Category Archives: Security

v3

Indian Government Orders To Block 30+ Websites


v4  
 

Indian Government Orders  To Block GitHub, Vimeo And 30 Other Websites:
 

There is an interesting news regarding some move made by indian government with respect to websites flourishing in the country and it does make sense as well with their action so as to block certain websites.Internet censorship has been hotly debated in the recent times and the latest move by the Indian Government has stirred many heated conversations. The Indian Department of Telecom has sent a circular to ISPs and mobile operators asking them to block 32 sites which includes github, vimeo, dailymotion and others. Pranesh Prakash, director at the Centre for internet and Society shared an excerpt which lists all the blocked URLs and social media has been in a frenzy with reports.

v2

“The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying Anti India content from ISIS. The sites that have removed objectionable content and/or cooperated with the ongoing investigations, are being unblocked.” Mr Gupta said in a tweet.

“It is Vimeo’s longstanding policy not to allow videos that promote terrorism, and we remove such videos whenever we become aware of them,” said a Vimeo spokeswoman. “We have not received notice from the Indian government concerning such videos and have contacted them requesting the blocking order to identify, and evaluate the video in question. It is our hope that Vimeo can be restored promptly in India.”

v

Many people have confirmed that some of the sites are already not opening with certain ISPs which imply that the order is being implemented.India had blocked websites of various kinds in the past as well for the best of the country and with their new move they should have made the decision by thinking so much by covering every possible loopholes.Keep visiting the site for more updates regarding the news.Good day…!! 🙂

t

Trojans Torrent Locker strikes in Europe

 t

Trojans Torrent Locker strikes in Europe:

Experts warn there is a Trojan Torrent Locker: It forces data on infected PCs hostage and demands over a thousand euro ransom in the online currency Bitcoin.

Since this spring drive first versions of this Trojan encryption world mischief. A new variant of ransomware “Torrent Locker” has now apart according to the manufacturer’s protection programs ESET virus researchers to users in Europe.In the past few months have been infected by the malware over 40000 systems.In Italy, the experts discovered 4500 cases with 53,761,689 encrypted by the Trojan files.In Austria Torrent Locker suggested already in 1504 to time, Germany is ranked 240 incidents still in the lower middle.However, the researchers warn: The Trojan is in Europe on the rise!

t

Torrent Locker travels by email

The distribution of the pest is via spam e-mail, which appends a file that is disguised as payment requests, transport persecutions packages or unpaid parking tickets and users should thus encourage them to click. On infected PCs Trojan encrypts documents, pictures and other files, and demands a ransom for their decryption. The ransom demand the blackmailer in the online currency Bitcoin. And their demand is quite steep: While other Trojans settle for this type of payments between 100 and 300 Euro, require the criminals behind Torrent Locker, a whopping 4,081 Bitcoins! This roughly corresponds to a sum of 1,100 euros. According to the ESET experts already have 570 victims paid the ransom and the racketeers Played over 467,000 euros in the hands. The code analysis of the pest also led researchers but on a hot track: “We expect that the actors behind Torrent Lockers are the same as those behind the banking Trojan” Hesperbot “stuck,” said Marc-Etienne M. Léveillé ESET researchers from Canada. The Trojan will constantly adjusted by the criminals. So they had responded to the previous reporting and adjusts the encryption method used for seizure of files, so Léveillé. Was because until recently victims taken hostage data could free himself nor as a method for extracting the key stream, which is part of the Trojan code, was released. Which is now no longer possible. The best protection against such digital extortion are regular backups of important files and a constantly updated held anti-virus program. Should pay to the demanded ransom certainly did not. Because even then it is not certain that you then again gains access to encrypted files. The money is irretrievably but flutes with certainty.

t

We are expecting to get more news connected with it in the coming days,so keep track of the site to get updated.Good day…!! 🙂

u

Security vulnerabilities in the UMTS network Spotted

u

Security vulnerabilities in the UMTS network:

 

IT experts have managed to bypass the encryption in the UMTS network.So here is an interesting news related with UTMS network and that seems so cool in whole.

Team Nohl cracks UMTS network

Wie the WDR, the ARD evening news and the Süddeutsche Zeitung consistently report, a team led by the Berlin IT security expert Karsten Nohl, overturn the UMTS network of Deutsche Telekom. So they could read along SMS traffic of members of parliament among others. Even the reading of mail and data generated in mobile online banking, is possible. However, the experts point out that there is a provider-cross-cutting issue and Telekom is not affected alone.

Gap in the SS7 protocol

Cause of the safety problem is, according to Nohl called the SS7 protocol encryption. It is used by the network providers for network with other providers, such as roaming partners. Also, it is sometimes necessary to exchange the data encryption for calls from a central office to the next, such as a phone call to continue even if one travels long distances. Nohl the team managed to gain access to the SS7 network abroad by posing as foreign exchange. So they came among others to the SMS of the deputies.

Privacy advocates are alarmed

The Schleswig-Holstein Data Protection Officer Thilo Weichert speaks on tagesschau.de of a “huge risk” and criticized that the system operator “absolutely irresponsible” to deal with the phone secret. Brisant is especially the fact that bank customers channeled their business over the supposedly safe UMTS network.

Telekom attack scenario is no longer possible

The Telekom stressed in a statement that the gap is known and we are dealing with a problem that all network operators would struggle worldwide. However, the company requires, the described scenario abuse requires a high expertise and criminal activity in the reaction. It was important to stay close to the subscriber, have a special receiver that is not available on the market and to gain access to the internal signaling network of mobile operator.

The company claims to have taken in recent months several measures to attacks against their customers within the SS7 problem. Based on the new information, the company now took additional security measures to prevent unauthorized requests to the encryption parameters. Thus, claims the Telekom, was no longer the attack scenario presented possible.

For further updates,keep visiting the site.Have a nice day…!! 🙂

2 Easy steps to combat POODLE attack (SSL 3.0 website bug)

Poodle Attack

There is a new vulnerability discovered called POODLE. Websites using SSL certificates which makes use of SSL V3 protocol are affected. For the end user it means websites where one sees the green color lock symbol in the address bar ( secured websites where data is encrypted and sent over secured layer, generally bank transactions) which uses SSL v3 are at risk. A team in Google has discovered this bug, where an hacker could read the data which is sent in plain text under SSL V3.

How to fix or protect yourself from POODLE attack?

Server side

You can check if a given website is affected by checking if it uses SSL V3 protocol by using this tool by Qualsys SSL labs. If yes, It has to be made retired by allowing only TLS 1.0 and above.

Client side

You can adjust your settings in browsers by directing it to use only TLS v1.0 and above protocols. That could automatically disable you from exposing to SSL V3.0 where it is vulnerable to POODLE attack. You can follow these steps and adjust following settings on your preferred browsers.

Google Chrome
firefox_poodle

Mozilla Firefox
chrome-poodle

Internet Explorer
internetexplorer_poodle

Update 1 : Twitter has retired SSL v3 protocol server side.

Update 2: Firefox 34 has removed support for SSL3 to combat poodle attack.