Skip to main content

Posts

Showing posts from January, 2016

How to Avoid Tracking by Your Internet Service Provider?

The final version of the proposed “three strikes” anti-piracy code for Australian internet service providers (ISPs) has been published recently. Under the Copyright Notice Scheme code ( PDF ), residential Internet users that are found pirating content will be subject to a series of "escalating" warning notices from rights holders, sent via ISPs. The notices will warn users that they are infringing copyright, and that they will face legal action if they get three strikes recorded against their IP address -- that is, if they receive an Education, Warning and Final notice -- within a 12 month period. If a user gets three warning letters, or "strikes", in a 12-month period, ISPs will help copyright owners identify them for potential legal action after a hearing in a prescribed court. Up to 200,000 notices can be processed and sent each year. An industry code has to be in place by January 1 Over the past few months,  thousands of Canadians have received ‘PiracyNoti...

LastPass Password Manager Details Vulnerable to Hack

LastPass is one of the popular password managers, which stores user’s passwords in the cloud in an encrypted vault. This user’s database is protected by a single username/password pare and various forms of two-factor authentication. However, some security researcher has recently issued a tool able to steal the login details and two-factor authentication key for the manager, thus leaving users potentially exposed. The instrument in question enables hackers to mimic the look and feel of the LastPass browser plugin and website, imitating the way the password manager requests a user’s password and two-factor authentication key. The security researcher presented the attack at the hacker convention ShmooCon in Washington, calling it LostPass. The attack works because ordinary users can’t tell the difference between a fake and a real message. The fake message shows up if a user visits a malicious website. Once the malware detects that the browser is using LastPass, it mimics a LastPass ...

In 2015 google gave $2 million in rewards to over 300 people, largest single payment of $37,500 made to an Android security researcher.

Google said researchers from all over the world, coming from countries like Great Britain, Poland, Germany, Romania, Israel, Brazil, the US, China, Russia and India, participated in its security rewards programme. “Tomasz Bojarski found 70 bugs on Google in 2015, and was our most prolific researcher of the year. He found a bug in our vulnerability submission form,” the blog posted by Eduardo Vela Nava from Google Security team, said.  In 2015, the company gave $2 million in rewards to over 300 people. The programme which was started in 2010 has seen Google giving out over $6 million in rewards so far. It said it has paid more than $200,000 to researchers for their work under Google’s Android (mobile operating system) VRP programme launched in June. This includes the largest single payment of $37,500 made to an Android security researcher. “We also injected some new energy into these existing research programs and grants. In December, we announced that we’d be dedicating on...

Google reveals what it paid man, who owned Google.com for 1 min

Google has paid Sanmay Ved, the man who owned Google.com for a minute, $ 6,006.13 (about Rs 4.07 lakh) and later doubled the amount when he donated his reward to charity.   In September last year, the ex-Googler, while searching Google Domains, found that Google.com (domain name) was available for purchase. He bought the domain for $12 and gained access to its webmaster tools before Google cancelled the sale.   “You may have read about Sanmay Ved, a researcher who was able to buy Google.com for one minute on Google Domains. Our initial financial reward to Sanmay – $6,006.13 – spelled-out Google, numerically (squint a little and you’ll see it!). We then doubled this amount when Sanmay donated his reward to charity,” Google said in a blog post. Ved, in a post on LinkedIn, had said he chose his award to be donated to the Art of Living’s education programme which runs 404 free schools across 18 states in India, providing free education to more than 39,200 children livin...

New Book - 'Hacked Again' - It can Happened to Anyone... Even a Cyber Security Expert

Hacked Again details the ins and outs of a cybersecurity expert and CEO of a top wireless security tech firm, Scott Schober, as he struggles to understand the motives and mayhem behind him being hacked. By day, he runs a successful security company and reports on the latest cyber breaches in the hopes of offering solace and security tips to millions of viewers. But Scott begins to realize his worst fears are only a hack away as he falls prey to an invisible enemy. Scott Schober shares his personal accounts as a business owner, thought leader, and wireless technology expert as his book examines a multitude of cybersecurity issues affecting all of us. Through tips and advice gained from his own experience, Scott offers hope to others by examining his own security foibles so readers will not have to go through the same cybersecurity struggles themselves.

Snap-Happy Trojan Targets Linux Servers

Security researchers at on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers. Malware for Linux is becoming more diverse and includes spyware programs, ransomware and Trojans designed to carry out distributed denial-of-service attacks, Researchers did not assess the severity of the threat once the malware infects computers. The disclosure also did not provide details on the source of the malware or the extent of its threat to servers or desktop computers running the open source OS. "The malware is focused on monitoring what a human user is doing, although the majority of Linux systems are servers. Therefore, they won't be as valuable for screenshots and audio recordings to attackers," said Ben Johnson, chief security strategist at Bit9+Carbon Black. Linux is usually a server or infrastructure component, so it is not going to be reimaged or...

ISIS offering Indian hackers $10,000 a jobs

ISIS is luring Indian hackers with top dollar to hack into government websites and steal sensitive data. Hackers are also being asked to identify and create a database of potential recruits from Twitter and Facebook. For each 'job', a hacker would be paid upwards of $10,000. This is by far the most lucrative offer from the hacking community in India, experts say "There are various underground communities online where hackers interact regularly. Our investigation reveals that for the past six months, lucrative offers for stealing government data came pouring in and hackers were offered a huge sum. Such amount has never been offered to any Indian hacker before. We found that the offers were being made to spread ISIS reach in the country," said Kislay Choudhary, a cyber crime expert who works with several security agencies. Stealing government data is part of ISIS' intelligence gathering exercise and helps in formulating their India strategy, Choudhary added. ISIS...