Buffer over flow Vulnerability in iOS 9.3.1 below versions

          
                 I tried to find a bug in iOS 9.2. in all platforms like ipod, iphone, ipad.  After few tries i found an buffer over flow bug which is causes to boot loop in iphone and the bug will effects from the processor with the help of keyboard. The keyboard will not work when we are trying to text any thing in text message or any other app and even we can't access the lock-screen to unlock the phone. This will effects from the processor. So, these all will effects occurs. And that boot loop also never stops until decrease the total power in iphone.

             While am testing first am open the notepad. And i write the characters (emotions symbols) with the use of emoji keyboard. While writing that characters after some long it goes normal and keys also working properly on keyboard. But when i tried to write more and also when i try to copied all that entire characters. The processor is not handling that string which i loaded into processor with the help of copy option. That string will be handled by processor to copy the information to some other area. So, that time the bug is occurring then that bug is starting the boot loop. And i tried  in many ways to test that with the security lock also. While trying to touch any key to unlock the phone then again its restarting the OS. ( It continuously occurring like as a loop.) 

       And  also when i tried without security lock also. At that time when i am using any app with the help of keyboard again the bug is starting the boot loop. So, this buffer over flow starting from the keyboard which handles by the processor from the kernel level memory. So, i tested all the apps which are enable with the keyboard. When am trying to open any kind of app which are having the keyboard as input. This bug will be occurring. ex: messaging, face time, notes, search bar, reminders, mail, even while dialling in the phone and other private apps too(whatsapp, viber, skype, etc). This buffer overflow effecting from the keyboard and processor from kernel level memory laayout.  The processor can't handles the heavy characters which are having 20,000 to 20,500 characters in the size of (40kb or 80kb) even. you can check the P0C.

               So, i reported to the apple security team with proof-of-concept. they patched that vulnerability recently with the new update ios version 9.3.2 on all platforms. they mentioned my name in security announces and  in updates details also with the CVE-ID CVE-ID 2016-1790.

you can check on Apple security SECURITY CHECK LIST

Proof-of-Concept:

                        

 

thank you guys and security researchers. 

ATM’S ROBBED VIA SAMSUNG GALAXY NOTE 4 SMARTPHONE

ATM’s Robbed Via Samsung Galaxy Note 4 Smartphone – Hello guys welcome back to techno Sensations. We have a breaking news this time. Yes ATM’s have been robbed via a simple galaxy note 4 smartphone. So just telling you how all it happened. While this is quite amazing ! 

Image Source Hackread Cybercriminals have found an effective and simple way to dispense cash from the ATMs through a smartphone without inserting a card. In this case the device used was Samsung Galaxy 4 smartphone. 

The smartphone is used to relay commands from a remote individual. 

The hackers target poorly protected ATMs, for instance standalone units, ones located in isolated, dimly lit places, because it requires physical access to the system’s internals. 

The hackers disconnect the cash dispenser from its legitimate computer and connect it to the malicious smartphone instead. 

In one case, the perpetrators used a circuit board with USB connection to hook it to the system. Called as “black box attacks,” they are mostly used against NCR- manufactured units,said Brian Krebs, a security blogger. 

NCR is a major player in this market and their products have been the attack target in the past as well; in an earlier attack, CD-ROM of the ATM’s computer was compromised and a machine-

controlling malware uploaded. 

NCR had problems deciphering the communication between the ATM machine and the fraudster, who appeared to be commanding

the machine from a remote server.

 Till date, NCR has reported only two black-box attacks. But the company has issued an updated firmware with stronger

encryption to protect communication between the cash dispenser and the computer.

 Earlier, the encryption key exchange depended upon a specific authentication sequence. 

“All things considered, this is a pretty cheap attack. If you know the right commands to send, it’s relatively

simple to do.

 That’s why better authentication needs to be there,”said Charlie Harrow, solutions manager for global security at NCR. 

The latest update also includes blocking the possibility of a roll- back to the vulnerable version of the firmware. 

Article Source – hackread.com 

Thanks to this site for providing this info.

NASA’s Mars Rover’s Flash Memory Slowly and Steadily Wearing Out

Problems with NASA’s Mars Exploration Rover Opportunity’s flash memory have intensified over recent weeks

NASA’s Mars Exploration Rover Opportunity has been exploring the martian surface for over a decade now. The greatness of the achievement sinks in, only when told that the rover was originally supposed to survive for just 3 months. And as with every machine, even the Mars rover has undergone damage over time and this damage is leading to a loss of data collected by the Opportunity.

 

Flash Memory worn out

It’s primary mission it began in January 2004. But with its great successes, inevitable age-related issues have surfaced and mission engineers are being challenged by an increasingly troubling bout of rover “amnesia.”   Opportunity utilizes two types of memory to record mission telemetry as it explores the Meridiani Planum region. Sister rover Spirit, which sadly succumbed to the Martian elements in 2010 after 6 years of exploring Mars, used the same system. The two types of memory are known as “volatile” and “non-volatile.”

“The difference is non-volatile memory remembers everything even if you power off, in volatile memory everything goes away,” said Mars Exploration Rover Project Manager John Callas, of NASA’s Jet Propulsion Laboratory in Pasadena, Calif. “So volatile memory is like the traditional RAM you have in your computer; non-volatile memory uses flash memory technology.”

As per procedure, all telemetry data is stored on the rover’s flash storage, so that when the rover powers down during night time on the planet, the data remains safe and secure, just like data remains on your computers of phones even after you shut it down.  However, such memory has a life time i.e. there is only so many number of times you can perform read/write operations on it before it starts wearing out. Because of this wear and tear, when the rover shuts down, all the data that is stored on the rover’s RAM gets erased.  After a decade of constant use, this wear and tear has become the source of lost data and unexpected reset events for the mission.

 

Oldman problems

“The problems started off fairly benign, but now they’ve become more serious — much like an illness, the symptoms were mild, but now with the progression of time things have become more serious,” added Callas. “So now we’re having these events we call ‘amnesia,’ which is the rover trying to use the flash memory, but it wasn’t able to, so instead it uses the RAM … it stores telemetry data in that volatile memory, but when the rover goes to sleep and wakes up again, all (the data) is gone. So that’s why we call it amnesia — it forgets what it has done.”

Opportunity uses the Mars Odessy satellite to send back data to its handlers on earth. Every time Odessy made a pass near Opportunity (as per its revolution), commands were sent to Opportunity rover and the telemetry sent back to earth. However, if the satellite did not pass near the rover and data transmission was not possible, they noticed that some data was being lost. They found out that the rover was suffering from the flash memory error and was using the RAM to avoid flash memory altogether. And as the rover shut down, it erased all data stored on its RAM.
The flash memory problem has now grown even more problematic. As the rover fails to save data, its software forces the rover to restart. If a sequence of commands is sent to the rover, it will keep rebooting over and over again, forgetting what the previous command instructed the rover to do.

“Basically the rover stops what it was doing because it wasn’t sure what caused the reset,” said Callas. “So that interrupts our science mission on the surface of Mars.

“It’s like you’re trying to drive on a family trip — the car stalls out every 5 minutes. You don’t make much progress that way!”

 

Worries between Christmas celebrations

And now the rover team’s worst nightmare has reared its ugly head — Opportunity stopped communicating with Earth over the Christmas break. As the NASA team went into the Christmas holidays, a series of 3 sol (Mars day) plans gave the rover a sequence of commands to work on. On the first sol, the rover would operate as expected, but come the second and third sols, not only would the rover not execute the rest of the commands, it stopped talking to mission control. Fortunately though, the rover reconnected to the station and continued its operations as per commands.

“It seems the source for all these problems lead back to one particular bank of flash memory. 7 banks are used by Opportunity and it’s the 7th bank that is triggering the data loss, rover resets and communications glitches. Now the culprit has been identified, JPL software engineers have developed a technique that will force the rover’s software to ignore the 7th bank and utilize the other 6 apparently healthy banks. According to Callas, his team is probably a couple of weeks away from completing the software change so it can be uploaded to Opportunity.”

 

Surprised at the longetivity

Excluding the recent events, Callas has expressed surprise at how healthy and long lasting the mission has been.

“The rover has been amazingly healthy considering how much we’ve used it … we thought the mobility system would have worn out a long ago but it’s in great health.
“But anything could fail at any moment,” he said. “It’s like you have an aging parent, that is otherwise in good health — maybe they go for a little jog every day, play tennis each day — but you never know, they could have a massive stroke right in the middle of the night. So we’re always cautious that something could happen.”

 

Milestone approaching

The Mars rover has also come very close to achieve two feats. The first being completing the distance equivalent to one entire Mars marathon. Marathon Valley is so-called as the location marks the distance the rover will have exceeded a marathon on Mars should it get there. Opportunity has traversed over 26 miles and currently holds the off-world record for any rover — robotic or driven by an Apollo astronaut.
According to orbital mapping of Marathon Valley, the location contains a variety of clay minerals that could have only been formed when Mars had an abundance of pH-neutral water on its surface. It has ancient geology spanning back to the Noachian era, much older than Gale Crater — where NASA’s Curiosity rover is currently exploring. Like Opportunity’s previous exploration of clay-rich deposits, studies of Marathon Valley could provide invaluable data as to the ancient, potentially habitable Mars environment.

 

Software Glitch

The engineers have identified that the 7th flash memory bank aboard rover is triggering the data loss. Opportunity has 7 banks of flash memory and now the JPL software engineers have developed a technique that will force the rover’s software to ignore the 7th bank and utilize the other 6 apparently healthy banks.

\According to Callas, his team is probably a couple of weeks away from completing the software change so it can be uploaded to Opportunity.

Resource : Discovery

The Netflix Mystery and The VPN Proxy Pirates

I try to be a “good citizen” on the Internet. I am very sympathetic to actors and artist who need to make a living on their craft, so I have subscribed to Netflix, to pay my dues for watching movies and to allow some convenience to have a streamlined User Interface (through my browser) to watch those movies and be less stressed about introducing any malware on my systems.

But when Netflix started to block subscribers who accessed its service through VPN services and other software tools that happen to bypass geolocation I was stunned and as a legitimate user, of Netflix service I was furious.
Movie executives seemed to have successfully coursed Netflix on the VPN witch hunt as the movie studios want full control over what people can see in their respective countries. To be brutally honest I was not even aware I was being blocked at first.


How did I discover this?
Since I write security and hacking articles I run security software on some of my machines and devices to test and report on software. The PC machine I happened to be using was running a VPN at the time. I fired up my browser, logged into Netflix and searched for the series “Deadwood”, which I originally started to watch up to season 2, but got involved with some other projects and did not have the time to finish watching through to season 3.
A quick search on Netflix revealed that “Deadwood” was in-fact an option in Netflix’s library, so I started to binge watch season one. The next day, I decided to watch season 2 of “Deadwood” on my daughter’s Wii console (which supports Netflix, but is not on any VPN). Imagine my suprise when I logged on to my Netflix account and there was no option to continue to watch the “Deadwood” series.

I searched through the conventional search box, nothing. I even looked onto my recently watched movies, again nothing. I was annoyed but decided I should go back to work on my research. So I then decided to go back to my security PC and start some research projects. On a whim, I logged on to my Netflix account and right before my eyes, there it was, “Deadwood” exactly where I left off. I thought it strange, but didn’t think much more of it and just decided to binge watch the second season.
Then the story broke. Netflix cracks down on vpn and proxy pirates.

So What Happened?
Due to the complicated licensing agreements Netflix is only available in a few countries, all of which have a different content library.

You can bypass these content and access restrictions by using a VPN and other circumvention tools that change your devices Internet Protocol (IP) geographical location. Making it easy for people all around the world to have access to any Netflix library listing that your new IP shows your device to be coming from.

The movie studios do not like this and are not happy with these types of subscribers as it violates their licensing agreements that they have imposed on Netflix in exchange for Netflix showing their movie titles.

Entertainment industry sources in Australia complained bitterly that several Netflix subscribed “VPN-pirates” were hurting their business.
So Netflix started to take action against their legitimate subscribers who use these circumvention tools.

At first Netflix’s Android application started to force Google DNS to make it more difficult to use DNS based location unblockers, in addition it flagged several VPN IP-ranges.
This tactic had a limited in scope, so not all VPN users experienced problems. But some of the common VPN providers started to become affected specifically, TorGuard, which started to notice a surge in access problems by its users, around mid-December.
TorGuard’s Ben Van der Pelt stated “This was a brand new development. A few weeks ago we received the first report from a handful of clients that Netflix blocked access due to VPN or proxy usage. This is the very first time I’ve ever heard Netflix displaying this type of error message to a VPN user.”.

TorGuard’s users were able to quickly gain access again by logging into another U.S. IP locations. Some of the blocking efforts were temporary, probably as a test for a full-scale 
rollout blocking for a future date.

Ben Van der Pelt, continued to state “I have a sneaking suspicion that Netflix may be testing these new IP blocking methods temporarily in certain markets. At this time the blocks do not seem aggressive and may only be targeted at IP ranges that exceed too many simultaneous logins.”

Netflix is suspected of testing a variety of blocking methods. Some involve querying the user’s time zone through their web browser and/or mobile device GPS and cross-comparing the data from that query against the timezone of their known IP-address of origin.
TorGuard and services, such as Unblock-us are working to help its VPN users find work arounds for Netflix’s draconian strict ban policy, to provide an easy solution to bypass the blocks.

Netflix’ efforts to block geoblocking circumvention tools should not come as a surprise. It is reported that a there is a draft of the content protection agreement Sony Pictures prepared for Netflix earlier. The agreement specifically requires Netflix to verify that registered users are indeed residing in the proper locations.
In addition, Netflix must “use such geolocation bypass detection technology to detect known web proxies, DNS based proxies, anonymizing services and VPNs which have been created for the primary intent of bypassing geo-restrictions.”


Analysis?
As there has been a recent back pedaling from Netflix that there’s been “no change” in the way it handles VPNs, so you shouldn’t have to worry about the company getting tough any time soon.

This should still be taken as a lesson of understanding of how any information can be censored from region to region. In addition to encrypting your Internet traffic VPNs and Proxies are important. It is really sad in a way that the movie executives spearheading this are punishing paying subscribers so they can have more control over what those paying subscribers watch and where they watch it from.

It just bolsters users to actual piracy to avoid the misdirection, deception from the movie giants. One can only hope they come to their senses and realize that blocking and punishing paying subscribers will only encourage them to take their money elsewhere.

NSA’s Vulcan Death Grip on VPNs

According to reports published this week by the German news magazine Der Speigel. The NSA (National Security Agency) has a division called the Office of Target Pursuit (OTP), which maintains a team of engineers assigned to cracking the VPN (Virtual Private Networks) encrypted traffic. It is believed that they have developed tools that have the potential to un encrypt the traffic of the majority of VPNs. A presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used.

OTP’s VPN exploit team assigned its members to branches to specifically focus on regional teams, including a “Cross-Target Support Branch” and a custom development team for building targeted VPN exploits. At the regional level, the VPN team acted as liaisons to analysts, providing information on new VPN attacks while also gathering requirements for specific targets to be used in developing new ones.

Some VPN mechanisms —specifically, the Point-to-Point Protocol (PPTP)—have previously been isolated and identified as being vulnerable to attack because of the key exchange at the beginning of a VPN session, while others have generally been assumed to be safer from scrutiny.

Since 2010, the NSA had already developed software tools to attack commonly used VPN encryption schemes, specifically the Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

The NSA has created a specific repository called TOYGRIPPE for capturing VPN metadata. The TOYGRIPPE repository stores information on VPN sessions between systems of interest, including their “digital fingerprints” for specific devices and which VPN services they connect to during key exchanges between them, as well as other connection data. VPN “digital fingerprints” is also be extracted from NSA’s distributed “big data” store of all recently captured Internet traffic called XKEYSCORE which is used to identify targets to develop a attack.

Since XKEYSCORE includes data from “untasked” sources (people and systems not designated as under surveillance) the OTP VPN Exploitation Team “tries to avoid relying on XKEYSCORE work flows due to legal and logistical issues.” But XKEYSCORE, remains, the best for attacks on SSH traffic.

NSA analysis of the TOYGRIPPE and XKEYSCORE data, in addition to all daily VPN exploits is fed into BLEAKINQUIRY, another NSA metadata database of “potentially exploitable” VPNs. The BLEAKINQUIRY meta database is searched by NSA analysts for addresses matching targeted individuals or systems and to generate requests for the OTP VPN Exploit crew to finally convert the “potentially exploitable” into an “actuality exploitable”.

When an IPSec VPN is identified and “tasked” by NSA analysts, (meaning the people and systems are designated as under surveillance), a “full take” of all its traffic are stored in a VPN repository called VULCANDEATHGRIP. There are also similar yet separate repositories for PPTP and SSL VPN traffic dubbed FOURSCORE and VULCANMINDMELD, respectively.

The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) previously harvested from other sources such as exploited routers, etc. and then stored into a key database called CORALREEF.

Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, all successfully cracked VPNs are further processed by a system called TURTLEPOWER and in turn sorted back into the NSA’s XKEYSCORE full-traffic database, all extracted content is then pushed to a digital network intelligence content database called the PINWALE.

VPNs that aren’t successfully cracked, by these methods are continually monitored by doing more data collection, capturing IPSec Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP) traffic during VPN handshakes to fortify and build better attacks in the future.

In the cases where the keys just can’t be recovered, the VPN Exploit Team will reach out to “friends” that will assist in gathering more information on the targeted systems of interest through other data collection sites and also by doing an end-run by calling on Tailored Access Operations to “create access points” through exploits of one of the endpoints of the VPN connection.

Analysis?
It is evident that the NSA is building a library of metadata to crack VPNs in an increasingly brute force manner, but they have to work hard for it and based on their tactics they are depending on conventional methods since 2010, so this was, as far as we know 4 years in the making so one can assume the XKEYSCORE database has grown since then.
What does this mean if you want to keep your secrets? Well, it’s a race now. The more hurdles you go through, using VPNs, Proxies, Wiped Devices, insanely long passwords the better off your secrets are. If you are targeted, then it can be complicated, but given what is based on my analysis they don’t have the quantum magic wand…yet.

Google Researcher discovers Windows 8.1 Privilege Escalation Vulnerability

Google researcher discover privilege elevation bug in Windows 8.1, 32/64 bit versions.

A Google researcher named Forshaw has discovered a privilege escalation bug in Windows 8.1.  The bug in ahcache.sys/NtApphelpCacheControl has occured after Windows 8 was updated to Windows 8.1 and was found by Forshaw in September 2014.  He notified the Google Security Research mailing about the bug on 30th September and after 90 days disclosure deadline the flaw and Proof of Concept was made public yesterday.

Google researcher team  contacted Microsoft regarding the bug on the same day as the flaw was discovered but there are no indications of any action being taken in the matter  Forshaw has also stated in the mailing list that he has tested the PoC only on 8.1 and doesnt know whether Windows 7 is vulnerable.

The vulnerability is identified in the function ahcache.sys/AhcVerifyAdminContext. The proof of concept includes two program files and a set of instructions for executing it which result in the Windows calculator running as Administrator. Forshaw states that the bug is not in UAC itself, but that UAC is used in part to demonstrate the bug.
Microsoft has big problem on hand with this vulnerability as it releases its main patches on the second Tuesday of the month.  As of now Microsoft has two choices :

• Fix it in time for the second patch tuesday.
• Issue an out-of-band patch (usually a bad sign of 0day).

The next Patch Tuesday is due on 13.1.2015 and if releases a patch before that, it can be assumed that this is a Zero day vulnerability.
The entire thread is reproduced below :

Platform: Windows 8.1 Update 32/64 bit (No other OS tested)
On Windows 8.1 update the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext.

This function has a vulnerability where it doesn’t correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller’s impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem’s SID. It doesn’t check the impersonation level of the token so it’s possible to get an identify token on your thread from a local system process and bypass this check. For this purpose the PoC abuses the BITS service and COM to get the impersonation token but there are probably other ways.
It is just then a case of finding a way to exploit the vulnerability. In the PoC a cache entry is made for an UAC auto-elevate executable (say ComputerDefaults.exe) and sets up the cache to point to the app compat entry for regsvr32 which forces a RedirectExe shim to reload regsvr32.exe. However any executable could be used, the trick would be finding a suitable pre-existing app compat configuration to abuse.
It’s unclear if Windows 7 is vulnerable as the code path for update has a TCB privilege check on it (although it looks like depending on the flags this might be bypassable). No effort has been made to verify it on Windows 7. NOTE: This is not a bug in UAC, it is just using UAC auto elevation for demonstration purposes.
The PoC has been tested on Windows 8.1 update, both 32 bit and 64 bit versions. I’d recommend running on 32 bit just to be sure. To verify perform the following steps:
1) Put the AppCompatCache.exe and Testdll.dll on disk
2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables).
3) Execute AppCompatCache from the command prompt with the command line “AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll”.
4) If successful then the calculator should appear running as an administrator. If it doesn’t work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Another user has claimed that Windows 10 is not vulnerable to this vulnerability while another has question the Google policy of making such a bug public without Microsoft’s approval. The Thread and PoC can be accessed here.

Lizard Squad Member Vinnie Omari Allegedly Arrested in United Kingdom

Vinnie Omari, a Lizard Squad member was arrested and released on bail; Lizard Squad meanwhile going about marketing its Lizard Stresser

Vinnie Omari, a 22 year old member of the infamous Lizard Squad hacker group was arrested on Monday after British police officers from Thames Valley Police raided his home.  Vinnie Omari is one of the two members of Lizard Squad who gave the interview to BBC Radio which was aired on 26th December, a day after Vinnie’s band of hackers had completely downed the webservers of PlayStation Network and Xbox Live with a 1200 GB/s DDoS attack.
Lizard Squad which had promised to take down both the gaming networks through a now banned Twitter handle @LizardSquad eventually managed to take down both PSN and XBL servers for more than 48 hours.  The attacks were supposedly carried out by the gang to make the mega corporations ‘aware of vulnerabilities.’  The attacks would have carried on much longer if Kim ‘Santa’ Com wouldnt have intervened and paid 3000 Mega premium account coupons to the gang.
Vinnie has confirmed the raid on his house and his subsequent arrest on Monday ot Daily Dot.  “They took everything,” Omari told the Daily Dot in an email. “Xbox one, phones, laptops, computer USBs, etc.”
He was released on bail on Tuesday and said that no charges have been filed.  He said arrested for, “just alleged charges.” He added that he’ll “know more when the forensics team gets info.”
A press release from the Thames Valley Police confirms that a 22-year-old man was arrested Monday “on suspicion of fraud by false representation and Computer Misuse Act offense.”

Courtesy DailyDot

A another member of the Lizard squad who identified himself as ‘Ryan’ last week on a interview is reportedly being investigated by the FBI.

On the other hand, Lizard Squad said on Twitter that Ryan was arrested for the massive amount of money laundering using the stolen card details and currently is in the Finnish prison.

Lizard Stresser for rent; Lizard Squads new DDoS business

Meanwhile the gang itself hasnt shown any shock on the news of arrest of Vinne.  They are busy promoting their new found venture of renting their expertise and a tool called Lizard Stresser for DDoS attacks.  The rents for DDoS targets range from $6 to $500, depending on the length of the attack.

The Lizard Stresser seems to be down at the time of writing this article

Stresser should be back up by tonight (GMT)
— R.I.U. Lizard Squad (@LizardMafia) January 1, 2015

Another member of Lizard Squad had confirmed with DailyDot that the whole PSN and Xbox Live hack attack was a publicity gimmick for their product, Lizard Stresser.
It is worth noting that Lizard Squad has already had a taste of  illicit profit from their illegal hacking activities. The ransom Mega premium account coupons which Kim Dotcom offered them are worth $150,000 in the market.

It remains to be seen whether they succeed with their illegal business venture or fall prey to law enforcement authorities in due time.

iOS 8 Shrinks Storage on 16GB iPhone and iPad; Users Sue Apple

Apple sued for shrinking storage space on 16GB after upgrade to iOS 8

Apple has this time, been caught in the legal tangle for selling iPhones with too less storage space, specifically the 16 GB model .  Miami residents Paul Orshan and Christopher Endara have filed the lawsuit (PDF) against the tech giant claiming that the space is just enough to upgrade their devices to iOS 8, which will reduce their available storage even further.

Apple has clarified that the amount of total storage space its softwares calculate is the storage left after a complete system format. But these litigants don’t seem to be  satisfied by this explanation.

Storage Tactics

In addition to the above claim, they also claimed that Apple is charging a premium for every extra gigabyte of storage by pushing customers to use its iCloud storage device. So when a user runs out of space at a moment when they want to record their child or grandchild’s basketball game, they will be forced to pay top dollar to Apple. With the lack of an option to expand the existing storage by adding a memory card, as in mostly found on android devices, users are left with no other option that to pay.

“Apple’s misrepresentations and omissions are deceptive and misleading because they omit material facts that an average consumer would consider in deciding whether to purchase its products,” the complaint says. “Rather ironically, Apple touts iOS 8 as ‘The biggest iOS release ever.’ Of course, Apple is not referring to the literal size of iOS 8, which appears to be entirely undisclosed in its voluminous marketing materials extolling the purported virtues of iOS 8.”

The lawsuit also accuses Apple of not working with third party vendors to offer other cloud storage options. Users are restricted to only Apple provided services. Neither does Apple offer any support to its customers to offload their data from the cloud storage. Coming in hindsight of the iCloud hacking scandal, a lot of users do not find iCloud a safe place for their personal data.
According to the lawsuit, the ratio of storage space that a user cannot use ranges from  18.1 to 23.1 percent

“Using these sharp business tactics, [Apple] gives less storage capacity than advertised, only to offer to sell that capacity in a desperate moment, e.g., when a consumer is trying to record or take photos at a child or grandchild’s recital, basketball game or wedding,” it says. “To put this in context, each gigabyte of storage Apple shortchanges its customers amounts to approximately 400-500 high resolution photographs.”

Case Files

Apple has not made any official comment on this case so far. But it is bound to bring back memories of an older case related to storage space that was filed against them. That case was filed against the total space available in an iPod Nano model to be 7.45GB instead of the 8 GB advertised. The case was ultimately dismissed by the Courts.  Similarly, Microsoft was sued over the amount of available amount of storage in Surface, notably when users only had access to about half the storage on its earlier models.

The Pirate Bay to start afresh on 1st February, 2015

                                                              TPB which had been shut down after raids in Sweden will start its website from 1st February The Pirate Bay crew has given torrent lovers a reason to smile. TPB website which was previously showing a flip clock has been replaced by a countdown timer which is counting down to days left for 1st February 2015, a possible date for TPB resurrection.

The Pirate Bay website which is a favourite among torrent fans and one of the largest torrent websites in the world was taken down after a Swedish police raid on its Nacka data center. After two weeks of hibernation the TPB crew put the site up again with a Jolly Roger and a flip clock to track the time elapsed since the raid.

In the meantime, Sony Pictures released last years most controversial film, The Interview, based on the story of a mission to assassinate  North Korean supreme, Kim Jong Un.  TPB crew responded by putting up a hashed magnet link on the website for torrent download.

On the first day of 2015, TPB again updated its site to put up a countdown timer instead of the flip clock, which means that TPB will open on Feb, 1 although the TPB crew has not official confirmed the same.
A source close to The Pirate Bay team informed torrent news tracking website, Torrent Freak, that more exciting news and an official announcement will follow in the near future.

Sony To Give Free PlayStation Network Membership Extension

Sony to make up for the lost Christmas due to DDoS by giving free membership extension to PlayStation Network

Sony is making up for the lost Christmas to its gaming community by giving out a five-day membership extension to the online service. Sony’s PlayStation Network was shut down throughout the Christmas week after a hacker collective called Lizard Squad had launched a 1200 GB/s DDoS attack on its servers.
In a blog post put up on 1st Jan, PlayStation has said the offer applies to PlayStation Plus members who had an active membership or free trial on December 25. “The extension will be automatically applied, so no action is necessary to receive the extension. We will post additional information here on PlayStation.Blog when the extension becomes available,” it said.

Starting the post with a big ‘Thank You,’ the post goes on to add that Sony PlayStation members whose membership or trial ends before the extension is available will get five days of Plus to enjoy once the extension becomes available.  The extension will be automatically done in the accounts hence no user action on part of PSN users is required. Sony also said it will offer a 10-percent discount code, which Sony PlayStation users can use to avail a bumper one-time discount on the total cart purchase in the PlayStation Store.

The code may come out anytime this month, it said.

The code can be used for any purchase on PlayStation Store, “This discount can be used toward content available on PS Store including blockbuster new releases, award winning indie games, game add-ons and season passes, and an enormous selection of TV and Movies,” the blog read.

NSA spying in Vienna at Chaos meet

A presentation in Hamburg at the annual meeting of the Chaos Computer Club by Austrian journalist Erich Möchel detailed the various locations, in Vienna, where the NSA (National Security Agency) has been actively collecting and processing electronic intelligence.
Möchel’s detailed his findings from documents leaked from secret archives within the NSA and CIA brought to light by Edward Snowden a former systems administrator and defense contractor with Booz Allen Hamilton, currently in exile from the U.S.
According to Möchel the documents illustrate a robust clandestine NSA operation within the Austrian capital. With working relations involving more than 17,000 accredited diplomats working within the United Nations, IAEA, UNIDO, CTBTO, OSCE and OPEC.

According to Emil Bobi a Austrian investigative journalist, almost 1 percent of Vienna’s total population have diplomatic status – with a significant probability of that percentage being NSA spies, with an estimate of over 7,000 spies and agents living in the city. Siegfried Beer, director of the Austrian Centre for Intelligence, Propaganda and Security Studies, at the University of Graz, agrees that there are at least 7,000 agents based in Vienna, working in embassies and international organizations.

The NSA spying targets are likely oil-rich Arab states that meet regularly in OPEC as Vienna has long been the centre for East-West spy activities.
Möchel reports there are currently three major NSA stations in Vienna. The first one in the US Embassy of Vienna’s 9th district.

The second station is positioned on upper floors of the Internationales Zentrum Donaustadt (IZD) tower, overlooking the Vienna International Centre, the third-largest home for United Nations-affiliated organizations, specifically the International Atomic Energy Agency. Serving as a multi purpose station responsible for electronic surveillance of important UN-related activities, as well as coordinating SigInt from other foreign embassies.

The third station called the “NSA Villa” location in Pötzleinsdorf. Möchel reports, the villa was previously tasked with collecting more analog forms of intel, based on older technologies, which is largely being phased out, while the staff there are being relocated to the second IZD tower.

Each of the three stations are connected by a secure broadband network, with a radio tower in Exelberg serving as a relay station. The core of the operational processing takes place in the second IZD tower.

Möchel reports that the NSA’s Special Collection Service EINSTEIN/CASTANET is located on the top floor of the U.S. embassy in Berlin and elsewhere (Special Collection Service). While not specifically used as a conventional transmitting antenna system, it is suspected of being used for transmitting/illumination/RF flooding/etc. Essentially a wideband microwave SIGINT (bug repeater, telco microwave backbones, WiFi, GSM/cellular, satellite up/downlinks, GBPPR, etc.) collection system.

Air-conditioning plants has been recently added to the tower suggesting that additional computers were likely installed. Very often mobile phones and devices often fail to receive signals there, indicating the likelihood of localized jamming or other security measures being employed in that area.

The leaked Snowden documents strongly suggest that the NSA has successfully infiltrated the mobile and data networks of Telekom Austria on occasion.

Analysis?
Erich Möchel has done a good job sorting through Snowden’s leaked documents to sort this out. The NSA is doing what the NSA does spy on as much as they can. With over 7,000 working spys in the area it is popular because of the high quality of life, and its geographical location and Austria has been an international spy hub since the late 19th Century, when people from all parts of the Austro-Hungarian empire flocked to the city. Making this a very fertile pruning ground for spy activity.

Some details can be found here. Also global collection layouts can be seen here.

~dwulf

‘Snooki’s’ Instagram Account hacked by Arabic Speaking Hackers

Snooki’s Instagram Is Hacked

                                                                                                              


Nicole ‘Snooki’ Polizzi got a shock on the New Year eve, when she found out that her Instagram account had been taken over by unknown Arabic speaking hackers on Tuesday.

The former ‘Jersey Shore’ cast member used her Twitter account to alert her 4.6 million Instagram followers.

My Instagram was hacked. Kewl. @instagram
— Nicole LaValle (@snooki) December 30, 2014

Snooki

Nicole Elizabeth “Snooki” Polizzi is pretty popular American reality television personality and dancer who is best known for being a cast member of the MTV reality show Jersey Shore and currently stars in Snooki & Jwoww.  She has also appeared on many TV shows like The View, The Ellen DeGeneres Show, Jimmy Kimmel Live!, Late Show with David Letterman, and The Wendy Williams Show.

She was fairly active on Instagram posting around 2 to 5 images a day on the photo sharing website. The images she posted were normally about her kids, her workout and her life with husband Jionni. On 31st December however instead finding the normal snaps of her family and workout, she and her followers were greeted by a image containing Arabic language and someone wearing a headscarf.
The hackers also deleted most of Snooki’s 2,700 Instagram posts. The Snooki & JWoww star posted a video via Facebook for her followers, where she assured them that her account was hijacked and that that any new accounts opened with her name on them were fake.

Post by Snooki.

She also posted a image of how she did look after find her Instagram hacked,on Twitter

If I could Instagram right now , this would be it. pic.twitter.com/x0sgtL0OWZ
— Nicole LaValle (@snooki) December 30, 2014

The unknown hackers posted a message demanding that Snooki direct message them: “We are Arabic hackers, but that doesn’t mean all of the Arabic people are bad, please respect me respect my people or you’re going to be next.!”

Dude I get your playing this little game & it turns you on, but don't delete pictures of my kids. Have a heart since clearly you got balls.
— Nicole LaValle (@snooki) December 31, 2014

Guys,I will let you know when my account is okay & ready to go! So sorry for all this annoying confusion! I will still be on @snookinic ONLY
— Nicole LaValle (@snooki) December 31, 2014

Snooki’s ordeal ended after six hours of disruption.  Once she had claimed her account back she posted a video saying  “I’m back everybody! That was freakin’ weird. Let’s move on.” Luckily for her, all her images have been restored.

Hacker claims iDict Tool can hack any iCloud account; released on GitHub

 

Hacker Releases A Tool That Could Hack Everyone’s iCloud Account

A hacker who goes by the handler of Prox13 has just released a tool called iDict on GitHub.  The tool uses an exploit in Apple’s security to bypass restrictions that stop most hackers from gaining access to an iCloud account.

Pr0x13 has described this as a “100% working iCloud Apple ID Dictionary attack”  and it was possible due  to a “painfully obvious” bug and that it “was only a matter of time” before hackers or cyber criminals found it. Proxy13  intends to alert Apple of this serious bug therefore he has uploaded the tool on GitHub.

Business Insider says that Pr0x13 won’t take responsibility for the exploit is used but wants everyone to know that his intentions were to alert Apple to the bug so that the company could patch it as soon as possible.

Pr0x13 first notified the world about the tool through a Reddit thread where he described the tool as “*NEW* -Jan 1st 2015- 0Day- iDict Apple iD Bruteforcer bypass rate limiting.” The tool actually works by using brute-force method to hack the iCloud password.  The tool hasnt been independently tested but several Twitter and Reddit users confirmed that the tool was indeed working. Gizmodo has stated that “iDict’ are limited by the size of the dictionary it uses to guess your password. So you’re really only in danger if your password is on the 500-word-long list included with the hacker tool.”  The password list can be seen here.

However around ten minutes ago, a Redittor commented on the same thread that Apple had patched the bug which was exploited by iDict by a Rate Limiter, which has also not been confirmed officially by Apple.

The tool can be downloaded at GitHub here. We will bring the latest news on this one as it develops so stay tuned

4Chan DDoSed by Lizard Squad’s DDoS Rent-A-Tool Lizard Stresser

 

 

Lizard Squad’s rent-a-tool Lizard Stresser in action against 4Chan.

The infamous band of hackers, Lizard Squad, which brought down the PlayStation Network and Xbox Live servers through Christmas with DDoS attack, are in the news again.  This time the target is 4Chan.org, the popular image boarding website and tool used is the DDoS on rent, Lizard Stresser.
4Chan has been brought down by Lizard Stresser through a DDoS attack and still offline. Tweets from Lizard Squad indicate that the someone has rented the Lizard Squad’s rent-a-tool for DDoS to attack 4Chan website.

Someone is hitting 4chan with our booter, loling irl
— R.I.U. Lizard Squad (@LizardMafia) January 3, 2015

Lizard Squad allegedly used a 1200 GB/s DDoS attack against PSN and XBL networks and is offering double the size of attacks on rent.  At present details are sketchy and it is not known who has rented the Lizard Stresser to bring down the 4Chan website.
Apparently Lizard Stresser was taken offline two days ago after somebody doxed the userids on the server. The website hosting Lizard Stresser now serves a different login page

                                                              Earlier Login Page

                                                           New Login Page

The Lizard Stresser offers individuals a way to take down IP addresses without having to know anything about hacking or DDoS attacks and is available in multiple subscription packages which range from $5.99 / €4.93 for a 100-second attack to $129.99 / €107 for an eight and a half hour long denial of service incident. The Lizard Squad also offers lifetime packs, prices for which can go upto $500 / €411. The lifetime packs are valid for five years as per Lizard Stresser website.

4Chan renters seem to have opted for the 8 hours pack from the looks of it but there is no official confirmation from either the Lizard Squad or 4Chan regarding the attack except for the tweet above(now deleted*).

 For the time being, the 4Chan website is inaccessible and will stay this way probably until the attack ends or 4Chan admin devise some method to manage to protect themselves against it. Considering that Lizard Squad brought down the networks of bigger and better Sony and Microsoft, 4Chan admin have a hard task cut out for them.

There is also a outside chance that the 4Chan may be really down for maintenance, but that is difficult to imagine as Lizard Squad are known to be vocal about their exploits. There were reports of 4Chan admins announcing a while ago that there will be some downtime due to server maintenance, so it might come back online very soon.


We will be updating the story as soon as we get any feedback/confirmation from either Lizard Squad or 4Chan.
Update : 4Chan is online now but some users are still not able to view it

@moot thanks for making 4chan. Now please fix it.
— John Mullins (@Goldnuke) January 3, 2015

Lizard Squad has also deleted the above tweet about renting the Lizard Stresser just moments ago and the 4Chan website home is still showing some broken images.
Update #2 : 4Chan.org is down again since past one hour or so.

@moot what gives man? Bring back the chan right naooooooo
— Martin Robert (@martinnrobert1) January 3, 2015

Cyber criminals and business mafia working together to steal TAX in crores

 

 

Bihar’s famous coal mafia is using identity fraud to evade sales tax which runs into crores

In a time when the Indian Government is working hard to bring black money from overseas banks and safe havens, there is a massive scam happening in the underdeveloped state of Bihar and related to Sales Tax. The scam covers almost everyone including cyber criminals, business mafia and state government authorities. The scam which can run into crores of Rupees comes at a time when the state government of Bihar is demanding that it be accorded ‘Special State’ privilege from the federal government.

Techworm team researched how Bihar’s businesses who are linked to the infamous coal mafia and some insiders are cheating on the Bihar Government and several small businessman to appropriate tax worth many crores by stealing identities.

The identity theft scam involves using the unique Tax Identification Number (TIN) provided by the state government. A businessman from Bihar, who wishes to remain anonymous, accessed the Commercial Tax Department, Government of Bihar portal to find out the outstanding tax on sales for the current year.

However when he logged into his account, to his utter shock he found out that somebody else was using his TIN details to make illegal sales from his account.  The image given below is from the businessman’s CPT portal. Somebody who had hacked his user details was minting money in his name and the tax has been charged to the businessmans account.

Another surprising thing is that all the trades were confirmed as ‘Approved’ by the state government sales tax authorities without the explicit permission or knowledge of the businessman. The scam amount can be gauged by the fact that a single businessmans account has fraudulent trades of Rs.6.00 lakhs and there are thousand of such small businessmen in Bihar who could have been similarly scammed.

Our anonymous businessman will have pay 5% tax of the total sales amount shown in the above image and if there is a delay in paying that, the state government will  add three times of that tax as a penalty plus a 24% of that annually.

Social Engineering or Insider Involved 
While many of these accounts can easily be hijacked by someone who can guess the security question of the user as his TIN number and mobile number publically available on his bill/invoices. Sources in state tax department said that many of the sales tax department officials were also involved in it. Our source in the sales tax department said, “for right kind of money they can give you the login details as many such small businessmen.” He added  that, “Keeping your security question strong enough is not going to protect you if someone from inside is involved and who has access to such login details.”

Our team continued its research and found that there were several similar cases in which coal companies were involved using someone elses tax identification number to evade sales tax. However the businessmen whose TINs are used in this scam have to suffer paying hundreds of rupees as sales tax and penalty if they want to continue selling in Bihar.

One of the victims, we questioned, said he was charged in lakhs of rupees in tax for the sales which he never did, and by the same coal companies using his sales tax account.  These small businesses have no option other than paying the tax or approaching courts as the Sales Tax Department will not listen to them.

Considering the worsening pending cases situation in the Courts, these matters may remain unresolved for years together causing great hardship to ordinary businessman who dont have any links to such criminal activities.

New Icepol Malware found by Security Experts

Authorities in Romania have identified new malware that claims to be from police enforcing copyright and anti-porn laws.

Called the Icepol trojan, the ransomware sends a message to victims accusing them of software piracy or downloading illegal porn, then locks the victim’s computer and demands payment to unlock it. It was installed on more than 267,000 computers including in the US, Germany and Australia and responsible for more than 148,000 scam transactions in just five months.

Security vendor Bitdefender said Icepol originated in Romania, the company’s own home country, and was distributed in 25 languages.

After analysing information from servers seized by police, Catalin Cosoi, chief security strategist, Bitdefender, said the scam revealed a larger malware distribution system. Cosoi said the criminal underworld has developed supply-chain networks that work much in the same way as more traditional criminal enterprises – even down to money-making referral and syndication schemes.
Advertisement

Servers were organised in a pyramid scheme where a number of affiliates were connected to a central (command and control) server responsible for delivering the malware. The Romanian-based unit was communicating with a central server in The Netherlands, before it was moved to Germany as authorities closed in.

The findings support claims made late last year by another security firm, FireEye, about common development and logistics centers or a ‘hacking industry’. A spate of seemingly unrelated internet attacks launched from China in 2013 was found to have used similar underlying organised structures. The discovery prompted FireEye to warn of defence contractor-style groups creating the tools hackers buy, trade and use.

Raymond Choo, Australian Institute of Criminology senior security analyst, agreed there was an internet crime ecosystem.


“[A big threat] to cyber-security is the asymmetrical nature of cyberspace that can be leveraged by smaller or less technologically advanced countries to launch [attacks] by buying or renting the services and skills of cybercriminals,” they said.

Many experts say the concept of the ‘darknet’ – the seamy online underbelly used to produce and swap everything from bomb recipes to child pornography – is applicable to the hacking community, allowing organised hacking groups to join, collaborate and disperse.

“The criminal underground is known for having an organised structure that allows actors to specialise,” said Will Pelgrin, chief executive of the US Centre for Internet Security. “In the last several years it’s developed into a fee-for-service model to such an extent there are different layers of organisation. Some malicious actors control the money mules, others control the controllers.”

But as Nigel Phair of Canberra University’s Centre for Internet Safety warned, the existence of such cyber arms dealer-style fraternities doesn’t mean cybercrime will be any easier to combat.

“If cyber criminals make an exploit that works they can join different criminal networks to profiteer from it, but I wouldn’t assume the ‘brains trust’ behind malware is that small,” they says.

“Geographically diverse criminals who never meet may get together based on their expertise and conduct an exploit. Once they’ve completed a particular task and made money they go their separate ways, try something new or try the same exploit in a different industry sector.”

But does something approaching a hacker industry make internet crime any easier to stamp out?
“Unsurprisingly, many of the high-end cyber criminals live in jurisdictions with weak or no cybercrime laws,” said Phair, a former Australian Federal Police officer. “And often, law enforcement doesn’t have the capability or capacity to investigate local criminal elements.”

Still, there are points of weakness the forces of good can exploit. Kyle Creyts, senior threat analyst at US security firm Lastline, said internet criminals need hosts, computers and other traceable supply-chains just like genuine businesses.

“I’d focus on the notion of administrative domain,” they said.

“When a given provider has relatively bad, slow or ineffective response to compromises of their customers, it’s generally known and discussed in the underground community. Some of them even go so far as to offer what’s called ‘bulletproof’ hosting where they publicly acknowledge or advertise that they won’t respond to abuse complaints or law enforcement requests.”

Hacker Takes Down LoL, DoTA 2, Blizzard and EA Servers

The hacker group “DERP” is attacking the servers of games played by popular Twitch streamer James “Phantoml0rd” Varga.

A group or individual going by the Twitter handle DERP has been attacking the servers of several major PC games, including League of Legends, DoTA 2 and Blizzard. The hacker initially took down the LoL EU Servers and Blizzard’s Battle.net, before setting its sights on popular Twitch streamer James “Phantoml0rd” Varga’s favorite games.

It told Phantoml0rd if he lost his current game of DoTA 2, it would bring down the game’s servers. Just as Phantoml0rd’s team took a turn for the worst, the server he was playing on went down. It then proceeded to harass the streamer, taking down the servers for every game he subsequently tried to play, including Club Penguin. It also took down EA.com in the interim.

So far, DERP’s threats have been consistent, with each website or game server that it has targeted going down shortly after its announcement. Phantoml0rd, who believes he was targeted because he was the top streamer at the time, reached out to the group, asking them why they were doing this. “For the lulz,” it replied, adding that it is dismayed with “money hungry companies”.

To make things worse, shortly after all this went down, Phantoml0rd received a visit from the police, most likely believing that he had something to do with the hack attacks. “…just had an automatic pointed at me, put in hand cuffs and sat in the back of a cop car as I watched as 6 policemen go through my whole house.. will keep you all updated,” he posted on his Facebook wall.

So far, there is no word from any of the companies that have been attacked, but we have reached out to Riot, Blizzard, Valve and EA for further comment.

Update1: PhantomL0rd has posted an official reply regarding the DDoS attacks and the raid on his house by police to his Twitch channel. You can watch his reply below:

Update 2: Riot Games has confirmed that League of Legends was affected by the DDoS attacks, although everything seems to be up and running.