h4ck3r _ N3w5

If you’re a bug hunter and love playing with codes than you could grab as much as US$15,000 from Microsoft for finding out vulnerabilities in its latest Project Spartan browser.

Yes, $15,000!

It seems like Redmond don’t want to take a chance to let hackers and cyber criminals get their hands on the company’s latest Windows 10 operating system.

On Wednesday, Microsoft announced that the company will be expanding its bug bounty program ahead of the release of Windows 10, which will include a two-month hunt for vulnerabilities in its new web browser, Project Spartan.

So, it’s time for security researchers and hackers to earn extra cash from Microsoft.

For those who are unaware… What’s Project Spartan?

Project Spartan is Microsoft’s project for its new web browser to replace the oldest Internet Explorer from its Windows operating system.

Though the project is still very much under the developmental stage, Microsoft is making every effort to make Spartan better and better as a browser.

The day Microsoft launched this project till now, the browser has received as much steady stream of improvements as it could give a tough competition to Google’s Chrome web browser.

As it is said, the first impression is the last impression. Therefore, the technology giant is offering several payout categories which starts from $500 and ends with the top reaching bug bounty amount of $15,000 (11,000 Euro) for eligible vulnerabilities in Spartan, which includes…

…Remote Code Execution (RCE) bugs, Sandbox Escapes as well as design-level security bugs.

You have time beginning today till June 22, 2015 to submit your bug reports to the company. So don’t be late.

Also, those hackers and researchers who submitted vulnerability reports since the beginning of 2015 would also be rewarded if the discovered vulnerabilities meet the eligibility criteria.

This new bug bounty program also offers payouts for vulnerabilities in Microsoft’s Azure cloud platform, and Sway Web application tool, Jason Shirk of Microsoft’s Security Response Center says in a blog post.

The bug bounty offer for Azure will cover cloud services, virtual machines, Active Directory, storage and much more.

Microsoft is also offering up to $100,000 USD to bypass active mitigations (such as ASLR and DEP) in the company’s latest released version of the operating system, and “a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass,” Microsoft says.

So play, discover and submit your findings by including all your details in an email to secure@microsoft.com based on the company’s requirements on this page.

Subscribe for Latest News

Follow ‘Mohit Kumar’ on Google+, Twitter or Facebook or Contact via Email.

Recommended Stories

Latest Stories

Comments

via The Hacker News http://ift.tt/1Gn63Gc

After rolling out WhatsApp’s Free Voice Calling feature for Android users late last month, the widely popular messaging service has started to roll out the feature to iOS users.

Now iOS users can enjoy making free voice calls through WhatsApp, as the new version of the messenger is now live in the iOS App Store with support to calling.

WhatsApp calling feature allows you to call your friends and family anywhere in the world for free as long as you have a Wi-Fi network or a working data plan on your registered number.

The full description of the WhatsApp Calling feature on the App Store page reads:

“Call your friends and family using WhatsApp for free, even if they are in another country. WhatsApp calls use your phone’s Internet connection rather than your cellular plan’s voice minutes (Data charges may apply) Note: WhatsApp Calling is rolling out slowly over the next several weeks.”

The last line indicates that the feature, so far, is not actually available for all iOS users, but rather will be available in “the next several weeks” when the new WhatsApp Calling reaches your iOS device.

Not just free voice calling, WhatsApp for iOS also adds some major updates to the messaging app. It comes with its sharing extension, which means now you can easily share links, photos and videos from within other apps directly to WhatsApp.

Moreover, WhatsApp tends to roll out other new features that include a “quick camera” button, which lets you quick access to the camera so that you can shoot and send videos and photos from within WhatsApp messages.

But honestly: Free Voice Calling is the real kicker.

You can download the latest version of WhatsApp from the App Store now, however you will definitely have to be a little patient to wait for the messaging giant to switch the button ON for the free voice calls on your account.

via The Hacker News http://ift.tt/1DSiQN5

Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users’ Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot.

It’s like Denial of Service (DoS) attack on Apple’s iOS devices that results in crashing either individual iOS apps or users’ entire iPhones.

NO iOS ZONE

Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled “No iOS Zone“, at the RSA security conference in San Francisco on Tuesday.

The duo showed:

It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users’ mobile devices with incredible accuracy.

Also, even the “No iOS Zone” attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots.

It is nothing but a DoS attack…

…that makes the device inaccessible by its users, just like in the case of websites and servers.

“Anyone can take any router and create a [malicious] Wi-Fi hotspot that forces [nearby users] to connect to [attackers] network, and then manipulate the traffic to cause [their mobile] apps and the operating system to crash,” said Sharabani speaking at the RSA Conference.

So, What could be done in order to get rid of attacker’s malicious Wi-Fi?

Just Run Away!

Yeah! It sounds really strange, but users have no other choice if they find themselves in this situation.

The only thing that could be done by iOS users is to run away from that malicious hotspot’s range.

“There is nothing you can do about it other than physically running away from the attackers,” Sharabani said. “This is not a denial-of-service [attack] where you can’t use your Wi-Fi; this is a denial-of-service [attack] so you can’t use your device even in offline mode.”

Another best measure is to simply avoid the free wireless networks you find in the street providing public Internet access.

Now, Let’s learn how it is possible:

All an attacker need to do is create a malicious wireless network that uses the Wi-Fi connection in order to manipulate SSL certificates sent to iOS handsets.

Once the devices are connected to this malicious wireless hotspot, the attacker can launch a malicious crafted script forcing denial-of-service (DoS) which causes the apps as well as the phone to crash.

Here’s the Video Demonstration:

The duo has also produced videos showing the DoS attack on iOS devices in action. You can watch the video below. You can also download the PDF related to this wireless attack.

Both Sharabani and Amit have contacted Apple about this issue, but it is yet unclear whether the company has released a complete fix or not.

Due to this reason, the duo has decided to not to provide any additional technical details about the flaws and issues they exploited in their attack; just to make sure iOS users are not exposed to the danger of the exploit caused by this vulnerability.

via The Hacker News http://ift.tt/1aSk1lh

Sad but True! Your Apple’s Mac computer is vulnerable to a serious privilege escalation flaw, dubbed “RootPipe,” even if you are running the latest version of Mac OS X.

What’s RootPipe?

Back in October 2014, a Swedish White Hat hacker Emil Kvarnhammar claimed to have discovered a critical privilege escalation vulnerability, he dubbed the backdoor as “RootPipe,” in some versions of Mac OS X including the then newest version 10.10 Yosemite.

The vulnerability (CVE-2015-1130) could allow an attacker to take full control of your desktop Mac computer or MacBook laptop, even without any authentication.

Keeping in mind the devastating effect of the RootPipe vulnerability, the researcher privately reported the flaw to Apple and did not disclose the details of the flaw publicly until the company released a patch to fix it.

Apple did release an update but failed to patch RootPipe:

Earlier this month, Apple released the latest version of Mac OS X Yosemite, i.e. OS X Yosemite 10.10.3, and claimed to have fixed the so-called Rootpipe backdoor, which had been residing on Mac computers since 2011.

However, the company did not fix the flaw in the older versions (below 10.10) of the operating system due to uncodified Apple policy on patching, leaving tens of millions of Mac users at risk.

“Apple indicated that this issue required a substantial amount of changes on their side and that they would not backport the fix to 10.9.x and older,” Kvarnhammar said in a blog post on the TrueSec website.

But here’s the worse part:

Apple’s RootPipe vulnerability patch for Mac OS X Yosemite 10.10.3 is claimed to be itself vulnerable, which again left all the Mac machines vulnerable to the RootPipe attacks.

Holy Crap!

Patrick Wardle, an ex-NSA staffer and current director of R&D at Synack, claimed to have discovered…

…a new way around Apple’s security fix to reabuse the Rootpipe vulnerability, again opening path to the highest privilege level – root access.

Though this time, the attack requires a hacker to have gained local privileges, which could most likely be obtained via a working exploit of other software sitting on Mac machines.

Here’s the Video Demonstration:

Wardle has demonstrated his hack attack in action in a video proof-of-concept (POC), which you can watch below:

Wardle has already reported his findings to the Apple’s security team and would not disclose the details of his attack code public before the company will not issue a complete and unbreakable fix.

Now, let’s just hope to get a tough fix for Rootpipe backdoor this time from Apple. Last time the company took nearly six months to release a patch that was fooled by Wardle sitting on a flight.

via The Hacker News http://ift.tt/1OaiqcW

The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability, affecting hundreds of thousands of online merchants worldwide.

If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers.

Which isn’t great?

This serious flaw in Magento platform exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server.

All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions.

Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and gain complete control of the vulnerable online store and its complete database, thereby allowing credit card theft and other administrative access into the system.

The worse part:

The most disturbing part is that this vulnerability was discovered by the security researchers of Check Point research team and reported together with a list of suggested fixes to Magento back in January this year.

Without any delay, Magento also released a patch (SUPEE-5344 available here) to address the vulnerability on February 9, 2015.

However, it’s been more than two months since the release of the patch and still more than 50 percent of all the Magento websites are vulnerable to the attacks, which is worst as they are E-commerce websites.

“The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores — which represents about 30% of the ecommerce market,” Check Point wrote in a blog post on Monday.

So, you need to patch your Magento site now!

Therefore, online store owners and administrators are urged to apply the patch immediately, as the impact of Magento e-commerce websites getting compromised can be devastating for all online buyers that make or has made use of a website built on the platform.
Recently, it was also discovered that the cybercriminals are malvertising legitimate Magento e-commerce website in order to send all the data, including credit card details, submitted by its customer amid checkout procedure to a third-party malicious site controlled by attackers.

via The Hacker News http://ift.tt/1Hda4NG

Quite surprising but the just released Apple’s iOS 8.4 beta has been jailbroken by a well-known hacker.

Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as “i0n1c” in the jailbreak community.

i0n1c has also shared a video proof-of-concept, titled “iOS 8.4 Beta 1 Jailbreak Preview 1,” showing…

…an iPhone 6 Plus model (that runs on iPhone 7.1) powered with iOS 8.4 Beta 1 has been jailbroken with Cydia icon showcased on the Home screen.

In order to prove the jailbreak on iOS 8.4 beta 1, the hacker shows off the Apple Watch companion app, the newly redesigned Music app, and the new Emoji keyboard as well, while giving the video demonstration.

The video demonstration by the hacker proved an actual jailbreak for iOS 8.4 beta 1, but don’t expect a public iOS jailbreak tool iOS 8.4 or any other firmware from i0n1c.

No doubt this seems to be a great news for all Jailbreakers, but actually it’s not…

…because i0n1c has not released any iOS jailbreak tool for iOS 8.4 beta 1 and neither he’ll. So, don’t get excited for an iOS jailbreak tool for 8.4 beta 1.

i0n1c has contributed to the development of untethered iOS jailbreak tools in the past, and this video is his personal work that he is proud of.

According to the hacker, the vulnerability he discovered is not a new flaw in Apple’s iOS. “Instead, it is inside the code virtually forever,” i0n1c says. However, this is incredibly interesting that the new code had nothing in common with CyberElevator for iOS 7.1.1.

The hacker posted the video along with a detailed note, which reads:

“Today I am delighted to share this video of a proof of concept iOS 8.4-beta 1 jailbreak that I was working on the last 4 days….I am not showing persistence or an untether at the moment because something is broken with it. But hey this is just a first proof of concept.”

An untethered iOS jailbreak is a jailbreak where your iOS devices do not require any reboot with a connection to an external device capable of executing commands on the device.

No matter he did not release any iOS jailbreak tool for 8.4 beta 1, but hopefully we can expect one from TaiG or PanGu team that work on finding iOS exploits. So keep an eye on them if you love Jailbreaking your iPhones.

Recently, PanGu team of Chinese hackers has released a partial iOS jailbreak for Apple’s iOS 8.3, the latest publicly released version of the Apple’s mobile operating system.

via The Hacker News http://ift.tt/1Iy2kmC

If you are really upset with Chrome browsers warnings that your HTTPS enabled website contains unsecured third-party contents that sometimes force your users to close the tab, Google has solved this problem for you.

With the release of the next version of Google’s popular browser, Chrome 43, it may be easier for developers and system administrators to ensure HTTPS websites are not compromised by insecure HTTP resources.

Until now, the current browsers of Google flag a ‘mixed-content warning‘ in the form of a yellow triangle over the padlock if any HTTPS page loads any resource from an unencrypted HTTP URL.

What’s mixed content? And…

…Why should I worry about Mixed content if I am using HTTPS on my web pages?

If, say, your website has HTTPS enabled but your website’s pages are loading contents, such as images, retrieved through regular, clear text HTTP URLs, then it is believed that the connection is only partially encrypted.

Partially encrypted communication means:

The unencrypted HTTP content on the secured web pages could be accessed by hackers as well as could be modified by Man-in-the-Middle (MITM) attackers, which results in unsecured connection. This behavior of web pages is called a mixed content page.

However, Mixed content is no longer a problem:

As Google says, “mixed content checking causes headaches,” therefore the company is introducing a new command in its next version of the browser.

Chrome 43 – which is in beta right now but should be stable in May – will not flag any mixed content warning, thanks to a new browser Content Security Policy directive known as Upgrade Insecure Resources.

The Upgrade Insecure Resources “causes Chrome to upgrade insecure resource requests to HTTPS before fetching them,” Google explained in its blog post.

The search engine giant recommended you to enable it via an HTTP response header, “Content-Security-Policy: upgrade-insecure-requests,” if all the content is controlled by you.

However, if the unsecure resources are served from a web server you don’t control, you can include the <meta http-equiv=”Content-Security-Policy” content=”upgrade-insecure-requests”> tag in your page’s <head>.

The search engine giant has also demonstrated the feature.

Now, this is something that will rejoice developers and system administrators because a simple yellow triangle warning bar in the browser’s address bar makes their users think twice that whether they continue to keep browsing or close the tab.

Not just this, Google has recently announced plans to move its advertising platforms to encrypted HTTPS by June 30 this year in an effort to help protect privacy and security of its online users.

via The Hacker News http://ift.tt/1J2vDRt

Encryption is one of the major steps to be taken by every big technology giant in order to protect its users over the Internet, and, among those, Google has set an admirable example by gradually moving all of its online services to use strong HTTPS encryption.
So far, Google encrypted email by switching its Gmail service to HTTPS, Google encrypted data communicating between its servers, Google gives priority to encrypted websites in its search results, as well as Google search also uses HTTPS.

Now:

To help protect privacy and security of its users, the search engine giant is moving its advertising platforms to HTTPS, as well.

Google has already moved its YouTube advertisements to HTTPS as of the end of last year, but Google has a widely spread ad network that serves ads to Hundreds of Millions of users across the Globe every day.

However, the content of those ads are mainly controlled by the advertisers, and we cannot predict their intention. To better combat this issue…

…Google will serve most of its advertisements over encrypted links by the end of June this year.

“The vast majority of mobile, desktop computer, and video display ads served to the Google Display Network, DoubleClick and AdMob publishers will be encrypted [by June 30],” Google said in a blog post.

For advertisers buying ads through Google…

…the search engine giant is also planning to make similar changes. This means:

The advertisers using any of the buying platforms, such as AdWords or DoubleClick, will have an option to serve HTTPS-encrypted display advertisements to all HTTPS-enabled inventory, such as Gmail and YouTube.

According to the company, the advertising industry could help make the Internet safer for all online users by encrypting ads. It also points to a recent post published by the Interactive Advertising Bureau (IAB), announcing that in 2015, the ad industry “needs to finish catching up” and adopt HTTPS.

Though the company didn’t provide any deeper explanation about the use of encryption in the advertising platform, the move could be a part of Google’s efforts to encrypt everything under a wider “HTTPS Everywhere” initiative.

via The Hacker News http://ift.tt/1HKC1v8

Google is trying every effort to make the World Wide Web faster for Internet users.

The company has announced plans to propose its homemade networking protocol, called Quick UDP Internet Connections (QUIC), to the Internet Engineering Task Force (IETF) in order to make it the next-generation Internet standard.

Probably the term QUIC is new for you, but if you use Google’s Chrome browser then there are chances that you have used this network protocol already.

What is QUIC?

QUIC is a low-latency transport protocol for the modern Internet over UDP, an Internet protocol that is often used for streaming media, gaming and VoIP services.

The search engine giant first unveiled the experimental protocol QUIC and added it to Chrome Canary update in June 2013.

The protocol already included a variety of new features, but the key feature is that QUIC runs a stream multiplexing protocol on top of UDP instead of TCP.

The Idea behind QUIC:

QUIC was developed to speed up latency-sensitive web applications, such as search, by reducing the number of network round-trip time (RTT) that it takes in order to establish a connection to a server.

“The standard way to do secure web browsing involves communicating over TCP + TLS, which requires 2 to 3 round trips with a server to establish a secure connection before the browser can request the actual web page,” Google’s Chrome team wrote in a blog post.

“QUIC is designed so that if a client has talked to a given server before, it can start sending data without any round trips, which makes web pages load faster.“

Here are some QUIC highlights:

• Packet pacing to reduce packet loss
• A pluggable congestion control mechanism
• UDP transport to avoid TCP head-of-line blocking
• High security similar to Transport Layer Service (TLS)
• Packet error correction to reduce retransmission latency
• A connection identifier to reduce reconnections for mobile clients
• Fast (0-RTT) connectivity similar to TLS Snapstart combined with TCP Fast Open.

Here’s the Big Deal:

With the help of QUIC, Google aims to combine the best features of both UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) with modern security tools with the goal of Zero-RTT connectivity overhead and better SPDY support.

SPDY is a networking protocol introduced by Google in 2009 and is recently being built into upcoming HTTP/2 (Hypertext Transfer Protocol version 2) protocol.

SPDY is also supported by some technologies including Google’s own Chrome browser, Mozilla’s Firefox, Microsoft’s Internet Explorer 11, many websites such as Facebook, and some of the software that delivers Web pages to browsers.

“Today, roughly half of all requests from Chrome to Google servers are served over QUIC and we’re continuing to ramp up QUIC traffic, eventually making it the default transport from Google clients — both Chrome and mobile apps — to Google servers,” Chrome team explained.

The search engine giant does not know how much faster QUIC would make Web surfing over the Internet, but ultimately its goal is to bring improvements to the web we are using today.

via The Hacker News http://ift.tt/1yGJJ7u

You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account?

Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortably manage on their own.

However, you need not worry as the Future of identification would not rely on Passwords, according to PayPal’s global head of developer evangelism Jonathan Leblanc.

Neither it will depend on the old Biometric identification technologies, such as Fingerprint scanners and IRIS scanners, Rather depends on something More Secure and Easier to Use…

…Embeddable, Injectable and Ingestible Devices

Yes, the next generation of identification for mobile payments and other sensitive online interactions will depend on embeddable, injectable, and ingestible devices, completely replacing passwords with the identification of your body.

KILL ALL PASSWORDS

LeBlanc has recently started giving a presentation titled “Kill all Passwords” at various security and tech conferences in the United States and Europe.

In the presentation “Kill all Passwords,” LeBlanc is claiming that the future generation will be represented by “true integration with the human body.”

By True integration with the human body, LeBlanc means…

…instead of using “antiquated” external body functions such as Fingerprints and IRIS scans for the identification of online users, internal body functions such as Vein and Heartbeat recognition are used.

And the embedded, injected and ingestible devices will allow these “natural body identification.”

These devices include:

Brain implants and attachable computer systems that “put users in charge of their own security,” LeBlanc told WSJ.

And when he talk about Ingestible devices, he mean devices that could be powered by your stomach acid, which will run the batteries of those devices, LeBlanc added.

But, Why Killing Passwords?

As we have reported many times, the human nature to keep passwords for their online accounts is easy to guess and break, and according to LeBlanc, it is the right time to replace the traditional username and password verification concepts and methods.

But, when we could use more accurate and secure method, so why sticking to traditional methods?

Identity verification methods, such as thin silicon chips embedded into the skin, could results in an accurate and unique identity of a person, according to LeBlanc.

These chips can have in-built ECG sensors that could help monitor the unique electrical activity of a person’s heart, and communicate via “wireless wearable computer tattoos.”

Moreover, ingestible capsules can be used to detect and analyze glucose levels and other unique internal parameters of a person’s body as a method to identify the actual identity of that person.

PAYPAL IS MOVING A STEP FORWARD

PayPal is also working with developers to build these kinds of futuristic ID verification devices, such as heartbeat recognition bands and vein recognition technology.

However, this does not mean PayPal is thinking to adopt these new biometric verification technologies; rather the company just wants to be at the forefront in the research of this field.

As LeBlanc said, “I can’t speculate as to what PayPal will do in the future, but we’re looking at new techniques – we do have fingerprint scanning that is being worked on right now – so we’re definitely looking at the identity field.”

via The Hacker News: Hacking, Cyber, Internet Security http://ift.tt/1zsCI5q