Friday, 28 March 2014

Labels:

Windows XP open invitation to hacker's

Posted by Surgical Strike at 10:35 No comments :
The death of Windows XP is just days away, and experts say businesses that don’t upgrade are basically sending an open invitation to cybercriminals.
On April 8, Microsoft (MSFT, Fortune 500) will no longer provide security updates, or “patches,” for its Windows XP operating system. This means computers running on XP — and even machines like ATMs — will be largely unprotected against viruses and cyber attacks.
While Microsoft declined to disclose how many small businesses currently use Windows XP, Forrester Research estimates about 6% of companies’ PCs will still be using it by the April deadline. Experts say those are predominately small and medium-sized firms.
“A year ago, 35% of machines for our small business customers [about 1 million machines] were still on XP,” said Sergio Galindo, general manager with GFI Software, which provides IT support to small and mid-sized businesses. “I couldn’t believe it.” (That’s since dropped to about 23%.)
What does this mean for those businesses on April 9? Not a lot — at first, said Galindo. XP will keep working, and businesses that rely on it will keep functioning.
But the risks will compound over time.
It’s like expired milk,” said Galindo. “If you drink it one day after it expires, you’re OK. But after a month, the risk is exponentially greater.
The risk can’t be overstatedsaid Thomas Hansen, vice president of small and medium business at Microsoft (MSFT, Fortune 500). In fact, Microsoft’s own research has shown that Windows XP, released in 2001, is five times more susceptible to viruses and cyberattacks than Windows 8, its newest operating system.
Microsoft announced in September 2007 that it was planning to phase out Windows XP in order to give people plenty of time to prepare.
The world and technology has moved on,” said Hansen. “This is a decade-old technology that doesn’t fit in the modern world.”
Eric Marcus has seen both sides of the issue. His IT firm, Marcus Networking in Tempe, Ariz., caters to small and medium-sized businesses and has updated more than 1,400 workstations in the last five months.
He also spent $20,000 replacing 15 laptops at his own business with machines that run Windows 7.
It’s a cost he budgeted for, but many of his clients have struggled with the expense. “They have to pay for new equipment and our time. It adds up,” he said.
And some businesses, he’s discovered, run proprietary programs that are only compatible with XP.
Microsoft’s Hansen said the company is aware of that problem. “We don’t have the perfect answer yet on how to solve that situation,” he said....
Read More

Wednesday, 26 March 2014

Labels:

CASH! CASH! Hacking ATM Machines with Just a Text Message

Posted by Surgical Strike at 22:11 No comments :
Hacking ATMs with just text message

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.


MORE REASONS TO UPGRADE!!!
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

"What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time." researchers said.


HARDWIRED Malware for ATMs

According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.
"Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely."

HOW-TO HACK ATMs

  • Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
  • The attacker sends two SMS messages to the mobile phone inside the ATM.
    • SMS 1 contains a valid activation ID to activate the malware
    • SMS 2 contains a valid dispense command to get the money out
  • Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
  • Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
  • Amount for Cash withdrawal is pre-configured inside the malware
  • Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.

This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM....
Read More

Monday, 24 March 2014

Labels:

A New Open Source Programming Language developed by Facebook

Posted by Surgical Strike at 16:51 No comments :
hack programming language facebook code

Facebook just released a new programming language called 'HACK', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking.

When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming platform became difficult to manage and bug-free.



Thus, Hack was born! Facebook Team decides to develop a new programming language that could combine elements of static-type programming languages such as C or C++ with dynamic-type languages like PHP, now called "HACK Programming Language".

"Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files." Facebook said, "We have also added many new features that we believe will help make developers more productive."


HACK is a new version of PHP, requires Facebook’s HHVM (Hip Hop Virtual Machine) which is designed to execute programs written in Hack and PHP. The top 20 open source frameworks on Github run on HHVM.
hack programming language facebook code
"Traditionally, dynamically typed languages allow for rapid development, but sacrifice the ability to catch errors early and introspect code quickly, particularly on larger codebases." Facebook posted on itsengineering blog.

So Hack Programming Language offers a lot of potential for developers, enabling them to program faster and be able to catch errors more easily, among other things. "Conversely, statically typed languages provide more of a safety net, but often at the cost of quick iteration. We believed there had to be a sweet spot."

Beta code is open source and now available at Hacklang.org and you can also get Hack programming language tutorials from website to learn this new language. ...

"This is just the first step, and we are dedicated to continuing to evolve this software to make development even easier for both our own engineers and the broader community." The public release is not just to encourage developers, but also to quickly spot errors in Hack....
Read More

Sunday, 23 March 2014

Labels:

NSA Hacked Servers of Chinese telecom Huawei, Stole Source Codes.

Posted by Surgical Strike at 19:52 No comments :







The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years.

Ironically, it has now been revealed that the National Security Agency conducted a major offensive cyber operations against the Chinese government and networking company Huawei, in early 2009.

According to reports based on classified documents leaked by Edward Snowden and viewed by The Times and Der Spiegel, NSA has infiltrated servers in the headquarters of Chinese telecommunications and hacked into the email servers of Huawei five years ago.

Code-named as "Operation Shotgiant" was conducted with the involvement of the CIA, White House intelligence coordinator and the FBI; aimed to find a link between Huawei and China’s People’s Liberation Army. NSA accessed the emails of many Huawei employees' for this purpose.


NSA STOLE SOURCE CODES

NSA also aimed to conduct surveillance through computer and telephone networks Huawei sold to other nations. According to the papers, NSA stole the secret source code for certain Huawei products, and obtained the information on how to exploit Huawei's products in order to spy on foreign customers such as Iran, Afghanistan, Pakistan, Kenya, and Cuba.

The reports show the NSA spying on former Chinese President Hu Jintao, the country’s trade ministry, banks, telecoms firms and also tracking more than 20 Chinese hacking groups, where more than half of them Chinese Army or Navy units.

"If it is true, the irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us," William Plummer, a senior Huawei executive in the United States "If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation."


NSA- 'WE HACK FOR NATIONAL SECURITY'
The US and China are hacking each other from long time and NSA spokeswoman Caitlin Hayden said that the NSA spying is for national security purposes only, "We do not give intelligence we collect to US companies to enhance their international competitiveness or increase their bottom line."

The US Government labeled their actions (Stealing Source codes, installing backdoors) as 'Hacking for National Security' and accusing Huawei for 'Corporate Theft'. In a document NSA wrote, "We currently have good access and so much data that we don't know what to do with it,"
Read More

Saturday, 22 March 2014

Labels:

Pileup flaw Android updates can be exploited by malware to gain permissions

Posted by Surgical Strike at 11:35 No comments :

Upgrading an operating system patches the security holes in the previous versions.  However, researchers found a bug in upgrading process of Android itself, which can be exploited by malicious apps.

Sponsored Links
A team of researchers from Indiana University and Microsoft have published a paper explains a new critical security bugs which are referred as "Pileup flaws".  The vulnerability exists in Package Management Service (PMS) of Android. 


When a user upgrades android to the latest version, a malicious app with few or no permission in the old version can exploit this vulnerability to update itself with new set of permissions.

An attacker can exploit this vulnerability to steal sensitive information from the compromised device, change security configurations and also prevent installation of critical system services. 

Researchers say they have confirmed the presence of security hole on all official android versions as well as 3,000 customized android versions.

Researchers also have developed a new service called 'SecUp' which is capable of detecting the malicious apps designed to exploit PileUp vulnerabilities...

Read More
Subscribe to: Posts ( Atom )