Showing posts with label hackers. Show all posts

Google's $20,000 Bounty on Chrome Hack


The 5th annual hacking Contest Pwn2Own is due to kick start in Vancouver
(Canada) on March 9th , it will be a 3days affair ( 9th,10th,11th) and google is looking foward to make it more intresting by offering  $20,000  to anyone who can succesfully hack Google chrome.
This move from Google is $5,000 higher than its counterpart.

Security researchers will be looking into exploits against windows 7 or MAC OS latest version and targets will be  Microsoft Internet explorer,Mozilla's Firefox ,Apple's Safari and Google's chrome.
Though there will be 2 technologies as usual which will be under security exploit by security researchers i.e web browsers and mobile devices.
Mobile devices which will be looked upon are Dell Venue Pro, Apple's iphone4, Blackberry Torch 9800 and Nexus S.
The first sucessful Security researchers for hacking IE, Firefox and Safari will receive $15,000 and the laptop running the browser.
Portnoy from TippingPoint Digital said:
"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.
Google is only one of four vendors to put money in the prize kitty. "Kudos to the Google security team for taking the initiative to approach us on this,".
However, the rules are slightly different for Chrome. On day 1, Google will offer $20,000 and the laptop if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3  ZDI(Zero Day Initiative) will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug.


Charlie Miller, the only researcher to have won Pwn2Own prizes three years in a row, wouldn't commit last week to trying again, but on Wednesday he noticed the $20,000 for Chrome.

"Pwn2own now offering 20k for attack on Chrome," said Miller on Twitter. "Must be hard, glad Mac OS X doesn't sandbox their browser."
Miller is a Mac hacking authority - he co-authored The Mac Hacker's Handbook with Dino Dai Zovi, a 2007 Pwn2Own winner -- and has exploited Safari each of the last three years.

Comments

Category: , , , , , , , , , , , , ,

WikiLeaks Tangle

WikiLeaks , which surprised the whole world with its lots of secrets  leaks around the world , has its domain down.
WikiLeaks has come under fire for publishing classified U.S. documents, including videos and documents from the wars in Iraq and Afghanistan as well as sensitive cables sent between U.S. embassies and the U.S. State Department. WikiLeaks continues to post the cables.

WikiLeaks' main website  was inaccessible since last Thursday night after one of its DDNS i.e Dynamic Domain Network Service provider which terminated its WikiLeaks.org DNS.

Though its in the news that the service provider EveryDNS.net the US based Dynamic Network Services provider has terminated the WikiLeaks.org domain name after a series of DDOS attacks ( Distributed Denial of Service) , since as further DDOS attack would have bring down the whole EveryDNS.net infrastructure i.e Millions of other websites hosted on EveryDNS and hackers would have access to all those websites databases.

EveryDNS.net said in a statement that they have given notice to WikiLeaks via email, Twitter and the chat function available over the WikiLeaks.org website that its domain name service would be terminated in 24-hours.

"Any downtime of the Wikileaks.org website has resulted from its failure to use another hosted DNS service provider," EveryDNS.net said.

WikiLeaks Later put a stange post over twitter saying "EveryDNS.net  has Killed WikiLeaks.org after mass attacks" and asked supporter to keep Wikileaks alive with continued donations.
Donation sounds okay may be after they might be short of funds , due to sudden down of their domain.

Amazon Web Services which also host the Wikileaks domains also confirmed the DDOS attacks, saying in a blog posting that, "There were indeed large-scale DDOS attacks, but they were successfully defended against."

The domain name service termination comes just days after Amazon Web Services stopped hosting WikiLeaks on its servers for breaking user rules saying that websites must use their own content and not carry data that might injure others. The U.S. Homeland Security and Governmental Affairs Committee, chaired by Senator Joe Lieberman, had also asked Amazon to stop hosting the controversial website.

Though EveryDNS.net said all of its systems were functioning normally, whats the Buzz going not harder to gaze , all is crystal clear.
WikiLeaks has asked the Web community to open mirror sites so it cannot be downed or censored and said on Monday that 300 plus new sites are already up.
Since Wikileaks is now under heavy DDOS attacks, they are creating mirror sites i.e N no of same sites hosted on differenct linux based server to increase the security and downtime as well making it vitually impossible for the DDOS attackers to put it down , so it seems this might be a game plan , thought well in advance as they were aware they are gona be attacked by the firms and other world bodies for their illegal way of working.

WikiLeaks Twitter feed are going to WikiLeaks.ch have a look at the screenshots below.

I am quite following this-up as to check if its a third party attempting to see where the Wikileaks getting support from or WikiLeaks itself , quite confused right now need to run the mind horses ;).

While as claimed by Wikileaks , their next target will be Banks, meanwhile from sources its confirmed that some hackers has brought down MASTERCARD's Website  www.mastercard.com under the "operation Payback" according to several news reports, including the Guardian and the National Post.
 
The Guardian wrote the following in its article:
The action was confirmed on Twitter at 9.39am by user @Anon_Operation, who later tweeted: "WE ARE GLAD TO TELL YOU THAT http://www.mastercard.com/ is DOWN AND IT'S CONFIRMED! #ddos #wikileaks Operation:Payback(is a bitch!) #PAYBACK"

Hackers reportedly used a distributed denial-of-service attack (DDoS), which is basically designed to flood web servers with so many requests that it slows its service to a virtual stand-still  and reaches a deadlock state.

Swiss bank  is reported to have also suffered a similar attack, and the hacker group claim to be eyeballing PayPal, promising they will be targeted soon.
Adding fuel to the fire was WikiLeaks' founder Julian Assange's arrest a day before yesterday for alleged sex crimes committed in Sweden.
So its getting toucher for the cyber security bodies to keep it under control as no solution has been devised to tackle suck attacks and leaks of confidential data.


P.S : Now virtual space has really turned into a warfare.So whom do you blame for all this mess ? The WikiLeaks ? or those named and shamed in the leaked documents?  or the financial services for cutting WikiLeaks off ? or the Hackers ?. Leaving this Little mind excercise for you 

pic source : http://cdn.venturebeat.com/wp-content/uploads/2010/08/wikileaks.jpg
                     http://www.wikileaks.ch
                   

Comments

Category: , , , , , , , ,

Good News For Mac :: SOPHOS Free Anti-Virus

Dear Friends , a very good news for you :) , if you are using Apple's MAC,then the IT security firm Sophos has Launched Free Sophos Anti-virus for Home users.Sophos is one of the Top most IT security solution provider which is engaged in provide Security with focus on Corporate sphere.














 
Now with the MAC Operating System Increase market share and its contentiously growing , so its becoming a more attractive target for the malware writers , hackers and cyber-criminals .

So its a sophos initiative to focus on security of the home MAC users. The best feature of sophos is its IDs i.e virus detection identification are Platform independent i.e  they are same for windows as well as for Linux or MAC OS and moreover its Backed by sophosLabs.

Sophos Having 4 Labs globally and they works on rising Sun model , which take care of all threats 24/7 .

MAC Operating system supported by SOPHOS a specification.

- Mac with Intel or PowerPC processor
- 256 MB of memory
- 150 MB of available disk space
- Mac OS X 10.4 (Tiger), 10.5 (Leopard) or 10.6 (Snow Leopard)
- Supports all Apple Mac hardware including iMac, MacBook, MacBook Pro and the new MacBook Air.


Download sophos Anti-virus for MAC from below Link

http://downloads.sophos.com/home-edition/savosx_72_he.dmg

How to Install Sophos and its configuration see the video and PDf docs @ http://www.sophos.com/products/free-tools/free-mac-anti-virus/support.html and if you have any query post your comment on sophos MAC forum.

http://openforum.sophos.com/MacAv

For any further info on this , feel free to get back me.

P.S : For more Info visit www.sophos.com to know more about the security and its oveview.

Source : www.sophos.com
            http://sophosnews.files.wordpress.com/2010/11/sophos-mac-home-interface-small.jpg






Comments

Category: , , , , , , ,

Google Chrome : Safe And Secure Browsing

GOOGLE  CHROME





Last night I was trying to find some browsers which can give me fast browsing, at the same time are more secure.
The common thoughts that comes to mind is of few 
popular web browsers like Internet explorer, Mozilla Firefox , safari , google chrome and opera,
My Favoutite browser is Mozilla ,but there are few things which were not satisfying me is that which is the crash rate , hanging high CPU usage.





I tried google chrome way back , chrome is devoped by google from the open source project Chromium .But due to lots of security flaws I didn't used it there after.


But 
today I'm more confident to use google chrome then any other Web browser coz its now more secure than the present browser and moreover its security can be enhanced by 
using some extensions(plugins), these enhances the security and narrow down security risk to a greater extent. And being the fasted browser the browsing experience is amazing.


A Video on the evolution of Google chrome.. have a look





So here in this article about those cool extension which will reduce your online threats.


Following are the extension which I found very good afte testing.


1) AdBlock


 a very handy extension as it blocks the bugging adds,for security its very good as now a days malware writers are using these adds as target to successfully
intrude into your machine W/o you knowing it.
"Malware Ad Injections" is the technique used by malware writers to infiltrate into the accredited Web sites like the New York times, so it helps in blocking adds.

2) Bug Me Not

 is a very unique extenstion , helps in thwart advertising spam from Web sites that require registering. If a Web site requests information, it will check Bug Me 
Not.com’s database. If registration information is available, Bug Me Not will populate the form, allowing you to continue, yet remain anonymous.

3) FlashBlock
Vulnerabilities in Flash are becoming popular targets for hackers. FlashBlock helps by initially blocking all Flash content on a Web page. You can later-on whitelist(allow)
the website from where you want to have flash , like www.youtube.com.


4) Secbrowsing - plugin version checker

 extention Periodically checks if your browser is running any out-of-date, vulnerable plugins etc and keep you utodate.


5) SiteAdvisor
SiteAdvisor is a service that reports on the safety of Web sites. It shows the Web site’s rating. You also have the option of not allowing suspicious Web sites to load.

6) Unencrypted Password Warning
Unencrypted Password Warning does exactly what its name says. And Most importantly it also displays a warning if credit card numbers are sent in the clear. This extension is helpful for users who aren’t familiar with HTTPS and what it means. If there is a problem, it opens a window and explains what’s wrong.

7) WOT
Web of Trust (WOT) is another extension that rates the trustworthiness of Web sites. WOT is similar to SiteAdvisor but with a diffrent approach. Unlike SiteAdvisor, WOT rates search results, which is a nice feature. You have an idea before you proceed to the Web site.



P.S :  Dear Readers , hope you like the post , put your comments suggestion or any information I'm missing over here. You are most welcome , Have a nice Read :)




Comments

Category: , , , , , , , , , , , ,