Featured Posts

<< >>

Mount MAC OS X – HFS plus filesystem in Centos

from-hfs+-partition

However, it was an easy problem to solve #rpm –import http://elrepo.org/RPM-GPG-KEY-elrepo.org before downloading the required RPM file: – #rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm and installing the HFS+ drivers: – # yum install

block ads in Mac OS X – mountail lion / lion/ snow leopard

no_ads

you can block most of the ads and pop ups from sites by blocking them in local DNS file simply open terminal and edit thisfile   $ sudo vi /private/etc/hosts

mac os x server file sharing not taking parent folder permission

The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even

Squid https transparent proxy setup with SSL certificate

Squid https transparent proxy setup with SSL certificate Let’s understand first how squid proxy works in transparent mode. While setting up squid as a transparent proxy we can forward the

Traceroute – starwars story

trace

[root@ajay ~]# traceroute 216.81.59.173 traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 38 byte packets 1 196-47-64-59 (196.47.64.59) 0.918 ms 0.948 ms 0.652 ms 2 196-47-64-66 (196.47.64.66) 1.223 ms 2.747 ms

Emails promising CNN article about HeartBleed vulnerability leads to Spam sites

Cyber Criminals often take advantage of hottest topics and latest events to entice users into visiting spam websites. The HeartBleed bug, which has made headlines over the past few weeks, is no exception.

Now, spammers are sending out emails with subject "HeartBleed Bug warning". The spam campaign was discovered by Security researchers at TrendMicro. 

"I Just want to let you know there is a big security concern now in the internet.  The Internet bug called Heartbleed Bug, was recently discovered by experts.  So if were you, you need to change your internet passwords specially your banking passwords." The spam email reads.

"Check for this report in CNN. Report from CNN[LINK]"

If the link provided in the email led to the actual CNN report, the email may have been considered as cyber security awareness email.  But, the link leads to some malicious webpage.

One good thing what spammers did is notifying users about the HeartBleed vulnerability and suggest recipients to change their password.  If the link provided in the email.

Buffer Overflow vulnerability in Acunetix scanner allows to hack the noobs who attack your website

Danor Cohen, a Security researcher who recently discovered the 'WinRAR file spoofing vulnerability', has discovered one more zero day vulnerability.  This time it is Buffer Overflow vulnerability in one of the popular web application vulnerability scanner 'Acunetix'.

There is a feature in Acunetix that allows to scan the additional domains or subdomains detected during the scan.

"It learns about the external related domains from the external sources that appear at the scanned website, for example: "<a href=http://externalSource.com/ ></a>"

Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed.

For Ex:
 <A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAA...........AAAAA”>

Researcher managed to exploit this vulnerability and successfully launched an executable file(calc.exe). By modifiying the code, one can infect the computers of newbies with a malware who attempt to scan their websites.

More technical details are available at his blog post.

Here is Proof of concept video:


*Update*:
Acunetix says this vulnerability affects only the illegitimate(cracked) copies of Acunetix WVS.

"The blogger seems to have managed to pull his exploit by using a cracked version of v8. The cracked version, probably required the replacement of the official executable with a vulnerable one." Acunetix says.

"Once again we want to re-assure all users of legitimate installations of Acunetix WVS that they are in no danger, and are not affected by this at all"

Hackers compromised University Servers to Mine Bitcoins

Social Security numbers of Nearly 30,000 students who enrolled between 1995 and 2012 are at risk following the breach of Iowa State University's network server. 

University says they found no evidence that any of the financial information of students or any others files were accessed by the intruders.

Officials at Iowa State University believe the attackers who breached the five departmental servers were trying to use the computing power of the servers to generate virtual currency Bitcoins.

Even though the personal information was not the intended target, the University urges affected students to monitor their financial reports.

Another 18,949 students whose University ID numbers were on compromised servers are being notified about the breach.  However, this data have no use beyond their campus.

The breach occurred on Feb 3rd. On Feb 28th, the University came to know two of their servers were infected. On March 28th, they came to know third server having the personal information were also compromised in the breach.

Law enforcement officials have been notified of the security breach.

BJP website blocked for Pakistan over repeated hacking attacks

The repeated hacking attacks against Bharatiya Janata Party(BJP) websites have forced the authorities to block the access to its official website in Pakistan.

"The owner of this website (bjp.org) has banned your IP address on the country or region you are accessing it from." This is error which is currently being displayed whenever someone tries to access the bjp.org from Pakistan.

At the time of writing, even the BJP's PM candidate Narendra Modi's website(narendramodi.in) has also been blocked for Pakistan and showing some error message.

This move comes after Pakistan hackers targeted BJP related website and defaced BJP's Leader LK Advani's website and Bihar BJP websites in last two days.

The website can be still accessed by users from Pakistan by using proxies to mask their IP addresses.  If the website is secure against all attacks, then there will be need for such wide range of IP blocks except in cases of DDOS attacks. Even then, only individual IPs usually need to be blocked.

Arvind Gupta, BJP IT Cell Heaad, told NewsWeek that the site had been blocked in Pakistan "automatically" as a security measure and they had request CERT-India to unblock the sites.

Google offers Refunds to users scammed by fake "Virus Shield" app

Google is trying to maintain its reputation by offering refunds to those android users who were scammed by a fake antivirus app "Virus Shield".

Earlier this month, Android Police uncovered a fake virus scanner which was hosted in Google's Play Store that did nothing other than changing the icon and led the users into believing their devices are safe.

This fake paid app($3.99) was downloaded by more than 10,000 users before Google and others became aware of the true nature of this app.  In fact, this app reached number one position in the Top Paid apps list.

However, the developer of this app told the Guardian that one of their developers mistakenly uploaded the wrong version of "Virus Shield" application.  At the time, he also promised to refund users who bought their app.

But, Google seems to have decided not to lose thousands of users who are unhappy about the lax security mechanism which allowed such fake apps to be published.

According to Android Police report, Google is not only issuing refunds to purchasers but also offering them $5 promotional credit using which you can buy apps, books and music in Google Play store.