Follow by Email

Friday, October 7, 2016

MIM Attact Is That Possible WhatsApp ?

Forbes is reporting that the Israeli cyberweapons arms manufacturer Wintego has a man-in-the-middle exploit against WhatsApp.
It's a weird story. I'm not sure how they do it, but something doesn't sound right.
Another possibility is that CatchApp is malware thrust onto a device over Wi-Fi that specifically targets WhatsApp. But it's almost certain the product cannot crack the latest standard of WhatsApp cryptography, said Matthew Green, a cryptography expert and assistant professor at the Johns Hopkins Information Security Institute. Green, who has been impressed by the quality of the Signal code, added: "They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.
"I would bet mundanely the password stuff is just plain phishing. You go to some site, it asks for your Google account, you type it in without looking closely at the address bar.
"But the WhatsApp stuff manifestly should not be vulnerable like that. Interesting."
Neither WhatsApp nor the crypto whizz behind Signal, Moxie Marlinspike, were happy to comment unless more specific details were revealed about the tool's capability. Either Wintego is embellishing what its real capability is, or it has a set of exploits that the rest of the world doesn't yet know about.

Saturday, July 23, 2016

Who was behind the arrest of the well known torrent site kickass ?

Artem Vaulin, the alleged owner of the torrent directory service KickassTorrents, was arrested in Poland earlier this week, charged with copyright infringement and money laundering. As we dig deeper as to what exactly happened, it turns out Apple and Facebook were among the companies that handed over data to the U.S. in its investigation. Department of Homeland Security investigators traced IP addresses associated with KickassTorrents domains to a Canadian ISP, which turned over server data, including emails. At some point, investigators noticed that Vaulin had an Apple email account that was used to make iTunes purchases from two IP addresses -- both of which also accessed a Facebook account promoting KickassTorrents.if you're wondering where exactly iTunes came into play, here's a further explanation. It all started in November 2015, when an undercover IRS Special Agent reached out to a KickassTorrents representative about hosting an advertisement on the site. An agreement was made and the ad, which purportedly advertised a program to study in the United States, was to be placed on individual torrent listings for $300 per day. When it finally went live on March 14th 2016, a link appeared underneath the torrent download buttons for five days. Sure it was a short campaign, but it was enough to link KAT to a Latvian bank account, one that received $31 million in deposits -- mainly from advertising payments -- between August 2015 and March 2016. Upon further investigation of the email accounts, and corresponding reverse lookups, it was found that the account holder had made a purchase on iTunes.

A Safe Bet Verizon-Yahoo

Yahoo is set to be bought by Verizon
Why the telecom company is interested to invest in a Internet poortal ? Here is why
Why Yahoo Was Up For Sale?

Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old companies like Snapchat and WhatsApp have won over users, Yahoo! has not been able to maintain that glory.

Saturday, July 9, 2016

Cithack GoToMyPC Resets All Passwords Citrix

GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites.

Owned by Santa Clara, Calif. based networking giant Citrix, GoToMyPC is a popular software-as-a-service product that lets users access and control their PC or Mac from anywhere in the world. On June 19, the company posted a status update and began notifying users that a system-wide password update was underway.

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” reads the notice posted to “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again. To reset your password please use your regular GoToMYPC login link.”

John Bennett, product line director at Citrix, said once the company learned about the attack it took immediate action. But contrary to previous published reports, there is no indication Citrix or its platforms have been compromised, he said.
“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” Bennett wrote in an emailed statement. “At this time, the response includes a mandatory password reset for all GoToMyPC users. Citrix encourages customers to visit the  GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible. ”

Citrix’s GoTo division also operates GoToAssist, which is geared toward technical support specialists, and GoToMeeting, a product marketed at businesses. The company said it has no indication that user accounts at other GoTo services were compromised, but assuming that’s true it’s likely because the attackers haven’t gotten around to trying yet.
It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few. Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.


Fake Passport Copy can hijack anyone's Facebook Account

BBC has the story. The confusion is that a scan of a passport is much easier to forge than an actual passport. This is a truly hard problem: how do you give people the ability to get back into their accounts after they've lost their credentials, while at the same time prohibiting hackers from using the same mechanism to hijack accounts? Demanding an easy-to-forge copy of a hard-to-forge document isn't a good solution.

Monday, June 13, 2016

Business social media network LinkedIn was agreed to buy by microsoft

Microsoft has announced that it is acquiring LinkedIn, the social network for professionals with some 433 million users, for $26.2 billion, or $196 per share, in cash. The transaction has already been approved by both boards, but it must still get regulatory and other approvals.
If for some reason the deal does not go through, LinkedIn will have to pay Microsoft a $725 million termination fee, according to Microsoft’s SEC filing detailing the merger.

How does this work: 

This is  a big deal of course for Microsoft, it’s bringing a key, missing piece into the company’s strategy to build out more services for enterprises, and give it a key way to compete better against the likes of Salesforce (which it also reportedly tried to buy).

Microsoft's core focus was into software and some hardware by way of its very downsized phones business. But LinkedIn will give Microsoft a far bigger reach in terms of social networking services and professional content — developing the early signs of enterprise social networking that it kicked off with its acquisition of Yammer for $1.2 billion in 2012. LinkedIn’s wider social network, pegged as it is to groups of employees and employers, will give Microsoft a sales channel to sell more of its products, and will serve as a complement to those that it already offers for collaboration and communication.
Microsoft has never been a massively successful company when it comes to social networking — although it smartly invested in Facebook before it went public, and as it has been reported before it was apparently interested at one point in trying to make a bid to buy Slack for $8 billion. LinkedIn’s social network will give it a significant foothold in this area.

Microsoft will acquire LinkedIn for $196 per share in an all-cash transaction valued at $26.2 billion, inclusive of LinkedIn’s net cash. LinkedIn will retain its distinct brand, culture and independence. Jeff Weiner will remain CEO of LinkedIn, reporting to Satya Nadella, CEO of Microsoft. Reid Hoffman, chairman of the board, co-founder and controlling shareholder of LinkedIn, and Weiner both fully support this transaction. The transaction is expected to close this calendar year.

Monday, May 16, 2016

Google Spaces app is referred to as a tool for small group sharing

Google can’t seem to stop making social networks and messaging apps. In fairness, the just announced Spaces app is referred to as a tool for small group sharing. While similar to the Communities feature that Google+ is now built around, the new app seems like a much more focused version of group messaging that better highlights content.

After making or being invited to a topic, users can quickly share articles, videos, and images without leaving the Spaces app. Google Search, YouTube, and Chrome are all built-in. A big focus of the app is to make sharing more seamless by cutting down on manually copying and pasting links.
The browser in Spaces has a big send button to automatically add content to Spaces. The app features a group messaging thread that will notify you of what members in the group are submitting and talking about. Spaces features a search engine to find previously submitted content and has a view to sort by links, photos, and videos.

Users can make a space and invite users through a simple link. Google is announcing Spaces today and the company will be experimenting with it at Google I/O later this week. Each I/O session will have its own space so that developers can connect with each other plus Googlers.
Spaces is rolling out today on iOS, Android, desktop, and mobile web for all Gmail accounts.