Beware of Unpatched Backdoor in Atlassian Crowd Authentication Service

Jun 30, 2013 | comments


Over 25,000 companies from all over the world rely on Atlassian’s solutions, including organizations from the automotive, consulting, education, engineering, entertainment, government, health and other industries.

According to the advisory published by Command Five, Crowd users should update their installations as soon as possible because an exploit for a vulnerability discovered in 2012 has become widely available.

The security hole can be leveraged by an attacker to retrieve data and files from the Crowd server by crafting entity URLs. In addition, the flaw can be leveraged for denial-of-service (DOS) attacks.

“If a hacker uses the vulnerability to retrieve a file containing credentials, they can then authenticate with the Crowd server directly, or use the exploit again to bypass trusted proxy/remote address validation as described above,” the advisory reads.
“Successful exploitation of this vulnerability can (but does not necessarily) lead to a hacker taking full control of an organization single sign­ on service, potentially resulting in a catastrophic security event. Regardless, successful exploitation is likely to enable high velocity lateral movement within the targeted organization,” researchers explain.

However, the patched vulnerability is not the main concern. Command Five says there is at least one critical vulnerability in Crowd that hasn’t been patched.

The flaw can be exploited by an unauthenticated remote attacker to take full control of any Crowd server they can connect to.
  Cyber criminals can compromise application credentials, user credentials, data storage, configured directories and dependent secure systems.

Diet spam campaign have moved to Instagram

| comments


The messages that make the rounds on Instagram show pictures of fruit. The pictures are accompanied by a bogus BBC News message which promotes an “exclusive offer” for a fruit diet.

In some cases, the spammers continue to trick users by claiming that the diet has been recommended by Dr. Oz.
Unfortunately, the Instagram spam run appears to be highly successful. One of the links has been clicked more than 35,000 times already.

“Earlier today a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts. Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted,” 

Facebook, which owns Instagram, has told Gigaom.Instagram has started resetting the passwords of the impacted users.

Security expert Janne Ahlberg has been closely monitoring the evolution of the miracle diet spam campaign. Over the weekend, he reported that spam messages were spotted not only on Twitter, but on Facebook, Tumblr and Pinterest as well.

Facebook Is Working On Mobile News App Reader

Jun 24, 2013 | comments

According to the Wall Street Journal, Facebook is working on a service that include iPhone users provides news . The business newspaper relies on unnamed sources to come. Organization itself from Facebook Reader news would bundling both users and publishers.
 

Facebook would already more than a year working on the service. Reader would look like Flipboard, the app that collects news based on the user preferences. The social network refused to comment to the Journal. Facebook would like to increase with Reader. Its attractiveness to advertisers in the mobile segment.

According to anonymous sources, Mark Zuckerberg personally oversee the project and in contrast to the development of other services is deliberately taken the time to a full-fledged news service to make it as good as possible to work on both smartphone and tablet Reader. Initially targeted at Apple's iOS as a platform.

Spying Software Found on Chinese Devices

| comments


According to Reuters, several pieces of spying software have been identified on several devices owned by Chen, including an iPhone and an iPad he had received shortly after his arrival to the US from the wife of activist Bob Fu, the man who runs the Christian group called ChinaAid. 

After fleeing to the US last year in May, Chinese activist Chen Guangcheng was given a fellowship at the New York University. Now that the period of his fellowship has come to an end, some interesting aspects of the story have come to light.
 

The presence of the spyware has been brought to light by NYU professor Jerome Cohen and another individual familiar with the incident.
While some say that the devices were plagued with spy software right from the start, others point the finger at the NYU for installing the applications.
Among the spy applications, technicians found one that secretly turned the devices into a tracking system, and a password-protected program that uploaded data to a remote server.

Anonymous Social Networking With Your Real Friends : Unface.Me

Jun 23, 2013 | comments

unface.me,Anonymous social networking

The world has changed, and it is important for us to face certain realities i.e; there’s a greater reliance on technology,this has led to significantly less face-to-face interactions,even when such interactions occur, rarely are they wholly honest conversations and this leaves most of us desperately resorting to the web to engage in anonymous discussion boards or to create alias Twitter accounts just to be heard.





The general idea behind unface.me: engage in anonymous and truthful discourse with people you already know. This is done by connecting your Facebook account to an unface.me alias (“AlterEgo”) that you create, and then interacting with other users from your current network of friends who also have AlterEgos.


How can this be used toward forming better relationships? Well, for one thing, it will allow users to be completely honest about themselves. A lot of topics are difficult to talk about (such as one’s mental health) and have potential professional consequences (not getting hired because of a history of depression). Unface.me can give people this medium for expressing their emotions or thoughts honestly, without fear of people knowing their true identity.

This anonymity also allows for the changing of personal behaviors and the development of overall empathy. As people learn sensitive things about their friends, they may become more socially aware of and self-identifying with the daily struggles of others, and thereby change their day-to-day behaviors or interactions with them. So, the result? Closer bonds with those around us.
We don’t have to sacrifice honesty in the age of social media. If Dan Humphrey was able to pull off complete anonymity for five years and end up with a closer set of friends, why shouldn’t we? 

Try out unface.me for yourself.........!


Facebook Issue May Have Leaked Your Email and Phone Number

Jun 22, 2013 | comments

DYI ,FACEBOOK,Facebook DYI,Facebook data breach


Facebook just published a data breach notification on its security blog.
You might not immediately notice that from the title of the article, which announces itself as an "Important Message from Facebook's White Hat Program."
 The cloud (bad pun intended) is that Facebook's systems made the fault possible in the first place.

What Facebook seems to be admitting to, in Friday's breach notification message, is that it was careless with the aggregated data accumulated from contact list uploads.
The problem, says Facebook, lay in its Download Your Information (DYI) feature, which exists so you can suck down everything you've previously entrusted to the social networking giant.

 DYI improves availability, because it allows you to make your own off-site backup of everything you've stored on Facebook. It improves transparency, because it acts as a record of everything you've uploaded to Facebook over the years.But there was a bug in DYI, of the data leakage/unauthorised disclosure sort.
Apparently, DYI was capable of letting you download more than you'd uploaded in the first place.




 

U.S. is Spying on China,Stealing ‘Millions’ of Texts : Edward Snowden

Jun 21, 2013 | comments

Edward,Snowden,Edward Snowden,NSA contractor,NSA,PRISM


Former NSA contractor Edward Snowden revealed on Saturday that the U.S. is tapping into Chinese mobile carriers to access customers’ text messages.
It’s not just a few messages, either. Snowden told the South China Morning Post that millions of Chinese text messages are being harvested by the U.S.

“China should set up a national information security review commission as soon as possible,” Snowden told the paper.
Chinese mobile users sent over 900 billion text messages in 2012, according to government statistics, so if Snowden’s claims are true, the United States’ surveillance isn’t too extensive in the grand scheme of things. (Chinese officials likely won’t see the situation in that light though.)

The reveal will make an already rocky relationship between the U.S. and China even more tumultuous. President Obama and China’s new president Xi Jinping have already had several conversations about cybersecurity relations, and both leaders are also kicking off a series of regular talks between the two countries.

Android Ransomware

Jun 20, 2013 | comments

 Android Phones Ransom,Ransom

These days, fake Antivirus programs that run under Windows look just as good as real, valid antivirus tools. They'll run a scan for free—a fast one, since there's no actual scanning going on. However, to remove the imaginary malware found by the scan, you'll have to pay up. In a recent blog post, Symantec researcher Joji Hamada reported that this type of malware has come to Android, and it's even more aggressive than the typical Windows fake antivirus. Symantec calls the malware sample featured in this post Android.Fakedefender, because it installs as a trial version calling itself Android Defender.

The typical Windows-based fake antivirus programs attempt to scare the user into paying for a registered version by displaying frightening scan results, hence the name scareware. They work hard to look just like a valid antivirus, to the point that some even offer tech support. It's not uncommon for victims to express outrage when a legitimate security product removes the fake one: "Hey, that's my antivirus! I paid for that!"
  
Porn Discovered :
 

In what may be an attempt to discourage you from seeking help, the fake antivirus reports that it has detected malware attempting to steal pornographic content from the phone. How embarrassing! At this point, you can't delete the fake antivirus and can't launch any other apps. The only way to recover, short of a hard reset, is to purchase the full version. It's effectively holding your phone for ransom. Hamada didn't state whether paying the ransom actually unlocks the phone.

F-Secure's Mikko Hypponen has gone on record stating that the biggest threat for Android users is losing your phone, not malware. Hamada begs to differ, pointing out that malware like this is really, really hard to remove once it gets a foothold. He advises running mobile security software to keep threats like this from installing in the first place.
 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger