Security news

Instagram patches flaw leaking private images

Instagram patches flaw leaking private images

Your private Instagrams weren’t as private as you thought they were

Instagram has patched a flaw that allowed private pictures to be visible to other people under certain conditions. The flaw allowed all photos from formerly public accounts later marked private to remained open and viewable to public.

Quartz conducted tests which showed that any photograph posted to Instagram when a user’s account is set to public—the default setting—would remain publicly viewable on the web, even if the user made her account private.

This flaw also affected the photos shared on other social media sites that were shared through Instagram as the image’s URL was exposed.

Instagram patches flaw leaking private images

Flaw patched

The flaw was first reported by the Quartz and has now been formally patched.

“This is not an area where we have received feedback or concerns from the community but will continue to revisit,” a spokesperson for Instagram initially told Quartz in an emailed statement on Jan. 8. “If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private.”

“In response to feedback, we made an update so that if people change their profile from public to private, web links that are not shared on other services are only viewable to their followers on Instagram,” the company said in a statement.
The actual impact though, is not expected to be too grave since users running private accounts would have the default setting such so as to not upload sensitive pictures. The danger lay in instances where users mistakenly shared private images and switched to private mode, trusting that to be sufficient to lock down pictures.
However to exploit this particular flaw, any individual would need the precise URL to access sensitive images.
read more

Notepad++ website hacked by pro-Islamist hackers for releasing special Je suis Charlie edition

Notepad++ website hacked by pro-Islamist hackers for releasing special Je suis Charlie edition

Notepad++ website hacked by pro Islamists for releasing special  Je suis Charlie edition

Hackers going by the handle of Fallaga Team have had hacked the Notepad++ organisation’s website for releasing a special Je Suis Charlie edition commemorating the brutal slaying of 12 people at Charlie Hebdo office in Paris recently.

The website was hacked by hackers named Màh Di & ROJO XI & MR.CHARFE of FALLAGA TEAM and they left a defaced page carrying following message :


Hi NOTEPAD++, Today is your turn.
So you are “CHARLIE” !
Because the last notepad++ version (6.7.4) named “JE SUIS CHARLIE” !
So you think that Islam is terrorist !
Will i’m here to show you who is the real terrorist ?

– Q : Who killed 1.5 Million people ?
+ A : France ^_^ !
– Q : Who Killed most of Iraq people ?
+ A : USA ^_^ !
– Q : Who Killed most of Afghanistan people ?
+ A : USA ^_^ !
– Q : Who is the reason for the status of Somalia ?
+ A : USA ^_^ !

Now take a look in the world what’s happening ?
1. Mali, Just 5 minutes of your life, open YouTube and write Mali .. Watch ! :/
2. Libya ?!!
3. Syria ?!!
4. IRAQ ?!!
The biggest case : PALESTINE

Israel, Of course, all of you have heard about what’s happening now there !
I’m going to let you make a search about it, (???????)
Look for it in Arabic because in English is your ideas -Fake ones-

Anyway, OUR Message is clear

The Notepad++ website was apparently hacked for publishing a special Je Suis Charlie edition on its website, the image of which is given below :

Notepad Plus Org hacked by pro-Islamist hackers for releasing special Je suis Charlie edition

The group which had hacked the Note Plus Plus website has a full fledged Facebook page called OpFrance and seems to have been launched with the sole purpose of hacking and defacing French websites.

Notepad++ website hacked by pro-Islamist hackers for releasing special Je suis Charlie edition

The defaced page can be seen on website here.

read more

David Cameron’s plan to ban end-to-end encryption

David Cameron’s plan to ban end-to-end encryption

Yet another political grab to serve safety over privacy as Prime minister David Cameron pushes his will in the upcoming elections. If he wins the election, Mr Cameron makes it very clear that he would increase the authorities’ power to access both the details of communications and their content.

This seems to be an ongoing thing with every politician. The problem is that the politicians want safety and seek to make laws to force out any reminiscent act of keeping data channels safe and secure.

These laws can force many honest business owners that provide encryption services to either compromise their customer’s sensitive data or force the businesses to shut down just like the FBI and the US legal system forced Ladar Levison, founder of Lavabit to not only remain silent about the case against him from the FBI, but ultimately forced him to an ultimatum surrender the keys or be incarcerated. He choose to abandon his business rather than fight and become another causality in the prison industrial complex.

Some companies and their software products, Skype for example have been forced to create back-doors in their software not only leaving open portals for the feds, but in doing so leaving vulnerabilities for every other hacker who discovers them.

Many business have taken note and have purposefully engineered themselves to have absolutely no control over surrendering any data. They are just unable to do so even if they are willing (or coarsed with legal threats). Apple, for example, says it cannot decrypt iPhones under any circumstances and has resisted efforts from law enforcement to change the technology. Even a resurrected form of Darkmail is currently developing methods to absolve the encrypting responsibility from servers and the businesses that run them.

Mr. Cameron’s only choice if he wins and follows through with his intent will be to ban encrypting any data transmission, which will not only be a Herculean task, but a very impractical one. This will always be a game of cat and mouse. Creating outlawed software is a sure fire way to make everybody an outlaw.

read more

Thousands of American Airlines and United Airlines accounts hacked

Thousands of American Airlines and United Airlines accounts hacked

American Airlines and United Airlines accounts hacked; cyber criminals booking dozens of free trips

Cyber criminals with stolen usernames and passwords broke into customer accounts of American and United Airlines websites.  In some cases the criminals took stole mileage points, booked free trips and or upgrades.

This incidents happened in December 2014 but were announced by both the Airlines yesterday.  American has started notifying its affected customers by email on Monday, a spokeswoman said.

Both airlines stated that they are upgrading their systems and login process to stop this kind of frauds in future.

United Airlines spokesman Luke Punzenberger said thieves booked trips or made mileage transactions on up to three dozen accounts. The Airline had began notifying its affected customers in late December and the airline would restore miles to anyone who had them stolen.

American Airlines spokeswoman Martha Thomas stated that around 10,000 American Airlines customers were affected and they have frozen some accounts. American Airlines said that it is setting new accounts for customers who have at least 100,000 miles in their accounts.  She said the airline has learned of two cases in which somebody booked a free trip or upgrade without the account holder’s knowledge.

Thomas said that American would pay for a credit-watch service for one year for affected customers.

Both the airlines have categorically stated that no hack has taken place and the thieves got usernames and passwords somewhere

The cyber criminals used these stolen usernames and passwords to American’s Advantage and United’s MileagePlus, hoping that the login information would be the same.

The airlines also added that other information such as credit-card numbers was not exposed.

read more

United States Central Command (Centcom) Twitter and Youtube Account Hacked By ISIS Hacker

United States Central Command (Centcom) Twitter and Youtube Account Hacked By ISIS Hacker

The United States Central Command (Centcom) Twitter and Youtube account has been hacked by a hacker claiming to be affiliated with Islamic State (ISIS)

The Hacker with the online handle of CyberCaliphate fired series of tweets after hacking into the U.S. Centcom twitter Account.

Stating, “American soldiers, we are coming, watch your back.” linked to a paste on pastebin containing alleged Confidential data from Centcom’s Computer network.

Followed by tweets containing alleged stolen data carrying details of US military personnel

“We won’t stop! We Know everything about you, your wives and children”

The twitter and Youtube Account of Centcom has since been suspended. following tweets were tweeted during the hack.

United States Central Command (Centcom) Twitter and Youtube Account Hacked By ISIS Hacker
United States Central Command (Centcom) Twitter and Youtube Account Hacked By ISIS Hacker
(Centcom’s Youtube Account before suspension)


“We can confirm that the US Central Command Twitter and YouTube accounts were compromised earlier today,” the Pentagon said in a statement.

The white house is currently investigating the incident, the White house press secretary Josh Earnest said.

This is a developing story and we will keep you updated.

read more

Google stops providing updates for Android Jelly Bean and lower versions for Webview component

Google stops providing updates for Android Jelly Bean and lower versions for Webview component

900+ million users left in a lurch as Google says it has stopped providing security patches for the Webview component in Android 4.3 Jellybean and earlier versions

Sad but true. If you one of those people who use Android 4.3 and below version operating system on your smartphone and are waiting for Google to patch the Android Same Origin Policy (SOP) vulnerability, well you are not going to get it from Google.

The Android legacy SOP flaw which was discovered by Rafay Baloch, a Pakistani security researcher, affects the webview component of the Android default browser shipped with around 930,000 smartphones operating on Android 4.3 Jelly Bean and below.

The vulnerability in the WebView component, occurs when replacing the ‘data’ attribute of a given HTML object with a JavaScript URL scheme.  A potential hacker could leverage the UXSS flaw to scrape cookie data and page contents from a vulnerable browser window.

The security hole can be exploited in all versions of the Android Open Source Platform (AOSP) browser which also known as Android stock or default browser. The vulnerability exists only in Android OS 4.3 Jellybean and below.

Rapid7’s Joe Vennix and Rafay collaborated to put a Metasploit code for this vulnerability so that Google and other smartphone manufacturers could patch the flaw.

However no patch not forthcoming.  In between,  Trend Micro Labs discovered that the Metasploit code was being exploited in the wild to hijack Facebook accounts of users who had smartphones running on Android 4.3 Jellybean and below versions.

Now Rapid7 reached out to Google to patch this critical vulnerability and they received a shocking reply from Google. Google has stopped providing security patches for Android 4.3 jelly bean and below versions. This was the reply a security researcher from Metasploit received from Google.

“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”

The surprised security researcher, Tod Beardsley from Rapid7 Metasploit community reported on the blogpost.

“So, Google is no longer going to be providing patches for 4.3. This is some eyebrow-raising news.” he added, “I’ve never seen a vulnerability response program that was gated on the reporter providing his own patch, yet that seems to be Google’s position. This change in security policy seemed so bizarre, in fact, that I couldn’t believe that it was actually official Google policy.”

To confirm his shock, Tod followed it up with the Google security himself and got the similar reply from Google security team.

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves but do notify partners of the issue[…] If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.

It seems that Google has stopped providing support only for the Webview component of old Android versions because when Tod enquired further he was told that, “the Android security team did confirm that other pre-KitKat components, such as the multi-media players, will continue to receive back-ported patches.”

The problem is that as of now only the Webview component of earlier Android versions is found to be vulnerable, and as proved by Trend Micro Labs, is being exploited in the wild.  This is the component that should be patched in all versions as soon as possible so that Android smartphone users are not exploited due to the SOP vulnerability.

This also means that a possible 930 million smartphones out there are waiting to be exploited by potential hackers and cybercriminals. According to Google’s latest Android distribution figures, 46 percent of Android devices run Jelly Bean, followed by KitKat at 39.1 percent. The remaining Android users are on Gingerbread (versions 2.3.3-2.3.7, used by 7.8 percent of handsets), Ice Cream Sandwich (versions 4.0.3 to 4.0.4, used by 6.7 percent), and old Froyo (version 2.2, 0.4 percent).

Tod Beardsley stated that this as the most “bizarre” decision by Google.

The smartphone manufacturers who have marketed these smartphones in yester years are no longer interested in providing patches/support to these build.  So who will provide patches for this critical vulnerability and safeguard millions of Android smartphone users who have Android 4.3 and below, aboard their phones, is anybody’s guess.

read more

Torrent Freak Down, Lizard Squad’s DDoS tool Lizard Stresser at work again?

Torrent Freak Down, Lizard Squad's DDoS tool Lizard Stresser at work again?

Torrents related news aggregator, Torrent Freak down, Lizard Squad claims Lizard Stresser at work

The worlds most popular torrent news related aggregator, is suffering from uptime problems for past four hours.  Torrent Freak provides up to date information about the happenings in the world of torrents, websites and related ancillaries.

The TorrentFreak website is up now but is suffering from intermittent downtime. Exactly four hours ago the official Twitter account of TorrentFreak tweeted about it being down

Followed by another tweet around two hour ago saying they were up and running

This was followed by another tweet saying that they again offline

Lizard Stresser at work?

The Torrent Freak online offline saga was added another twist in its intermittent downtime tale by a tweet from the Lizard Squad official Twitter account which stated that a certain client with Twitter handle of @MPAA had rented out its DDoS rent-a-tool, Lizard Stresser to take down Torrent Freak.

The @MPAA Twitter handle belongs to the Hollywood producer association called Motion Pictures Association of America and the connection between the Lizard Stresser and MPAA is not known. However MPAA is known to come up with harsh methods to curb online piracy which is hitting the Hollywood producers hard in terms of revenues lost.  The recent leak of thirteen most likely Oscar Awards contender movie screens to the torrent sites has cause added revenue loss for the Hollywood producers as most of these films were released only in the Los Angeles and New York theatres.

The leaks of screener versions of these thirteen movies is said to have originated from a single source which is suspected to a guild member of the awards committee or associate of such a member.

The MPAA connection with the Lizard Squad or Lizard Stresser has not been verified by any independent sources.

Lizard Squad who own the DDoS tool called Lizard Stresser have been quite vocal about the exploits of their DDoS tool and their previous claims have found to be correct but not proven to be linked to Lizard Stresser. Only a fews days back the Lizard Squad claimed that Lizard Stresser was used to bring down the image boarding website

Torrent Freak is up at the moment but like they themselves say,

Ahem! fingers crossed!

read more

Silk Road dumps Tor, starts Silk Road Reloaded on I2P protocol

Silk Road dumps Tor, starts Silk Road Reloaded on I2P protocol

‘Silk Road Reloaded’ launched on a network more secret than Tor

The high profile dark web drug and contraband marketing website, Silk Road seems to have made a comeback in a new form.  A new anonymous online drug market called ‘Silk Road Reloaded’ has emerged but it is not known whether it is linked to its predecessors Silk Road and Silk Road 2.0.

Silk Road Reloaded however has dumped the Tor anonymiser network used by earlier versions and uses a very little known “I2P” alternative.

“Silk Road Reload?ed” was launched yesterday by its makers and is only accessible by downloading th I2P software, or by configuring your computer in a certain way to connect to I2P web pages, called ‘eepsites’, and which end in the suffix .i2p.

What is I2P protocol

The Invisible Internet Project (I2P) is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node.

The software is free and open source and is published under multiple licenses. The name I2P is derived from Invisible Internet Project, which, in pseudo-mathematical notation, is represented as I²P.

All Cryptocurrencies accpeted

Unlike Silk Road and Silk Road 2.0 which only accepted Bitcoins, the new avatar will accept all cryptocurrencies and process transactions in other cryptocurrencies by converting them into Bitcoin through the site’s built in wallet.

In addition to Bitcoin, the other cyrptocurrencies being accepted on Silk Road Reloaded are Anoncoin, Darkcoin, Dogecoin, Litecoin etc. In all, eight different cryptocurrencies are being accepted as of now and others are slated to join soon.

“All functions are completely enabled and fully functional,” says a message on the site, posted today. “Sample data is being removed. Current vendor(s) your products will show shortly. Thank you all for making the site launch a success!”

It remains to be seen how long Silk Road Reloaded manages to remain online and how soon FBI and other law enforcement agencies manage to track it and take it down.

read more

Extratorrent down; Hackers launch a massive DDoS attack against popular torrent website

Extratorrent down; hackers launch a massive DDoS attack against popular torrent website

Extratorrent is under the DDoS attack by hackers right now

The worlds number 4 torrent website is down following a massive Distributed Denial of Service (DDoS) attack by unknown hackers. The website seems to have been down for 23 hours and seems to come online for little bit before throwing up a 503 service error.

The Extratorrent admin took to Twitter to tell its fans about the DDoS attack

About Extratorrent

ExtraTorrent was one of the more popular torrent websites in 2014.  It has grown in size due to more traffic and has moved up again in the top 10, now placed as the 4th most-visited torrent site by torrent ranking websites. This success didn’t go unnoticed by rightsholders groups such as the MPAA who recently called out ExtraTorrent as one of the top pirate sites. The site was forced to trade in its .com domain for .cc this year, after it was suspended by its domain registrar.

The Isitdownrightnow says that Extratorrent has been down for past 23 hours (now it says 4 minutes because the website sprang to live for few seconds before going down again

Extratorrent goes down after hackers launch a DDoS attack

While the admin says that its a DDoS attack by unknown hackers, the actual reason may be a takedown by authorities or a revenge DDoS by the music and movie companies.  Earlier Sony had allegedly undertaken a similar kind of DoS attacks to stop the torrents sites from sharing the files from the massive hack attack.

Reader may note that only two days back around 13 mega Hollywood movie screener versions were leaked and being shared on torrent websites.  These movies are considered to be prime Oscar award contenders and it is though that one of the guild members or his/her associates may have leaked these screener versions.

This is a developing story and we will keep you updated.

read more

24 Hours after Charlie Hebdo incident, French lawmakers ban websites promoting or condoning terrorism

24 Hours after Charlie Hebdo incident, French lawmakers ban websites promoting or condoning terrorism

France government issues a Decree to ban websites inciting or condoning acts of terrorism and websites disseminating pornographic images or representations of minors

It took French government just 24 hours to rush in a Decree to ban websites which incite or condone acts of terrorism.

The new decree which was issued by European Commission on 8.1.2015 enables the French government and authorities to ban any website without any warrant or approval of judge.

France has been a liberal polity as far as freedom of speech is concerned.  Even satire magazine Charlie Hebdo was born out of the tumultaneous 1970 when industrial, labour and student revolutions were a everyday affair in France.  It was born as Hara Kiri and was banned for a brief period of 6 months. Its claim to fame and the reason for ban was the famous spoof in November 1970 when it released a cover headlined “Tragic Ball at Colombey, one dead.”  The cover was published after former French president Charles de Gaulle died in his home village of Colombey-les-Deux-Églises, eight days after a disaster in a nightclub, the Club Cinq-Sept fire, which caused the death of 146 people.  It was restarted in its current avatar in 1991 after Gébé, Cabu and others got together again during the gulf war.

Before this decree following websites were illegal and liable to be banned in France

  • Websites about pedopornography,
  • Negationism as in “The holocaust may have not happened”,
  • Justification of hate crimes and crimes against humanity.

Now with this decree the government and the authorities can ban any website which promotes child pornography websites or websites inciting or condoning acts of terrorism.  The Government through the Ministry of the Interior will now send the French ISP’s the list of electronic addresses of online public communication services failing to comply with the provisions of the Penal Code, in order that the service providers may block the websites in question within 24 hours. The chosen blocking technique shall operate at domain name level. The list of electronic addresses of online public communication services shall be sent to internet service providers by secure means, thereby guaranteeing that its confidentiality and integrity will be preserved. The decree also sets out the procedures whereby internet service providers may receive financial compensation from the State in respect of any costs incurred as a result of implementing this procedure.

France currently ranks 39 (2014 rank) on the Press Freedom Index published by Reporters Without Borders.  The above decree is going to degrade French standing further as it may be seen as step against freedom of speech and press freedom.

read more