail from them recently. More than 450,000 username and passwords were compromised in the breach.
The group responsible released a statement on their reasoning behind the hack:
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
Hopefully this is a wake up call everyone involved, Yahoo users included.
Many people find creating a password to be a daunting task that they usually just blow off and use anything they can remember easily. News flash! Anything you think is easy, hackers will think is even easier. Using a password like startrek, 123456, password, ninja, or anything else that’s obvious is more likely to get hacked than using symbols, upper and lowercase letters and numbers.
Don’t get me wrong here. I’m not saying that complicated passwords can’t be hacked. I am saying that someone who uses starwars is going to get hacked before someone who uses F1r3F17Ru13s.
To keep yourself and your accounts secured, here are some guidelines for creating a password:
  • Change your password often — every 90 days is the standard
  • Keep the length to eight characters or more
  • Substitute symbols for letters or numbers. C@t@nd7h2H@t (Cat and the hat)
  • Intentionally misspell a word (Superamin, B@tmyn)
  • Avoid anything you can find in the dictionary (in any language)
  • Avoid words spelled backwards and common abbreviations
  • Don’t use personal information (such as birthday, anniversary, driver’s license number, etc…)
  • Use at least one number, symbol and lower case/upper case letter.
  • Use a different password for each account (if one account gets hacked, they wont all be left vulnerable).
If you are unsure if your password is strong enough, head on over to Microsoft’s Password Strength Checker. This tool can help you figure out if the Force is with you.
Now go forth and apply these guidelines to all of your passwords. I know it’s scary, but it’s better than the alternative.
Source: www.wired.com

Microsoft Apologizes for Naughty Dance Routine

Microsoft Apologizes for Naughty Dance Routine

Somewhere, there’s a handful of Microsoft marketing contractors getting fired. That’s an easy conclusion to make from the PR blunder stemming from a Microsoft developers event in Norway that included some dancing girls — and some embarrassing lyrics accompanying their routine.
As reported by GeekWire, the dance routine took place at an event in Norway that was intended to promote some new advances in Microsoft’s Azure cloud-computing platform, advancements meant to deliver a “hybrid cloud” combining the best of both on-premise and off-premise functionality.
Someone apparently couldn’t just stick to the subject. Ahead of Microsoft’s presentation at the Norwegian Developers Conference in Oslo, was this cheesecake-y dance routine — which, by itself, might have been obnoxious but near some marginally acceptable, if off-topic, borderline. But then came the lyrics, played during the routine and flashed on video screens: “The words MICRO and SOFT don’t apply to my penis.”
Frank Shaw, head of corporate communications for Microsoft, tweeted today that the routine — some of which you can see in the video below — was “inappropriate and just not okay.”
The audience was not amused, and slammed the software firm on Twitter, The Herald Sun reports.

"For those not here, we had flashing disco lights, bad lyrics about penis, disco beats and dancing azure girls, so cringeworthy," one programmer tweeted.

RobAshton


"Wow #microsoft this music thing is probably the most embarrassing i've ever seen and heard," said another tweeter.

hamnis@ twitter


According to the report, Microsoft's head of corporate communications, Frank Shaw, later apologized on the micro blogging site.

fxshaw@ twitter



"This routine had vulgar language, was inappropriate and was just not ok. We apologize to our customers and partners," Shaw tweeted.

Microsoft had already sought to apologize for the routine. It posted comments on YouTube videos of the routine, saying:
“This week’s Norwegian Developer’s Conference included a skit that involved inappropriate and offensive elements and vulgar language. We apologize to our customers and our partners and are actively looking into the matter.”
Every so often, satellite marketing offices wander off the reservation from how the home office does things. I’ve got a message in to Shaw, trying to find out what happened. Until then, here’s a sample of what all the fuss is about:

Create your own WiFi hotspot with 3G

Create your own WiFi hotspot with 3G
Create your own WiFi hotspot

Create your own WiFi hotspot

Almost all the portable gadgets we use today need to be connected to the internet. Instead of getting an individual internet connection for each of them, you can use one of them to create a personal, mobile Wi-Fi hotspot. All your other Wi-Fi enabled devices will then be able to connect to this hotspot and share the primary internet connection. 

Apart from the practicality angle, there can be many uses for this. Your laptop can have high-speed internet connectivity on the move. Within your own network, you
devices will be able to share data with each other. And you'll save quite a bit of cash at the end of the month if you share just one unlimited data plan with five other devices. 

Using a Symbian Phone
Using a Symbian Phone 

Using a Symbian Phone 

Symbian Series 60 phones with Wi-Fi were actually the first to get the ability to create a Wi-Fi hotspot, using a free app called JoikuSpot Light. JoikuSpot also supports certain Samsung Symbian Series 60 phones like the Omnia HD i8910 and the Maemo-powered Nokia N900. Well, JoikuSpot is still around (joiku.com) and has been upgraded to include support for Symbian Series 60 5th Edition (touch phones like the Nokia 5800 and 5530 Xpress Music) and the latest Symbian^3 (for phones like the Nokia C6, C7, N8 and E7). With the Light version of JoikuSpot, you cannot name your network and the Wi-Fi hotspot that you create is unsecured, meaning that anyone with a Wi-Fi enabled device will be able to connect to it. 

The Light version is also limited in the sense that it only supports basic internet protocols (not all websites will be accessible using a hotspot created by JoikuSpot Light). Apart from that, there are no restrictions on the Light version, no time limitations and no obligation to upgrade to the paid version. To download the Light version directly to your phone, visit joikuspot.com/light from your phone's web browser. If you prefer to secure your Wi-Fi hotspot so that only you can access it, you can get the paid version for $12.50 from joikushop.com. 

The iPhone 4 (post iOS 4.3)
The iPhone 4 (post iOS 4.3) 

Using iPhone 4 (post iOS 4.3) 

Wi-Fi tethering on the iPhone was previously only available for jailbroken devices. The MyWi application (available for $19.99 from the Cydia installer on jailbroken devices) can connect to a cellular network on the iPhone 2G, 3G, 3GS, 4 and iPad to create a personal Wi-Fi hotspot. The app also enables USB and Bluetoothtethering on the same devices. More information on MyWi can be found on the developers website, intelliborn.com. No such app is available for non-jailbroken devices. However, with the latest iOS 4.3 software update (available to download from March 10, 2011 onwards), the iPhone 4 also gets the personal Wi-Fi hotspot option officially. Using the new feature, three devices can connect to the iPhone 4 using Wi-Fi, and another two using USB and Bluetooth. At this point, it's not clear as to why Apple is not offering the feature on older devices like the iPhone 3G/3GS or for that matter on the 3G version of the iPad. 

Using an Android device
Using an Android device 

Using an Android device 

Android has the most options when it comes to sharing an internet connection via Wi-Fi. For starters, any phone or tablet with Android version 2.2 or later has the personal Wi-Fi hotspot feature built in by default (without any restrictions). To activate it, go to Settings > Wiress and Network > Mobile AP. Once you activate Mobile AP, you can configure it with a name, add an access password and even hide the network so that only trusted devices can connect to it. 

There are many options for older Android devices too. PdaNet is an option for USB and Bluetooth tethering (It was earlier also available for Palm and Windows Mobile phones). You can download the app directly from the Android App Market, connect the device to your computer and access the data connection. Another open source project is Android Wi-Fi Tether (available from code.google.com/p/android-wifi-tether). The app is available even for older devices with Android version 1.1 and 1.5 (cupcake). However, to use the Android Wi-Fi Tether app with Android version 2.1, you need to have a 'rooted' device. Rooting an Android phone is a process similar to jailbreaking on Apple iOS devices. It allows more access to the device's hidden settings. Rooting is not illegal but will definitely void the warranty on the phone. 

Windows Mobile
Windows Mobile  

Using Windows Mobile

Devices like the HTC Touch Diamond and HTC HD2 powered by Windows Mobile 6.5 can also use JoikuSpot-the same application that Symbian smartphones use. It is available for purchase and immediate download from joikushop.com. Another option is WmWiFirouter (wmwifirouter.com). While a 21-day free trial of the app is available, you will have to buy the full version for Rs 940 to continue using it after that. Wi-Fi tethering is not yet available for the latest Windows Phone 7 devices yet.




Using a Windows 7 Laptop
Using a Windows 7 Laptop 

Using a Windows 7 Laptop 

If you have a Wi-Fi enabled Windows 7 laptop (32-bit or 64-bit), a free program called Connectify (connectify.me) can create a personal hotspot, allowing other nearby laptops, phones, portable gaming consoles and tablets to use your internet connection. Like with any Wi-Fi router, you can configure it with a name, add access passwords and hide the network (disable broadcasting). Once the software is installed, the Connectify hotspot can be started and stopped at any time from the Windows 7 notification area on the right side of the taskbar. 

Connectify works with most Wi-Fi cards in laptops, though the functionality may be limited in some cases. For example, if your laptop connects to the internet using Wi-Fi itself, it may not be able to use Connectify to further share the network. If your laptop connects to the internet using an Ethernet cable or using a USB data card, Connectify will work without an issue. However, if your laptop has a Windows 7 certified Wi-Fi card, it will support 'Access Point' connections. This means that even if the laptop connects to the internet using Wi-Fi, it will still be able to share the internet connection with other devices. If your laptop has a Windows 7 certified Wi-Fi card that supports Access Point connections, Connectify can also be used as a 'repeater' or range extender for your home Wi-Fi network. All you have to do is place your laptop towards the periphery of your existing Wi-Fi network and enable Connectify. 
Unfortunately, Connectify depends on improvements made to Windows 7 to operate, hence it is not compatible with Windows XP or Vista (although it is compatible with Windows Server 2008 R2). Connectify will also soon be available for Android devices (available on the Android App Market). 

Tata PhotonWi-fi
Tata PhotonWi-fi 

Using Tata PhotonWi-fi 

Apart from the regular Tata Photon+ USB device, you can also go for the Tata Photon Wifi. It is a pocket-sized, battery-powered router that connects to the Photon network and provides high speed Wi-Fi connectivity for up to 5 nearby devices. It costs Rs 6,599 (plus the usual monthly plan).





Olive VR-9 Router
Olive VR-9 Router 

Using Olive VR-9 Router 

This battery-powered device is an easy way out if you already have a high-speed USB data card. The Olive Nexus VR-9 has a USB port into which you can plug in a data card and it creates a Wi-Fi hotspot that can be accessed by five devices. It costs Rs 3,500 and can be purchased from olivetelecom.in. It has a complicated initial setup process-you have to connect the device with an Ethernet cable, enter the router's IP address and feed in data card details (number, username, password). The battery lasts for 4 hours but you have the flexibility to plug your data card directly into the laptop anyway. It might make more sense than the Tata Photon WiFi because even after adding the cost of a USB data card (Rs 1,599 for Reliance, Rs 1,799 for Tata), it is still cheaper.