Saturday, 4 April 2015

Nokia Was The Source Of Windows Leaks, Claims WZor



There is a sense of security these days. At least when it comes to Microsoft software, if nothing else. Windows leaks seem like they are now part of a distant past.

Which is true, considering we did not get leaked early build of Windows 10.

Part of that is because Redmond really amped up security of its products that are under development. And at the same time the company imposed new measures to prevent such leaks from happening in the first place, including providing access to early test builds to only a few, select partners.

Result being, Windows 10 has become the first Microsoft operating system in years that was not leaked in any capacity ahead of launch.

This has led WZor, the famous leak group, to talk about this, revealing that their main source of Windows leaks was Nokia. It appears that the telecom giant and some of its partners received early access to Microsoft products, which they passed onto WZor.

It could possibly be that someone in Nokia collaborated with the famous leak group — someone that had access to these operating systems and software from Microsoft.

And it were not only the bits that leaked.

Plenty of time information and screenshots on these projects in development reached the web, and very often these served to stir interest in what Microsoft was developing. Or planning.

Regardless, Redmond no longer tolerates leaks these days, and prefers to release the ISO files itself. No wonder there was talk that each test build of Windows 10 was individually signed with a unique code, meaning if anyone leaked a copy on the web, it would have been easy to find out who did it.

Still, the Nokia connection is rather surprising.

Suddenly, the phrase “Connecting People” has an all new meaning to it!


Windows 95 The Reason Why Microsoft Skipped Windows 9



makes sense on some levels, while remains perplexing on others. It is being said that Windows 95 is the reason why Microsoft skipped out on the Windows 9 name.

Redmond took everyone by surprise a couple of days back by announcing that its next operating system will be called Windows 10 — instead of names like Windows, Windows 9 and Windows Threshold that were being thrown around.

While we don’t have an official reason to go by, a Reddit user claiming to be a Microsoft developer has shed some light on this.

Speculation is that Microsoft decided to skip Windows 9 and go directly to Windows 10 because of Windows 95. And this because some third-party applications could incorrectly identify the version of Windows running on a computer.

And the reason for this?

The developer explains that a lot of software programs check for “Windows 9*” on a target computer, and it is this wildcard in the syntax that might cause the operating system to be identified as an old one.

Shades of the Y2K bug, don’t you think?

However, as Engaged writes, a similar issue arose some 10 years back with Windows 2000 and a few Pentium processors (remember those?), but that actually affected a lot fewer customers.

Still, wise of Microsoft to avoid any such potential errors in the future.

The software titan is very much entering a new phase, a new era, and the Windows brand is now going to be left, right and center of its new strategy. Best to play it safe, even it results in giving the operating system a wholly unexpected new name.



Intel, AMD Going All In With Windows 10 Tablets



Tablets still are an unconquered domain for Microsoft, and the plan is for Windows 10 tablets to take things to another level in terms of both performance and pricing.

Intel and AMD, the two chip giants, are two central figures for this plan to succeed.

Both companies continue to push their tablet oriented solutions, even as the tablet market is showing signs of fatigue — at least in terms of growth. Large screen smartphones and phablets have started to impact tablet sales.

For example, 7-inch tablets used to dominate with well over a 70% market share not too long ago, and this has now fallen to around the 60% mark, primarily thanks to handsets with larger screens.

According to this report, though both Intel and AMD are ready to unleash their new tablet platforms.

Intel is set to release Cherry Trail, early in the first quarter of 2015, with volume production on track to begin in March. This new processor platform is based on a 14nm process, and will be available for both Windows and Android tablets.

Expect a plethora of such solutions from brand vendors and Chinese white label companies by the time Windows 10 makes its public debut.

AMD is not out of the game, either. If anything, it’s just getting in.

The company has its Nolan and Armur platforms in the pipeline. The former utilizes an x86 architecture, while the other is a heterogeneous system architecture (HAS) specifically for Android and Linux slates.

With several new third-party hardware manufacturers on board, Windows 8.1 tablets are just now starting to make their impact. Windows 10 promises a similar response, provided Microsoft keeps up its current pricing strategy for tablets.


The US government under attack by Google over internet privacy rule change



For the past few years, the US government has been under attack a couple of times over its way of handling internet privacy. In 2013, former CIA system administrator Edward Snowden leaked to the mainstream media the NSA’s tools for operating an alleged “global surveillance network” over the internet. In 2014, German chancellor Angela Merkel was enraged by reports of alleged American spying on German citizens, as well as on Merkel herself. Now, in 2015, the internet search giant Google is taking a formal stand against the US government concerning its plan to amend what is known as Rule 41.

Rule 41 is one of the federal laws of criminal procedure, concerning the issuing of search warrants. Basically, the current rule allows a judge to issue a digital search warrant only within the boundaries of his or hers judicial district. According to the Justice Department, this rule became archaic and obsolete as far as criminal investigations of computers are concerned, because today’s technology makes it easy for any user to be able to completely hide the location from which he or she is operating.

When the FBI needs to seize computer data related to a violation of US laws, says the Justice Department, it needs to be able to do so without first finding the computer’s physical location.

Richard Salgado, Google’s director for law enforcement and information security, strongly objects. The amendment suggested to Rule 41, he says, implicates that the US government would in effect be allowed to carry out digital search warrants in computers across judicial borders. This, says Salgado, is both in contradiction of the US constitution 4th amendment, which protects people from unreasonable seizures and searches, and also gives the US government the power to spy on any computer in the world. As Salgado says, this is a matter concerning both the privacy of US citizens and the US recognition of the sovereignty of other nations, and should be decided by congress.

The Justice Department responds that the subject matter has been blown out of proportions and is merely a “tweak of protocol”. It does not, says the JD, grant the US government any authorization to carry out any form of digital search and seizure techniques not already permitted by law. The JD adds that just like in real-life search warrants, investigators are careful not to create any collateral damage, and of course not to overtake any sovereignty of any nation or other judicial body.

The proposed rule change, for which the public comment period has already ended, has so far gone unnoticed by the public, even though some privacy and civil-liberties groups have objected to it. It wasn’t until Google joined the objection, becoming the first and so far only major tech firm to do so, that the subject matter caught the public’s attention. The main objection of all parties involved is that the wording of the current rule change is “far too vague”, and that only congress should decide whether to extend the JD’s powers to investigate computers and computer data.
With all the objections, the change to Rule 41 still has a long way to go. It is expected to go for review by the supreme court and by congress. Now, as public awareness grows and the subject of network privacy is making headlines, it will be interesting to follow its course and see how the world we live in is affected by the changes brought by the digital age.



WTF!! What is the FREAK vulnerability? Why Should i care ?


Last year, the OpenSSL vulnerability called Heartbleed causes so much problem for the internet users. It was one of the most dangerous security flaws because it affected every big website and allowed hackers to hack SSL protected websites. However, There’s another widespread vulnerability on the internet called ‘FREAK’ and it has affected a lot of internet websites and browsers.

The FREAK is the acronym for Factoring RSA Export Keys flaw. FREAK is a bug that allows attackers access to secure communications. It was discovered in software that was used to encrypt data that went from web servers to web users. It has been in existence for a decade now but was only thought to affect Apple’s Safari as well as Google’s Android browsers. Now however, Windows has been added to that mix.

It affects all versions of Windows which use Internet Explorer. All Microsoft Software that utilizes the Secure Channel via the Windows — Secure Sockets Layer and its descendant, the Transport Layer Security also has FREAK Vulnerability.

FREAK vulnerability permits an attacker to easily intercept data that is moving between the source site and a visitor to use a weak encryption which makes it possible and easy to crack the data and reach sensitive information such as passwords as well as access the data on that page. This FREAK flaw was exposed by encryption and security guru Karthikeyan Bhargavan.

The FREAK vulnerability gives the attacker an easy channel to forcefully downgrade any coded suite that is used in SSL/TLS connections on the system of a Windows Client System. The FREAK technique is an issue that affects the whole industry and if left unsolved might lead to software crisis worldwide.

In an attempt to value the impact of this bug a group has been set up to evaluate and gather numbers regarding the worldwide risk. A 9.5% of the overall worldwide web’s one million websites have been found with Freak Vulnerability and are therefore prone to attacks. They have introduced an online tool so people can check whether the browser they are using is at risk.

To counter the Freak Vulnerability, Google has updated its Chrome Version for the Mac but Android is still on review. Apple is also geared to introduce a solution soon. There have been various advisories from Microsoft concerning how to eliminate the Freak Vulnerability. Unfortunately, these solutions can lead to very severe problems with other programs. Because of this, other better solutions are being sought. Microsoft is expected to address the issue with its scheduled patch Tuesday update or an irregular one.

Though there has been no report of the use of this flaw for cyber crime, the frenzy with which a solution is being sought reflects its seriousness. Microsoft has even suggested that Windows users disable their RSA export ciphers in the meantime.

Many experts blame the FREAK flaw on the earlier US policy bans that barred the strongest encryption standard appliance. This allowed the infiltration of weaker standards in most software including Web browsers and Windows. This was done so as to allow intelligence agencies to keep an eye on web action. The remnants of this ban are the cause of the FREAK vulnerability today.

According to the miTLS Team, which discovered this FREAK security hole in the first place, the following SSL/TLS client libraries, are vulnerable:

=> OpenSSL (CVE-2015-0204): < 1.0.1k version.
=> BoringSSL:  Older than Nov 10, 2014 version .
=> LibReSSL: < 2.1.2 Version.
=> SecureTransport
=> SChannel

Web browsers that use these TLS libraries are open to attack :

=> Chrome versions before 41 on various platforms are vulnerable.
=> Internet Explorer.
=> Safari is vulnerable.
=> Android Browser is vulnerable.
=> Blackberry Browser is vulnerable.
=> Opera on Mac and Android is vulnerable. .


It is advisable for all users to keep an eye out for updates so as to protect their systems once a solution is found or switch your web browser to Chrome 41 or Latest Firefox browser. Staying ignorant might cause a lot of long term losses that will be irreparable.


WhatsApp Calling Feature Invitation Spreading Malware in Phones






Many WhatsApp users are waiting for the invitation to enable WhatsApp calling feature in the app. You may have received an invitation too or you are waiting for it. Well, if you haven’t received any invitation yet and feeling unlucky than trust me you are very lucky. According to a report by the Daily Star, WhatsApp users across the world are becoming victims of cyber Scammers who are sending fake messages inviting users to test the new calling feature that installs a dangerous Malware in the phone. If user click on the invitation link, they are taken to another website where they are asked to take a survey on behalf of the popular messaging service.

After completing the survey, they are forced to download multiple third-party applications, which run the risk of spreading malware on smartphones. It doesn’t end here The malicious voice calling invite also ask users to invite friends, before testing the feature, thus putting other users at risk of losing confidential data.

The message looks like “Hey, I am inviting you to try WhatsApp Calling, click here to activate now”. Hence, if you receive any kind of message similar to this, Do not open it , Do not click on the link , Do not forward it to friends . WhatsApp has not announced the calling feature officially, It is in beta stage so users are advised to wait until WhatsApp enable this feature  for everyone.

However, now the big question is rising that if WhatsApp has added encryption for messages sent among its users to prevent messages from being hacked or monitored then how those scam messages are coming?. If WhatsApp itself is not collecting and selling its users data then – from where are these companies getting the mobile numbers of millions of WhatsApp users?



what is Juice Jacking SCAM

  Juice Jacking is a cybersecurity threat that occurs when cybercriminals manipulate public charging stations, such as USB charging ports in...