Tuesday, 28 February 2017

Windows 10 Option to Block Installation of Win32 Apps


Windows 10 will soon allow its users to block installation of apps which are coming from the sources other than the Microsoft Store. They hope that this feature will them prevent the installation of malware.

The feature will essentially prevent the users from installing the Win32 applications. It is said to be currently tested as part of their latest build to was published in the Insider Preview program.

The Win32 is one of the core set of application programming interfaces (APIs) that are available in Microsoft Windows operating systems platform and is very often referred to as the Windows API. In addition to the Win32 apps, Windows 10 users can install software that are built upon Microsoft’s Universal Windows Platform(UWP)

The new platform is the framework for applications which support not just Windows 10 computers, but also some other devices which are running on the platform, like HoloLens, Xbox One, and phones. Microsoft Store, the app portal is accessible from all of these devices and only accepts UWP applications. Microsoft even released a converter to help the developers port Win32 apps to the UWP.

With the millions of Win32 applications available, it will take a while before all the developers switch to this new framework, especially if the users are not in a hurry to embrace the UWP applications.

What newly observed change does is to let the users block the Win32 apps from being installed on their computeres, by selecting an option to “Allow apps from the Store only” from the Windows 10’s Apps & Features settings screen.

The option is expected to become available in all Windows 10 editions once the Creators Update arrives in April, which will also allow enterprise users to benefit from it. Basically, admins will be able to install necessary apps and then turn the feature on to keep unwanted applications away.

Google Discloses An Unpatched Flaw in Internet Explorer, Edge


The Project Zero from Google has disclosed some potentially serious vulnerability in the Microsoft’s Internet Explorer and Edge web browsers before the company could release the patches.

The details about this flaw and the proof-of-concept (PoC) code are made public last week by the Google Project Zero researcher Ivan Fratric after the Microsoft failed to meet 90-day disclosure deadline.

The security loophole which is tracked as CVE-2017-0037 was described with a high severity type confusion. By exploiting the vulnerability, an attacker can crash the browser and moreover, arbitary code execution is also possible.

This is Microsoft’s second unpatched vulnerability in a their product disclosed by the Google Project Zero this month. Earlier, researcher Mateusz Jurczyk has released various details of a vulnerability with medium severity information and it is a disclosure flaw tracked as CVE-2017-0038.

In addition to these, there is also an unpatched denial-of-service (DoS) flaw in the Windows which is caused by how the SMB traffic is handled inside.

Microsoft has only released the patches for the Adobe Flash Player this month and postponed its February 2017 updates to March 14 of this year due to an unknown “last minute issue.” It is possible that the three vulnerabilities that are affecting Windows and the browsers are supposed to be fixed by these delayed security updates.

The Microsoft on last month has claimed that the security mechanisms in the Windows 10 can block exploitation of a zero-day vulnerability even before the patches are made available for public. As an example the company provided two flaws exploited in sophisticated attacks against organisations in South Korea and the United States before fixes could be released.

SHA-1 Collision Effects Apache Subversion System


Last week, the Google has announced the first SHA-1 collision attack and CWI appears to have a serious impact on repositories which use the Apache Subversion(SVN) software versioning and revision control system.

The developers of the WebKit web browser engine have noticed some severe problems after stheir attampt to add a test for the SHA-1 collision to their own project. After uploading the sample collision PDF files provided by the Google, their SVN repository has become corrupted and prevented any further commits.

Google has posted an update on the SHAttered website to warn the SVN users about the risks, and Apache Subversion developers have made a tool that is designed to prevent the PDF files such as the ones provided by the Google from being committed.

The search giant also so far only published two PDF documents which prove that the SHA-1 collisions are possible (this means both the files have same SHA-1 hash, but different content). But, after 90 days, Google will release the code which will allow anyone to create such PDFs.

Finding the SHA-1 collisions still need significant resources – it can cost an attacker at least $110,000 worth of computing power from Amazon’s cloud services. However it’s still 100,000 times faster when compared to a mear brute-force attack.

The SHAttered attack also seem to impact the Git distributed version control system, which cpmpletely rely on SHA-1 for identifying and checking the integrity of file objects and commits.

However, “the sky isn’t falling,” according to Linux kernel creator Linus Torvalds. Torvalds pointed out that there is a big difference between using SHA-1 for security and using it for generating identifiers for systems such as Git.

Nevertheless, steps have already been taken to mitigate these types of attacks, and Torvalds says Git will eventually transition to a more secure cryptographic hash function.

Saturday, 25 February 2017

Check Out This Chrome Extension to Know How Facebook AI Monitors Your Activities



We all know that the Facebook studies and monitors the activities of its users for various purposes using their own Artificial Intelligence mechanism. This data helps the social network in showing the relevant information on the user’s News Feed, which is usually evaluated by analysing your social media interests and other activities on the website.

But, now you have an open source and free tool with using which you can easily keep a track on what kind of monitoring mechanism Facebook has implemented and what kind of your activities does the social network tracks. This tool which is a Chrome extension is called Data Selfie. This tool utilises machine learning algorithms to inspect what is read about your personality by the way you use Facebook. It also identifies your social media patterns and offers an opportunity to ensure totally customised and personalised experience.

Through the Data Selfie, you can monitor the way these machine learning algorithms monitor and process all your activities on the Facebook and how they get information about your personality, interests, and habits. This is made possible through the world famous cognitive system from IBM, called the mighty “Watson.” When you download the app, it starts tracking your interactions on Facebook. It checks your every single your Like, post, the amount of time you spent checking out a shared article/post and every little thing such as when you scrolled and for how long. All the information is logged into the app.

Data Selfie contains a dashboard that provides valuable insights about the data you liked or viewed and your inferences according to pre-determined combos of machine learning algorithms. The tracked activities and the aggregated information get displayed in a timeline format, which is usually categorised with colour codes to highlight different aspects of your data usage.

Asiana Airlines Website From South Korea Hacked with Pro-Serbian Messages



Do you remember the guy who defaced the Google Brazil’s domain, his name is Kurio’SH and he is back in the news this time for defacing and hacking the official website of Asiana Airlines, one of the major airlines in South Korea.

The website was hacked on 19th February and is left with a deface page along with few messages against Albania and also for Serbia. These messages further mention the name of a Spanish airline Iberia Airlines. You may be thinking what Iberia airlines or even South Korea have to do with Serbia and Albania crises? The answer to that is said by the Kuroi’SH, to Hackread that his initial target was Iberia airline, but since they posed a threat to his privacy, he decided to deface the Asiana Airlines and he is motivated to “spread the word and Asiana is an airline giant.”

According to the provided deface message, “I am Sorry, Iberia Airlines, but everyone needs to understand the crime against humanity, carried out by the Albanians p**s touching Serbia – In Pristina, shame now located in Kosovo, there is a monument called NewBorn. A f***ing monument with a clear meaning: peace and a new beginning, let’s forget the past–Jesus, forgive my anger and what I will say, but if I ever end up in that city, I’ll put a bomb of this so-called monument and then destroy it.”

If you want to have a full preview of the deface page, you can check here where it was stored in Zone-h mirror as a proof of hack, read here.

When asked how Asiana Airlines website was hacked Kuroi’SH explained that “it was done through DNS hijacking from their hosting provider.” Furthermore, the hacker stated that he has nothing to do with Serbia, but he feels that truth needs to be spoken.

CloudFlare Blames Internal Faults for Memory and Client Data Leakage


We have seen some recent incidents in which the CloudFlarehas been reported to have lost its client data, now the company blames an unspecified internal fault for all these incidents.

According to John Graham-Cumming, the company’s CTO, about 1 in every 3.3 million requests that servers of the company were handling in between 13th and 18th of February this way have leaked.

He added saying that, “We think that an internal fault may have led to this memory leakage of a very tiny percentage of the data which we handle on our secure servers”.

Tavis Ormandy, a researcher, had pointed out earlier that the Cloudflare servers were leaking data and this leakage was made worse by the fact that most common search engines are caching this leaked data.


It has also had come to notice that the CloudFlare’s server has experienced a relatively common problem linked to memory leakages. The leakage of such sensitive data like HTTPs cookies and others, which occurred on these servers, is said to have an affect on some of the major global brands like Lyft, Uber, OKCupid and others.

None of these companies are commented on the issue, so far. But, CloudFlare says that thay have taken some necessary steps to address the situation immediately. It was notified of its existence by Ormandy.

According to the company, its experts have immediately deactivated the Automatic HTTPS, Server-Side Excludes and email obfuscation features on its servers immediately after it had been notified of the fault. But in what may further complicate matters for the company, it is now emerging that the company may not have taken the issue as seriously as it now states.

According to Ormandy, after he notified the cyber security experts at the company about the breach, he was referred to the infamous bug bounty program that the company runs.

Was Your Google Account Unexpectedly Signed Out Today? Company Explains Why


Earlier today, the holders of Google accounts around the world faced an unexpected situation where they are asked to re-enter their user login credentials to sign in. All the users did so and successfully gained access to their accounts once again. However, there was a sudden huge uproar that this might be a result of a phishing attack and accounts may have been compromised. But, the company has openly denied such claims and stated that it has nothing to do with any phishing scam or security threats. Google is still in the process of investigating the issue, but it is heartening to learn that the problem isn’t linked with hacking or scamming.

Crystal Cee from Google’s Product Forum said that the users need to sign in again to use their accounts and use the address “accounts.google.com.”

Crystal Cee also noted that if you forgot your password then use the link “g.co/Recover” to get back your account. If using 2-step verification, you can experience a small delay in SMS code reception, so you got to be patient. Or else, you can use any backup codes.

The issue is not limited to any single platform as users of Google Wi-Fi, Chromecast, Gmail (on all devices including laptops, PCs and tablets) and Google Home had to enter their login credentials again. When such a huge number of users had to face a similar issue, confusions were bound to arouse. Twitter became the hub of panic tweets and threads were created on Reddit where users from around the world reported about this issue.

Google issued a notice on its Gmail help forum, which reads “We’ve gotten reports about some users being signed out of their accounts unexpectedly. We’re investigating, but not to worry: there is no indication that this is connected to any phishing or account security threats.”