the hacker news 12 otto br 2015

cyber security degree online

Record-Breaking Deal: Dell to Buy EMC for

$67 BillionMonday, October 12, 2015 Wang Wei

Yes, Dell is going to acquire data storage company EMC in a deal worth $67 BILLLLLLION– the largest tech deal of all time. It's record-breaking...

Computing giant Dell on Monday finally confirmed that the company is indeed going topurchase the company for creating what it calls "the world’s largest privately-controlled,integrated technology company."

Most of you might not have heard of EMC corporation, but it is a tech titan that operatesmany of the services you use nowadays.

EMC offers data center storage and data processing for big technology companies, andnow it is been acquired by Dell.

"The combination of Dell and EMC creates an enterprise solutions powerhousebringing our customers industry leading innovation across their entire technologyenvironment," Michael Dell, CEO and chairman of Dell, said in a statement.

The acquisition will benefit Dell to create a new company that will sell a broad range ofboth consumer as well as IT products, including:

Personal computersServers and data storage services for use in corporate data centersVirtualization software that allows those data centers to run efficiently

EMC stockholders will receive about $27.25 per share in cash and a tracking stock inVMware, a cloud software company bought by EMC in 2004, all of which will be worth$33.15 per share.

However, VMware Inc. will remain an independent, publicly trading company under EMCon the New York Stock Exchange (NYSE).

THN Weekly RoundUp – 12 Hacking Stories

You Don’t Want To Miss This WeekSunday, October 11, 2015 Swati Khandelwal

Here we are with our weekly roundup, showcasing last week's top cyber security threatsand challenges.

Just in case you missed any of them (ICYMI), THN Weekly Round-Up helps you provideall important stories of last week in one shot.

We advise you to read the full story (just click ‘Read More’ because there's some valuableadvice in it as well).

Here's the list:

1. Facebook to Launch Its Own Satellite to Beam Free Internet

Facebook has revealed its plans to launch a $500 Million Satellite by next year in aneffort to provide free or cheap Internet access in the developing countries.

The social network giant has teamed up with the French satellite

Popular Stories

How to Weaponize your

Cat to Hack

Neighbours’ Wi-Fi

Passwords

USB Killer v2.0 —

Latest USB Device that

Can Easily Burn Your

Computer

Google rewarded the

Guy who Accidentally

bought Google.com, But

he Donated it to Charity

British Intelligence

Agency Can Hack Any

Smartphone With Just a

Text Message

This Secure Operating

System Can Protect You

Even if You Get Hacked

Google Secretly Records

Your Voice — Here's

How to Listen and

Delete It

This Guy Builds A

Thor-Like Hammer that

Only He Can Pick Up

Critical Netgear Router

Exploit allows anyone to

Hack You Remotely

Collision Attack: Widely

Used SHA-1 Hash

Algorithm Needs to Die

Immediately

How to Activate

GodMode in Windows

10

Ground Zero

Home Hacking Tech News Cyber Attacks Vulnerabilities Malware Encryption Spying

The Hacker News: Cyber Security, Hacking, Int... http://thehackernews.com/search?updated-ma...

1 di 9 14/10/2015 18:14

provider Eutelsat Communications to beam free Internet access to several parts ofcountries in Sub-Saharan Africa.

For detailed information on Facebook’s Satellite Project – Read more…

2. Angler Exploit Kit Campaign Generating $30 Million Took Down

Researchers took down a large ransomware campaign connected to the Angler ExploitKit that was making an estimated $30 Million a year in revenue for hackers.

The hacker or group of hackers generating $30 Million annually is responsible for up to50% of Angler Exploit Kit activity, which simply means that the rest of Angler kit businessmight be generating revenue of more than $60M annually for hackers worldwide.

For more information – Read more…

3. This Secure Operating System Protects You Even if You Get Hacked!

Qubes OS – an open-source Linux-based security-oriented operating system for personalcomputers runs everything inside the virtual machines.

The visualization mechanism of Qubes OS follows Security by Isolation (SoftwareCompartmentalization) principle to secure the systems, which means, enabling thePrinciple of least privileges.

So, in case you become a victim of any malicious cyber attack, Qubes OS doesn't let anattacker take over your entire computer.

For in-depth information on Qubes OS – Read more…

4. How to Activate GodMode in Windows 10

God Mode – also known as 'Windows Master Control Panel Shortcut' – is an inbuilt, buthidden Windows' feature that provides additional customization options for the Microsoft’snewest operating system.

Enabling God Mode in Windows 10 essentially unlocks a backdoor of the operating systemto access 260+ additional settings from a single folder.

To know how to activate GodMode in Windows 10 – Read more…

5. British Agency Can Hack Any Smartphone With Just a Text Message

The British Intelligence Agency GCHQ has powers to hack any smartphone devices withjust a text message, said the former NSA contractor and global surveillance whistleblowerEdward Snowden.

According to Snowden, GCHQ have special tools that let it take over your smartphones


2 di 9 14/10/2015 18:14

with just a text message and there is "very little" you can do to prevent the spying agencyhaving "total control" over your devices.

For the full interview of Edward Snowden with BBC investigative programme Panorama– Read more…

6. Kemoge: Latest Android Malware that Can Root Your Smartphone

A new strain of malware, dubbed 'Kemoge Malware', has made its debut as an Adware onAndroid devices, allowing third-party app stores to pilfer your device's information as wellas take full control of it.

Kemoge is an Adware in the disguise of popular Android Apps. The malware is distributedin the names of popular apps, but actually repackages the malicious code that even has thecapability to root victims’ phones, targeting a wide range of device models.

For more information on How does Kemoge Work and How to protect against it – Readmore…

7. Microsoft Rewarded $24,000 Bounty to Hacker

Synack security researcher Wesley Wineberg won $24,000 from Microsoft for finding andreporting a critical flaw in Microsoft’s Live.com authentication system that could allowhackers to gain access to victims’ complete Outlook account or other Microsoft services.

Wineberg developed a ‘proof-of-concept’ exploit app, named 'Evil App', that allowed him tobypass Microsoft’s OAuth protection mechanism, effectively gaining access to everything invictim's account.

For detailed information and video demonstration – Read more…

8. End of the Most Widely used SHA-1 Hash Algorithm

One of the Internet's widely adopted cryptographic hash function SHA-1 is counting its lastbreaths.

Researchers have claimed that SHA-1 is vulnerable to the Collision Attacks, which can beexploited to forge digital signatures, allowing attackers to break communications encodedwith SHA-1.

For in-depth information on Collision attacks and how does it work – Read more…

9. Brute Force Amplification Attack Targeting WordPress Blogs

Security researchers have discovered a way to perform Amplified Brute Forceattacks against WordPress' built-in XML-RPC feature in an effort to crack downadministrator credentials.

XML-RPC protocol is used for securely exchanging data between computers across theInternet. It uses the system.multicall method that allows an application to executemultiple commands within one HTTP request.

The same method has been abused to amplify Brute Force attacks many times over byattempting hundreds of passwords within just one HTTP request, without been detected.

Here's how the Brute Force Amplification attack works – Read more…

10. China Arrested Hackers at U.S. Government Request

Just two weeks before Chinese President Xi Jinping visited the United States; Chinaarrested a handful of hackers within its borders at the request of the United Statesgovernment.

The arrested hackers were suspected of stealing state commercial secrets from UnitedStates firms and then selling or passing them to Chinese state-run companies.

For detailed information – Read More…

11. One-Minute Owner of Google.com Donated his Reward to Charity

The man who actually managed to buy Google.com got a huge reward from Google, but hedonated all his prize money to charity.

Sanmay Ved, an ex-Google employee and now-Amazon employee, managed to buy the


3 di 9 14/10/2015 18:14

world's most-visited domain via Google's own Domains service for only $12.

However, Ved owned Google.com for one minute before the company realized it was amistake and cancelled the transaction.

For in-depth information – Read More…

12. Critical Netgear Router Flaw Lets Anyone Hack You Remotely

Hackers have publicly exploited a serious flaw discovered in Netgear routers in order tobypass authentication mechanism on vulnerable routers.

Hackers could leverage the vulnerability to bypass authentication mechanism and thenchange the Domain Name System (DNS) settings of victims' routers to the rogue IPaddress.

The affected Netgear routers are JNR1010v2, JWNR2000v5, JWNR2010v5, WNR614,WNR618, WNR1000v4, WNR2020 and WNR2020v2.

For more details – Read more…

Apple Kicks Out some Malicious Ad-Blocker

Apps from its Online StoreSaturday, October 10, 2015 Khyati Jain

Apple has removed several apps from its official iOS App Store that have the ability tocompromise encrypted connections between the servers and the end-users.

Apple has officially said:

We have removed a "few" apps from the iOS App Store that could install rootcertificates and allow monitoring your data.

It's like- they have analyzed and admitted that they lacked in the auditing of the App Storehosted Apps.

The company is also advising its users to uninstall the malicious apps from their iPhones,iPads and iPods in order to prevent themselves from monitoring, though it has yet to namethe offending apps.

App Store Apps Spy on Encrypted Traffic

The challenge that stood before Apple was, they discovered that "few" of the Apps in theiOS App Store were capable of spying on the users by compromising SSL/TLS securitysolutions of their online communication.


4 di 9 14/10/2015 18:14

Root certificates are the fundamental part of how encrypted connections like HTTPS verifythe site users are connecting to and creating a secure environment for them to get accessto various resources. Their updates also happen on a timely basis.

Root certificates allow public key encryption to browsers and other services to validatecertain types of encryption and ensure that user is redirected to that website or server thathe requested.

However, in Apple's case, the fraudulent apps were acting as an interface between thesecure connections and exposing all private Internet traffic of the user.

However, to get rid of the problem, Apple has removed various apps from their App Storethat could decrypt the "Encrypted Connection" between the user and the server to whichthe user is connected to.

Apple Yet to Disclose the names of Offending App

Apple did not disclose the names of such Apps, instead said that there are few of them withbitter intents and for which, they left the users displeased, as:

They want the users to uninstall the Apps, but which ones to remove they are leastbothered.

Also, they have given directions for "How to delete an app that has a configuration profileon your iPhone, iPad, or iPod touch," on their support page, but…

...Does that make any difference?

As how are the people going to identify which Apps to uninstall!

Furthermore, in a similar incident developer of an app commonly known as Been Choicewas removed from the iOS store, consequently the developer posted on Twitter about theybeing ‘Pulled Off’ from iOS store and mentioned that:

"We'll remove ad blocking for FB, Google, Yahoo, and Pinterest apps."

Therefore, it can be assumed that Been Choice's, Ad-blocker app which functioned in sucha way that it installs root certificates in order to block ads inside apps, might be gatheringprivate details of the user through ad blocking facility via installing root certificates.

One thing is important to note here, which is- Apple allowed such Apps that were installingRoot certificates on the users' device.

Meanwhile, all the iPhone, iPad and iPod touch device holders are requested to uninstallany suspicious app from there device; until Apple reveals the names of those apps.

Critical Netgear Router Exploit allows anyone

to Hack You RemotelyFriday, October 09, 2015 Khyati Jain

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentiallyaffecting 11,000 Devices.

This week, we reported about a Vigilante Hacker, who protected users by installingmalware on their Wi-Fi routers, forcing them to use a secure password.

Now within few days, a security researcher has discovered a serious vulnerability inNetgear routers that has been publicly exploited by hackers.

The critical flaw could allow hackers to bypass authentication mechanism and change theDomain Name System (DNS) settings of victims' routers to the malicious IP address.[Exploit Code]

A security researcher, named Joe Giron, gave the details of his experience to BBC, sayingthat he noticed some anonymous activities in his machine and on investigating he learnedthat:

The admin settings on his personal router have been modified on 28


5 di 9 14/10/2015 18:14

September.

Specifically, Domain Name System (DNS) settings on his router were changed to asuspicious IP address.

As an outcome of which the hacked router was sending web browsing data to a maliciousInternet address.

"Normally I set mine to Google's [IP address], and it was not that, it was somethingelse," Giron said. "For two or three days all my DNS traffic was being sent over tothem."

Affected Netgear Routers

JNR1010v2JWNR2000v5JWNR2010v5WNR614WNR618WNR1000v4WNR2020WNR2020v2

Giron contacted Netgear about the serious issue, to which they replied that thevulnerability discovered their products is 'serious,' but "affects fewer than 5,000 devices."

Further, Giron switched off his router to avoid anymore mishappenings.

Is it Serious Flaw...?

In another statement, Jonathan Wu, senior director of product management at Netgearsaid, "Is it serious? Yes, it definitely is."

Currently, any patch is not available for the firmware on the affected devices. However,Netgear assures its users that the company will release a patch by October 14 to fix theissue.

Therefore, we would suggest all the Netgear router's users not to use their devices, untilthe vulnerability is patched; as you might be one of those 5000.

Grab more information about DNS Spoofing and Router Hacks and Vulnerabilities,and Follow Us!

CyberSpace — China arrested Hackers at U.S.

Government RequestFriday, October 09, 2015 Swati Khandelwal

For the very first time in history, China has arrested hackers within its borders at therequest of the United States government.

The helping hands of China made me remind of recent Hollywood movie, The Martian, inwhich China's CNSA helped the United States' NASA to rescue astronaut Mark Watney whowas mistakenly presumed dead and left behind on the planet Mars.

Although China did not rescue anyone, rather it did arrest, but the point is – China helpedthe United States.

Just two weeks before Chinese President Xi Jinping visited the U.S., the Chinesegovernment took unprecedented step by complying with a United States request andarresting a handful of hackers within its borders, anonymous U.S. officials told theWashington Post.

The arrested hackers were suspected of stealing commercial secrets from U.S. firmsand then selling or passing on those secrets to Chinese state-run companies.


6 di 9 14/10/2015 18:14

The hackers were part of a wanted list drawn up by the U.S. intelligence and lawenforcement agencies.

An unknown source familiar with the matter said Obama administration officials toldChina, "We need to know that you are serious. So we gave them a list, and we said –'Look, here's the guys. Round them up.'"

Is the Arrest an Empty Gesture?

At the moment, there is no publicly available information related to the arrests – about whoexactly was arrested or what punishments they face – but…

The U.S. officials are now hoping for public trials to see whether the China will followthrough prosecutions, or whether these arrests will be nothing more than an empty gestureintended to rectify tensions with the U.S.

The arrests are believed to be part of the recent cyber deal the US President BarackObama struck with Chinese President Xi Jinping last month, in which both the nationsagreed that neither side will participate in commercial espionage against one another.

Though the arrests indicate a promising step towards a better relationship between Chinaand the United States, the real test will be how long the Chinese government can stick tothe agreement.

No let's see, would America do the same on China's request? Hit the comments below.

Obama Encryption Policy: White House Will

Not Force Companies To Decode Encrypted

DataFriday, October 09, 2015 Khyati Jain

After the revelations that Whistleblower Edward Snowden made about the United StatesNational Security Agency (NSA), the U.S. citizens are in need of more transparent digitalsecurity.

The Citizens of the United States have appealed to the Obama Administration through acampaign for rejecting any policy, mandate or law that stands against their security in thecyberspace and adopt strong encryption for them.

The Washington Post reported that the Obama Administration has agreed partially on theencrypted communications issue.

"The administration has decided not to seek a legislative remedy now, but it makessense to continue the conversations with industry," James B. Comey, FBI Director,said at a Senate hearing Thursday of the Homeland Security and GovernmentalAffairs Committee.

This decision is considered as the Status Quo. It is like a win-win situation to decrease thetension because of the Petition and regard the law enforcement agencies as well as thecitizens.

What does the Law Enforcement want?

The Law Enforcement Agencies (LEA) find it difficult to assess the encrypted informationthat they get from gaining access to the communications of criminals, terrorists and spies.

Even the state and local agencies investigating crimes like child kidnappings and carcrashes find it difficult in the digital era with the increase in pieces of evidence that areelectronic devices they can’t access without a search warrant.

Further, if the cyber criminal "Pleads the Fifth," it becomes more challenging for the LEA.

What do the Citizens need?

The Citizens of the United States have stood up for a temporary alliance, where they are


7 di 9 14/10/2015 18:14

petitioning the President for privacy, security, and integrity of their communications andsystems.

The campaign initiated by the U.S. citizens requires participation of their fellow citizens bysigning the petition on the website Savecrypto.org, and the stats say they need 50,000more number of participation from the people.

If they reach a majority of 100,000, then they will get a reply from the White House. Also, ifthey get more than 370,000 votes, it will be the most popular WhiteHouse.gov petitionever.

How Encryption comes into Play?

Companies that provide encryption are the ones that reside in between both the primaryentities (LEA and Citizens) because they are ones allowing us to encrypt our informationover:

Voice or Text communicationAny electronic Device

In the matter of text, the companies offer encryption in which the only persons who canread that message are the sender and the receiver.

Whereas, in the case of a device, only its owner has the access to the device's data.However, the companies themselves leave 'backdoors' or keys to decrypt that data forthe government, even if served with search warrants or intercept orders.

As, decoding the communication is a challenging task for the LEA, certain members ofCongress and the FBI want to force these companies to give the government special accessto the citizensdata.

And to achieve this they want these companies to:

Build security vulnerabilitiesGive them a "golden key" to unlock the citizens encrypted communications.

However, the "security experts agree that it's not possible to give the government what itwants without creating vulnerabilities that could [even] be exploited by bad actors," quotedthe Savecrypto.org.

It's like having no meaning of "Encryption" and "Security."

If this is the way Obama Administration is going to handle the Encryption policy forcommunications for the citizens, it would be a No-win situation.

The decision was declared at a Cabinet meeting on October 1, 2015, and, as the presidenthas said, the US will "work to ensure that malicious actors can be held to account —without weakening our commitment to strong encryption."

National Security Council spokesman Mark Stroh also replied and said, "As part ofthose efforts, we are actively engaged with private companies to ensure theyunderstand the public safety and national security risks that result from maliciousactors' use of their encrypted services and products."

To know more about NSA's background, follow The Hacker News.

Google rewarded the Guy who Accidentally

bought Google.com, But he Donated it to

CharityFriday, October 09, 2015 Swati Khandelwal

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward fromGoogle, but he donated all money to charity.

Last week, an ex-Google employee and now-Amazon employee managed to buy the world'smost-visited domain Google.com via Google's own Domains service for only $12.


8 di 9 14/10/2015 18:14

⇦ Prev Page Next Page ⇨

However, Ved owned Google.com for one whole minute before the Mountain View companyrealized it was a mistake and cancelled the transaction.

After acknowledging the mistake, Google rewarded Ved with some unknown amount ofcash, but when Ved generously suggested donating his prize money to charity instead,Google just doubled the reward.

Google Rewarded Ved with More than $10,000

Ved believed that his real reward was just being the person who bought Google.com for awhole minute.

"I do not care about the money," Ved told in an interview with Business Insider. "Itwas never about the money. I also want to set an example that [there are] people who[wish] to find bugs that it's not always about the money."

Ved donated his reward to "The Art of Living India," an Indian foundation that focuses onproviding education to poorer areas of the country.

Ved did not disclose the exact sum of cash Google had awarded him, but he did say that theamount was more than of $10,000.

That is a lot for just a few clicks!

About | THN Magazine | The Hackers Conference | Sitemap | Advertise on THN | Submit News | Privacy Policy | Contact


9 di 9 14/10/2015 18:14

the hacker news 12 otto br 2015

Documents

data storage company

giant dell

michael dell

benet dell

chairman of dell

combination of dell

new company

data storage services