Opera Data Breach! Sync Password stolen

Opera Data Breach! Sync Password stolen
If you use opera browsers for surfing the internet then here is an nasty news for you all.
Today, on the blog posts opera mentioned that they have found a system breach on of there browsers syn system.

Opera users who utilized the browser's cloud sync option may have had that synchronized data taken by hackers, according to the company. While the full extent of the breach isn't yet known, Opera fears that passwords saved in the browser's manager may have been exposed.

Till yet Opera team have not fully identified the all whole incident, they have just got a sign of the breach into their system. What and how was I'd not clear yet.

Most concerning is the possibility is that the synced passwords kept on the server were taken along with usernames and account passwords.

The sync system is wisely designed such that the synced passwords are encrypted while at rest on the server. That way, if accessed, they wouldn't be very useful to the hackers. The only problem? These hackers may have gotten the accounts' passwords too, potentially making it possible to decrypt those synced passwords!

For security purposes, Opera recommend it's syn users to change there third party passwords that were stored in the browsers systems.

To be clear Opera team have mentioned that only users that were using opera cloud sync system were affected and rest is secured.
Read More

Reliance Jio to Offer 1 Year of Free 4G with Lyf Smartphones

Reliance Jio to Offer 1 Year of Free 4G with Lyf Smartphones
Reliance Jio is now on another way, after offering unlimited 4G data, voice and SMS service under its Preview offer. The new and exciting news is that Reliance Jio is going to offer it's unlimited 4G preview for 1 year validity with LYF phone.

Initially Reliance had released its 4G preview offer with LYF phone only and later on the preview offer was expanded with Samsung mobiles.

Currently the Jio preview offer is been available with Samsung, LG, Panasonic, YU, Micromax handset. Recently, the Reliance Digital stores across the country also started providing Jio SIM cards under the preview offer to any users with 4G smartphones. That said, still now some Reliance stores are denying to offer SIM cards for any random 4G smartphoneciting lack of information from their head office.

According to the sources, the users will not get free voice calls and SMS. Whatsapp, which is seen as an SMS replacement is also being used for regular voice calls as its has a huge user base in India. Since providing unlimited 4G internet free for a year is a huge deal, the company might put a cap of 75GB per month. Unlike any other Indian service provider, Jio is offering pan-India coverage of its 4G network. Once the deal is made official, Reliance will see a huge increase in the sales of LYF smartphones along with the increase in Jio 4G subscribers.

Reliance Lyf series of smartphones are being offered in a wide range of prices starting from as low as Rs 2,999 to as high as Rs 20,000. The Lyf smartphones are being offered through a number of local retails shops as well Reliance Digital and Digital Xpress Mini stores across India.
Read More

Reliance Jio SIM available for Everyone with Unlimited plans

Reliance Jio SIM available for Everyone with Unlimited plans
As we all know that Jio, also known as Reliance Jio and officially as Reliance Jio Infocomm Limited, it is an upcoming provider of mobile telephony, broadband services, and digital services in India.

Finally, the Reliance Jio Infocomm Limited started an open sale of its Jio 4G SIM cards after a very long time, with free unlimited 4G data for 90 days. Yes, it means that if you own any 4G smartphone then you can simply walk into the nearest Reliance Digital Store or Xpress Mini Store just to get a new Jio 4G SIM card with free unlimited 4G data, voice calling, SMS, along with the access to all Jio apps and services for 90 days.

As we all know very well that Reliance Jio, which is still in beta phase, previously it was actually available to users through its own Lyf range of smartphones. A few months later, the company then extended the service to the small range of Samsung smartphones like Samsung J series, the A series, as well as flagship Samsung Galaxy S and Galaxy Note series.

Now many users might be thinking that there is something hidden process or coupon codes to get access to the Jio SIM card, but, don’t worry about that as the Reliance telecommunication has confirmed that users can simply grab Reliance Jio 4G SIM cards from the Reliance Digital store or Xpress Mini Store as they are now available through an open sale without any coupon codes.

As we told earlier that customers can simply walk into the Reliance Digital Store or Xpress Mini Store to get a new Jio 4G SIM card. But still, we have to follow few simple guidelines to purchase the Reliance Jio 4G SIM card.

Here is the basic information to buy a Reliance Jio SIM card, customers need to submit their KYC documents which basically includes the documents like Passport, Voter’s Identity Card, Driving Licence, Aadhaar Letter/Card, NREGA Card, PAN Card along with a passport size photograph to get a Jio SIM card.

However, the Reliance Jio Infocomm Limited has able provide fast and reliable 4G service in India and the last month report states that Reliance Jio users are generally using 26 GB of data on an average per month. But, till now the network was shared by a limited number of users, where most of its users got good speed.

Furthermore, the real test of the network will start now, as the company started the open sale where more and more users would join Reliance Jio network every day through this open sale.
Read More

NSA Hacked! Bunch on Hacking tools Leaked

NSA Hacked! Bunch on Hacking tools Leaked
A group of hackers going by the name “The Shadow Brokersclaims to have penetrated an NSA-backed hacking operation, and has leaked a bunch of hacking tools it claims is from the NSA. But that’s not all: the Shadow Brokers claim to have much more data, and are currently hosting a Bitcoin auction to sell it off to the highest bidder.

The hackers claim to have penetrated something called the “Equation Group,” a hacking organization widely believe to be the NSA. Asampling of the stolen files already posted shows similarity between the files and information revealed about the NSA’s hacking operations in the Snowden leaks.


The files mostly appear to be hacking tools and scripts, although it’s unclear how much the hackers made off with. Their announcement on Pastebin specifically keeps the details of the stolen files a secret, since “Equation Group not know what lost. We want Equation Group to bid so we keep secret.”

Some of the security expert have tested least of leaked data and found that it contains several exploits for popular firewalls including Cisco, Juniper and Fortinet.

Hackers group Shadow Brokers have posted the leaked data on GitHub. Unfortunately GitHub had deleted the leaked database.

As NSA had successfully got hacked and this is one of the highest profile and most serious hack of this year.
Read More

Address Bar Spoofing on Chrome and Firefox by Rafay Baloch

Address Bar Spoofing on Chrome and Firefox by Rafay Baloch
A well know security researcher and mine good friend 'Rafay Baloch' have discovered another vulnerability on most popular web browsers, Google Chrome and Firefox, which have the high risk severity.

There was an address bar Spoofing flaw on both the browsers which allow an attacker to trick a user into visiting a spoof website that appears to be legitimate.

The address bar spoofing flaw works because some languages that display right-to-left, such as Arabic, are rendered differently.

On his blog he had wrote full details about the vulnerability, where he explained that the flaw could be used to trick users into supplying sensitive information to a malicious site, because the website appears to be legitimate in the browser's address box.

This address bar spoofing flaw works because some languages that display right-to-left, such as Arabic, are rendered differently. He explained that if you take a neutral right-to-left character (such as a forward slash), it can be used to flip a web address to also display right-to-left.

For example: 
127.0.0.1/ا/http://example.com would instead appear in the browser bar as http://example.com/‭ا/127.0.0.1.
 With this bug attacker can easily mask the malicious link under the legitimate url. In a simple words, users see the same URL that he/she wants to visit in the browsers URL bar, but the contents it getting is of the hidden URL under the legitimate one.

Rafay had reported the vulnerability to both vendors and they were got fixed, but the vulnerability still resides on some other popular browsers.

For this bug finding, Rafay got $5000 of monetary rewards.
This is not the first time that Rafay had reported the Spoofing Vulnerability. Earlier also he had reported the same bug on Android devices browsers which put millions of users under threats.
Read More

Download Google's Duo Video Calling App(apk)

Download Google's Duo Video Calling App(apk)
This year at I/O Google announced its video chatting app called Duo, along with a messaging app Allo. The release of both the app is by the end of this summer, and here it is. Currently we only seen the video calling app Duo, and that too not available yet.

Currently Duo app is listed on Google play store, but showing pre-registration. Means users can't download the app right now, but can register for the app when it will available.

Duo is designed to be a simple 1-on-1 video chat client without all the complications and baggage of Hangouts. It's based on your phone number, so you can chat with anyone in your contact list that has Duo—it's compatible with both Android and iOS out of the gate. It's just one tap to start a call. When someone hits you up on Duo, you'll also see a live video of them before you answer; like a digital peephole.

As users can't download the app right now from play store, but we have latest Duo app apk for Android users. Just download Duo app from here.
Read More

Reliance Jio Sim Free on Every Smartphone -Soon

Reliance Jio Sim Free on Every Smartphone -Soon
Reliance Jio has been on headlines from last couple of months for is latest 4G free unlimited service on their preview offer.

Again here we have a good news for you all that Reliance Jio is planning to offer free Jio 4G SIM to anyone who purchases smartphone costing Rs. 10,000 and above.

Firstly, Reliance started its 4G preview offer on LFY smartphone with the unlimited data, voice and SMS for 90 days.
Recently, this preview offer was extended to users having select Samsung smartphones including Samsung Galaxy S7, Galaxy S7 edge, Galaxy S6, Galaxy S6 edge, Galaxy S6 edge Plus, Galaxy Note Edge, Galaxy Note 5 / Note 5 Duos, Galaxy Note 4 Galaxy A8, Galaxy A5 2015 and A5 2016 and Galaxy A7 2015 and A7 2016.

Last week, the preview offer has been extended to HP users who were offered to buy ‘JioFi 2’ hotspot device at a subsidized price of just Rs. 2,899.

According to the Indian smartphone price list site, Pricebaba.com - Jio would beoffering free Jio SIM (under Jio Preview Offer) to all who buy new smartphones costing above Rs. 10,000. This offer would be made available around this weekend, near the expected commercial launch of Jio 4G.

However it is not been clear whether the phone need to be specifically purchased from Reliance Digital Stores or not. However, we think, it might be valid on new mobile purchases only in Reliance Digital Stores.
Read More

Bugs in Linux open doors for Hijacking Attack

Bugs in Linux open doors for Hijacking  Attack
A newly discovered vulnerability mainly in Linux system can terminate the connection between two parties remotely.

Even if the connection between two parties is encrypted, attacker can remotely close the connection between them, and if not encrypted, attacker can inject a malicious code between the connection.

The vulnerability resides in the design and implementation of RFC 5961, a relatively new Internet standard that's intended to prevent certain classes of hacking attacks. In fact, the protocol is designed in a way that it can easily open Internet users to so-called blind off-path attacks, in which hackers anywhere on the Internet can detect when any two parties are communicating over an active transmission control protocol connection. Attackers can go on to exploit the flaw to shut down the connection, inject malicious code or content into unencrypted data streams, and possibly degrade privacy guarantees provided by the Tor anonymity network.

About Vulnerability
Researchers from University of California and US army Research will demonstrate the vulnerability and also shows the Proof-of-Concept of exploit, at 25th Usenix Security Symposium.

Video Demonstration
Here is a video Demonstration of the bug, where researchers have show the live exploitation of bug on US Today media site.
It is clear that US Today site is vulnerable and there are many more top sites that suffers from this bug.

Cause of the Vulnerability
As the bug resides in the design and implementation of RFC5961, the problematic RFC 5961 has not yet been fully implemented in Windows or Mac OS X, so those operating systems aren't believed to be vulnerable. By contrast, the Linux operating system kernel, starting with version 3.6 introduced in 2012, has added a largely complete set of functions implementing the standard. Linux kernel maintainers released a fix with version 4.7 almost three weeks ago, but the patch has not yet been applied to most mainstream distributions. For the attack to work, only one of the two targeted parties has to be vulnerable, meaning many of the world's top websites and other services running on Linux remain susceptible.
Read More

Australian census attacked by hackers

Australian census attacked by hackers
The Australian census website was shut down by what authorities said was a series of deliberate attacks from overseas hackers.

Millions of Australians were prevented from taking part in the national survey on Tuesday night.

The Australian Bureau of Statistics (ABS) had boasted only hours before that its website would not crash.

The prime minister assured the public that their personal information was not compromised.

Every five years, everyone in Australia is required to fill out forms are compiled to provide a snapshot of the country.

Two-thirds of Australians were expected to complete the census online this year, rather than on paper.

Prime Minister Malcolm Turnbull said that public's personal information was safe and and stressed the "unblemished record" of the ABS.

"The one thing that is absolutely crystal clear is that there was no penetration of the ABS website," Mr Turnbull said.

Assistant Treasurer Michael McCormack, who was responsible for overseeing the census, denied that the national survey was "hacked" or "attacked".

Tracking the Cause if Incident
The ABS is now working with authorities to determine the source of the "denial of service" attacks.

"The Australian Signals Directorate are investigating, but they did note that it was very difficult to source the attack," chief statistician David Kalisch told the ABC.

"The scale of the attack, it was quite clear it was malicious.

"Steps have been taken during the night to remedy these issues and I can certainly reassure Australians that the data they provided is safe."

Source:BBC
Read More