Month: March 2015

GitHub Suffering the “Largest Distributed Denial of Service Attack”

GitHub, the first-rate US-based software coding site, is slammed by Distributed Denial of Service (DDoS) onslaught. The DDoS attack on the site is suspected to have initiated from China. GitHub website is mostly popular for serving as a storage area of different types of coding projects which range from web app frameworks, game engines to security applications. Various tech firms and software developers look up to the site to access these tools and applications in their software development projects. Since Thursday, GitHub site was inaccessible to all developers and firms owing to a huge DDoS attack. GitHub has confirmed the news of Distributed Denial of Service attack on its blog post after the attack happened and also said that it was the largest in the history of github.com site. Till now, the site is under attack and GitHub employers are still in the process of fixing the inaccessibility issue resulted from the DDoS attack. Possible cause of the attack    GitHub said that the DDoS attack – “involves a wide combination of attack vectors that includes every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.” On the basis of their reports, they have concluded the cause of the attack as – “Based on reports we’ve received, we...

Read More

iVote Security Flaws Compromised 66,000 Votes of NSW Election

With just a week to go before the NSW election results to release, two security experts have confirmed that iVote online voting system of NSW Electoral Commission is found compromised. They have detected “critical vulnerabilities” in iVote online voting system which was used this year for the first time. Though the NSW Electoral Commission has worked out to resolve the security issue but thousands of votes were already exposed to voting manipulation and frauds. Security flaw exposed iVote electronic votes to online frauds  Security experts have warned that tens of thousands of votes were already compromised on iVote voting website. They discovered that the security flaw has exposed about 66,000 electronic votes to tampering which might impede or delay releasing NSW election result which was slated to be on this coming Saturday. After detection of this “critical vulnerabilities”, several parties such as, the National party, the Outdoor party and the Greens are looking for all possible security measures to prevent voting tampering activities on iVote online voting system, they revealed to Guardian Australia. NSW Electoral Commission officials suspected that some “well-funded, well-managed, anti-internet voting lobby groups” are behind this security breach on iVote online voting website. iVote caught by “FREAK” attack! Security academics and specialists of Melbourne University said that the website is secure, but the security issue has probably resulted from loading of JavaScript from any other website....

Read More

Yahoo! Takes the First Step to Eliminate Passwords

Yahoo! has come up with an optional login process to combat your password dreads. By introducing ‘on-demand’ password to log into your mail account, Yahoo! has tried to ensure tighter security and ease of monitoring accounts. Your Yahoo! account will now ask for your password as well as the SMS code that will be sent to you on your phone. This way before breaking into your account, the hacker should have your password and your phone, making the best of two-factor authentication. If you tell your device to trust the devices, you won’t need to enter the SMS code when you log in from your computer. If remembering password has always been a task for you, Yahoo! gives you alternate solution to skip the password part and instead opt for the SMS code to log in. To activate this, you need to sign into your Yahoo! account and choose ‘On-demand passwords’ from the Security option. You will be asked to enter your phone number, where Yahoo1 will send you a verification code. Once you enter the code, your on-demand password will become active. Going forward, when you login to your account, all you need is to click on the ‘Send my Password’ box and you will receive single use four character code on your phone as SMS to login. Right now, this feature is only available for US. With...

Read More

Another cyber security flaw threatens millions of Internet users

The moment you think your computer is safe to use, new security flaws emerge to rock the Internet world, threatening the identity of millions of Internet users. Last year it was Heartbleed and Shellshock, and this year it’s FREAK. Named in a clever acronym format, FREAK stands for Factoring Attack on RSA-EXPORT Keys. The bug affects SSL/TLS protocols, which are used to encrypt data as it is transmitted over the Internet. The bug puts at risk your private information which is sent through the Internet. This includes your passwords, banking details, and credit card information. According to FreakAttack.com, a site dedicated to track the impact of the attack and help users find out if they’re vulnerable, the FREAK attack is possible when a vulnerable browser connects to a susceptible Web server, one that accepts “export-grade” encryption. The flaw allows malicious parties to force servers to automatically downgrade their security codes. Once that’s done, the attackers can easily crack all the encrypted communications through advanced Man-In-The-Middle (MITM) attacks. This means that when you use the Internet, your computer communicates with your server on how to protect your data. However, FREAK flaw manipulates certain software, including Apple’s Secure Transport, to accept weaker encryption programs. These can then be hacked by sophisticated hackers to steal your private and confidential data. This newly discovered encryption flaw has left millions of users of Apple’s...

Read More

Vulnerabilities found in Blu-ray disc Opens door for Malware Invasion in PCs

A pair of vulnerabilities has been discovered in the hardware and software used for playing Blu-ray discs, by Stephen Tomkinson of NCC Group, a U.K. based security consultancy. Stephen succeeded in highlighting the same with the help of a self-engineered Blue-ray disc, which helped him in identifying the type of player the disc is running. Presenting the research at the Securi-Tay conference at Abertay University in Scotland, Stephen came out with two exploits – both the hardware and the software of Blu-ray disc was capable of installing malware on a computer. The first problem has been detected in PowerDVD- an application made by Taiwanese company CyberLink for playing DVDs on Windows based PC.   This application is often shipped preinstalled on computers from all major brands including HP, Dell, Acer, Lenovo, Toshiba and ASUS. Blu-ray discs use a variation of Java called ‘Blu-ray Disc Java’, which further helps the device in offering rich content like dynamic menus and embedded games. To offer enriched user interface, Blu-ray Disc Java makes the use of ‘xlets’ or small applications, which are usually prohibited from accessing computer’s operating system and file system for security reasons. But, as per Stephen, Xlet was able to access Sandbox, a security mechanism used for separating running programs, and launch malicious executable codes, which is indeed the first flaw found in PowerDVD. The second vulnerability has been found in...

Read More