Friday, October 12, 2012

Firefox 16 pulled just after release to address security vulnerabilities

According to the Mozilla Security Blog, Firefox 16 features a security vulnerability that allows “a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.
As a precaution, users can downgrade to version 15.0.1” - Firefox 16 offers several new features, most of which are aimed at developers. One such feature is the Developer Command Line, which provides keyboard control over the Developer Tools. Other features include CSS3 Animations, Image Values, IndexedDB, Transitions, and Transforms.
Firefox 16 for Android was also affected by this vulnerability, but a patched version of the browser is already out.
Source: THN

Tuesday, October 9, 2012

Friday, October 5, 2012

ABC for new generation....... :))


Cyber attack on Iran’s Internet system Disrupts Iran Internet

IRAN state official has said that Cyber attackers have targeted Iranian infrastructure and communications companies, disrupting the Internet across the country. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,”
cyber_file-670
Iran the world’s no. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by arch-adversaries Israel or the United States. Last week, the Islamic republic cut citizens’ access to Gmail and the secure version of Google Search. Gmail has since been restored.

Since sites such as Youtube and Facebook were used to organise  mass anti-government protests against the re-election of President Mahmoud Ahmadinejad back in 2009, the Iranian government has maintained one of the world’s largest internet filters, blocking access to thousands of sites and IP addresses. Yet still the hackers find a way in.
Presently we have constant cyber attacks in the country. Yesterday an attack with a traffic of several gigabytes hit the Internet infrastructure, which caused an unwanted slowness in the country’s Internet,” he said.
All of these attacks have been organised. And they have in mind the country’s nuclear, oil, and information networks.
Last April, Iran revealed that a computer Trojan was detected inside the control systems of its vast terminal responsible for the country’s crude oil exports. There was no reported operational disruption on the facility at that time.
Last month a commander in the elite Revolutionary Guard announced that Iran is ready to defend itself against any form of cyber war, as the country deems it more of a threat than a physical attack. Clearly they were not as ready as they thought.
Iran claims that its nuclear program is for peaceful purposes only, but Israel, the United States and other Western powers suspect that the country has ambitions for a nuclear bomb.

Source: THN

Thursday, October 4, 2012

25 years of storage device


What I plan to do when I get back from work...


Google Warning about New State Sponsored Attacks

“Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” From last 3 months Google users were surprised to see this unusual notification at the top of their Gmail inbox, Google home page or Chrome browser. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.


“The company said that since it started alerting users to malicious probably state-sponsored activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.” NYtimes said. Google will now start sending out these messages to tens of thousands more people, as its methods for detecting suspicious activity have improved. Mike Wiacek, a manager on Google’s information security team, said that since then, Google has improved its knowledge on attack methods and the groups behind them, and has started pushing out new alerts on Tuesday – as evidenced by a slew of U.S. journalists, researchers and foreign policy experts who said they already received the warning. Noah Schactman, the editor of Wired’s national security blog “Danger Room,” tweeted: “Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?” Mr. Wiacek noted that Google had seen an increase in state-sponsored activity coming from the Middle East. He declined to call out particular countries, but he said the activity was coming from “a slew of different countries” in the region.

Source: THN

Wednesday, October 3, 2012

Dead Mouse


ARMY : USB Drive responsible for over 70 percent of Cyber Security Breaches

A ban on the use of pen drives has not been able to safeguard cyber security as it has now been labeled as a major threat in defence forces, the Army officials said. The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that over 70 percent cyber security breaches in the armed forces are due to their unauthorised use
These pen drives, which are mostly manufactured in China, have emerged as a big threat to our cyber security systems,” they said.

Generally it is found that officials use pen drive to store official data for use at their personal computers but from there, it is transmitted from their IP addresses to hackers from the ‘malware’ present in the pen drives. About a couple of years ago, a Major posted in Andaman and Nicobar Islands was apprehended as it was found that sensitive data was being transferred from his computer.
However, it later emerged that his system had been hacked and spying viruses were transferring information to other computers. Measures have been taken by the other two services also to tighten their cyber security as IAF (Indian Air Force) also recently issued instructions to its personnel warning them against having any official data on their personal computers and pen drives.
Anybody found violating these instructions in checks by cyber security personnel will draw strict action which may even amount to disciplinary action including court martial, they said.
Source: THN