Mozilla has released Firefox 21 that closes eight security vulnerabilities including four High level and three critical security flaws.

Critical vulnerabilities : Memory corruption found using Address Sanitizer(MFSA 2013-48 ),  Use-after-free with video and onresize event(MFSA 2013-46), Miscellaneous memory safety hazards ( MFSA 2013-41).

High level vulnerabilities:  Uninitialized functions in DOMSVGZoomEvent( MFSA 2013-47),  Mozilla Updater fails to update some Windows Registry entries( MFSA 2013-45), Local privilege escalation through Mozilla Maintenance Service ( MFSA 2013-44 ),  Privileged access for content level constructor(MFSA 2013-42).

Firefox 21 introduces new feature Social API that "makes it easy for your favorite social providers to add a sidebar with your content to Firefox or notification buttons directly on the Firefox toolbar."

It also introduces Health report that "logs basic health information about your browser and then give you tools to understand that information and fix any problems you encounter".

Users are advised to upgrade the firefox as soon as possible, you can check version and update your browser by selecting to Help->About firefox.

The websites of the Knight Center for Journalism in the Americas and the International Symposium for Online Journalism hit by massive cyber attack that left the sites down for last two weeks.

“The malicious cyber-attack was enough to shut our websites down, but not to enough to shut us up. We rapidly created WordPress blogs to continue our regular and unique report on Journalism in the Americas,” said professor Rosental Alves, founder and director of the Knight Center for Journalism in the Americas at the University of Texas at Austin.

“We have no idea why someone would want to attack our sites"said professor Alves.

They noticed that the origin of the cyber-attack was in computers located in Russia.

According to the Knight center news report, the attack was taken place on March 11. Those affected websites are now back online.

"We had to shut down the sites, while the University of Texas IT department conduct its work to clean the sites and make sure increase its security levels.We are happy to be back with our normal presence on the Web,” said professor Alves.

China's National Computer Network Emergency Response Coordination Center (CNCERT) , the Chinese top cyber security agency reportedly identified that more than half of cyber attacks on this year targeting their nation's computer system are originated from the US.

CNCERT detected 2,196 US-based control servers were controlling 1.29 million infected computers in china.

According to Xinhua report, more than 80 websites of public institutions , Government and companies were attacked from september 2012 to February 2013. CNCERT found that 39 of those websites were attacked from U.S. IP addresses.

"A large amount of facts have proven that for many years, China has been one of the primary victims of cyber attacks," an unnamed official from the China National Internet Information Office told Xinhua.

Last month, US-based computer security company released a report which accused Chinese military unit of conducting a series of sophisticated hacking attack on US. But Chinese authorities denied the accusations and claimed that their systems are targeted by US.

India will soon have National Cyber security Policy that will ensure appropriate measures to tackle cyber crime and cyber attacks, Indian Government officials said.

"We are working on a cyber security policy. We need more work to curb cyber crimes," SiliconIndia News quoted Minister for Communications and Information Technology Kapil Sibal as saying.

In a press report published today by NIC,Minister of State in the Ministry of Home Affairs Shri R.P.N.Singh in Rajya Sabha stated that Government is taking various measures to ensure necessary awareness and robust security system in all the critical Government agencies.

The officials advised All Central Government Ministries / Departments and State / Union Territory Government to do security auditing of entire IT infrastructure including websites.

To prevent Government websites are being hacked by cyber criminals, NIC will not host websites which are not audited with respect to cyber security.

Experts recommended companies to prevent a malicious infection by updating software and reducing access to control system.

An Independent Security Researcher, Sow Ching Shiong, has discovered a serious Password reset vulnerability in Facebook that allowed hackers to change the passwords of facebook accounts.

Normally, User is required to enter his current password before they can set the new one to prevent an unauthorized person from changing the password without the user's knowledge.


However, the Researcher identified that a hacker could change user's password without known the user's current password by accessing the url "https://www.facebook.com/hacked", which automatically redirected to the compromised account recovery page.


In this page,  an attacker was simply prompted to enter the new password and confirm it, without having to know any other information.

Facebook Security Team fixed the vulnerability after being notified by the Security researcher and Sow Ching Shiong has been added to Facebook's white hats list ( https://www.facebook.com/whitehat )

A SQL Injection vulnerability has been discovered in Ruby on Rails that affects  all current versions of the web framework.

According to the advisory, due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope.

A Hacker can manipulate it carefully and thereby inject arbitrary SQL code leading to an SQL injection.

Dynamic finders use the method name to determine what field to search, so calls such as: Post.find_by_id(params[:id]) would be vulnerable to an attack.
 
The vulnerability has been fixed in the latest released version 3.2.10, 3.1.9, 3.0.18. All users running an affected release should either upgrade or use one of the work arounds immediately.

The Vulnerability was disclosed on the the Phenoelit blog in late December  where author used the technique to extract user credentials bypassing the authlogic authentication framework.

The Indian Defence Research and Development Organization (DRDO) is developing India's own secure operating system to strengthen cyber security.

The Director-General of the DRDO, V K Saraswat said that India currently is dependent on many imported OSes based on windows, Linux ,which is likely to be having malware and security holes. That’s why it is essential that India builds its Own operating system.

150 Engineers across the country have already been working on creating an Indian OS for over one year and a half. According to Times of India ,it will be ready in next three years.

Saraswat pointed out that there is no foreign involvement in this project. It is purely build by Indians.

He also advised Defence researchers and scientists to start working together with industry and DRDO and other scientific departments to bring country's own operating system soon.

"we are independent from what is coming from outside world," he stressed.

Great..! But i have to wait for three yeas?!. I want Indian mastermind to create their own Search Engine and more. India has more number of Internet users next to China and US.  China and U.S has their own search engine, then why don't you?!

A hacker with the online handle 'CapoO_TunisiAnoO' has breached The Syrian Embassy website in Belgium and defaced the main page(syrianembassy.be).

"The Cartoon Syrian Army website has been hacked in response to the cyber bullying they're practicing supported by the governmental Syrian Computer Society and in the light of this defacement I'd like to address the world with few words" Hacker said in the defacement page.



"To United States and Europian countries, you claim that you protect the world, help the oppressed and claim democracy."

"But our revolution exposed your real faces and showed humanity that you are advocates of your own interests and that you don't have a humanitarian principle in what you claim, you only raise those banners to occupy nations, inslave their people and steal their treasures just like you did in Iraq and Afghanistan and other places, and maybe soon in Mali"

US Army warns Soldiers that the risks of uploading geotagged photos on Facebook and other social network sites.

Geotagging is the process adding geographical identification metadata to various media such as a geotagged photograph or video, websites, SMS messages, QR Codes. Many smartphones automatically embed the latitude and longitude within the photograph for every picture you take.

By uploading geotagged photos on Facebook or checking-in social media applications such as Foursquare and Gowalla, soldires broadcast their exact location of their unit or their family, said Steve Warren, deputy G2 for the Maneuver Center of Excellence, or MCoE.

There is real-world example that explains the risks of geotagging: In 2007, four US army helicopters(AH-64 Apaches) were destroyed in Iraq after geotagged photos were posted on the Internet.

Facebook's new Timeline feature includes a map tab of all locations users has tagged. Anyone who tagged as friend on facebook can get access to those information.

"Some of those individuals have hundreds of 'friends' they may never have actually met in person," Staff Sgt. Dale Sweetnam, of the Online and Social Media Division explained.

By looking at someone's map tab on Facebook, you can see everywhere they've tagged a location. You can see the restaurants they frequent, the gym they go to everyday, even the street they live on if they're tagging photos of their home. Honestly, it's pretty scary how much an acquaintance that becomes a Facebook 'friend' can find out about your routines and habits if you're always tagging location to your posts.

According to BBC report, The British army has banned the use of mobile phones in operational zones like Afghanistan, and cautions against soldiers taking pictures on smartphones in any circumstances.

Soldiers are asked to disable the geotagging feature on their phones and to check the security settings on their social networking sites to make sure only real friends have access to their information.

"A good rule of thumb when using location-based social networking applications is do not become friends with someone if you haven't met them in person," Sweetnam said. "Make sure you're careful about who you let into your social media circle."

Sibal also emphasised upon the need for greater government-to-government collaboration on sharing of information, global vision to deal with hackers, legal framework that addresses the requirements at the global, regional and local levels to combat cyber crimes.

"Existing international institutions are no match for 21st century problems. The New Delhi summit process offers an unprecedented forum for policy innovation in what may be the greatest threat to the stability of our global digitalized world," said EWI president John Edwin Mroz.

An Internation cyber Security Conference has begun in London, 60 countries gathered to discuss about the Cyber Crime and Security. 

Experts attending the conference included EU digital supremo Neelie Kroes, Cisco's vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.

Mr Hague led the opening session.

"The biggest threat to the internet is not cybercriminals, but misguided or overreaching government policy," Mr Hague said.

Ross Anderson, professor of security engineering at Cambridge University, said there had been a "great growth" in cybercrime over the past six years.

"As many as 5% of PCs are infected with malware - short for malicious software -  and there was a one in 20 risk that any given computer was sending spam without the owner's knowledge." Prof Anderson added.

UK Prime Minister David Cameron said, "We have to come together to tackle cyber crime... This costs the United Kingdom an estimated 27 billion pounds a year."

Pakistan has threatened to block Google as its administrator was not helping the country's premier investigating agency in nabbing people involved in cyber crime.

Interior Minister Rehman Malik said the administrators of internet-based search engines like Google and YouTube were not supporting the Federal Investigating Agency (FIA) to tackle cyber crime.

He added that Interpol's help was being sought in this regard, media reports said.

If Google did not help FIA in future then a case would be registered against it, the minister said and warned that Google could be blocked in Pakistan for not cooperating.

Since terrorists involved in the Mumbai attacks had used the internet-based telephonic service based in the US, Malik suggested that action should be taken against the service provider according to the country's laws for involvement in cyber crimes.

On Wednesday, 48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked.

Cryptome, a site affiliated with the hacker collective Anonymous, published the membership emails and phone numbers and in some cases home addresses for the members of the Intelligence and National Security Alliance (INSA). By clicking on a link titled, “INSA Nest of Official and Corporate Spies,” anyone can find contact information for senior officials at the NSA, FBI, and CIA, as well as top national security contracting firms like Booz Allen Hamilton.

The apparent cyberattack on the Intelligence and National Security Alliance, or INSA, is the latest example of the ability of hackers to penetrate the computer systems of government agencies and private companies — including those that pride themselves on their savvy and expertise in cybersecurity.

INSA is only the latest example of how the intelligence community and its affiliated contractors have been hacked by increasingly brazen hackers. On July 11, Anonymous published some 90,000 emails and login credentials for U.S. military officers after breaking into the servers of Booz Allen Hamilton. The group published the data on a website called Pirate Bay and announced on Twitter that July 11 was “Military Meltdown Monday.” The month before, another group of hackers called “LulzSec” (who claim to have since disbanded) published internal files from the FBI and claimed to briefly disable the CIA’s public website.

"Due to the nature of our business, INSA takes security very seriously," McCarthy said in a statement. "We are outraged that someone finds it sporting to make private organizational data public, but we are not naïve. It is not a coincidence that this incident happened just two days after INSA's Cybersecurity Council released a report documenting the need for government and the private sector to begin to work together to solve our nations cyber security vulnerabilities."

The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks.

The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months.

The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to "solicit ideologically dissatisfied, sympathetic employees" to the cause.

The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the DHS bulletin warned.

DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript, dubbed #RefRef.

The new attack tool is said to be capable of using the server's own resources and processing power to launch a denial of service attack against itself, but "so far it's unclear what the true capabilities of #RefRef are," the DHS said in the bulletin. The tool is slated to be released Sept. 17.

DHS also referenced the "Apache Killer" Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.

The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. "Occupy Wall Street" is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.

Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.

The bulletin itself is unusual in that DHS hasn't commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.

"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.

source: eweek

Peiter Zatko, a hacker known as Mudge who is now at the Defense Advanced Research Projects Agency, said he joined the Pentagon's research arm to try and build bridges between the government's cybersecurity needs and hackers working on innovative projects. DARPA has launched the "Cyber Fast Track" program, intended to cut red tape for hackers to apply for funding for projects that would help the Defense Department secure computer networks.

The Defense Advanced Research Projects Agency (DARPA) is an agency of the United States Department of Defense responsible for the development of new technology for use by the military. DARPA has been responsible for funding the development of many technologies which have had a major effect on the world, including computer networking, as well as NLS, which was both the first hypertext system, and an important precursor to the contemporary ubiquitous graphical user interface.

Zatko said he decided it was time to start funding hackers and boutique security firms, "and making it actually easy enough for them to compete for government research money with the large, traditional government contractors."

source

Today when i tried to download one file from the mediafire link but i am not able to access it.  Initially i thought there is some problem with my internet connection.  Then only i remembered what i read few days back "Indian telecom is going to block mediafire,rapidshare and all file sharing service".

Yes it is true.

Department of Telecom (DOT) India has ordered all ISP ( Internet Service Providers ) to block file sharing websites in India. DOT India has brought this new policies to stop piracy. As we know through this file sharing site, most of us are downloading illegal copies of latest movies, songs, software’s, so to put an end to it and to control illegal file sharing to a greater extend GOVT of India and DOT have passed this  new policies. There is also speculation that Torrents will also get blocked soon.

According to source , the following file hosting sites will be blocked:


1. Megaupload.com
2. Mediafire.com
3. Megavideo.com
4. VideoBB.com
5. Novamov.com
6. Movshare.net
7. Rapidshare.com
8. Putlocker.com
9. Hotfile.com
10. Fileserve.com
11. Filesonic.com
12. Filesonic.in
13. Depositfiles.com
14. Wupload.com
....
....

The following websites are blocked in my Aircel Internet connection:

• mediafire.com
• rapidshare.com
• filesonic.com
• wupload.com

All ISP providers including BSNL , Asianet, MTNL, Reliance, TATA Telecommunication started to block file sharing websites, torrent sites, porn sites will get blocked in the coming months.