Friday, 4 April 2014

Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilitie's

No comments :




So, is your Safari Web Browser Updated?? Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple released Safari 6.1.3 and Safari 7.0.3 with new security updates...

These Security updates addresses multiple vulnerabilities in its Safari web browser, which has always been the standard browser for Mac users.

This times not five or ten, in fact about two dozen. Apple issued a security update to patch a total of 27vulnerabilities in Safari web browser, including the one which was highlighted at Pwn2Own 2014 hacking competition.

The available updates replace the browser running OSX 10.7 and 10.8 with the latest versions of browser 6.1.3, and OSX 10.9 with 7.0.3.

Among the 27 vulnerabilities, the most remarkable vulnerability addressed in the update is CVE-2014-1303, a heap-based buffer overflow that can be remotely exploited and could lead to bypass a sandbox protection mechanism via unspecified vector.

This vulnerability is the one used by Liang Chen of "Keen Team," a Shanghai-based group of security researchers who hacked Safari on the second day of Pwn2Own hacking competition this year held in March 12-13 at the CanSecWest security conference in Vancouver, resulting in a $65,000 reward.

The vulnerabilities involved memory corruption errors in the WebKit, which if exploited by a malicious or specially crafted website, could allow a remote attacker to execute arbitrary code on the victim's machine or completely crashing of the software as a result of DoS condition. This could also be a great starting step for injecting malware onto the victims’ computer.

Another notable vulnerability is CVE-2014-1713 reported by the French security firm VUPEN, known for selling zero-day exploits, typically to law enforcement and government intelligence agencies, and HP's Zero Day Initiative.

VUPEN also exploited several targets in this year’s Pwn2Own competition, including Chrome, Adobe Flash and Adobe Reader, and Microsoft's Internet Explorer, taking home $400,000 of the total contest payout for the IE 11 zero-day.

More than half of the bugs were fixed by the Google Chrome Security team in this latest Apple updates, as both Google's Chrome browser and Safari are powered by the WebKit framework.

Apple also specially mentioned a different flaw discovered by Ian Beer of Google's Project Zero, which could enable an attacker running arbitrary code in the WebProcess to read arbitrary files despite Safari's sandbox restrictions.

Last month, Apple issued iOS 7.1 update for iPhones, iPads and iPod Touches to patch several vulnerabilities, including the one in the mobile Safari.

Apple has released software updates and instructions on obtaining the updates at the following links: Software Updates and Safari 6.1.3 and 7.0.3. so, apple users are advised to update their Safari browser as soon as possible.
Read More

Thursday, 3 April 2014

Facebook will launch drones and satellites

No comments :






Facebook plans to launch a fleet of drones to out-compete the technology giant Google. In the fast growing world of IT, survival of companies depends upon the number of followers and customers. 
In a bid to increase Facebook users, the CEO Mark Zuker berg has announced in a blog post that the company has planned to launch drones which will provide the remote areas, especially of third world countries, with hassle free internet access. 
Apparently this has been decided to out-compete Google which had launched internet balloons last year in Switzerland. Last year, Facebook and other technology companies had launched internet.org to provide internet to unprivileged masses.
 Facebook is perusing its goal of connecting over 1.2 billion people to facebook before the end of the decade. Facebook has been already working hard with multiple stakeholders around the world to increase its users. Last year Facebook had teamed up with Philippines and Paraguay to increase its users in that region. 

Yet Zuckerberg believe that increasing Facebook users will also require state of Art technology. This technology includes Drones, geosynchronous satellites and infra-laser beams to provide easy and censor-free internet access to people.

 In this regard, Facebook had hired the services of experts including a five-member team that worked at British firm Ascenta, whose founders developed the Zephyr, which holds the record for the longest-flying solar- powered unmanned aircraft. Also to bring the project to fruition, Facebook has set up a Connectivity Lab that will include experts in aerospace and communication technology, from Nasa's jet propulsion lab and its Ames research center...
Read More

Wednesday, 2 April 2014

WinRAR File Extension Spoofing helps Hackers to Hide Malware's

No comments :

WinRAR , a tool which is mostly used by 90% of the people around the world to compress files or to extract ZIP files which are already compressed. WinRAR is even the most famous and much popular than other tools which compress or extract ZIP files.


Imagine that you opened a RAR file which had some images or some mp3 music files but when you played or opened any single of them , it installed a malware on your system. Wouldn't that be dangerous ? Yes ! obviously it will be ! This file extension spoofing vulnerability was discovered by a Israeli security researcher Danor Cohen (An7i)






The WinRAR File Extension Spoofing was done by an Israeli security researcher , he used a hex editor in which he noted that WinRAR adds two things in an archive file , it adds first name and second name of file. First name of the file contains the name of the original file and the second name contains the file name with extension which shows in WinRAR GUI window. Danor Cohen just edited the second name to "FAX.png" as the original malware name and extension was "FAX.exe".

This helped him to get victims trapped easily as when they open any format file which is shown in WinRAR GUI window , it shows some other file extension but it runs a malware with .EXE extension and the attacker successfully gets access to the victims computer..
Read More