Cyber Kendra - Latest Cyber Security And Tech News

OpSrilanka: Hackers United Together and Launched Cyber Attack over Srilanka

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-aYaThfLiBFw/U05WYAz9NGI/AAAAAAAACV8/EsiUVQBLTb0/s1600/cyber-attack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-aYaThfLiBFw/U05WYAz9NGI/AAAAAAAACV8/EsiUVQBLTb0/s1600/cyber-attack.jpg" height="359" width="640" /></a></div>
Almost all the cyber hackers around the world have came together and launched a campaign called "<b>#OpSrilanka</b>". Hacker joined together and launched a cyber attacks on the Sri Lanka as a protest against the ongoing Tamil Genocide in the country.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
To get the campaign deals hacker from around the world have started attacks on the Sri Lanka cyber space. Hackers have <a href="http://www.cyberkendra.com/search/label/Defaced" target="_blank">hacked number of sites</a> and leaked tonnes organisation database. As hackers reports that the event was live for two days 15th and 16th of April.<br />
<br />
Hacker group who are taking part in this event are -<br />
<blockquote class="tr_bq">
Anon Ghost -Indian Haxors Team - Indian Cyber Rakshak - RedCult (Lebanon) - Muslim Cyber Corporation(Indonesia) - Pakistan Haxors Crew - Ip Sova Crew(Malaysia) - Indonesian Red Code -Team - Elite Cyber Army (Philippines) - Afghan Cyber Army - Indian Cyber Devils - Sec~Team-7 - Sec_dark</blockquote>
There are about 13 group from around the world and some are well know group like <a href="http://www.cyberkendra.com/search?q=Anonghost" target="_blank">Anon Ghost</a>,  <a href="http://www.cyberkendra.com/search?q=Afghan%20Cyber%20Army" target="_blank">Afghan Cyber Army</a> who have already took part in many of such operations.<br />
<br />
Almost 100+ website belongs to Sri Lanka's government and other reputed organisation have taken down by hacker from last night and the attack is still live. Some group  reported that this is to repay for the Sri Lanka Government as their army have killed many innocent Tamil's (Indian State) people.<br />
<br />
Almost every hacked site contains the following message,-<br />
<blockquote class="tr_bq" style="text-align: center;">
This is a part of the joint event that we are conducting #OpSrilanka (April 15-16).<br />
We will Speak against your government's AirStrike on the "NO FIRE ZONE" !<br />
We will Speak against the attrocities committed by Srilankan Army on innocent Tamil population !<br />
We will Speak against the War Crimes committed by your government!<br />
We will Speak against the Genocide committed by Your Government !<br />
stop this !!!!!</blockquote>
<br />
Some of the Defacement from the popular hacker group are shown below...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-vIzicGjbhR8/U05YaLwCtwI/AAAAAAAACWg/VFLo0k-JLTA/s1600/aca.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-vIzicGjbhR8/U05YaLwCtwI/AAAAAAAACWg/VFLo0k-JLTA/s1600/aca.png" height="640" width="633" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Defacement from Afghan Cyber Army</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-K52I_lpF2r0/U05Wl00GMkI/AAAAAAAACWQ/v2S7hxeqgBY/s1600/shadow.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://2.bp.blogspot.com/-K52I_lpF2r0/U05Wl00GMkI/AAAAAAAACWQ/v2S7hxeqgBY/s1600/shadow.png" height="300" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Defacement from Indian Cyber Devils</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-pP7NDBA08g8/U05WjysIB0I/AAAAAAAACWE/UG6ZPY35BLA/s1600/Untitled+(1).png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-pP7NDBA08g8/U05WjysIB0I/AAAAAAAACWE/UG6ZPY35BLA/s1600/Untitled+(1).png" height="300" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Defacement from Anon Ghost</td></tr>
</tbody></table>
<div style="text-align: center;">
<br /></div>
Some of the hacked site have been recovered and working fine. Member of #OpSriLanka have released a list of the site that have been attacked till yet on the pastebin.<br />
<br />
List of the Sites attacked can be fined <a href="http://pastebin.com/rmpste9z" target="_blank">Here </a>and <a href="http://pastebin.com/KNPP4G4z" target="_blank">Here</a>.<br />
<br />
We will keep update this post as we get any further information of this event. You can <a href="http://facebook.com/cyberkerndra" target="_blank">Like Us on facebook</a> to get the update or <a href="http://twitter.com/cyberkerndra" target="_blank">Follow us on twitter</a>. </div>

OpSrilanka: Hackers United Together and Launched Cyber Attack over Srilanka

Almost all the cyber hackers around the world have came together and launched a campaign called &...

Adobe Reader app for Android Vulnerable to Remote Code Execution

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-14Q82JUbrGw/U02CqqnaSDI/AAAAAAAACVs/A6ldktVF4Ag/s1600/PDF-reader-apps-android.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="" border="0" src="http://1.bp.blogspot.com/-14Q82JUbrGw/U02CqqnaSDI/AAAAAAAACVs/A6ldktVF4Ag/s1600/PDF-reader-apps-android.jpg" title="Adobe Reader app for Android Vulnerable" /></a></div>
Security on the <a href="http://www.cyberkendra.com/search/label/Android" target="_blank">Android</a> device is getting more high as the new and latest vulnerabilities are addressed. Again one popular app of Android "<b>Adobe Reader</b>" is found to be vulnerable. About 400 million android users have installed Adobe reader on their device. If you are among these, then you must update your Adobe Reader from Google Play store.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
Adobe has just released the latest version of Adobe reader after fixing the Remote Code Execution on its previous version. Adobe have published the report for the vulnerability code (CVE-2014-0514) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader.<br />
<br />
A security researcher Yorick Koster from <a href="http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html">Securify BV</a>, have noted the vulnerability to Adobe. Explaining the vulnerability, Koster claims that attacker can craft a PDF file with malicious java script that can exploit the victim when he/she open it in affected version of the Adobe Reader.<br />
<br />
Successful exploitation allows the attacker, to access the files stored on the Micro SD card and also can read the other personal information present on the device. So it is recommended to update your <a href="https://play.google.com/store/apps/details?id=com.adobe.reader" target="_blank">Adobe Reader from Google Play store</a>.</div>

Adobe Reader app for Android Vulnerable to Remote Code Execution

Security on the Android device is getting more high as the new and latest vulnerabilities are ad...

Google Working in Redesigning icon of its Android App

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-FhgbkktMjf8/U01dSyaQoMI/AAAAAAAACVU/rUkK41VHjbY/s1600/Google-Android.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="android new look, Android updare, moonshare, moonshare update, free android update, android new design, Android icon changes, android language changed, Android police reports, " border="0" src="http://2.bp.blogspot.com/-FhgbkktMjf8/U01dSyaQoMI/AAAAAAAACVU/rUkK41VHjbY/s1600/Google-Android.jpg" title="Google Android Apps" /></a></div>
According to reports that are getting from the source, it is being says that Google is redesigning it Android icon and giving its flat design. The new icon will have flatter look and will be more organised. It is being predicted that the new design will be revealed at Google I/O in June.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
According to the <a href="http://www.androidpolice.com/2014/04/14/rumor-googles-android-app-icons-to-get-a-moonshine-makeover/" target="_blank">Android Police</a>, the new design will be referred as "Moonshine" and would see Android icons having a flatter appearance, with shadows following prominent elements. One of the sources of showcasing the new icons appears on a Google Partners page on the desktop-based web.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-ufJBgz1qq1A/U01dvJDse1I/AAAAAAAACVc/915GbjdUi8c/s1600/nexusae0_wm_Screenshot_2014-04-12-17-58-41_thumb1(1).jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="android new look, Android updare, moonshare, moonshare update, free android update, android new design, Android icon changes, android language changed, Android police reports, " border="0" src="http://3.bp.blogspot.com/-ufJBgz1qq1A/U01dvJDse1I/AAAAAAAACVc/915GbjdUi8c/s1600/nexusae0_wm_Screenshot_2014-04-12-17-58-41_thumb1(1).jpg" title="Android New Look - Moonshine" /></a></div>
<br />
Reports stats that, Google Play Books, Play Games, Play Movies, Play Music, Gmail, YouTube, Play Store, Chrome, Hangouts, Photos, Google Maps and more will be the main thing for the change and will get the flatter look. Developer may also bring some changes to its interface and can also change the Language, which give whole new look to Android.<br />
<br />
Earlier last year Google have launched a new look of its mobile app for Android and iOS platform. The new redesigned app offers customized layouts, improved performance and simpler navigation for users. The app also gets a new feature called 'story cards', and allows users to customize the font size and look from light to dark. The internet giant adds that the revamped look offers “simplified navigation and improved integration with Google feedback located in the menu at the top right.”</div>

Google Working in Redesigning icon of its Android App

According to reports that are getting from the source, it is being says that Google is redesignin...

Facebook Censorship: India is on the Top of the List for content Removal Requests

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-V4U1hAlS7gU/U0wMQI9Vb1I/AAAAAAAACVE/y1Vz6FVv60s/s1600/facebook-logo-india.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="" border="0" src="http://4.bp.blogspot.com/-V4U1hAlS7gU/U0wMQI9Vb1I/AAAAAAAACVE/y1Vz6FVv60s/s1600/facebook-logo-india.jpg" height="299" title="Facebook Censorship: India is on the Top of the List" width="640" /></a></div>
Recently Facebook Revealed <a href="http://www.cyberkendra.com/2014/04/facebook-revealed-global-government.html" target="_blank">Global Government Requests Report</a> last week and now another report has been stated by Facebook. According to this new report Facebook has got higher number of request report from India. Indian Government Officials and the Indian Computer Emergency Response Team (ICERT) had made a too many content removal request for post which were violating laws like criticizing a religion or the state.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</div>
<a href="http://www.cyberkendra.com/search/label/Facebook" target="_blank">Facebook</a> revealed India made the highest requests for restricting content, followed by Turkey (2014),Pakistan (162), Israel (113), Germany (84) and France (80) in its second Government Requests Report.<br />
<div>
<br /></div>
The report also states that India made the second largest number of user requests at 3,598 just after the US, which made 12,598 user requests in the second half of 2013. Overall Facebook had received over 28,000 government data requests during the July-December 2013 period. After US and India, most requests received from UK (1,906 requests), Italy (1,699), Germany (1,687) and France (1,661).<br />
<div>
<br /></div>
<div>
Regarding the blocking of the content Facebook say's </div>
<blockquote class="tr_bq">
"We restricted access in India to a number of pieces of content reported primarily by law enforcement officials and the ICERT under local laws prohibiting criticism of a religion or the state."<br />
"Requests are scrutinized to determine if the specified content does indeed violate local laws. If, after a thorough legal analysis, we determine that the content appears to violate local law, then we make it unavailable in the relevant country or territory," they further added.</blockquote>
<br />
According with stats Facebook have about 100 million of users from India, which is in second position after US 182 million. <br />
<br />
According to last year  Transparency Report from Google published on December, stats that content removal requests from India have grown by over 90 percent in July-December 2013, from over a year ago in the July-December 2012 period. Google says that it received over 2,540 requests from the Indian government and courts for content removal from July-December 2013.</div>

Facebook Censorship: India is on the Top of the List for content Removal Requests

Recently Facebook Revealed Global Government Requests Report last week and now another report ha...

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-iqGltby8xU0/U0u1E9wTFaI/AAAAAAAACUk/34AJDrdFG8w/s1600/123.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Flickr vulnerable to SQL Injection and Remote Code Execution Flaws" border="0" src="http://4.bp.blogspot.com/-iqGltby8xU0/U0u1E9wTFaI/AAAAAAAACUk/34AJDrdFG8w/s1600/123.jpg" title="Flickr hacked" /></a></div>
Now Security Researcher are on the fire mood, I think. Last week was one of the vulnerable week for the internet. As researcher have found <a href="http://www.cyberkendra.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html" target="_blank">Heartbleed vulnerability</a> that puts almost three-fourth (3/4) of the worlds websites in a vulnerable side. After this Researcher form Detectify have found the <a href="http://www.cyberkendra.com/2014/04/google-got-hacked-by-xxe-vulnerability.html" target="_blank">critical vulnerability on the Google products</a> that leads to read the 'etc/passwd' and 'etc/host' file of the Google Server.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
Now once again another biggest photo sharing site Flickr  (owned by Yahoo.Inc) have suffered from sever vulnerability. A security researcher <a href="http://pwnrules.com/flickr-from-sql-injection-to-rce/">Ibrahim Raafat</a> from Egypt have found the SQL injection vulnerability on the Flickr site.<br />
<br />
<b>Raafat </b><a href="http://pwnrules.com/flickr-from-sql-injection-to-rce/" target="_blank">claims</a> that he has found two parameters ( <b><i>page_id and items</i></b> ) vulnerable to Blind SQL injection and one (<b><i>Order_id</i></b>) vulnerable to direct SQL injection. This vulnerable allow the attacker to read the Flickr database. Further more a successful SQL exploitation can allow attacker to gain database and MYSQL login credentials, by injecting the SQL query.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-6-rhB1IFQ7k/U0u1P3CN_oI/AAAAAAAACUs/d-bsGamRay8/s1600/flickr-sql-injection.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Flickr hacked, Flickr vulnerable to SQL Injection and Remote Code Execution Flaws, Flickr vulnerable, Flickr SQL injection, Flickr remote code execution, hackers area, security researcher, Flickr  rewards, Flickr  hacked, yahoo hacked, hacking yahoo products, security researcher, bug bounty products, Heat bleed vulnerability" border="0" src="http://2.bp.blogspot.com/-6-rhB1IFQ7k/U0u1P3CN_oI/AAAAAAAACUs/d-bsGamRay8/s1600/flickr-sql-injection.png" title="Flickr SQL injection" /></a></div>
<div style="text-align: center;">
<br /></div>
Further more Researcher explains that, SQL injection vulnerability on Flickr allows the attacker to produce its attack to Remote Code Execution on the server and using load_file(“/etc/passwd“) function he was successfully managed to read the content from the sensitive files on the Flickr server, as shown below: <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-N2MEZ7tqcwc/U0u1aoRCM8I/AAAAAAAACU0/w6uWXPlTRZg/s1600/passwd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Flickr hacked, Flickr vulnerable to SQL Injection and Remote Code Execution Flaws, Flickr vulnerable, Flickr SQL injection, Flickr remote code execution, hackers area, security researcher, Flickr  rewards, Flickr  hacked, yahoo hacked, hacking yahoo products, security researcher, bug bounty products, Heat bleed vulnerability" border="0" src="http://1.bp.blogspot.com/-N2MEZ7tqcwc/U0u1aoRCM8I/AAAAAAAACU0/w6uWXPlTRZg/s1600/passwd.png" title="Flickr remote code Execution" /></a></div>
<div style="text-align: center;">
<br /></div>
Raafat have also shows the Video demonstration that the vulnerability allows to write new files on the server that let him upload a custom 'code execution shell'.<br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube.com/embed/q-CH10Zo0gs" width="680"></iframe></div>
</div>

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Now Security Researcher are on the fire mood, I think. Last week was one of the vulnerable week f...

German Programmer took the Responsibility for HeartBleed Vulnerability

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-_DYUDPbqwBQ/U0qnXxSggpI/AAAAAAAACUU/pDhAnIfy5D0/s1600/heartbleed-openssl-bug.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-_DYUDPbqwBQ/U0qnXxSggpI/AAAAAAAACUU/pDhAnIfy5D0/s1600/heartbleed-openssl-bug.jpg" /></a></div>
The <a href="http://www.cyberkendra.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html" target="_blank">Heartbleed bug</a>, the OpenSSL vulnerability that can be exploited to obtain sensitive information from affected servers, has made a lot of headlines this week. The bug is highly critical because it can be used to steal passwords, financial data, and the contents of communications. This was is one of the biggest threat in the Internet history.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
<div>
<b>About the Developer of HeartBeat in OpenSSL</b></div>
<div>
It was Two years ago a German Programmer named <b>"Robin Seggelmann"</b> have coded and developed the new features in OpenSSL called <b>HeartBeat</b>.  Secured Open Source protocol was users by almost every website includes, Social Networking sites, Search Engines, Bank and Financial organisation etc.</div>
<div>
<br /></div>
<div>
As we know that Science (Technology) is a boon for mankind and aboon also in a same way. So developing HeartBeat was great features introduced on OpenSSL, but this feature cost him dearly, as here the most critical bug resides.</div>
<div>
<br /></div>
<div>
Programmer Seggelmann, was just trying to improve the OpenSSL with submitting the updates to the team. But with the same features leads to the cause of the critical vulnerability called "<b><a href="http://www.cyberkendra.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html" target="_blank">HeartBleed</a></b>" as per <a href="http://www.theguardian.com/commentisfree/2014/apr/10/stop-next-heartbleed-bug-open-source-support-open-ssl?INTCMP=ILCNETTXT3487" target="_blank">TheGuardian</a>. Robin Seggelmann submitted the code of OpenSSL with the heartbeat feature in an update on New Year's Eve, 2011. This means the most critical threat has been around for more than two years unnoticed.</div>
<div>
<br /></div>
<div>
<b>Open Doors to Cyber Criminals and NSA</b></div>
<div>
As with the HeartBeat Vulnerability, its gives the chance for the cyber criminals to get active on there operations, because it expose the large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Internet.</div>
<div>
<br /></div>
The developer is responsible for what may be the biggest Internet <a href="http://www.cyberkendra.com/search/label/Security" target="_blank">vulnerability</a> in recent history, but it was just a single programming error in the new feature as he didn't notice the missing validation and unfortunately the same skipped by the code reviewer as well before introducing it in the new released version.<br />
<blockquote class="tr_bq">
<i>"I am responsible for the error," Robin Seggelmann told Guardian, "because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version."</i></blockquote>
 As the HeartBeat was introduced by 2 years ago, so this critical vulnerability was exist for 2 years. As with the recent updates, its being said that US National Security Agency (<a href="http://www.cyberkendra.com/search/label/NSA" target="_blank">NSA</a>) was aware of the HeartBleed vulnerability from earlier.<br />
<i>"But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he said. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."</i><br />
<div>
<i><br /></i></div>
<div>
But <a href="http://www.cyberkendra.com/2014/04/nsa-denies-exploiting-heartbleed.html" target="_blank">NSA have denies</a> for the known of  Heartbleed, with statement saying, <i><b>"NSA was not aware of the recently identified Heartbleed vulnerability until it was made public,"</b></i></div>
<div>
<i><b><br /></b></i></div>
Despite denying the code he put intentionally, he said it could be entirely possible that the government intelligence agencies had been making use of this critical flaw over the past two years.<br />
<blockquote class="tr_bq">
"It is a possibility, and it's always better to assume the worst than best case in security matters, but since I didn't know [about] the bug until it was released and [I am] not affiliated with any agency, I can only speculate," he told The <a href="http://www.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html">Sydney Morning</a> Herald.</blockquote>
</div>

German Programmer took the Responsibility for HeartBleed Vulnerability

The Heartbleed bug , the OpenSSL vulnerability that can be exploited to obtain sensitive informat...

NSA Denies Exploiting 'Heartbleed' Vulnerability

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-UdyavAKYfLk/U0lg_OudHtI/AAAAAAAACTQ/DkaDxCFxBKw/s1600/nsableed-646x363.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-UdyavAKYfLk/U0lg_OudHtI/AAAAAAAACTQ/DkaDxCFxBKw/s1600/nsableed-646x363.jpg" /></a></div>
At this time Internet is filled with the news, post and queries of "<b><a href="http://www.cyberkendra.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html#.U0lcq1WSyuQ" target="_blank">HeartBleed</a></b>" vulnerability that discovered Two days before by the security firm <a href="http://www.codenomicon.com/">Codenomicon</a> along with the Neel Mehta a Google Security engineer. This Vulnerability is one of the biggest security issue in the Internet Security history. This is simply because almost every third-forth of the websites was vulnerable to this Bug. Internet giants like Google, Facebook, Yahoo and so on was affected with this Security loop hole.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
After this a new report has been came-up from <a href="http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html" target="_blank">Bloomberg</a>, which claims that the US National Security Agency has been exploiting <b>Heartbleed </b>for at least two years.<br />
<br />
Initially NSA spokesman have  declined to comment on Bloomberg reports, but after some time on twitter NSA Public Affairs have made a tweet regarding this issue. On the Tweet they denied for the exploiting the HeartBleed bug.<br />
<div>
<blockquote class="twitter-tweet" lang="en">
Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.<br />
— NSA/CSS (@NSA_PAO) <a href="https://twitter.com/NSA_PAO/statuses/454720059156754434">April 11, 2014</a></blockquote>
<div style="text-align: left;">
Additionally there was no much evidence which proofs that NSA was aware of this vulnerability. As OpenSSL would have been one of the agency’s primary targets because of its broad reach and the sensitive information it protects. Intelligence agencies have been said to hunt for and even purchase software bugs that can be used in their efforts.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Moreover, The National Security Council has also <a href="http://bnowire.com/inbox/?id=2307">issued a denial</a> on this, which stats the following-</div>
<blockquote class="tr_bq">
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.<br />
When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.<br />
In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.</blockquote>
<br />
If this happens and come true that NSA was aware of this big vulnerability of Internet then you can imagine that how much data had they collect.<br />
<br />
For the Surveillance program, on December 2013, Facebook, Google and others firm in the industry launched <a href="https://www.reformgovernmentsurveillance.com/">Reform Government Surveillance</a>, which set out principles advocating for more transparency and reform of surveillance laws and practices around the world.<br />
<script async="" charset="utf-8" src="//platform.twitter.com/widgets.js"></script></div>
</div>

NSA Denies Exploiting 'Heartbleed' Vulnerability

At this time Internet is filled with the news, post and queries of " HeartBleed " vulne...

Google got Hacked by XXE Vulnerability

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-vPWB7TsaiOg/U0jVky19j-I/AAAAAAAACS4/7Sz0vE-bx-Q/s1600/Bug-Google-Contest.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hacking Google, Bug Bounty program, Google bounty program, hackers area, reward by Google, Google bug, Google Vulnerability,  XML External Entity vulnerability on Google, Cyber Security field, Cyber Security, information security experts, cyber experts" border="0" src="http://2.bp.blogspot.com/-vPWB7TsaiOg/U0jVky19j-I/AAAAAAAACS4/7Sz0vE-bx-Q/s1600/Bug-Google-Contest.jpg" height="349" title="Bug Bounty By Google" width="640" /></a></div>
It is very true that <a href="http://www.cyberkendra.com/search?q=bug+bounty" target="_blank">Bug Bounty Program</a> that was earlier introduced by the Google and followed by other internet giants Facebook and Microsoft had really helped the organisation much better. With the scheme of giving reward for the unique security loop holes report had really helped the security researcher and a organisation too. This motivate the hackers/researcher to expand there knowledge and also making the existence of "Ethical" word in the Cyber Security field.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
A Security researchers and Co-Founders of Detectify have <a href="http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers" target="_blank">discovered a critical security vulnerability</a> in Google that allowed them to access Internal servers. As per the explanation on the vulnerability researcher stats that the vulnerability exist on the Google Toolbar button Gallery. Toolbar gallery page allows the users to customize their toolbar with buttons. The page also allows the users to create their own buttons by uploading the XML file.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-BeJtjZ_R8mM/U0jVngn5YEI/AAAAAAAACTA/E1nixDAgAqc/s1600/googlexxe_passwd_blurred_873.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hacking Google, Bug Bounty program, Google bounty program, hackers area, reward by Google, Google bug, Google Vulnerability,  XML External Entity vulnerability on Google, Cyber Security field, Cyber Security, information security experts, cyber experts" border="0" src="http://1.bp.blogspot.com/-BeJtjZ_R8mM/U0jVngn5YEI/AAAAAAAACTA/E1nixDAgAqc/s1600/googlexxe_passwd_blurred_873.png" title="Read Internal files on the server" /></a></div>
<br />
This function leads the attackers to execute  <a href="https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing" target="_blank">XML External Entity vulnerability</a> by sending the own crafted XML file. After sending the crafted XML file, researcher is able to read the internal files stored in the Google product server. By exploiting this vulnerability further, researcher managed to read the "etc/passwd" and "etc/host files on the server.<br />
<br />
Further more attacker can also do many task as like  <a href="https://www.owasp.org/index.php/Path_Traversal" target="_blank">local file access</a>, <a href="http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities" target="_blank">SSRF</a> and <a href="https://en.wikipedia.org/wiki/File_inclusion_vulnerability" target="_blank">Remote File includes</a>, Denial of Service and possible <a href="http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution" target="_blank">Remote Code Execution</a>. For this critical report Google rewarded researcher with $10,000. </div>

Google got Hacked by XXE Vulnerability

It is very true that Bug Bounty Program that was earlier introduced by the Google and followed b...

Facebook Revealed Global Government Requests Report Today

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-dT3sKiE-29I/U0gXr-SD8vI/AAAAAAAACSo/Zj-PfNnvNSE/s1600/FB-GovReq-642x336.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="requests, facebook government requests, Global Government Requests Report, Microsoft, Google, Yahoo, and others release government, facebook transparency reports, facebook and NSA, NSA and facebook, remove content from facebook, Facebook mission, goal of facebook" border="0" src="http://2.bp.blogspot.com/-dT3sKiE-29I/U0gXr-SD8vI/AAAAAAAACSo/Zj-PfNnvNSE/s1600/FB-GovReq-642x336.png" title="Facebook Revealed Global Government Requests Report Today" /></a></div>
Today Facebook <a href="http://newsroom.fb.com/news/2014/04/global-government-requests-report-2/" target="_blank">revealed</a> the<a href="https://govtrequests.facebook.com/" target="_blank"> data which stats the numbers of request</a> Facebook received from Law Enforcement and Other Government agencies. In the second half of the last year, the figure was 28,147 which effects the 38,256 users accounts.<br />
<div style="text-align: center;">
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="4684842330" style="display: inline-block; height: 60px; width: 468px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>
As <a href="http://www.cyberkendra.com/search/label/Facebook" target="_blank">Facebook</a> have only revealed its first report in August 2013, and with the figure comparing  second half of last year are slightly higher than those for the first half. For all of 2013, Facebook thus saw 53,754 government requests impacting a potential 66,101 accounts. This figure is approximately same with other internet giants, Google, Microsoft and Yahoo.<br />
<br />
Facebook says on the <a href="http://newsroom.fb.com/news/2014/04/global-government-requests-report-2/" target="_blank">today's post</a> that company not only receiving the request for the account information but also about government requests to restrict or remove content from its service on the grounds that it violates local law.<br />
<br />
Regarding this Company puts a straight forward statement stating that-<br />
<blockquote class="tr_bq">
Facebook’s mission is to give people the power to share, and to make the world more open and connected. Sometimes, the laws of a country interfere with that mission, by limiting what can be shared there.</blockquote>
The request is for account information or is for content removal, Facebook says it reviews each request to make sure it is legally sufficient. Just like almost every other tech firm, the company says it pushes back on requests that are overly broad, vague, or do not comply with legal standards. <br />
<br />
Additionally with this scenario Facebook once again notified all its users about the alleged <a href="https://www.reformgovernmentsurveillance.com/" target="_blank">surveillance</a> efforts by the US government in other countries.</div>

Facebook Revealed Global Government Requests Report Today

Today Facebook revealed the data which stats the numbers of request Facebook received from Law...

News

Google

Offer

Security